Banks with employees covertly texting about official business on apps like Signal, WhatsApp, and iMessage have been caught red-handed. Now federal agencies are charging banks with violating laws requiring recordkeeping on all business matters.

Today, the SEC and the Commodity Futures Trading Commission (CFTC) fined 11 firms a combined $549 million for what the SEC described as "widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications."

Wells Fargo was hit with the biggest fines, agreeing to pay the SEC a $125 million penalty and the CFTC another $75 million. Fines for other firms—including Bank of Montreal, BMO Capital Markets Corp., BNP Paribas, Houlihan Lokey Capital, Inc., Mizuho Securities USA, Moelis & Company LLC, SMBC Nikko Securities America, Inc., Société Générale, and Wedbush Securities Inc.—ranged between $9 million and $75 million.

The SEC penalties totaled $289 million. The director of the SEC’s Division of Enforcement, Gurbir S. Grewal, said that charges were filed in accordance with the agency's mission to protect investors and ensure well-functioning markets by enforcing laws requiring banks to maintain their books and records—including employee texts about bank business. Grewal said that firms that "self-report, cooperate, and remediate" can spare themselves steep fines.

"To date, the Commission has brought 30 enforcement actions and ordered over $1.5 billion in penalties to drive this foundational message home," Grewal said. "And while some broker-dealers and investment advisers have heeded this message, self-reported violations, or improved internal policies and procedures, today’s actions remind us that many still have not.”

The CTFC's director of enforcement, Ian McGinley, issued a similar statement:

"With today’s actions, the CFTC has now brought enforcement actions against 18 financial institutions, and imposed over $1 billion in penalties, for violations of the CFTC’s record-keeping and supervision requirements involving the use of unapproved communication methods. The Commission’s message could not be more clear—record-keeping and supervision requirements are fundamental, and registrants that fail to comply with these core regulatory obligations do so at their own peril.”

Ars reached out to the firms fined, but most declined to comment. Only Wells Fargo responded to say, “We’re pleased to resolve this matter.” [Update: A BMO Financial Group spokesperson told Ars, "We hold ourselves to the highest standards of conduct and have made significant enhancements to our compliance procedures in recent years. We’re pleased to have this matter behind us."]

Advertisement

Senior executives among employees hiding texts

According to the SEC, "employees at multiple levels of authority, including supervisors and senior executives" at all 11 firms were covertly communicating about bank business over personal texts since at least 2019. The CFTC estimated that just looking at the four firms that it fined, firms "failed to maintain hundreds if not thousands of business-related communications."

The CFTC pointed out that these texts violated company policies, and "some of the same supervisory personnel responsible for ensuring compliance with the firms’ policies and procedures themselves used non-approved methods of communication to engage in business-related communications, in violation of firm policy."

These "off-channel communications" happened "through various messaging platforms on their personal devices, including iMessage, WhatsApp, and Signal," the SEC reported.

Apple, Meta, and Signal did not immediately respond to Ars' request to comment.

The SEC also said that during its investigations, firms chose to hide these texts, in seeming attempts to dodge fines. Grewal strongly recommends that banks avoid steeper fines by instead self-reporting violations once they're discovered from now on.

"The firms did not maintain or preserve the substantial majority of these off-channel communications, in violation of the federal securities laws," the SEC said. "By failing to maintain and preserve required records, certain of the firms likely deprived the Commission of these off-channel communications in various SEC investigations."

As a result of federal agencies uncovering the personal messages, all firms have been ordered to cease and desist from future violations. It seems likely the banks will crack down on employees texting, but in case they don't, the agencies also ordered firms "to retain independent compliance consultants to, among other things, conduct comprehensive reviews of their policies and procedures relating to the retention of electronic communications found on personal devices and their respective frameworks for addressing non-compliance by their employees with those policies and procedures."