Financial Firms Struggle to Maintain Regulatory Compliance as Employees Text

*Kristine Martinez

I. Introduction

    “[I]nvestment banks are required to keep copies of all business-related communications that employees send and receive” under Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) rules.[1] These requirements are “designed to deter and uncover infringements such as insider trading and ‘front-running,’ or trading on information that is not yet public,” while also “ensuring best practice in terms of treatment of customers.”[2] Technological advancements, including the “proliferation of mobile-messaging apps” and the transition to remote work during COVID-19, strained financial firms’ compliance with their mandate to “monitor business communications.”[3]

    II. The Bellwether: J.P. Morgan

      On December 17, 2021, the broker-dealer subsidiary of JPMorgan Chase & Co., J.P. Morgan Securities LLC, admitted and acknowledged violation of federal securities laws requiring the preservation of employees’ securities-related business communications between January 2018 and November 2020.[4] As part of the SEC settlement, J.P. Morgan Securities LLC “agreed to pay a $125 million penalty and implement robust improvements to its compliance policies and procedures.”[5] Further, the broker-dealer “admitted that these failures were firm-wide and . . . supervisors, including managing directors and other senior supervisors—the very people responsible for implementing and ensuring compliance with JPMS’s policies and procedures—used their personal devices to communicate about the firm’s securities business.”[6]

      This failure meant J.P. Morgan Securities LLC was not fully responsive to subpoenas and requests from the SEC in “numerous investigations during the time period that the firm failed to maintain required records.”[7] The broker-dealer “acknowledged that its recordkeeping failures deprived the SEC staff of timely access to evidence and potential sources of information for extended periods of time and in some instances permanently.”[8] The SEC further admonished that “the firm’s actions meaningfully impacted the SEC’s ability to investigate potential violations of the federal securities laws.”[9]

      III. The Get: Sixteen Wall Street Firms

        The SEC investigated firms such as Barclays, Bank of America, Citigroup, Credit Suisse, Deutsche Bank, Goldman Sachs, Morgan Stanley, and UBS which “cooperated with the investigation by gathering communications from the personal devices of a sample of . . . senior and junior investment bankers and debt and equity traders.”[10] Starting its inquiry prior to the pandemic, the SEC found that between January 2018 and September 2021, “the firms’ employees routinely communicated about business matters using text messaging applications on their personal devices.”[11] Therefore, the firms violated the federal securities laws because they “did not maintain or preserve the substantial majority of these off-channel communications.”[12] This failure “likely deprived the Commission of these off-channel communications in various Commission investigations.”[13]

        On September 27, 2022, after finding “pervasive off-channel communications,” the SEC announced that it charged fifteen broker-dealers and an affiliated investment advisor with “widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications.”[14] The firms and affiliates “acknowledged that their conduct violated recordkeeping provisions of the federal securities laws, agreed to pay combined penalties of more than $1.1 billion, and [began] implementing improvements to their compliance policies and procedures” as part of their settlement with the SEC.[15]

        Observing that this “recordkeeping has been vital to preserve market integrity” since the 1930s, SEC Chair Gary Gensler emphasized the importance of fulfilling the obligation to maintain and preserve business communications exclusively conducted through official channels.[16] The Director of the SEC’s Division of Enforcement, Gurbir S. Grewal, described financial recordkeeping requirements as “sacrosanct” and warned that “[o]ther broker dealers and asset managers who are subject to similar requirements under the federal securities laws would be well-served to self-report and self-remediate any deficiencies.”[17] Gensler pointed to public policy considerations driving the enforcement of rules regulating the storage of these communications, noting that “[f]inance, ultimately, depends on trust.”[18]

        IV. Unfinished Business: New Inquiries

          Although settlement statements will often not acknowledge wrongdoing, the aforementioned cases have been atypical in that “all the firms admitted to actual wrongdoing.”[19] After finding that employees across many of these firms “routinely used personal mobile messaging apps to discuss official business . . . disregarding company policies that forbid them from doing just that,”[20] the SEC has not shown signs that it will let up on these investigations.

          In late October 2022, the SEC sent letters to dozens of investment firms to determine whether asset managers were compliant with their record retention requirements.[21] These letters probed for information concerning the apps and devices permitted for the investment firms’ official communications and inquired if electronic records of the same were captured.[22]

          V. Conclusion

          To balance the convenience of mobile communications platforms with the need for fastidious recordkeeping, financial firms have turned to new technologies as a solution to their compliance woes.[23] Businesses such as Symphony and Movius seek to fill the gap in the market for software that “integrates third-party communications tools such as email, Zoom, Microsoft Teams[,] and WhatsApp into one system that can be recorded and archived.”[24] Financial institutions such as Amundi, AXA IM, BNPP AM, and JPMorgan Asset Management have adopted such technologies.[25] Additionally, many banks internally introduced text and chat platforms that ensure adherence to regulatory requirements.[26] All financial firms subject to SEC and CFTC recordkeeping and supervision rules are on notice;[27] the investigations and penalties may not stop any time soon.

          *Kristine Martinez is a second-year day student at the University of Baltimore School of Law, where she is a Staff Editor for the Law Review, a Royal Graham Shannonhouse III Honor Society Scholar, a Law Scholar for Professor Hubbard’s Civil Procedure II class, and a Vice President of the Women’s Bar Association. Prior to law school, Kristine spent five years working as a paralegal, primarily assisting with litigation matters. During her 1L summer, Kristine interned with The Honorable Andrea M. Leahy of the Appellate Court of Maryland. Kristine looks forward to working as a summer associate at Kramon & Graham, P.A. during the upcoming summer of 2023.

          [1] Pro Say, The Shifting Politics of Courthouse Arrests, Law360, at 09:48 (Sept. 30, 2022),

          [2] Iain Withers & Sinead Cruise, Asset Managers on Alert After ‘WhatsApp’ Crackdown on Banks, Reuters (Aug. 18, 2022, 3:04 AM),

          [3] Lydia Beyoud, SEC Expands WhatsApp Scrutiny to Money Manager Communications, Bloomberg News (Oct. 11, 2022),

          [4] Press Release, Sec. & Exch. Comm’n, JPMorgan Admits to Widespread Recordkeeping Failures and Agrees to Pay $125 Million Penalty to Resolve SEC Charges: Firm Also Agrees to Implement Significant Improvements to Its Compliance Controls (Dec. 17, 2021), The SEC’s civil investigation culminated in a settlement with J.P. Morgan Securities LLC. Id. The CFTC issued an order the same day settling charges against J.P. Morgan Securities LLC and affiliated entities JPMorgan Chase Bank, N.A. and J.P. Morgan Securities plc for violating regulations and the Commodity Exchange Act. Press Release, Commodity Futures Trading Comm’n, CFTC Orders JPMorgan to Pay $75 Million for Widespread Use by Employees of Unapproved Communication Methods and Related Recordkeeping and Supervision Failures: JPMorgan Admits Employees Used Texts and WhatsApp on Personal Devices to Conduct Business (Dec. 17, 2021),  

          [5] Press Release, Sec. & Exch. Comm’n, supra note 4

           [6] Id.  The CFTC’s investigation found many of the same recordkeeping and supervision violations as the SEC. Press Release, Commodity Futures Trading Comm’n, supra note 4. However, the CFTC found that the violations occurred since July 2015 and issued “a $75 million civil monetary penalty.” Id.

          [7] Press Release, Sec. & Exch. Comm’n, supra note 4.

          [8] Id.

          [9] Id.

          [10] Press Release, Sec. & Exch. Comm’n, SEC Charges 16 Wall Street Firms with Widespread Recordkeeping Failures: Firms Admit to Wrongdoing and Agree to Pay Penalties Totaling More Than $1.1 Billion (Sept. 27, 2022),

          [11] Id.

          [12] Id.

          [13] Id.

          [14] Id. The same day, the CFTC settled with the firms and affiliates “for failing to maintain, preserve, or produce records that were required to be kept under CFTC recordkeeping requirements, and failing to diligently supervise matters related to their businesses as CFTC registrants.” Press Release, Commodity Futures Trading Comm’n, CFTC Orders 11 Financial Institutions to Pay Over $710 Million for Recordkeeping and Supervision Failures for Widespread Use of Unapproved Communication Methods: Registered Swap Dealers and FCMs Admit Use of Texts, WhatsApp and Other Unapproved Methods to Conduct Business (Sept. 27, 2022),

          [15] Press Release, Sec. & Exch. Comm’n, supra note 10.

          [16] Id.

          [17] Id.

          [18] Id.

          [19] Pro Say, supra note 1, at 11:50.

          [20] Id. at 08:20.

          [21] Beyoud, supra note 3.

          [22] Lydia Beyoud, SEC Looking Into Money Managers’ Use of Outside Messaging Apps, Bloomberg Law (Oct. 11, 2022, 5:02 PM),–7a6218654fa0c6e3cdd437a5d6169d18cad7543a&bna_news_filter=bloomberg-law-news&criteria_id=3a576177ed8934d70c505c4de6b9a5a7.

          [23] Withers & Cruise, supra note 2.

          [24]  Id.

          [25] Id.

          [26] Pro Say, supra note 1, at 12:45.

          [27] Beyoud, supra note 3.

          Leave a Reply

          Fill in your details below or click an icon to log in:


          You are commenting using your account. Log Out /  Change )

          Facebook photo

          You are commenting using your Facebook account. Log Out /  Change )

          Connecting to %s

          %d bloggers like this: