On August 8, 2023, the United States Securities and Exchange Commission (the “SEC” or the “Commission”) announced that 11 Wall Street firms (10 broker-dealer firms and one dually-registered investment adviser) agreed to settle charges for failing to properly maintain and preserve electronic communications relating to firm business. This included text messages and other messages sent through applications contained on personal devices of employees and not subject to firm record retention systems (referred to as “off-channel communications”). The announcement underscores that regulatory scrutiny of recordkeeping obligations remains a high priority for the SEC’s Division of Enforcement. Specifically, the SEC continues to focus on holding registered entities accountable for failing to maintain and preserve off-channel communications pursuant to statutory requirements. As part of the settlements, the firms agreed to pay combined penalties of $289 million, admit liability, and implement improvements to their respective compliance policies and procedures.

1. SEC’s Sustained Efforts to Enforce Recordkeeping Obligations in Recent Years

As broker-dealers and investment advisers adapted to remote working environments, the SEC has repeatedly highlighted the essential role of recordkeeping obligations under the Securities Exchange Act of 1934 (“Exchange Act”) and the Investment Advisers Act of 1940 (“Advisers Act”). The Commission has brought dozens of enforcement actions over the past two years, resulting in over $1.5 billion in penalties, to enforce books and records requirements under federal securities laws. 

This line of high-profile enforcement actions concerning off-channel communications originated in December 2021. In the first off-channel settlement, a large Wall Street firm admitted that its employees, including supervisors and senior-level employees, utilized unapproved communication methods, which led to business communications not being properly maintained or preserved.[1] As a result, the Wall Street firm could not provide the Commission with requested business communications during an SEC investigation. Due to the firm’s violations, it agreed to pay a $200 million civil money penalty and to retain a compliance consultant to conduct a comprehensive review of the firm’s policies and procedures concerning the retention of electronic communications found on personal devices and the firm’s framework for addressing non-compliance by its employees with the corresponding policies and procedures. 

In September 2022, the SEC settled similar off-channel communications charges with 15 broker-dealers and one affiliated investment adviser for a combined $1.1 billion in civil money penalties. The SEC found that the 16 firms routinely communicated about business matters using personal devices that did not maintain or preserve the substantial majority of the off-channel communications.  Moreover, the settlements required that the various firms admit the securities law violations and agree to retain compliance consultants to conduct comprehensive reviews of the policies and procedures concerning off-channel communications. 

In May 2023, the SEC announced it had reached similar settlements with two financial institutions for civil money penalties exceeding $22 million, after the firms self-reported recordkeeping policy failures relating to off-channel communications.

Most recently, in June 2023, a broker-dealer admitted to violating Section 17(a) of the Exchange Act, and Rule 17a-4(b)(4) thereunder, for failing to properly preserve approximately 47 million “on-channel,” or firm-captured, electronic communications. The settlement order noted that eight ongoing SEC investigations into the firm’s operations were compromised due to a failure in the firm’s communication retention policies. As a result, the broker-dealer agreed to pay a $4 million civil money penalty.[2]

2. Latest Settlements Highlight the SEC’s Continued Focus on Monitoring Issues Associated with Off-Channel Communications

The August 8, 2023 settlement orders, similar to previously announced settlements, contained SEC findings that employees at all levels of the firms’ operations utilized personal messaging platforms, including iMessage, WhatsApp, and Signal, to discuss business matters. The SEC found that since these communications were sent through unapproved methods, the messages were not maintained and preserved in compliance with the applicable federal securities laws.  Accordingly, the broker-dealers were charged with violating Section 17(a) of the Securities Exchange Act and Rule 17a-4 thereunder. One dually registered broker-dealer and investment adviser was also charged with violating Section 204 of the Advisers Act and Rule 204-2 thereunder.

The firms admitted the findings set forth in their respective SEC orders and agreed to pay penalties to the SEC that collectively amounted to $289 million. Moreover, the firms agreed to retain independent compliance consultants to conduct comprehensive reviews of their policies and procedures concerning the retention of electronic communications found on personal devices and their respective frameworks for addressing non-compliance by their employees with the associated policies and procedures. 

3. Key Takeaways: Recordkeeping Obligations to Remain a Major Priority for the SEC

The recent settlements reflect the SEC’s continued focus on enforcing recordkeeping requirements under the Exchange Act and Advisers Act. Sanjay Wadhwa, the SEC’s Deputy Director of the Division of Enforcement, warned in no uncertain terms: “we know that other SEC-regulated entities have committed similar violations, and so our work to enforce industry-wide compliance continues.” Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, reenforced that message, noting that these enforcement actions provide three key takeaways: “self-report, cooperate and remediate. If you adopt that playbook, you’ll have a better outcome than if you wait for us to come calling.” Accordingly, regulated businesses may benefit from reviewing their current recordkeeping policies and procedures to evaluate potential weaknesses and/or to evaluate the need to self-report any issues.

---

[1] See SEC Investigations Relating to Record Preservation Practices Likely to Continue (May 4, 2022), https://www.vedderprice.com/sec-investigations-relating-to-record-preservation-practices-likely-to-continue.

[2] See SEC Focus on Recordkeeping Obligations Continues: Regulated Entities Face Enhanced Scrutiny (June 28, 2023), https://www.vedderprice.com/sec-focus-on-recordkeeping-obligations-continues-regulated-entities-face-enhanced-scrutiny.