HSBC, Scotiabank latest caught in regs’ off-channel comms sting

The Bank of Nova Scotia (also known as Scotiabank) and its affiliate, Scotia Capital USA, were fined a collective $15 million by the Commodity Futures Trading Commission (CFTC) and an additional $7.5 million by the Securities and Exchange Commission (SEC) for longstanding failures to properly maintain, preserve, or produce records and for failing to provide proper oversight of employees’ use of off-channel communications on personal cell phones and messaging platforms, including WhatsApp.

HSBC Securities was fined $15 million by the SEC for similar compliance failures.

The SEC noted it reduced its fines for both institutions because they self-reported the issue, cooperated with the agency’s respective investigations, and remediated the misconduct.

The failures at HSBC and Scotiabank “involved employees at multiple levels of authority, including supervisors and senior executives. Both HSBC Securities and Scotia Capital cooperated with the SEC’s investigation by, among other things, self-reporting the recordkeeping failures after gathering communications from the personal devices of a sample of the firms’ personnel,” the SEC said in a press release.

The fines are the latest in an ongoing enforcement sweep of financial institutions by the SEC and CFTC regarding off-channel communications compliance failures. The agencies combined to levy $1.8 billion in fines on 11 financial institutions in September after first penalizing JPMorgan Chase $200 million in December 2021.

On Wednesday, Robinhood Markets disclosed an SEC investigation into use of off-channel communications within its firm, while Fifth Third Bancorp disclosed a similar investigation by the SEC on Tuesday.

The details: In September 2021, the SEC “commenced a risk-based initiative to investigate whether broker-dealers were properly retaining business-related messages sent and received on personal devices.” In response, HSBC and Scotiabank each notified the agency they discovered improper off-channel communications use by employees at their respective broker-dealers.

HSBC turned over information about approximately 15 employees at HSBC Securities who had engaged in off-channel communications; at Scotia Capital, the number of employees was approximately 37. The relevant employees at both affiliates included managing directors, vice presidents, investment bankers, and trading desk personnel. HSBC’s violations stretched from January 2018 to September 2021; Scotiabank’s were from January 2020 to December 2021.

Both financial institutions remediated the issue by enhancing policies and procedures; increasing training on approved communications methods, including on personal devices; and implementing changes to the technology available to employees to facilitate compliant communications, the SEC’s order said.

Both HSBC and Scotiabank will hire a compliance consultant to conduct a comprehensive review of their broker-dealers’ supervisory and compliance policies and procedures to ensure all electronic communications, including those on personal electronic devices, “are preserved in accordance with the requirements of the federal securities laws,” the SEC said. The review will include additional training, assessment of the surveillance program, technological solutions, measures used to prevent unauthorized communications, and a review of the overall framework used.

The CFTC ordered Scotiabank to conduct a comprehensive review of its supervisory, compliance, and other policies and procedures to ensure its communications are compliant with CFTC regulations. The bank must submit its findings to the agency within 150 days.

Bank responses: Via email, a spokesperson for HSBC said, “The bank is pleased to put these matters behind us, and we appreciate that the SEC recognizes our commitment to remediating our internal controls when needed. In recent years, we have made significant investments in enhancing our compliance procedures and have worked diligently to maintain the highest standards for professional conduct throughout our organization.”

In an emailed statement, a spokesperson for Scotiabank, “At Scotiabank, we are committed to conducting our business according to the most current high standards of business conduct and adhering to all regulatory requirements, including the use of approved communication channels for business purposes. The bank has agreed to the resolutions with regulators.”