Morgan Stanley has reached agreements in principle totaling $200 million with two U.S. regulators to settle charges its employees used messaging platforms not approved by the financial services company.
In a regulatory filing Friday, Morgan Stanley said it reached a $125 million agreement with the Securities and Exchange Commission (SEC) and will pay an additional $75 million to the Commodity Futures Trading Commission (CFTC) “to resolve record-keeping related investigations by those agencies relating to business communications on messaging platforms that had not been approved by the firm.”
The impending enforcement action follows a similar case announced in December, in which JPMorgan Chase was fined a total of $200 million by the SEC and CFTC for failure to maintain records of communications on securities, commodities, and swaps business matters made on bank employees’ personal devices. The regulators concluded the practice occurred over several years and was widespread among all levels of employees, including at the senior level.
U.S. regulators have placed increased scrutiny on bankers’ electronic communications—via emails, text message, messaging apps, and more—during the pandemic, when many employees have worked from home. Banks and financial institutions are supposed to monitor all work-related electronic communications by their employees; collect and store those communications; and make them available for review by their compliance team and, if necessary, regulators.
Regulators have acted against banks and financial institutions for failing to monitor all types of electronic communications by employees.
In July, Bank of America disclosed it has set aside $200 million in anticipation of an enforcement action related to unauthorized use of personal devices. Several European banks have made similar disclosures, including Barclays, Credit Suisse, and Deutsche Bank.
The SEC has published several risk alerts on the topic of preserving electronic communications for broker-dealers and investment advisers, including 2018 guidance issued by its Division of Examinations (then the Office of Compliance Inspections and Examinations). Maintenance and recordkeeping have historically been an important, if perhaps overlooked, part of an effective risk and compliance program.
The SEC has issued other enforcement actions in the past related to improper collection and storage of electronic communications, including a $100,000 fine in September 2020 against broker-dealer JonesTrading Institutional Services for failing to preserve business-related text messages sent on employees’ personal devices.