- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Aaron Nicodemus2023-08-09T15:10:00
The Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) have made it clear they are serious about violations of off-channel communications rules by issuing massive fines against some of the world’s largest banks and investment firms.
The wave of enforcement actions likely has not yet crested. But the regulators have indicated they will be more forgiving to firms that voluntarily self-report violations and take remedial actions before being asked to do so.
The list of institutions hit with significant penalties by the SEC and CFTC for “endemic failures” in compliance related to monitoring, recording, and retaining the business communications of employees reads like a who’s who of international finance. Bank of America/Merrill Lynch was fined $225 million in September 2022, along with Goldman Sachs, Barclays, Citi, Credit Suisse, Deutsche Bank, Morgan Stanley, and UBS. JPMorgan Chase was also fined $200 million in December 2021, while Wells Fargo equaled that total as part of a new wave of penalties announced Tuesday.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Register for free
Access one free, non-premium article each month.
Complimentary CPE webcasts, resources, and e-Books.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
The new messaging on use off-channel communications for business should be clear: What was done before is no more. It cannot continue. The stakes are too high.
Establishing a set of policies and procedures to prevent employee use of nonauthorized electronic communications to conduct business is relatively straightforward. The hard part is monitoring compliance.
Firms monitoring employee use of off-channel communications for business purposes face numerous obstacles. How much is enough, in the opinion of regulators? How much is too much, in the eyes of employees? Determinations must be made as regulators crack down.
TikTok is suspending new features amid an inquiry by the European Commission into its compliance with the Digital Services Act, all while responding to a U.S. ban just signed into law.
The Czech Republic’s data protection authority issued a fine of 351 million Czech koruna (U.S. $15 million) against antivirus software vendor Avast for alleged violations of the General Data Protection Regulation.
Consolidated Nuclear Security agreed to pay $18.4 million to settle alleged False Claims Act violations regarding the submission of timecards for unworked hours to the National Nuclear Security Administration.
