Two regulators are investigating Wells Fargo regarding employees’ improper use of off-channel communications to conduct business and the bank’s recordkeeping of those communications.

The Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) “have undertaken investigations regarding the company’s compliance with records retention requirements relating to business communications sent over unapproved electronic messaging channels,” Wells Fargo disclosed in a 10-K filing Tuesday.

French bank Société Générale issued a similar disclosure earlier this month in its fourth-quarter financial report.

The SEC and CFTC have fined 12 banks and investment firms a total of more than $2 billion for “widespread and longstanding failures” in monitoring, maintaining, and preserving electronic communications by employees. The sweep began with a $200 million penalty against JPMorgan Chase in December 2021, followed in September by total fines worth more than $1.8 billion levied against financial institutions including Bank of America, Barclays, Citi, Credit Suisse, Deutsche Bank, Goldman Sachs, Morgan Stanley, and UBS.

Unauthorized communications by employees of financial institutions and the recordkeeping violations such actions cause appear to continue to be a priority for U.S. investigators that shows no signs of slowing. HSBC disclosed in its 2022 annual results this week it reached settlements in principle with the CFTC and SEC regarding records preservation requirements.

In November, three private equity firms—Apollo Global Management, The Carlyle Group, and KKR & Co.—disclosed they were under investigation by the SEC for not properly recording and retaining the work-related communications of their employees made on mobile phone apps like WhatsApp and WeChat. The results of those probes have not been disclosed.

In a recent SEC report on nationally recognized statistical rating organizations, the agency said examiners found two firms whose employees used off-channel communications to conduct company business.

Some financial institutions have responded by clawing back money from their noncompliant employees.

Morgan Stanley, which was ordered to pay $200 million by the SEC and CFTC in September, reportedly fined its own employees up to $1 million for using unauthorized communication channels in violation of federal securities rules and the firm’s own internal policies. Deutsche Bank and Barclays Bank, each fined $200 million, have also reportedly fined employees or withheld bonuses for workers found to have used unapproved communications channels and violated internal recordkeeping rules.

Editor’s note: This story was updated Feb. 23 to include reference to HSBC’s 2022 annual results disclosure.