Banks fined $549M for using personal iMessage, WhatsApp, and Signal accounts


Enforcement action by the Securities and Exchange Commission (SEC) has seen Wells Fargo and several other banks fined a total of $549M for using personal end-to-end encrypted messaging accounts to discuss company business.

The SEC said senior bank officials used personal iMessage, WhatsApp, and Signal accounts when making business decisions …

Banks fined $549M

The law requires publicly traded companies and banks to maintain auditable records of all business decisions and discussions, with enforcement falling to the SEC.

Additionally, the Commodity Futures Trading Commission (CFTC) also imposes record-keeping rules on trading decisions.

Both say that Wells Fargo and other banks broke these rules when senior bank officials conducted business-related discussions on their personal phones, as that meant that no records were kept of these text exchanges. The Verge reports that two laws were broken.

Not keeping records of those conversations violates the 1934 Securities Exchange Act’s recordkeeping rules, as well as similar rules from the Investment Advisers Act of 1940, according to the SEC. The CFTC maintains its own recordkeeping requirements, which it says were violated.

Since all three apps mentioned use end-to-end encryption, the contents of the messages would only be readable by accessing the personal accounts of the executives concerned. Additionally, messages can in some cases be lost when someone changes device – a particular issue with WhatsApp.

The following banks were fined by the SEC:

  • Wells Fargo Securities, LLC, together with Wells Fargo Clearing Services, LLC and Wells Fargo Advisors Financial Network, LLC, agreed to pay a $125 million penalty;
  • BNP Paribas Securities Corp. and SG Americas Securities, LLC have each agreed to pay penalties of $35 million;
  • BMO Capital Markets Corp. and Mizuho Securities USA LLC have each agreed to pay penalties of $25 million;
  • Houlihan Lokey Capital, Inc. has agreed to pay a $15 million penalty;
  • Moelis & Company LLC and Wedbush Securities Inc. have each agreed to pay penalties of $10 million; and
  • SMBC Nikko Securities America Inc. has agreed to pay a $9 million penalty.

And these by the CFTC:

  • BNP Paribas (BNP Paribas S.A. and BNP Paribas Securities Corp.): $75 million
  • Société Générale (Société Générale SA and SG Americas Securities, LLC): $75 million
  • Wells Fargo (Wells Fargo Bank NA and Wells Fargo Securities LLC): $75 million
  • Bank of Montreal (Bank of Montreal): $35 million

Best practice is to use only work devices and work accounts, with systems in place to ensure that all communication contents are permanently recorded and backed up within the company’s IT systems.

Photo: João Vincient Lewis/Unsplash

FTC: We use income earning auto affiliate links. More.

A %d blogueros les gusta esto: