Heads up, compliance officers! Word on the street is that regulators are poised to announce a billion-dollar settlement with numerous Wall Street banks for employees’ improper use of messaging apps and associated record-keeping failures, a case bound to give us more clues about the enforcement appetite among the SEC and other agencies these days.
The Wall Street Journal reported the news over the weekend. According to “people familiar with the matter,” seven of the biggest names on Wall Street — Bank of America, Barclays, Citigroup, Deutsche Bank, Goldman Sachs, Morgan Stanley, and UBS — are all negotiating settlements where they will pay at least $200 million each. Jefferies Financial Group and Nomura Holdings are in the group too, although they’ll likely pay smaller penalties because of their smaller size.
The banks are negotiating with the SEC and the Commodity Futures Trading Commission. The settlement is likely to arrive sometime before Sept. 30, so the SEC and CFTC can include the penalty amounts in the government’s fiscal 2022. (We tend to see a lot of settlements just before that deadline.)
If all this sounds familiar, that’s because JPMorgan went through the same wringer last December. The bank agreed to pay $125 million to the SEC and $75 million to the CFTC for “widespread and longstanding failures” to preserve employee communications in the bank’s broker-dealer unit, where bankers routinely talked shop using WhatsApp, personal email accounts, and text messages on personal devices.
Everyone knew at the time that JPMorgan wasn’t the only Wall Street bank engaging in such loose communication practices, and that other banks would presumably face the same enforcement risk. Nine months later, here we are.
My questions now, as we wait for the Enforcement Division to enter the chat, are (1) how egregious was the misconduct at these other banks; and (2) what remediation measures will the SEC and CFTC impose?
Supervisory Failures & Corporate Culture
We should start by reviewing several important details in the JPMorgan case. The SEC’s settlement order did not paint a pretty picture for JP Morgan. The misconduct happened from at least January 2018 through November 2020, and even supervisors in the broker-dealer unit — the people who were supposed to enforce compliance with records-retention policies — engaged in the same bad habits.
“Dozens of managing directors across the firm and senior supervisors responsible for implementing JPMorgan’s policies and procedures, and for overseeing employees’ compliance with those policies and procedures, themselves failed to comply with firm policies by communicating using non-firm approved methods on their personal devices about the firm’s securities business,” the complaint said. Ouch.
So right away, I want to know whether we’ll see allegations of similar failures among the supervisory staff at other banks. That speaks volumes about the culture of compliance that regulators say is so important. If we see that such failures are widespread among Wall Street executives — and really, does anyone believe we won’t? — then the SEC will need to administer some stern discipline to convince people that no, for real this time, you all need to take this compliance stuff seriously.
What’s interesting, however, is that the penalty against JPMorgan actually was rather stern stuff. In addition to the $200 million penalty (which was chump change for JPMorgan), the bank also had to hire “an independent compliance consultant” to review its record-keeping compliance efforts.
That consultant had marching orders to review everything from JPMorgan’s policies and procedures for employee communications, to the technology the bank uses to meet its record-keeping requirements, to the training employees receive and the disciplinary actions meted out when they violate policy.
Moreover, this independent consultant can’t be fired without prior approval of SEC staff; and the consultant must have unfettered access to all relevant files, books, records, and bank personnel.
In other words, this consultant had all the freedom of an independent compliance monitor; and had marching orders to review and rehabilitate JPMorgan’s culture of compliance. So my second question is, naturally, will we see similar consultants assigned to the other banks, also assigned to review and overhaul their corporate cultures?
Such people are, essentially, compliance monitors like what we see with the Justice Department and FCPA settlements, just applied to the infractions enforced by civil agencies. Compliance officers should watch this trend closely; whether we call them consultants or monitors or anything else, these people can have enormous impact on your daily routines and long-term career ambitions.
Sept. 30 is only five weeks away. This settlement will arrive sooner rather than later, and it will be worth reading in close detail once we have it. Stay tuned.