Following a sweep investigation, financial regulators recently unveiled a string of settlements with large institutions arising out of employees’ use of unauthorized or “off-channel” applications such as WhatsApp for business-related communications. The sweep was widely publicized, and at a high level, the resulting charges are not necessarily surprising. However, a closer look at the settlements reveals some takeaways regarding the regulators’ approach to resolving multiple cases with similar issues, and that approach appears to be largely one-size-fits-all, with limited transparency.

On Sept. 27, 2022, the Securities and Exchange Commission and the Commodity Futures Trading Commission announced charges against 15 broker-dealers and one affiliated investment adviser for their alleged failure to maintain and preserve employees’ communications on unauthorized messaging platforms. “SEC Charges 16 Wall Street Firms with Widespread Recordkeeping Failures,” SEC press release (Sept. 27, 2022); “CFTC Orders 11 Financial Institutions to Pay Over $710 Million for Recordkeeping and Supervision Failures for Widespread Use of Unapproved Communication Methods,” CFTC press release (Sept. 27, 2022). The financial institutions agreed to pay a combined $1.8 billion and to retain compliance consultants. As the CFTC touted, “[t]he fines individually dwarf the next largest penalties assessed for records-related violations.” “Statement of Commissioner Christy Goldsmith Romero Regarding Holding Wall Street Accountable,” CFTC Public Statements & Remarks (Sept. 27, 2022).