Wall Street hit with $2 billion in fines over employees using WhatsApp and other unauthorized messaging apps

The Securities and Exchange Commission announced $1.1 billion in fines and the Commodity Futures Trading Commission disclosed $710 million in penalties in separate statements Tuesday. Those levies — against firms including Bank of America Corp., Citigroup Inc. and Goldman Sachs Group Inc. — combined with JPMorgan Chase & Co.’s $200 million in fines from December, bring the total to $2.01 billion, making them the biggest penalties ever against US banks for record-keeping lapses. 

“Finance, ultimately, depends on trust. By failing to honor their record-keeping and books-and-records obligations, the market participants we have charged today have failed to maintain that trust,” SEC Chair Gary Gensler said in the agency’s statement. “As technology changes, it’s even more important that registrants appropriately conduct their communications about business matters within only official channels, and they must maintain and preserve those communications.”

Tuesday’s announcements cap months of discussions between regulators and the banks. Morgan Stanley said in July it was nearing a settlement that would see it pay a $200 million fine, with other major banks also disclosed setting aside similar figures as part of their second-quarter results without specifying the reason.

JPMorgan had been the only bank until now to reach a settlement with the regulators, and was the first to report the fines, in December. Even managing directors and other senior supervisors at the largest US bank had skirted regulatory scrutiny by using services such as WhatsApp or personal email addresses for work-related communication, regulators said at the time.

Finance firms are required to scrupulously monitor communications involving their business to head off improper conduct. That system, already challenged by the proliferation of mobile-messaging apps, was strained further as firms sent workers home shortly after the start of the Covid-19 outbreak.

In the SEC probe, eight firms agreed to penalties of $125 million each: Barclays Plc, Bank of America, Citigroup, Credit Suisse Group AG, Deutsche Bank AG, Goldman Sachs, Morgan Stanley and UBS Group AG. Jefferies Financial Group Inc. and Nomura Holdings Inc. agreed to pay $50 million apiece, and Cantor Fitzgerald LP agreed to pay $10 million.

Bank of America had the biggest CFTC penalty, at $100 million, followed by Barclays, Citigroup, Credit Suisse, Deutsche Bank, Goldman Sachs, Morgan Stanley and UBS at $75 million each. Nomura was fined $50 million, Jefferies $30 million and Cantor Fitzgerald $6 million.