Wall Street Traders fined for communication security breaches
Eleven of the biggest names in finance just paid $1.8 billion to the U.S. Securities & Exchange Commission and the Commodity Futures Trading Commission over employees’ unapproved use of platforms like WhatsApp.
It manages to be both trivial and disturbing
Brokers like Goldman Sachs and Morgan Stanley have a duty to preserve communications that touch on business matters, so that records are available to regulators in the event of future probes.
This gets tough when employees are in the habit of using encrypted or otherwise hard-to-archive messaging services on their smartphones, which they do in part because they work in an industry that rewards a rapid response to market fluctuations.
Add the complexity of working from home and it’s no surprise that the rule got too hard to follow. Yet a rule is still a rule. The 11 firms, which also include Barclays, Credit Suisse and UBS, each have a policy that prohibits the use of unapproved channels for business communication.
At many of the firms, even managers whose job remit included enforcing those rules were copiously breaking them.
And it’s not like the problem was under the radar. The Financial Industry Regulatory Authority warned back in 2019 that companies were struggling to keep on top of digital communications by their staff.
The firms have all now admitted guilt, which is a win for the watchdogs.
Bank of America’s $225 million fine is under 4% of its earnings last quarter. JPMorgan already took its unapproved-messaging slap in December and is now deploying security-enhancing smartphone software on work phones.
The SEC cut the banks some regulatory slack for “participating” in its probe, though it could toughen up its punishments if they don’t stick to the terms it has imposed.
The regulators at least didn’t say they’d uncovered anything illegal, although messaging apps with encryption make evidence easy to hide.
But it’s still troubling to find widespread, frequent examples of bank employees, many with “global firm-wide leadership” roles, routinely doing something their companies forbid.
It’s not the wrongdoing itself, it’s the shrug emoji-like message it sends.