Sending a message: SEC provides yet another warning on electronic communications with $289M settlement

Advisors seeking to avoid the heavy fines slapped on Wells Fargo and other firms this week for not monitoring communications on WhatsApp and similar services might have to become a tad more willing to pry into their employees' messages.

That's what John Cataldo, chief legal officer and president of advisory services at Integrated Partners, said in response to the announcement Tuesday that Wells Fargo's and BNP Paribas' brokerage affiliates and nine other firms had agreed to pay $289 million to settle recordkeeping allegations. The Securities and Exchange Commission accused the brokerages of not doing enough to monitor their employees' use of WhatsApp and similar services to send messages to clients and other representatives. The SEC charged the electronic communications in question date as far back as 2019 and were at times sent by people as high in the ranks as supervisors and senior executives.

Generally speaking, firms are required to keep copies of any emails, text messages, instant messages or other electronic communications their registered representatives send investors. These records can then be scanned later by both regulators and internal compliance officers for evidence of irregularities or misconduct.

"Today's actions stem from our continuing sweep to ensure that regulated entities, including broker-dealers and investment advisers, comply with their recordkeeping requirements, which are essential for us to monitor and enforce compliance with the federal securities laws," Sanjay Wadhwa, SEC deputy director of enforcement, said in a statement. "Recordkeeping failures such as those here undermine our ability to exercise effective regulatory oversight, often at the expense of investors."

Cataldo said it's an unfortunate but true reality that firms and employees that want to stay on the right side of the law might have to become a bit more comfortable with the idea of prying.

Read more: Regulators turn up the volume on calls for AI guardrails as the technology spreads across wealth management

"Are firms supposed to prevent these technologies from being used for personal communications? That borders on being an absurdity," he said. "But then we have to get used to the idea that they're going to learn about arguments with your wife and every cheeky email with your best friend. We're at an inflection point where our technology regulations and personal habits are not aligned."

Cataldo said staff training and consistent monitoring are the main ways to prevent regulatory violations of this sort. But, for many firms at least, it's clear that these methods remain weak safeguards against the temptation to respond to clients who send messages through unmonitored channels.

Cataldo said it's not hard to imagine how a conversation that starts off with a client's casual inquiry into an advisor's personal life could quickly veer off into a discussion of business matters. The difficult part is to devise a policy that, without making things awkward for both parties, clearly states that investment decisions and similar topics have to be reserved for certain channels.

"What you are butting up against is human nature," Cataldo said.

The SEC has long sought to stress the importance of firms' obligation to maintain records of electronic communications. In September, the federal regulator hit 16 Wall Street stalwarts, including Goldman Sachs, Morgan Stanley and Bank of America, with $1.1 billion in fines over similar violations. About a year before, the SEC hit J.P. Morgan Securities with a $125 million penalty over allegations that employees there had used text messages, the WhatsApp messenger service and personal email accounts to talk to each other about business matters. 

In all of these cases, the SEC has found the alleged abuses were widespread throughout the firms' ranks. Max Mejiborsky, the vice president of compliance services at the regulatory consultant COMPLY, said he takes the large fines as a sign that the SEC thinks firms have done enough to adopt reasonable policies to prevent violations.

Any brokerage or advisory can have a rogue employee who misbehaves despite an employer's good-faith efforts to prevent such conduct. But the far-reaching violations at the firms hit by the SEC suggest that not enough is being done at the top to emphasize the need to take recordkeeping rules seriously, Mejiborsky said.

"The takeaway from these cases is that they were so egregious and they were so widespread that the SEC didn't believe there was a reasonable compliance effort going on," he said. "The SEC thought these firms either didn't bother to inquire, or didn't pay enough attention, or didn't provide sufficient training."

Read more: IRS cracking down on 'potentially abusive' monetized installment sales

Mejiborksy recommended firms regularly talk to their employees about what technologies they are using for electronic communications with clients. If they learn of new ones, that's usually a good time to consider revising their policies and procedures to prevent perhaps inadvertent violations.

"If things have changed, and your clients' preferences have changed with communication, then maybe you need to look for new technological solutions," he said.

Here's a list of the firms in the SEC's latest enforcement action and the amounts they were ordered to pay:

• Wells Fargo Securities, Wells Fargo Clearing Services, and Wells Fargo Advisors Financial Network, $125 million
• BNP Paribas Securities, $35 million
• SG Americas Securities, $35 million
• BMO Capital Markets, $25 million
• Mizuho Securities, $25 million
• Houlihan Lokey Capital, $15 million
• Moelis & Company, $10 million
• Wedbush Securities, the only one of the firms with an advisory arm, $10 million
• SMBC Nikko Securities America, $9 million