Amid the latest round of
The Securities and Exchange Commission on Tuesday hit 12 firms with $88 million in total penalties for not doing enough to monitor and record communications their employees send on WhatsApp and similar electronic messaging services. The individual fine amounts were as high as $35 million — charged to Stifel Nicolaus and Invesco Distributors, along with Invesco Advisers. On the low end, a penalty-fee censure was imposed on Qatalyst Partners, a San Francisco-based broker-dealer credited with cooperating with the SEC's investigation.
The full list of fines and fined firms can be found at the end of this story.
And it was the Qatalyst case that prompted SEC commissioners Mark Uyeda and Hester Peirce to sound off about what they see as the futility of trying to comply with industry regulations even for well-intentioned firms. Uyeda and Peirce, Republicans with a history of accusing the SEC of overreach, together
The statement notes that Qatalyst began as early as 2018 to tell its employees to avoid using personal email and messaging services to communicate with each other or clients about business matters. Shortly afterward, the firm started training personnel on ways to avoid sending forbidden off-channel communications.
READ MORE:
In 2017, it employed a system that could be used to record employees' business-related text messages. Three years later, it gave them firm-issued phones and other devices and encouraged them to use those for both business and personal matters.
Even with those precautions and others, Qatalyst eventually discovered that some employees had breached its ban on off-channel communications. It then reported the violations with the SEC and worked with regulators to correct the deficiencies.
Despite all that, Uyeda and Peirce note, Qatalyst is being censured. They said the case shows nothing short of perfection will satisfy the SEC.
"If we assess reasonableness based on whether policies and procedures always are being followed, firms will never escape our enforcement net," Uyeda and Peirce wrote. "People are not perfect and so compliance will not be perfect — even at a firm that tries as hard as Qatalyst. Firing up our enforcement machinery every couple years to haul the industry in for headline-making penalties will not make people perfect, so firms will continue to discover violations of firm policies."
The value of self-reporting
Separately, Gurbir Grewal, the director of the SEC's division of enforcement, singled out Qatalyst for praise for cooperating with regulators.
"Here, despite recordkeeping failures that involved communications by senior leadership and persisted after our first recordkeeping matters were announced in 2021, Qatalyst took substantial steps to comply, self-reported, and remediated and, therefore, received a no-penalty resolution," Grewal
The SEC also noted that two other firms, New York-based Canaccord Genuity and Atlanta-based Regions Securities, self-reported their violations and are paying reduced fines as a result. Canaccord has to pay $1.25 million and Regions $750,000.
But at least one compliance expert wonders if Qatalyst's case really shows that it doesn't pay to self-report violations to the SEC. Amy Lynch, the founder and president of the regulatory consultant
"This message, to me, makes clear to the industry that if you find an internal violation, do not self-report it to the SEC," Lynch said. "You can fix it internally and conduct your own internal investigation. But do not self report it because self reporting is just as a disservice to your firm."
Lynch said she thinks the absence of a fine for Qatalyst is pretty immaterial.
"As a disciplinary matter, this still ends up in their regulatory record and in their disclosures to clients," she said.
Risk-based assessment
Carlo di Florio, the global advisory leader at
"It's more about their risk-based appetite," di Florio said. "Each firm will take a potentially different calculus and analysis and have talks with their outside counsel based on the individual circumstances. And some may decide to come forward and self-report, and some may decide not to and take that risk and then pay the higher penalty if they are ultimately caught."
Di Florio did say the SEC's case against Qatalyst was unusual in that it took the firm to task for not "monitoring to ensure that its recordkeeping and communications policies and procedures were always being followed." Di Florio said the use of the word "always" in that context suggests regulators are expecting something akin to perfection.
"The requirement is to have a reasonable compliance program to ensure reasonable compliance with financial securities laws," he said. "And reasonable is different from always."
Qatalyst's outcome led Uyeda and Peirce to ask if the SEC isn't taking an outmoded approach to regulating communications increasingly being done on relatively new forms of technology. They noted that many of the messages regulators are now concerned about would probably have been relayed through simple face-to-face conversations in the past, and thus not recorded.
"Should we revisit the recordkeeping rules so that they do not capture the modern-day equivalent of oral chatter?" the commissioners wrote.
Peirce and Uyeda aren't the only to question the SEC's tactics with its ban on off-channel communications. In June, the American Securities Association sued the SEC in federal court as part of an attempt to learn exactly how regulators were setting fines in these cases. The ASA, a trade and lobbying group, said it had submitted several freedom of information requests seeking information on the SEC's penalty-setting policies, only to be met with refusals.
Despite the question, the SEC has barreled ahead with fines for firms accused of violating its requirements for tracking and recording business-related communications. In August,
Fines aplenty
Over the past three years, the SEC has slammed firms large and small with more than $3 billion in fines in total. JPMorgan was the first to get hit,
Most of the firms in the SEC's latest sweep did not respond to requests for comment or declined to comment. CIBC World Markets and CIBC Private Wealth Advisors, which agreed to pay
A spokesperson for Invesco said the firm "takes compliance matters incredibly seriously and we are pleased to have resolved this matter. We have already taken significant steps to further strengthen the firm's compliance processes related to record keeping electronic communications."
The firms caught up in the SEC's latest off-channel communications sweep, and the amounts they paid, were:
- Stifel Nicolaus, $35 million;
- Invesco Distributors and Invesco Advisers, $35 million;
- CIBC World Markets and CIBC Private Wealth Advisors, $12 million;
- Glazer Capital, $2 million;
- Intesa Sanpaolo IMI Securities, $1.5 million;
- Canaccord Genuity, $1.25 million;
- Regions Securities, $750,000;
- Alpaca Securities, $400,000;
- Focused Wealth Management, $325,000;
- Qatalyst, no penalty
