The U.S. Securities and Exchange Commission (SEC) and the Commodities Futures Trading Commission (CFTC) have fined three firms, two in the same group for ‘widespread and longstanding’ failures by the firms and their employees to maintain and preserve electronic communications. To settle the SEC charges, both firms acknowledged that their conduct violated recordkeeping provisions and agreed to pay penalties of $15 million and $7.5m, respectively. In related actions, the CFTC brought cases against two firms in the same group for failing to maintain, preserve, or produce records, and failing to diligently supervise matters related to their businesses. The firms were fined $15 million. The CFTC also fined a firm $30 million regarding recordkeeping and supervision failures for the widespread use of unapproved communication methods.

The demise of multiple crypto firms has prompted regulators around the world to undertake in depth investigations into the governance, risk management and compliance arrangements in place at firms such as Binance. 

The UK Prudential Regulation Authority has censured a bank for wide-ranging significant regulatory failings between December 2016 and May 2020, which spanned breaches relating to large exposure limits, capital reporting, governance and risk controls and PRA Own Initiative Requirements (OIREQs) and, for the first time, failure to capture and retain WhatsApp messages. The seriousness of the breaches justified a fine of £8,515,000, however, since the bank is in wind-down the PRA imposed a public censure as a warning shot to the industry more broadly.

When is a rocket ship not a rocket ship? When it is cited in a legal casealleging a firm and its control person violated U.S. securities laws by offering for sale to the public certain non-fungible tokens (“NFTs”) without filing the required registration statement with the Securities and Exchange Commission (the “SEC”).

The use of emojis was specifically called out as meaning there was an expectation of profit for the NFT issuance, which was then deemed to be an investment contract (*known as the Howey Test).  Although the literal word “profit” was not used in any of the organization's Tweets, the “rocket ship” emoji, “stock chart” emoji, and “money bags” emoji were included and, objectively, mean one thing: a financial return on investment.

Data protectionis now more important than ever. Given the new ways of working and communicating there are increasing amounts of personally identifiable information (PII) and personal health information (PHI) data shared across communication platforms and firms are expected to be able to capture and retain safely as well as retrieve and delete personal data. Critical issues that should take center stage in data privacy week.

The last quarter of 2022 saw FINRA continue its focus on communications compliance. Four brokers and a compliance officer faced disciplinary action for a range of breaches of their approach to supervision and an inability to retrieve phone records.

For the key lessons to be learnt together with more detail of the enforcement please click here. 

At a high level the disciplinary actions resulted in censures, a 40 day prohibition, fines totalling over $2m, restitution of nearly $50,000 and wide ranging remedial actions.

UK regulator fines a trio of brokers almost £5m for failing to have appropriate communications compliance processes in place to fulfil market abuse obligations

Digesting and implementing the U.S. DOJ’s new compliance guidance for prosecutors on the use of personal devices and third party apps

Digital transformation has been a fundamental enabler for financial services firms. It is hard to underestimate the opportunities and regulatory benefits firms can derive from the implementation of technological solutions but maximising their potential can present challenges. Thomson Reuters Regulatory Intelligence's sixth annual survey and report on fintech, regtech and the role of compliance explores these challenges, particularly in the context of corporate governance and risk management.