Theta Lake Blog

Recordkeeping Enforcement Action Spreads to Brokers, Investment Advisers and Credit Rating Agencies

Posted by Susannah Hammond on Oct 5, 2023 8:28:41 AM
Susannah Hammond
Find me on:



The U.S. Securities and Exchange Commission (SEC) and the Commodity Trading Futures Commission (CFTC) have widened their investigations and fined another series of firms for recordkeeping failures. As with previous recordkeeping breaches, the firms concerned failed to stop employees, including those at senior levels, from communicating using unapproved communication methods, including messages sent via personal text and WhatsApp. The total monetary penalties imposed is now more than $2.6bn.

The CFTC imposed a fine of $20m (download CFTC article here) on an introducing broker and a futures commission merchant in the same group for failing, since at least 2019, to maintain and preserve records that were required to be kept under CFTC recordkeeping requirements. The order also found the widespread use of unapproved communication methods violated the firm’s internal policies and procedures, which generally prohibited business-related communication taking place via unapproved methods. Further, some of the same supervisory personnel responsible for ensuring compliance with the firm’s policies and procedures themselves used non-approved methods of communication to engage in business-related communications, in violation of firm policy.

The SEC enforcement actions were against five broker-dealers, three dually registered broker-dealers and investment advisers, two affiliated investment advisers and, separately, two credit rating agencies all for widespread and longstanding failures to maintain and preserve electronic communications. The combined penalties were $79m for the 10 firms and then another $10m for the recordkeeping failures at the credit rating agencies. The SEC’s investigations uncovered pervasive and longstanding off-channel communications whereby employees communicated through personal text messages. The firms did not maintain or preserve the substantial majority of these off-channel communications, in violation of the federal securities laws. By failing to maintain and preserve required records, certain of the firms likely deprived the SEC of these off-channel communications in various SEC investigations. As with the CFTC findings, the failures involved employees at multiple levels of authority, including supervisors and senior managers, which appears to have invoked the ire of both the SEC and CFTC.


The SEC made a particular point that one firm had a substantially reduced fine for self-reporting the issue - “One of the orders included in today’s announced actions is not like the others,” said Gurbir S. Grewal, Director of the SEC’s Division of Enforcement. “There are real benefits to self-reporting, remediating and cooperating.”

Regulatory patience has run out

The background to the latest set of fines serves to reinforce the zero tolerance approach regulators are taking with regards to communications capture. Firms were found to have consistently and pervasively failed to fulfill their regulatory obligations with regard to electronic communications records capture and preservation. Equally important in this suite of fines is the firms’ (with the one exception) failure to have learnt the lessons of previous enforcement actions and proactively considered whether they too were in breach of recordkeeping requirements. The regulatory rhetoric has made crystal clear that for firms, and the C-suite in particular, compliance is not optional.

The statements by the CFTC Commissioners are pertinent:

"Evolving technologies pose new risks and compliance challenges to registrants at increasing speeds.  Registrants must continuously update their policies and procedures as new contexts and obstacles arise.  But policies are not sufficient on their own. Companies must take seriously the need to create tone at the top that universally emphasizes the importance of compliance at all levels of an organization. Without doing so, the compliance function will exist only on paper, as it apparently did in this case. And once again I am reiterating that the Commission needs to think deeply about additional rules to deter this kind of misconduct in the future."

- Commissioner Kristin N. Johnson (statement)
"[ the firm ] should not be able to just pay the penalties, fix this one problem, and continue to operate business as usual. The “tone at the top” of this broker should change immediately to a tone of continued compliance with the law. [..] Change can only happen if the C-suite of financial institutions establishes a culture of compliance over evasion. It is far past time for the C-suite to step up."

- Commissioner Christy Goldsmith Romero (statement)

Facilitating compliant communications

It is clear that the challenge of unmonitored communication channels is far from over. Firms must consider how they can open up approved platform features to increase productivity and employee satisfaction and reduce reliance on off-channel platforms. Part of that functionality should be the capability to capture, robustly and in native context, all modalities including GIFs, emojis, additions, deletions, video, email and voice. If firms choose to do nothing and unmonitored communications are found by a regulatory body then significantly larger sanctions are likely. Indeed given the regulatory rhetoric it is entirely possible that future sanctions will include senior individual liability and accountability.

How Theta Lake can help and ways to learn more

Backed by the investment arms of Cisco, RingCentral, Salesforce, and Zoom, Theta Lake’s multi-award winning product suite provides patented compliance and security for modern collaboration platforms, utilizing hundreds of frictionless partner integrations including RingCentral, Webex by Cisco, Microsoft 365 and Teams, Slack, Zoom, Movius, Box, Mural, Asana and more. 

Theta Lake empowers organizations to safely, compliantly, and cost-effectively expand their use of unified communication platforms by enabling capture, compliant archives, and acting as an archive connector for existing archives of record across video, voice, and chat collaboration systems. Customers benefit from:

  • Searching instantly across participants, all modes of unified communication and collaboration tools, meshed conversations, and timelines in an easy to navigate search system that covers and provides full replay for voice, video, chat, email, images, emojis, files, whiteboards, and more.

  • The ability to ensure that all aspects of messaging can be preserved, and a full audit trail provided to supervisors and regulators. For example, chat messages can be viewed in their native format over the entire history of the conversation, with full context retained including images, GIFs, emojis and reactions.

Ways to learn more

  • Visit us at: | LinkedIn | Twitter
  • Join a weekly 30-minute demo webinar here or request a bespoke demo today from our friendly team here
  • Keep up to date with regulatory perspectives from Theta Lake here


Comment Here

Theta Lake provides security and compliance for modern collaboration platforms using frictionless partner integrations with Cisco Webex, Microsoft Teams, RingCentral, Slack, Zoom, and more. Using patented machine learning and NLP, Theta Lake detects risks in: video, voice, chat, and document content across what is shared, shown, spoken, and typed. Those risks are surfaced in an AI-assisted, patent-pending review workspace that adds consistency, efficiency, and scale for security and compliance teams. All of this enables organizations to safely realize the full ROI of a collaboration-first workplace while reducing the cost of security and compliance.

Subscribe here to stay up to date!