TD, BNY, Truist hit with WhatsApp penalties

TD, BNY, Truist and Royal Bank of Canada are among roughly two dozen broker-dealers and investment advisers that agreed to pay more than $470 million in penalties over their use of off-channel communications, two regulators announced Wednesday.

Taking into account penalties from both the Securities and Exchange Commission and the Commodity Futures Trading Commission, TD took the largest hit by dollar amount: $30 million from the SEC; another $16.5 million assigned to Cowen, which TD bought last year; and $82 million from the CFTC.

That latter $82 million itself is broken into three penalties — $75 million for failing to stop employees, as far back as 2015, from communicating over unapproved platforms; another $3 million for the same violations at Cowen; and $4 million for not effectively tracking changes a vendor made to an automated tool that surveilled communications among swap dealers.

“Communications surveillance is a critical component of an effective system of supervision,” Ian McGinley, the CFTC’s director of enforcement, said in a statement. “Swap dealers must not only have robust systems to detect and prevent market abuse and other misconduct, they must also vigilantly oversee and monitor those systems to ensure they are working.”

In a statement seen by The Globe and Mail, TD said it cooperated with regulators and is “investing in technology and enhancing our electronic communications policies and procedures.”

“We hold ourselves to the highest levels of integrity, ethics and compliance and work diligently to protect and safeguard the interests of our clients, customers, and our colleagues,” the bank said.

The regulators held up Truist as a model of cooperation. The Charlotte, North Carolina-based lender will pay $5.5 million to the SEC and $3 million to the CFTC after self-reporting violations to the agencies and proactively conducting a review of its use of unapproved communication methods.

“In responding to an industry-wide and consequential problem, Truist set itself apart from … more than 20 other registrants,” McGinley said. “Truist’s decision to self-report, cooperate, remediate and be held accountable allowed it to benefit in the form of a substantially reduced penalty. At the same time, the CFTC’s message remains clear — recordkeeping and supervision requirements are fundamental, and registrants that fail to comply with these core obligations do so at their own peril.”

Truist did not immediately respond to requests for comment from Bloomberg.

Among other banks hit with penalties Wednesday, RBC will pay $45 million to the SEC. The Toronto-based bank said it is focused on meeting regulatory requirements and “continuing to enhance our compliance protocols,” according to Bloomberg.

BNY, for its part, will pay $40 million. The New York City-based bank told Bloomberg it takes its “regulatory responsibilities seriously and is pleased to have resolved this matter.”

The largest SEC penalties Wednesday went to nonbanks: Edward Jones, Raymond James, Ameriprise and LPL will pay $50 million each.

At Piper Sandler, a department head sent “numerous” messages in 2021 with at least 20 colleagues and at least nine “external contacts in the securities industry” relating to brokerage business matters, the SEC said. The firm will pay a $14 million penalty.

“We remain committed to ensuring compliance with the books and records requirements of the federal securities laws, which are essential to investor protection and well-functioning markets,” Gurbir Grewal, director of the SEC’s division of enforcement, said Wednesday.

The SEC and CFTC, since 2021, have fined scores of financial institutions whose employees have been caught conducting business through personal messaging platforms such as WhatsApp. The companies, meanwhile, have kept insufficient records of those communications, the regulators said.

Wednesday’s orders mark at least the fifth round of penalties from the SEC and CFTC involving multiple banks. JPMorgan Chase saw $200 million in penalties from the regulators — $125 million went to the SEC; $75 million to the CFTC — in December 2021. That provided a template for follow-up rounds.

Citi, Goldman Sachs, Morgan Stanley, UBS, Credit Suisse, Barclays and Deutsche Bank also took $200 million penalties, with the same 125/75 breakdown between regulators, in September 2022. Bank of America took slightly more.

Successive rounds have seen HSBC, Wells Fargo and U.S. Bank take penalties. And as time has worn on, the targets — and the fines — have been smaller.

Industry advocates spoke out against the expanding parameters of regulators’ effort to root out unapproved platform use, saying rules are slightly different for money managers.

“We are strongly concerned that the SEC is attempting to exceed its authority under the Advisers Act and engaging in rulemaking by enforcement through its current sweep regarding off-channel communications,” the Investment Company Institute wrote in a letter to the agency seen by the Financial Times.