Banks hit with $549 million in fines for use of Signal, WhatsApp to evade regulators’ reach

U.S. regulators on Tuesday announced a combined $549 million in penalties against Wells Fargo and a raft of smaller or non-U.S. firms that failed to maintain electronic records of employee communications.

The Securities and Exchange Commission disclosed charges and $289 million in fines against 11 firms for “widespread and longstanding failures” in record-keeping, while the Commodity Futures Trading Commission also said it fined four banks a total of $260 million for failing to maintain records required by the agency.

It was regulators’ latest effort to stamp out the pervasive use of secure messaging apps like Signal, WhatsApp or Apple‘s iMessage by Wall Street employees and managers. Starting in late 2021, the watchdogs secured settlements with bigger players including JPMorgan Chase, Goldman Sachs, Morgan Stanley and Citigroup. Fines related to the issue total more than $2 billion, according to the SEC and CFTC.

“Today’s actions stem from our continuing sweep to ensure that regulated entities, including broker-dealers and investment advisers, comply with their recordkeeping requirements, which are essential for us to monitor and enforce compliance with the federal securities laws,” Sanjay Wadhwa, deputy director of enforcement at the SEC, said in the release.

The firms admitted that from at least 2019, employees used side channels like WhatsApp to discuss company business, failing to preserve records “in violation of federal securities laws,” the SEC said Tuesday.

Wells Fargo, the fourth biggest U.S. bank by assets and a relatively small player on Wall Street, racked up the most fines on Tuesday, with $200 million in penalties.

“We are pleased to resolve this matter,” said Wells Fargo spokeswoman Laurie Kight.

French banks BNP Paribas and Societe Generale were fined $110 million each, while the Bank of Montreal was fined $60 million. The SEC also fined Japanese firms Mizuho Securities and SMBC Nikko Securities and boutique U.S. investment banks including Houlihan Lokey, Moelis and Wedbush Securities.

Bank of Montreal has “made significant enhancements to our compliance procedures in recent years” and is pleased to have the matter behind them, said spokesman Jeff Roman.

The other banks penalized Tuesday declined to comment.

Apart from the fines, banks were ordered to “cease and desist” from future violations and hire consultants to review bank policies, the SEC said.

On Wall Street, company records of emails and other communications via official channels are often automatically generated to adhere to requirements that clients are treated fairly. But after some of the industry’s biggest scandals of the past decade hinged on incriminating messages preserved in chatrooms, workers often leaned on side channels to conduct business.

Encrypted messages sent on third-party platforms like Signal make it impossible for banks to record and retain logs of interactions. At Wells Fargo and other banks, the practice was pervasive and happening at all levels; even the managers responsible for enforcing the rules were guilty of the practice, regulators said Tuesday.

An analysis of 13 Wells Fargo employees, for instance, found that all had violated the bank’s communications policies by using text messages to communicate with coworkers and market participants. They used the side channels to communicate with over 100 other employees, including senior supervisors, over thousands of messages, according to the CFTC complaint.

“Employees’ use of unapproved communication methods was not hidden within the firm,” the CFTC said. “To the contrary, certain supervisors—the very people responsible for supervising employees to prevent this misconduct—routinely communicated using unapproved methods on their personal devices.”

— CNBC’s Jim Forkin contributed to this report