The U.S. securities regulator has collected thousands of staff messages from more than a dozen major investment companies, escalating its probe into Wall Street’s use of private messaging apps like WhatsApp to discuss work. The Securities and Exchange Commission (SEC) has asked the firms, including Apollo, Blackstone, Carlyle, KKR and TPG, to internally review the messages, which are an escalation in the investigation that started two years ago with broker-dealers and has resulted in more than $2 billion in fines.
Using personal devices and messaging apps to communicate with colleagues is common on Wall Street, but it puts financial services companies at risk of violating regulations that require them to preserve records of all business-related communications. In recent months, the SEC has begun asking firms to provide the agency with access to employees’ personal phones and their corresponding chat applications such as WhatsApp, Signal and Telegram. It is not clear how far the SEC will go in its pursuit of messages from private accounts, though some sources say it could go as high as senior executives’ personal phone numbers.
A number of major financial firms have pushed back against the SEC’s requests, saying their record-keeping requirements differ from those of broker-dealers and that the SEC is overstepping its boundaries in seeking access to personal devices and chat apps. Several industry groups have also written letters to the SEC expressing concern about privacy violations. JPMorgan Chase, for example, recently agreed to pay $200 million after admitting that it failed to preserve communications on its private chat platforms and other unapproved channels, which violated federal law and left the bank blind to conversations with clients.
SEC investigations are not proof of wrongdoing and do not necessarily lead to charges, but the head of the SEC, Gary Gensler, has defended the scrutiny, saying that compliance officers rely on the ability to review business communications to guard against misconduct. Keeping tabs on employee communications has dogged Wall Street compliance departments for years. The popularity of encrypted messaging services has made the task even more difficult.
Finance firms are required to scrupulously monitor communications involving their business in order to spot improper conduct, and it has been particularly challenging as employees have turned to the latest apps to talk to each other, such as WhatsApp, Snapchat and WeChat. Messages on these channels are typically deleted immediately after being read, making them difficult for companies to retain and review.
The SEC’s probe into WhatsApp has so far involved eight investment banks—Barclays Plc, Bank of America Corp, Citigroup Inc, Goldman Sachs Group AG, Morgan Stanley, Deutsche Bank AG and Nomura Holdings Ltd—which have already reached settlements with the regulator. In December 2021, JPMorgan paid $200 million to settle the SEC and Commodity Futures Trading Commission’s claims that it used WhatsApp and other unauthorized chat platforms to bypass federal record-keeping laws and conceal trades. JPMorgan’s failure to preserve those conversations prompted the SEC and CFTC to conduct a more comprehensive probe into communication protocols at other financial institutions.
