On September 29, 2023, the Securities and Exchange Commission (“SEC”) announced charges against 10 financial firms for apparent widespread and longstanding failures to maintain and preserve employees’ electronic business communications. These firms, which included five broker-dealers, three dually registered broker-dealers and investment advisers, and two affiliated investment advisors, agreed to collectively pay a penalty of $79 million—with one receiving a significantly reduced penalty for self-reporting.

As described in the SEC’s orders, the firms admitted that their employees communicated through personal text messages and other ephemeral messaging platforms for business purposes. These off-channel communications were not preserved, in violation of the SEC’s recordkeeping provisions.

One of the firms that self-reported faces a $2.5 million penalty, while the other penalties range from $8 million to $35 million. The Director of the SEC’s Division of Enforcement, Gurbir S. Grewal, stated that “[o]ne of the orders included in today’s announced actions is not like the others,” explaining that “[t]here are real benefits to self-reporting, remediating and cooperating.”

This resolution is a continuation of the existing trend of regulators aggressively pursuing compliance in this area and cracking down on the failure to preserve business communications on messaging apps and personal devices (see our prior client alert on this topic). Given these recent actions, all companies, but particularly those regulated by the SEC, should continue to ensure that their communication policies and procedures are compliant with federal recordkeeping requirements, and review the effectiveness of such policies and procedures.

Authors: Daniel Ahn, Mark Bini, Hadas Jacobi, Kaela Dahan, Karunya Venugopal