How encrypted messaging apps became the lynchpin of a regulatory probe into Wall Street firms | Explained

The U.S. Securities and Exchange Commission (SEC) is increasing its scrutiny of Wall Street firms and their employees to learn the degree to which personal messaging apps like WhatsApp were used to discuss business matters

Published - October 20, 2023 02:51 pm IST

The SEC expects U.S.-based finance companies to keep and preserve their employees’ electronic communication [File]

The SEC expects U.S.-based finance companies to keep and preserve their employees’ electronic communication [File] | Photo Credit: AP

Story so far: The U.S. Securities and Exchange Commission (SEC) is investigating Wall Street investment company employees’ chat messages to confirm how widely they used personal messaging apps such as Meta’s WhatsApp, privacy-focused Signal, or Apple’s iMessage to discuss business.

The regulator collected thousands of such messages from employees working at more than 10 investment companies, according to a Reuters report.

Why is the SEC collecting Wall Street firms’ WhatsApp messages?

Like many regulators, the SEC expects U.S.-based finance companies to keep and preserve their employees’ electronic communication. Legacy communication platform providers like Microsoft and Google offer enterprise products tailored to meet these very needs. But when employees from different parts of the company’s hierarchy use personal or “off-channel” methods of communicating with each other or discuss work through these platforms, the integrity of the company’s communication records is impacted, according to the SEC.

During the pandemic years, as employees worldwide adapted to work-from-home or hybrid work patterns, a number of them began using personal messaging apps and services for work-related reasons. While this may seem innocuous, employees in large investment companies - such as Wall Street firms - could end up losing or deleting vital business information that the SEC and other legal authorities might demand as evidence in potential legal cases or investigations in the future.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

“To date, the Commission has brought 30 enforcement actions and ordered over $1.5 billion in penalties to drive this foundational message home,” said Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, in an August 8 notice, urging firms to “self-report, cooperate and remediate.”

In the latest case reported by Reuters, some of the targeted companies included Carlyle, Apollo, KKR, TPG, and Blackstone. In a sign that the SEC is hardening its stance, the regulator may review the thousands of collected employee messages rather than hitting the company with a fine and entrusting them to manage their employees’ workplace communication hygiene through internal reviews or an independent consultant.

The SEC has not commented on its actions yet or confirmed it charged more companies over record keeping failures.

Has the SEC fined companies over this issue before?

Since around 2021, the SEC has taken action against companies over their employees using personal messaging apps to discuss work, or them exchanging work messages through apps on personal devices.

On August 8 this year, the SEC charged 11 Wall Street firms for “widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications.” The firms agreed to pay combined penalties of $289 million and improve their communication processes to comply with the SEC’s record keeping requirements.

The SEC said that from 2019, the firms’ employees used apps such as iMessage, WhatsApp, and Signal to discuss their employer’s business.

“The firms did not maintain or preserve the substantial majority of these off-channel communications, in violation of the federal securities laws. By failing to maintain and preserve required records, certain of the firms [sic] likely deprived the Commission of these off-channel communications in various SEC investigations. The failures involved employees at multiple levels of authority, including supervisors and senior executives,” said the regulator on its website.

On September 29, the SEC charged 10 firms that included broker-dealers and investment advisers for “widespread and longstanding failures to maintain and preserve electronic communications.” The companies agreed to pay combined penalties of $79 million and improve their communication processes as well.

Some companies that were charged for record keeping failures through this year include Wells Fargo Securities, LLC., HSBC Securities (USA) Inc., Barclays Capital Inc., Goldman Sachs & Co. LLC., Robert W. Baird & Co. Inc., and Perella Weinberg Partners LP.

Could video meetings be next?

Senior executives at major finance companies are also concerned that the SEC will next demand records of work-related video meetings, which are usually treated quite casually by companies, reported Reuters on October 18.

Such meetings shot up in frequency as the COVID-19 virus raged through the world, with many interactions taking place on Microsoft Teams or Zooms. Some companies have started recording and preserving these sessions for compliance purposes, as per the Reuters report.

Meanwhile, HSBC, which has been charged by the SEC in the past, is not letting certain employees send texts using their work phone, Bloomberg reported this week.

Why do end-to-end encrypted messages and apps worry regulators?

Record keeping requirements come under multiple parts of U.S. law. For example, the Investment Advisers Act of 1940 and the Securities Exchange Act of 1934 have record keeping provisions which the SEC needs to uphold. However, when dealing with work-related messages sent through apps like WhatsApp and Signal, which have end-to-end encryption, legal bodies may find it difficult to access these messages quickly, or even know that they exist. This will make it far more difficult for them to build airtight cases or submit evidence, in the event of a potential legal incident.

Additionally, seizing personal devices/apps to look at work-related messages can lead to the regulator being accused of overstepping limits or even violating people’s privacy rights. These are some reasons why the SEC wants high-level finance company employees to keep work talk restricted to workplace apps and devices.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.