High priced real estate at the intersection of the old rule of books and records and the new reality of how people communicate | Ulmer & Berne SARL
Good year! I hope you had a good holiday season. At least happier than that of JP Morgan Securities, which just before Christmas had to write checks to the SEC and CFTC totaling $ 200 million. That’s a lot, even for JPMS. How did it happen?
Well the story begins with a very old and very broad SEC rule, specifically SEC rule 17a-4 (b) (4), which since 1939 (as far as I can determine) requires brokers to keep in an easily accessible place the originals of all communications sent and received relating to the “activities as such” of the business. It has probably never been easy to guess with much precision what exactly “business as such” means, but, obviously, this somewhat odd expression was deliberately used to capture an extremely wide swath of documents. So for the sake of convenience, let’s say it covers just about anything that anyone in a CA – but especially the leadership of a CA – sends or receives that has anything to do with the business of the CA. ‘business. Unsolicited emails to buy generic Viagra? Feel free to delete them, but be careful with everything else.
Regardless, when all of a company’s records were in paper form, it was relatively easy to keep track and preserve the documents covered by the rule simply by placing them in paper folders in a filing cabinet in the corner of the desk. But, the world is gone from paper. Recognizing that in 1970, the SEC authorized BDs to keep their records on microfilm. In 1993, by a letter of no action, the SEC recognized the optical disc as an acceptable means of storage of communications. Then, in 1997, the codification and extension of this concept, approving the use of any electronic storage medium.
While the SEC is to be commended for its attempt to keep up with the times, the times always manage to stay ahead. This is what caused the problem for JPMS. Specifically, the problem is that today people communicate – A LOT – through personal devices, using specialized apps that no one could have envisioned when the rule was enacted decades ago. But the SEC rule doesn’t care; the rule requires that ALL communication relating to company activities be captured, reviewed and retained. It doesn’t matter how the communication was sent, whether paper or electronic or carrier pigeon or semaphore.
Most companies are tackling this problem – the difficulty of simply being aware of communications sent from personal devices – by categorically prohibiting their registered employees from conducting business on their personal phones, laptops and tablets. Indeed, this is what JPMS did. It’s just very, very difficult to apply such a policy because it goes completely against the way people are acting in 2022.
Do you want proof ? Last year, in what now looks like the tip of the iceberg, the SEC settles case with JonesTrading Institutional Services, a California comic, and imposed a civil fine of $ 100,000 on him for “failing to keep business-related text messages sent or received by several of his representatives recorded on their personal devices when they communicate with each other, with company clients, and with other third parties. ”Notably, the SEC found that“ senior management at JonesTrading was among those sending and receiving business-related text messages that were not not kept by the company. ”Ouch.
Seems the SEC must have figured out, gee, if JonesTrading is doing this, what about everyone else? In October 2021, Gurbir Grewal, director of the SEC’s Enforcement Division, citing the JonesTrading case, Gave a speech in which he issued this not-so-enigmatic warning:
Record-keeping violations may not make the headlines, but the underlying obligations are critical to market integrity and enforcement. . . . We continue to see in multiple investigations cases where one party or company that used out-of-channel communications kept and produced them, while the other did not. These failures not only delay and hamper investigations, but they raise broader issues of accountability, integrity and spoliation.
Shortly after, news broke that the SEC was conducting a “sweep”, looking for the same issues it spotted at JonesTrading. And poor JPMS got caught in the SEC’s nets. I dare say it won’t be the last, because I think most companies, maybe even the vast majority of companies, are guilty of doing the same things as JonesTrading and JPMS.
This raises the question of whether the issue is the way brokers conduct their business, or whether the rule needs to be updated to reflect the reality that the ability to capture and preserve all communications that pertain to the business of brokers. A business as such is very doubtful given the ubiquity of personal communication devices. Frankly, I don’t know how the rule should read; I just know it seems a little unfair to fin a company $ 200 million for doing what everyone else is doing as well.
Having said that, I guess there are some lessons to be learned from JPMS. SEC Regulation.
First of all, it should be noted, once again, that JPMS had a policy that “the use of unapproved electronic communication methods, including on their personal devices, was not permitted, and they should not not use personal messaging, chat or business text applications. or transmit work-related communications to their personal devices. If you don’t already have such a policy, you need it. This is the easy part, and there is no excuse not to do it.
Second, JPMS also had “procedures for all employees, including supervisors, requiring annual self-certification” with its ban on the use of personal devices for business communications. So, again, point to JPMS, and one more good practice to adopt.
Unfortunately, JPMS “failed to implement a monitoring and review system to determine that supervisors’ responsibility to supervise was reasonably exercised so that supervisors could prevent and detect employee violations of requirements. of books and registers ”. The cabinet also “did not have sufficient oversight in place to ensure that its record keeping and communication policies were followed.” What does this mean in real terms? It means that “[e]Even after the company became aware of significant violations, widespread record-keeping failures and oversight failures continued, with a significant number of JPMorgan employees failing to meet basic record-keeping requirements. files.
Looking at this quantitatively, you can maybe see why the fine was so large:
- A High Quality Credit Trading Desk Executive Director and Co-Supervisor started a WhatsApp group chat titled “Portfolio Trading / auto ex” on April 24, 2019 and invited the other 19 trading desk members to join. From April 24 to December 16, 2019, at least 1,100 messages were sent to the focus group, almost all of which related to the company’s securities business;
- From November 2019 to at least November 2020, an executive director who worked in the capital markets office texted more than 100 colleagues, including the investment bank, and dozens of CEOs and heads of several sectors of the industry. ‘activity;
- The same executive director also sent text messages to dozens of the firm’s clients, third-party advisors and market participants;
- In total, this Executive Director sent over 2,400 text messages over the one-year period, discussing various aspects of high yield and leveraged capital market activity;
- Between January 2018 and November 2019 at least, company employees, including office managers, general managers and other senior executives, sent and received more than 21,000 text messages and emails related to staff activity. titles using unapproved communication methods on their personal devices.
This all probably looks worse than it should simply due to the fact that JPMC is a big company, with a lot of customers and a lot of employees, so necessarily the numbers are high. I am, however, firmly convinced that the phenomenon cited in the Settlement – that even the Respondent’s senior executives use personal devices for corporate business, thereby preventing such communications from being preserved – is common in the industry. .
Which brings me back to the rule itself: if there is a rule that is, fundamentally, unenforceable, but comes at a crazy price for breaches of compliance, then there is a problem with the rule and not with companies that turn out to have violated it. I’m sure there will be more regulations to come, and the facts will look a lot like the JPMC regulations. All the more reason to consider how this cranky old ruler can be dragged into the 21st century.