The SEC and record-keeping: Are we done yet?
Banks keep up on the record commentary on the rules.
First there was JPMorgan. Then there were Barclays, BofA Securities, Cantor Fitzgerald, Citi, Credit Suisse, Deutsche Bank, Goldman Sachs, Jefferies, Morgan Stanley, Nomura and UBS. And now HSBC and Scotia Capital. Yes, it is one of US regulators’ favourite bugbears of recent years – record-keeping.
As in many other areas of financial services, JPMorgan is a leader even in some regulatory settlements, kicking off the flurry of payments to the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CTFC) back in December 2021 when it was found to have violated federal securities laws by failing to keep written records of employees’ communications or adequately monitoring and recording their use of channels such as text messaging and WhatsApp.
What must really sting is that HSBC got something wrong even when trying to get something right
SEC chair Gary Gensler made it clear at the time that he saw such failures as underlying much bad behaviour in markets, hence the need to stamp them out – he cited the 2013 foreign exchange scandal as just one violation that had been facilitated by off-the-books communication.
And then came the rest of the industry, with a slew of other firms charged in September 2022 with the same offences as JPMorgan, almost all of which also paid $125 million each to the SEC and $75 million each to the CFTC. Jefferies and Nomura paid $50 million each to the SEC and $30 million each to the CFTC, while Cantor paid $10 million and $6 million, respectively.
In the latest episode, HSBC had to pay the SEC $15 million and the CFTC $30 million, while Bank of Nova Scotia has paid $7.5 million and $15 million, respectively. It adds up to a total of $2 billion so far.
A bad day
Friday was a particularly bad day for HSBC, as it happens, with the CFTC also slapping it with a $45 million penalty for deceptive trading related to interest rate swaps that it had entered into with bond issuers between March 2012 and 2015, and for spoofing the voice swaps market in 2015 and 2016.
What must really sting is that HSBC got something wrong even when trying to get something right. It has been using a third-party service to record employees’ mobile phone calls since 2014, but because of some unspecified failure, it failed to record conversations between March and July 2020 – a breach of its responsibilities that was also covered in the spoofing penalty.
Anyway, with all of this new-found focus on record-keeping, it is hardly surprising that the SEC should have also tried to firm up its rules, and so in October 2022 we were treated to the wonderful announcement that “SEC Adopts Rule Amendment to Modernize How Broker-Dealers Preserve Electronic Records and Enhance the Electronic Record-keeping Requirements for Security-Based Swap Entities”.
All doubtless very worthy, but there is something about it that sounds not quite… modern.
Regulators are always grappling with the challenge of constant technological evolution. Because of that, they try as far as they can to set rules that are technology-neutral.
That doesn’t always work out. Before the latest changes, the rules governing record-keeping at broker-dealers had been adopted in 1997, when CD-ROMs or DVDs were the main storage method, hence the demand in those rules that firms be able to produce records immediately on electronic storage media or even micrographic media like microfilm.
The latest changes saw everything changed to reference an “electronic record-keeping system”.
Given that firms across the Street were being charged with hundreds of millions of dollars of penalties by regulators, you might have thought they would take any resulting tweaks to the rules on the chin and keep fairly quiet.
But as long as there are comment periods, there will be comments.
Some felt that the new terminology would indeed be generic enough to cope with technological changes in the future. But not everyone: some apparently took exception to the word “system” as too suggestive of a specific physical set-up rather than focusing on the supervision of activities.
The SEC didn’t think much of that point, arguing that to drop the word “system” would then fail to allow for the distinction between the actual record-keeping system itself and the requirements on firms when it came to record-keeping.
There was a win for the commenters, though. The SEC had proposed defining its electronic record-keeping system as “a system that preserves records in a digital format and that requires a computer to access the records”. At the request of the critics, out went the “computer” as not sufficiently technologically neutral. Now we have “…in a digital format in a manner that permits the records to be viewed and downloaded.”
In 2023, people are fretting about an existential crisis in the US banking system and just how bad the global economic meltdown might turn out to be. Record-keeping matters, obviously, but there is also something terribly 2022 about it all.