Aggressive US action against 'off-channel communications' sends sharp message across Atlantic

United States regulators recently targeted 11 financial institutions, as well as five affiliates, for breaches of record-keeping requirements conducted on employees' personal devices - fines of over $1.8 billion and remediation obligations were imposed. Firms here in the UK should revisit their response to the relevant rules, guidance and regulatory expectations, cautions David Rundle.

David Rundle is counsel in WilmerHale's UK White Collar Defence and Investigations group. David's practice focuses on defending FCA enforcement investigations against firms and senior managers. Contact him on david.rundle@wilmerhale.com.

On 27 September, the Securities and Exchange Commission alongside the Commodity Futures Trading Commission jointly announced settlements with a number of financial institutions, relating to breaches of record-keeping requirements under the Exchange Act. The breaches concerned 'off-channel communications', messages sent and received by employees through their personal devices, whether by text message or through other platforms like WhatsApp, that related to the business of their respective firms. The investigations that led to the settlements were part of an industry-wide sweep conducted by the US regulators in 2021. Although the regulators' interest in off-channel communications may have been prompted by the shift in working conditions caused by the pandemic, much of the underlying conduct predated the emergence of Covid-19. To that extent, the investigations revealed that employees were using personal devices for business-related discussions when their working lives were still principally office based.