Some Banks will be fined by SEC with millions for WhatsApp and Messenger use

[German]Some banks (Deutsche Bank and others) have caught a fat problem with allowing WhatsApp or other messengers among employees. According to the U.S. Securities and Exchange Commission, the banks are in violation of requirements (as these Messenger messages can be deleted). Now they face fines totaling $2 billion (the settlement is likely to be announced by the end of September 2022).


Advertising

Using messengers in business environments seems critical. cIn 2018, I had deleted WhatsApp as a messenger here because of the European GDPR (General Data Protection Rules). But many companies continued to use WhatsApp in business environments. Online a few enterprises has prohibited the use of WhatsApp in the corporate environment. While in Europe the GDPR may be relevant for corporate use, in the US banks are bound by other rules from SEC etc. These SEC compliance requirements cannot be fulfilled with private messengers such as WhatsApp.

Violating US SEC compliance requirements

Institutions such as Bank of America, Citigroup, Goldman Sachs, Morgan Stanley, Barclays and Deutsche Bank, as well as Japanese bank Nomura, were still diligent in their WhatsApp use, however. From what we read, private messengers seem to be quite popular in the communication of bank employees and managers – even if their use is problematic for security and privacy reasons.  The banks have now gotten themselves into a lot of trouble in the USA. I came across the information via the following tweet.

Deutsche Bank: Strafe wegen WhatsApp-Nutzung

Source of the report article is this article (membership required) from US Wall Street Journal. The US Securities and Exchange Commission (SEC) has been investigating the use of messengers such as WhatsApp in the business environment of banks since 2021. The use of these messengers violates requirements of the SEC – as this means that compliance requirements (archiving messages) cannot be met.

In the USA, companies in the financial sector like banks must archive their communications – which is not guaranteed with private messengers.  The background to the US Securities and Exchange Commission's requirement is the Libor scandal. Traders at several major banks, including Deutsche Bank, manipulated important reference interest rates. The illegal collusion was organized via chat messages.

In early 2022, Deutsche Bank advised employees (according to reports) that WhatsApp messages should not be deleted. In any case, in its annual report for the second quarter of 2022, Deutsche Bank has provisions for impending lawsuits and penalties totaling 165 million euros and wrote:


Advertising

including additional provisions related to regulatory investigations by the U.S. SEC and the CFTC regarding employee use of unauthorized devices and the Company's recordkeeping requirements.

There is probably information in financial circles that the ten members of the Deutsche Bank Board of Managing Directors each want to forego 75,000 euros of their variable compensation because of the misconduct. It is reported from Wall Street Journal, that Bank of America, Citigroup, Goldman Sachs, Morgan Stanley, Barclays and Deutsche Bank are close to some agreement with the U.S. Securities and Exchange Commission (SEC) and the derivatives regulator CFTC. According to this report, each of the named institutions is to face a fine of up to 200 million US dollars. The amount is said to be smaller for Japan's Nomura Bank. Overall it may be an 1 Billion Dollar overall charge for all banks. The settlements could be announced by the end of September 2022.

German financial regulator Bafin is also investigating WhatsApp use by Deutsche Bank employees, according to Handelsblatt. According to insiders, managers at the bank and its fund subsidiary DWS are said to have regularly communicated outside official channels in the past. So there could be penalties there, too, especially since the authorities (in addition to compliance violations) also fear possible security breaches. These could give hackers access to sensitive systems by mixing official and private apps and official and private devices. The GDPR has not even been addressed in this regard – there could be trouble there as well.


Advertising

This entry was posted in Security, Software and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).