WhatsApp woes | U.S. Bank fined $6million for employee communication violations by the CFTC

U.S. Bank fined $6million for employee communication violations by the CFTC

The CFTC has fined U.S. Bank $6million over recordkeeping failures after employees used unapproved communication channels.

It also ordered a simultaneous $1million fine against Oppenheimer & Co for similar misdemeanors, in a statement released on March 19.

Both U.S. Bank and Oppenheimer & Co have agreed to pay the fines.

The Commission found that  U.S. Bank and Oppenheimer & Co employees, including those at senior levels, “communicated both internally and externally using unapproved methods, including via personal text messages.”

As a result, the regulator rules that the companies did not properly enforce its policies that ban employees from using unapproved communication methods, such as personal text messages and WhatsApp for business-related communications.

According to CFTC findings, hundreds if not thousands of business-related communications, including communications relating to U.S. Bank’s swaps business and Oppenheimer & Co’s commodities business were not monitored, subject to review, or archived – a major recordkeeping failure.

The CFTC has reported in both cases that supervisory personnel responsible for keeping employees compliant with company policy on business communication are themselves using unapproved methods of communication.

Both parties have been ordered to prevent further cases of employee communication on non-authorized or personal channels.

Wall Street’s employee communication violation epidemic

U.S. Bank and Oppenheimer & Co are not alone in failing to keep employees in line with bans on using personal devices for business communication.

In the past few years, Bank of America, the Bank of Montreal, Barclays, BNP Paribas, JPMorgan Chase, Société Générale, Wells Fargo, and others have been collectively fined billions of dollars by CFTC and the U.S. Securities and Exchange Commission (SEC).

There appears to be a systemic issue, with financial institutions unable – or unwilling – to stop employees from conducting business communications on non-company-authorized software.

This isn’t just a problem if you're on Wall Street. Even for companies that do not need to comply with securities or commodities laws or regulations, employees engaging in business communications on channels that are not authorized company software raises compliance issues.

Guidance from the Department of Justice on corporate compliance programs underscores the need for recordkeeping and the risks involved with employees using personal devices for business communications.

Policies governing such applications should be tailored to the corporation’s risk profile and specific business needs and ensure that, as appropriate and to the greatest extent possible, business-related electronic data and communications are accessible and amenable to preservation by the company.”

In short, employers may be called upon to produce important records from employee communications. If those conversations took place on personal devices, and cannot be accessed by the company, this poses a compliance risk to the company.

Employers must therefore be careful to make sure that their policies are clear, creating the necessary cultural practices and structural guidelines for business-related communication between employees.

Training on the importance of using company-approved messaging software and safe channels for whistleblowing when misdemeanors may also help curtail the personal device epidemic that appears to be sweeping U.S. businesses.

You are currently previewing this article.

This is the last preview available to you for the next 30 days.

To access more news, features, columns and opinions every day, create a free myGrapevine account.