Today, the Commodity Futures Trading Commission (CFTC or Commission) issued a series of orders settling charges against swap dealers and affiliated futures commission merchants[1] Bank-Affiliated Entities) for failing to maintain, preserve, and produce records in compliance with CFTC recordkeeping requirements and for failing to diligently supervise matters related to their businesses as CFTC registrants. These orders require market participants who failed to meet legal and compliance obligations under the Commodity Exchange Act (CEA) and CFTC regulations to pay over $700 million in civil monetary penalties collectively and to implement immediate and effective remediation measures to ensure appropriate recordkeeping and supervision.

While it is true that innovative digital technologies and highly-attractive social-media tools and platforms, including chat-based apps downloaded to personal cell phones, may enable faster and easier communication, our recordkeeping requirements exist for important reasons. Preserving employees’ transaction-related communications and other significant records and documentation is critical to enabling effective surveillance and enforcement of CFTC regulations, reducing fraud and market manipulation, protecting investors, and preserving the integrity of our markets. Coupled with these concerns, toggling between authorized and unauthorized communication tools and engaging in offline communications of confidential client information or protected market data creates cybersecurity and privacy threats for customers, as well as banks and bank-affiliated entities and their employees. Convenience must not compromise our core values—customer protection and market integrity.

According to the CFTC’s investigation, employees at the Bank-Affiliated Entities failed to comply with CFTC recordkeeping requirements, as well as firm-wide internal recordkeeping policies. The investigation also found that managers failed to diligently supervise their employees’ compliance with recordkeeping obligations.

I recognize this is not the first time the Commission has uncovered this misconduct at major financial institutions registered with the CFTC.[2] The egregious and widespread nature of this behavior, in tandem with an increasing reliance on novel communications platforms available on personal mobile devices, indicates a concern that—unless effectively addressed—may negatively impact market-participants’ internal compliance, the integrity of communications across market relationships, the Commission’s ability to carry out its mandate to oversee registrants, and the Division of Enforcement’s ability to effectively and efficiently investigate conduct that may violate the CEA and/or CFTC regulations.

It is important to note that relevant technologies are evolving quickly. Today’s resolutions reveal a need for entities operating within our markets to address imminent operational challenges. Increased reliance on simple, easy-to-access but unauthorized chat and text platforms will pose a significant challenge for many types of entities operating in our markets. Internal compliance programs must adopt internal controls consistent with this new landscape. Firms must inculcate a culture of compliance at all levels of their organization to mitigate the risks associated with using unauthorized chat and text platforms.

The substantial penalties levied in these cases are appropriate in light of the longstanding and pervasive nature of the conduct. Nevertheless, I believe that the Commission must think hard about additional policies to deter this type of misconduct in the future.

The Securities and Exchange Commission (SEC) also announced today the entry of orders settling charges against the Bank-Affiliated Entities and imposing civil monetary penalties for related recordkeeping and supervision violations. I am hopeful that this joint effort by the CFTC and SEC sends a strong message to the industry that we will continue to pursue this egregious behavior and there will be serious consequences for bad actors.

Finally, I applaud the excellent work of the Division staff for their efforts in shedding light on this conduct, including Devin Cain, James Wheaton, Benjamin J. Rankin, Jack Murphy, Jake Mermelstein, Alejandra de Urioste, R. Stephen Painter, Jr., Lenel Hickson, Jr., and Manal Sultan.

[1]  Bank of America, N.A. and BofA Securities, Inc., and Merrill Lynch, Pierce, Fenner & Smith Incorporated; Barclays Bank, PLC, and Barclays Capital Inc.; Cantor Fitzgerald & Company; Credit Suisse International and Credit Suisse Securities (USA) LLC; Citibank, N.A., Citigroup Energy Inc., and Citigroup Global Markets Inc.; Deutsche Bank AG and Deutsche Bank Securities Inc.; Goldman Sachs & Co. LLC, f/k/a Goldman, Sachs & Co.; Jefferies LLC and Jefferies Financial Services, Inc.; Morgan Stanley & Co. LLC, Morgan Stanley Capital Services LLC, Morgan Stanley Capital Group Inc., and Morgan Stanley Bank, N.A.; Nomura Global Financial Products, Inc., Nomura Securities International Inc., and Nomura International PLC; UBS AG; UBS Financial Services Inc., and UBS Securities LLC.

[2]  See Complaint, CFTC v. Gorman, No. 21-cv-870, 2021 WL 345412 (S.D.N.Y Feb. 1, 2021) (complaint charging trader with making false or misleading statements to Division staff concerning his deletion of unapproved personal device communications that were subject to a Division preservation request); see also In re JPMorgan Chase Bank, N.A., CFTC No. 22-07, 2021 WL 6098347 (Dec. 17, 2021) (consent order imposing $75 million monetary penalty for recordkeeping and reporting violations related to unapproved communication methods).