HSBC Securities and Scotia Capital will pay $15 million and $7.5 million, respectively, to settle SEC charges that employees at both broker/dealers often spoke about business “off-channel” through personal devices and messaging platforms like WhatsApp.
According to the dual orders announced Thursday, both firms failed to maintain and preserve these electronic communications, and in settling the charges, both acknowledged that their oversight fell short and violated record-keeping mandates in federal securities laws (which require firms to hold such communications for at least three years).
SEC Enforcement Division Director Gurbir S. Grewal said the penalties could have been higher if the firms hadn’t approached the commission about their concerns and said more firms should disclose violations if they find them.
“Both HSBC and Scotia Capital self-reported and self-remediated their record-keeping violations, and the reduced penalties in these cases reflect their efforts and cooperation,” he said. “As we continue our efforts to ensure compliance with the commission’s essential record-keeping requirements, we encourage other firms to take note and likewise self-report.”
The HSBC and Scotia orders mirror SEC charges against 26 broker/dealers and one affiliated investment advisor last September for “widespread and long-standing failures” in meeting record-keeping requirements for electronic communications.
The accused firms included many of the biggest names in the financial services industry, including Bank of America, Citigroup, Morgan Stanley and UBS, and resulted in a mammoth $1.1 billion in collective fines and penalties.
In 2021, shortly after the SEC launched a “risk-based initiative” into whether b/ds were retaining messages sent on personal devices, HSBC Securities and Scotia Capital approached commission staff after finding off-channel communications, according to the orders. Both firms worked with SEC staff by gathering communications from the personal devices of b/d personnel.
In the case of HSBC, the investigation found “pervasive off-channel communications” between January 2018 through September 2021; when reviewing 15 broker/dealer staff, SEC staff found that almost all of them had conversations about business off-channel by speaking with other HSBC employees and customers (including investment banking clients).
The number of personnel sending off-channel communications included managing directors, vice presidents and traders, with topics including “desk updates, discussions of investment banking client meetings and communications about market color, analysis, activity trends or events.”
In one example, a managing director at HSBC sent and received hundreds of off-channel communications with employees, clients and individuals at other firms, while directors at Scotia exchanged thousands of unsupervised messages over the course of years. The commission also knocked both firms for failing to oversee that supervisors were following firm policies.
A Scotiabank spokesperson said the bank had agreed to the regulators' resolutions, and said it was "committed to conducting our business according to the most current high standards of business conduct and adhering to all regulatory requirements," while an HSBC spokesperson said the bank appreciated that both the SEC and Commodity Futures Trading Commission noted their commitment to changing internal controls, if needed.
"In recent years, we have made significant investments in enhancing our compliance procedures and have worked diligently to maintain the highest standards for professional conduct throughout our organization,” the HSBC spokesperson said.
The charges from last year against some of the industry’s largest players showed the commission saw a “systemic issue” in the market, according to ComplySci Chief Regulatory Officer John Gebauer, who expected questions about communications to become a “routine” part of exams.
However, he doubted penalties going forward would scale the high dollar amounts of last September’s penalties.
The CFTC also settled charges with the firms, both of which agreed to hire compliance consultants to conduct “comprehensive reviews” of their policies (neither firm offered details when asked about the timing of when they would partner with a compliance consultant, or if they already had).