Public Statements & Remarks

Statement of Commissioner Kristin N. Johnson Regarding the CFTC’s Reaching Over $1 Billion in Civil Monetary Penalties Against Bank-Affiliated Entities for Employees’ Offline Communications

August 08, 2023

Today, the Commodity Futures Trading Commission (CFTC or Commission) issued a series of orders settling charges against swap dealers and their affiliated futures commission merchants[1] (Bank-Affiliated Entities).  According to the CFTC’s investigation, employees at the Bank-Affiliated Entities failed to comply with CFTC recordkeeping requirements, as well as firm-wide internal recordkeeping policies.  The investigation also found that managers failed to diligently supervise their employees’ compliance with recordkeeping obligations.

These orders require market participants who failed to meet their legal and compliance obligations under the Commodity Exchange Act (CEA) and CFTC regulations to pay a total of $266 million in civil monetary penalties and to implement immediate and effective remediation measures to ensure appropriate recordkeeping and supervision.  These orders represent the most recent enforcement actions in the Commission’s continuing investigations of many of the country’s largest financial institutions and their violations relating to offline communications.[2]

The increasingly pervasive use of personal electronic communications—including email and text, but also social media and chat-based apps—to conduct regulated business may enable faster and easier communication, but using unapproved channels violates important regulatory recordkeeping requirements.  These requirements exist for important reasons; preserving employees’ trade-related communications and other significant records enables effective surveillance and enforcement of the CEA and CFTC regulations, helps to root out fraud and market manipulation, protects investors, and preserves the integrity of our markets.  Toggling between authorized and unauthorized communication tools and thus engaging in offline communications of confidential client information or protected market data unmonitored by a bank’s compliance infrastructure creates cybersecurity and privacy threats for customers, as well as for banks and Bank-Affiliated Entities and their employees. Convenience must not compromise our core values—customer protection and market integrity.

The egregious and widespread nature of this behavior in tandem with an increasing reliance on novel communications platforms available on personal mobile devices unless effectively addressed will undermine market participants’ internal compliance, the integrity of communications across market relationships, the Commission’s ability to carry out its mandate to oversee registrants, and the Division of Enforcement’s ability to effectively and efficiently investigate conduct that may violate the CEA or CFTC regulations.

Collectively, the CFTC has now imposed over $1 billion in civil monetary penalties on the eighteen financial institutions thus far charged with offline communications violations.[3] These institutions are by any measure among the largest in the world, are well-regulated, and have compliance programs that are held to state-of-the-art standards.

Yet the Commission’s settlement orders, both today and previously, show an alarming trend.  The orders repeatedly describe how the investigations into these violations revealed that the majority of the employees whose communications were sampled were found to have used unapproved channels for conducting bank business.  And the use of a sampling process to investigate these matters suggests that the uncovered violations are the proverbial tip of the iceberg.  The breadth of the violative use of offline communications across the industry is rather staggering when viewed through that lens.

Thus, in each of these orders, the CFTC has also required the respondents to review, evaluate, and remediate their supervisory and compliance controls and procedures regarding electronic communications.  I view these components of the resolutions to be of tantamount importance to the penalties, as the remediation not only will reduce the likelihood that these particular financial institutions run afoul of these recordkeeping provisions a second time, but also will refine and strengthen the gold standard for the entire industry.

Relevant technologies are evolving quickly.  Today’s resolutions emphasize the need for our market participants to address imminent operational challenges.  Employees’ increased reliance on simple, easy-to-access but unauthorized chat and text platforms will pose a significant challenge for many types of entities operating in our markets.  Internal compliance programs must adopt controls consistent with this new landscape.  Firms must inculcate a culture of compliance at all levels of their organization to mitigate the risks posed by unauthorized use of chat and text platforms.

The substantial penalties levied in these cases are appropriate in light of the longstanding and pervasive nature of the conduct.  Nevertheless, I believe that the Commission must think hard about additional policies to deter this type of misconduct in the future.

The Securities and Exchange Commission (SEC) also announced today the entry of orders settling charges against the same banks charged by the CFTC and imposing civil monetary penalties for related recordkeeping and supervision violations.  I am hopeful that this joint effort by the CFTC and SEC sends a strong message to the industry that we will continue to pursue this flagrant behavior and there will be serious consequences for bad actors.

Finally, I thank the Division staff for their efforts in shedding light on this conduct, with special thanks to Meredith Borner, Devin Cain, Jack Murphy, Alejandra de Urioste, Jonah E. McCarthy, R. Stephen Painter, Jr., A. Daniel Ullman II, Lenel Hickson, Jr., Paul Hayeck, and Manal Sultan.


[1] BNP Paribas and BNP Paribas Securities Corp.; Société Générale SA and SG Americas Securities LLC; Wells Fargo Bank NA and Wells Fargo Securities LLC; Bank of Montreal; and Wedbush Securities Inc.

[2] See, e.g., Statement of Commissioner Kristin N. Johnson Regarding CFTC Orders Against HSBC for Fraudulent and Manipulative Swaps Trading and Spoofing, and for Recordkeeping and Supervision Failures, May 12, 2023, https://www.cftc.gov/PressRoom/SpeechesTestimony/johnsonstatement051223; Statement of Commissioner Kristin N. Johnson Regarding CFTC Order Against The Bank of Nova Scotia and Scotia Capital USA Inc. for Recordkeeping and Supervision Failures Relating to Offline Communications, May 11, 2023, https://www.cftc.gov/PressRoom/SpeechesTestimony/johnsonstatement051123; Statement of Commissioner Kristin N. Johnson Regarding CFTC Orders for $700 Million Penalty Against Bank-Affiliated Entities for Offline Communications, Sept. 27, 2022, https://www.cftc.gov/PressRoom/SpeechesTestimony/johnsonstatement092722.

[3] Since December 2021, the CFTC has imposed $1.091 billion in civil monetary penalties on 18 financial institutions for their use of unapproved methods of communication, in violation of CFTC recordkeeping and supervision requirements. See CFTC Press Release Nos. 8470-21; 8599-22; 8699-23; 8701-23.

-CFTC-