The sequel we had all been expecting to the blockbuster Nightmare on Wall Street (starring JPMorgan Securities) was released on Tuesday this week and in many ways it was just as ‘box office’ as the first in the series. There were more well-known actors involved in NOWS 2, and as is often the case the plot and dialogue was repetitive. But probably most noteworthy was the messaging and promotion from the co-production teams behind this, the Securities and Exchange Commission and the Commodity Futures Trading Commission.

The original release in December last year saw JPMorgan Securities receive a $200m fine for widespread and longstanding use of unrecorded e-communication (text, personal email, WhatsApp) at all levels of its business (including senior managers and supervisors). It took the market’s breath away due to the size and severity of the action.

The announcement on Tuesday of cumulative fines of $1.8bn for 15 BDs and 1 IA from the SEC and CFTC was hardly less dramatic and has sent a message to all financial firms that recordkeeping failures will simply not be tolerated. Financial firms’ failure to retain and supply communications related to their business impedes the regulators from doing their job properly, threatens market integrity and is a core breach of trust.

The SEC’s Director of the Division of Enforcement, Gurbir Grewal said, ‘today’s actions – both in terms of the firms involved and the size of the penalties ordered – underscore the importance of recordkeeping requirements: they’re sacrosanct’.

The two events combine to leave senior management and compliance in no doubt about where regulators stand on use of new forms of digital channel and communication in an area where many had conveniently been in denial. What was previously a gray area is now black and white. CFTC Commissioner Christy Goldsmith Romero said,  ‘it was well known within these banks that their internal policies were being flagrantly violated in practice. But no one stopped it’.

The regulators left a rather scary footnote and said that other broker dealers and asset managers subject to similar requirements would be well-served to self-report and self-remediate any deficiencies. Firms will no doubt already be busy working on the second of those options, but the first approach is only for the brave. Remedies could range from a blend of policy change, increased monitoring, attestation, training, increased corporate device deployment, and the adoption of new technology. Compliance teams need to be thorough, swift, document their approach, and create a path to resolution that has the best chance to be viewed favorably by their regulators.

It is clear that this is going to be part of the fabric now and it is going to be interesting to see how many other regulators adopt this approach in their routine supervision and examination and to what extent it leads to enforcement. This scene is going to be seen again.