sec fines
Cybersecurity North America Spotlight

Key to Avoiding Communication Compliance Fines as 16 Firms Penalised by SEC

The US Securities and Exchange Commission (SEC) has always been very strict about the improper use of messaging apps such as WhatsApp. Sixteen new perpetrators have been identified by the US regulator as fines between $16.5million and $1.25million have been issued accordingly. 

Previously, organisations have had to pay fines in excess of $100million. In fact, in December 2021, JPMorgan had to pay $125million for record-keeping failures. While none of the 16 companies fined by the SEC had to pay that much individually, the total value of the fines was $81million. The fines faced this time were closer to the fine ($5.4million) Morgan Stanley had to pay in 2023 for breaching lending communication rules.

The firms found guilty were:

  • Northwestern Mutual Investment Services LLC (NMIS), together with Northwestern Mutual Investment Management Co. LLC (NMIM) and Mason Street Advisors LLC (Mason Street) (collectively, Northwestern Mutual), agreed to pay a $16.5million penalty;
  • Guggenheim Securities LLC (Guggenheim Securities), together with Guggenheim Partners Investment Management LLC (GPIM) (collectively, Guggenheim), agreed to pay a $15million penalty;
  • Oppenheimer & Co. Inc. (Oppenheimer) agreed to pay a $12million penalty;
  • Cambridge Investment Research Inc. (CIR), together with Cambridge Investment Research Advisors Inc. (CIRA) (collectively, Cambridge), agreed to pay a $10million penalty;
  • Key Investment Services LLC (KIS), together with KeyBanc Capital Markets Inc. (KBCM) (collectively, Key), agreed to pay a $10million penalty;
  • Lincoln Financial Advisors Corporation, together with Lincoln Financial Securities Corporation (collectively, Lincoln), agreed to pay an $8.5million penalty;
  • U.S. Bancorp Investments Inc. (U.S. Bancorp) agreed to pay an $8million penalty; and
  • The Huntington Investment Company (HIC), together with Huntington Securities Inc. (HSI) and Capstone Capital Markets LLC (Capstone) (collectively, Huntington), which self-reported, agreed to pay a $1.25million penalty.
Ensuring compliant communication from employees

The SEC said its investigation into the firms uncovered ‘pervasive and longstanding uses of unapproved communication methods’. These fines were the latest effort by the SEC to eradicate the use of improper and non-compliant communication from employees within a business.

Many of these prominent companies spend millions of dollars on IT security systems like firewalls, email security, VPNs and DLP. Despite these concerted efforts, the continuous use of consumer messaging apps are a real threat for large financial organisations, both from a compliance and security perspective.

“Today’s actions against these 16 firms result from our continuing efforts to ensure that all regulated entities comply with the recordkeeping requirements, which are essential to our ability to monitor and enforce compliance with the federal securities laws,” said Gurbir S. Grewal, director of the SEC’s Division of Enforcement. “Once again, one of these orders is not like the others: Huntington’s penalty reflects its voluntary self-report and cooperation.”

What can be done?

The issue at hand is clear, businesses need channels of communication within their staff at all levels. However, the use of consumer messaging apps cannot provide a safe and secure platform for this. The solution in theory is simple, organisations need to eliminate the use of these non-compliant apps whilst providing their staff with a viable alternative that is safe and secure, and adheres to SEC guidelines.

However, given the length of time firms have been failing to comply, it is evident that this is much easier said than done.

There are a variety of ways in which firms can ensure they remain secure and compliant. One way this can be done is by partnering with the right organisations. For example, Salt Communications’ is working with institutions across the globe to provide an alternative to unsafe consumer messaging apps to give both businesses and their customers peace of mind that their precious data is compliant as well as safe from malicious attackers.

Addressing compliance and data auditing 

Another example is SayHey Messenger. Speaking to The Fintech Times, Shane Long, president and COO of digital transformation company 7T (owners of SayHey Messenger) explained: “Instant messaging apps have created a hole in the chief information officer’s (CIO) protection of data. We are encrypting emails, using cloud security tools and two factor authentication but at the same time we are letting our employees use instant messaging apps, and security is all out of the window!”

The firm provides an instant messaging module/platform for any digital transformation project so that any client can own and access their data, knowing their private communications are secure.

In 2022, over $1.8billion in total fines were issued by the SEC. With organisations continuously failing to be compliant, solutions like SayHey Messenger and Salt Communications are more important than ever to ensure business communications are properly monitored.


  • Francis is a journalist and our lead LatAm correspondent, with a BA in Classical Civilization, he has a specialist interest in North and South America.

Related posts

“Fintech Right Now is a Boys Club” – How to Close the Gender Gap in Fintech with Stax

Polly Jean Harrison

Real-Time Payment Markets to Watch For 2022

The Fintech Times

Coinmama Partners with BrandShield to Increase Crypto Investor Safety

Polly Jean Harrison