The brokerage arm of the largest bank in the United States has been fined $4 millionby the U.S. Securities and Exchange Commission (SEC) for mistakenly deleting 47 million emails from around 8,700 mailboxes, including those of up to 7,500 employees who regularly interacted with customers.
In June 2019, the bank's employees attempted to delete old emails and documents that were no longer required to be retained, but they accidentally erased communications from the first quarter of 2018.
Deleting these emails violated SEC rules, which require broker-dealers to preserve original copies of all business-related communications for at least three years. It also hindered the bank's cooperation with at least 12 civil regulatory investigations, as the subpoenaed documents were no longer available.
The bank's compliance department inadvertently deleted the emails when it sought help from its external email storage and archiving vendor. The department wanted to remove certain communications from the 1970s and 1980s that were no longer required. However, the vendor failed to correctly apply the three-year retention setting to emails from early 2018 in a specific domain, permanently deleting all emails within that domain from that period, excluding those under legal holds.
This follows the bank's $125 million fine in 2021 for failures to preserve text messages and other electronic communications.
Turn Supervision into Super Vision.SteelEye is the first and only fully integrated trade and communications surveillance solution. We empower financial firms with the data-driven tools and complete insights they need to focus on what matters, all from a single platform.
State-of-the-art algorithms and intelligent alerts proactively detect market manipulation and compliance breaches, while our holistic data model – which combines communications, trades, orders, news, and market data – provides intelligent insights and deep analytics. Founded in 2017, SteelEye has offices in the UK, North America, Portugal, and India.