On September 27, 2022, 11 banks reached a $1.8 billion settlement with the SEC and CFTC after admitting that the banks failed to properly maintain electronic communications as required by applicable agency rules. The recent fines follow a $200 million settlement that the SEC and CFTC reached with a another major bank in December 2021 for similar conduct. But that may not be the end of the matter.

The potential secondary consequences arising from the regulatory settlements may spill over into ongoing (and future) private litigation as plaintiffs point to the banks' compliance failures as evidence of potential spoliation. On October 6, a plaintiff in a years-long litigation in the SDNY wrote to the court raising questions about whether employee text and WhatsApp messages it claimed should have been provided during discovery were in fact deleted -- or spoliated -- as similarly described by the SEC and CFTC in their settlements. Additionally, as the settlement agreements highlighted, bank employees routinely used personal messaging apps and email to discuss work-related issues. Those personal accounts were not searched for during discovery in the SDNY action as the defendant claimed employees were not permitted to use such accounts for work purposes. The defendant bank denied the allegations and the court has yet to issue a decision.

The SEC's and CFTC's stepped up enforcement efforts concerning the use of personal devices and accounts at banks and other financial institutions have the potential to spill over into private litigations and arbitrations when compliance failures implicate a party's preservation obligations. It seems likely that other plaintiffs may consider the recent settlement as an avenue to re-open discovery or serve requests targeted to exposing compliance weaknesses. Likewise, banks, investment advisers, broker-dealers, and other financial professionals should expect parties to raise the issue of their preservation policies and whether those policies sufficiently restrict the use of an employee's personal devices when it comes to gathering information during discovery. In addition to the $1.8 billion fine, regulators may have provided a roadmap for private litigants to make discovery even more of a headache than it otherwise generally can be.