In October 2023, the SEC's Director of Enforcement Gurbir Grewal addressed the New York City Association. See the transcript posted here. In remarks which emphasized the need for businesses to be proactive in complying with financial regulations, the Director stressed the need to preserve electronic data. In the past two years
the SEC has fined more than 40 companies over a $1.5 billion for failing to preserve electronic communications. Most of the noncompliance was a result of employees failing to follow data preservation policies. A key problem was that communications were being conducted outside of official channels.
In December 2021, J.P. Morgan Securities had to pay a $125 million penalty because its employees were communicating about business using text messages, personal email, and WhatsApp, and no steps were taken to preserve the data. The violation was particularly egregious because the individuals responsible for implementing J.P. Morgan’s policies communicated outside of official channels themselves. In this press release, Gerwal warned businesses to, “scrutinize their document preservation processes and self-report failures”. Businesses that find their data preservation processes fall short of the requirements of securities laws are encouraged to report the problem by emailing BDRecordsPreservation@sec.gov.
Gerwal pointed out that the ability of a company to provide the SEC with summaries of financial analyses, locate key documents, and make data custodians available for interviews may lead to a mitigation of the amount of penalties that they are ordered to pay.
Thanks to Amy Sellars of CBRE for pointing out Gerwal’s remarks at yesterday’s ACEDS webinar on the 2023 Legal Industry Collaboration Data Survey.