Baptiste Morin with AFP // Photo credit: PHILIPPE HUGUEN / AFP
French banks BNP Paribas and Société Générale will each pay a total of $110 million under settlements with US regulators for breaches in the use and retention of data related to electronic communications. The US Financial Products Regulatory Authority (CFTC) announced in a statement on Tuesday that the two French banks would pay out $75 million.
The American bank Wells Fargo and the Canadian Bank of Montreal have also signed an agreement with the CFTC, relating respectively to 75 million and 35 million. “This is another victory to hold banks accountable for their invasive and unauthorized communication methods, such as private text messages and in some cases the use of Whatsapp, breaking the law and contravening regulatory oversight requirements,” commented CFTC board member Christy Goldsmith Romero in a separate statement.
Eleven other financial institutions concerned
According to her, the four establishments have recognized failures, will pay “historically high penalties” and will modify their internal practices to avoid “unauthorized illegal communications”. In a separate press release, the American market regulator (SEC) also announced on Tuesday sanctions for a total amount of 289 million dollars against eleven financial institutions, which admitted failures in the conservation of electronic communications (imessage, Whatsapp and Signal in particular) of their employees since at least 2019.
As part of this agreement with the SEC, Wells Fargo will pay the highest penalty (125 million), ahead of BNP Paribas and Société Générale (35 million each), then Bank of Montreal and Mizuho (25 million each). The market watchdog said he had ordered a total of $1.5 billion in fines in thirty legal actions on these grounds.
BNP Paribas has confirmed with AFP that it has reached an agreement with the SEC and the CFTC for a total amount of 110 million dollars, which has already been provisioned in the accounts published for the second quarter. Société Générale was not immediately available.
“Participation of superiors”
The CFTC, explained Christy Goldsmith Romero, was investigating suspicious behavior in particular, but the archiving of certain communications being fragmented, an in-depth investigation was carried out and revealed that hundreds, sometimes thousands of employees “used (often regularly) from unauthorized communication platforms, with the knowledge and involvement of their superiors”.
Since December 2021, this regulator has imposed $1.09 billion in civil penalties against 18 institutions for unauthorized methods of communication and violations of data retention and oversight regulations.