Why Credit Rating Firms are Paying Millions in Fines

The feds are making an example of companies that don’t keep records of electronic communications. Even the numbers-crunchers aren’t immune to making sloppy — and costly — mistakes.

The Securities & Exchange Commission (SEC) doled out $49 million in fines to some of the largest credit rating agencies that investors rely on for accurate info. The companies dinged for civil penalties are:

• Moody’s Investors Service — $20 million
• S&P Global Ratings — $20M
• Fitch Ratings — $8M, and
• A.M. Best Rating Services — $1M.

Each of the firms was charged with violating section 17(a)(1), rule 17g-2(b)(7) of the 1934 Securities Exchange Act. The companies must retain compliance consultants to conduct comprehensive reviews of their policies and procedures for retention of electronic communications on their employees’ cell phones and other personal devices.

Credit Rating Company Dragnet a Lesson to Others

If this sounds like a story you just read, it’s not your imagination. The SEC is clamping down on firms and employees that conduct business “off-channel” typically through text apps on their personal phones.

Finance and accounting professionals at brokers/dealers may need routine reminders that communication on trades, contracts and the like should be done via company email or another firm-approved communication channel. The SEC rule is clear-cut — all electronic communications must be maintained and preserved. Failure to provide a chain of messages in and out on any account can result in regulators issuing fines.

SEC rule 17a-4 specifically says a firm’s electronic recordkeeping system must “have the capacity to readily download and transfer copies of a record and its audit trail (if applicable) in a human readable format and in a reasonable usable electronic format.” Any company that can’t provide a record upon request from a regulator is considered in violation.

Law firm Latham & Watkins warns that it’s not just the SEC focusing on electronic communication gaffes. So are the Commodity Futures Trading Commission and the Financial Industry Regulatory Authority. The agencies are frequently (though not exclusively) checking up on three areas for which companies should be keeping records of:

• recommendations made or proposed to be made, and any advice given or proposed to be given
• any receipt, disbursement or delivery of funds or securities, or
• the placing or execution of orders to purchase or sell any security.