SEC and CFTC Continue Crackdown on Financial Firms Over Off-Channel Communications

Key Takeaways


The SEC and CFTC settlements with HSBC and Scotia Capital come after years of federal regulators’ and prosecutors’ steadily increasing scrutiny of off-channel communications. Anchoring these settlements are long-standing books and records requirements of the SEC and the CFTC regulating the maintenance and preservation of documents. Specifically, Section 17(a)(1) of the Securities Exchange Act of 1934 (the Exchange Act) authorizes the SEC to issue rules requiring broker-dealers to maintain and preserve records as necessary or appropriate in the public interest. The SEC adopted Rule 17a-4 pursuant to this authority, which, among other things, requires that broker-dealers preserve all communications received and all communications sent relating to the firm’s business.[1] Similarly, the Commodity Exchange Act (the CEA) requires registrants to “keep books and records of all activities related to its business as a swap dealer.”[2] Registrants are also required to “keep full, complete, and systemic records” of all swap activities, including “[r]ecords of each transaction.”[3]


[1] Exchange Act Rule 17a-4(b)(4), 17 C.F.R. § 240.17a-4(b)(4).

[2] CEA Section 4s(f)(1)(C), 7 U.S.C. 6s(f)(1)(C).

[3] Regulation 23.201(a).

Google Sanctioned for Failure to Preserve Internal Chat Messages

People communication network

In re Google Play Store Antitrust Litig., — F. Supp. 3d —-, 2023 WL 2673109, No. 21-MD-02981 (JD) (N.D. Cal. Mar. 28, 2023)

Practical Insight

This decision illustrates three trends in e-discovery: (1) employees are increasingly using chat platforms and other means of instant messaging to engage in substantive conversations about work; (2) courts are increasingly penalizing litigants for not actively supervising compliance with litigation holds; and (3) the failure to address more challenging sources of potentially relevant information at the initial preservation stage — such as with text and instant messages — comes with increasing risk to litigants in terms of reputational harm and significant discovery-related sanctions.

Continue Reading

Client and Counsel Sanctioned More Than $2.5 million for ‘Amateur Hour’ Discovery Ineptitude

Network Security,Security,Security System,Technology,Internet,Safety,BIG Data,Encryption,Digitally Generated Image,Protection,Privacy, Blockchain, Computer,Connection,Lock,Coding,Network Security,Technology,Security,Security System,

Practical Insight

This case is a cautionary tale for the attorney who may know to say all of the right things when it comes to modern discovery practice but, in fact, lacks the expertise and competence to oversee a defensible discovery effort. This counsel instead subjected the court to a self-described “inner circle of judicial hell” in dealing with discovery ineptitude. As complex discovery has become a specialized field, courts have also grown more sophisticated in their understanding of the hallmarks of competent e-discovery counsel versus those who are merely winging it. Discovery practitioners should have a thorough understanding of their clients’ information systems in order to properly defend or prosecute their cases; otherwise they risk severe consequences.

Continue Reading

DOJ Corporate Criminal Enforcement Updates Shine a Spotlight on Texts and Instant Messaging Applications as Potential Evidence

Teens in circle holding smart mobile phones - Multicultural young people using cellphones outside - Teenagers addicted to new technology concept

In September 2022, the U.S. Department of Justice (DOJ) issued a memo announcing revisions to the DOJ’s corporate criminal enforcement policies and practices. The memo made clear that the DOJ expects “all corporations with robust compliance programs [to] have effective policies governing the use of personal devices and third-party messaging platforms for corporate communications . . . provide clear training to employees about such policies and . . . enforce such policies when violations are identified.” This policy effectively applies to every business that could conceivably face DOJ inquiry and evidences the DOJ’s growing frustration with its inability to obtain relevant texts and instant messages from target subjects, especially when these communications are occurring outside employer-provided communication platforms.

Read full alert.

The Supreme Court Dodges—for Now—the Circuit Split on the ‘Dual Purpose’ Test for Privilege

In re Grand Jury, 23 F.4th 1088 (9th Cir. 2022), appeal dismissed as improvidently granted, In re Grand Jury, 598 U.S. ____ (2023) (No. 21-1397).

Summary of the Case: The Supreme Court, which had initially agreed to consider a circuit split on a privilege issue that commonly arises in discovery, reversed course and dismissed the writ of certiorari as “improvidently granted”—meaning the Supreme Court will not resolve the circuit split this term. The appeal arose from a recent Ninth Circuit decision ordering a law firm to produce documents that reflected “dual purpose” legal and business advice. The firm had provided legal advice about certain tax avoidance measures to a client and also prepared the client’s tax filings. Later served with a grand jury subpoena in connection with a criminal investigation of this client, the firm withheld some communications containing both legal and business tax advice. 

Continue Reading

Key COVID-19 Considerations for U.S. Discovery and Information Governance

Many businesses have remote work and bring-your-own-device policies that cover access to company systems and information from personal devices. These policies may also state expectations or requirements for the management and security of company information. But these policies likely do not account for the rapid transition to virtual offices and remote work hastened by the COVID-19 pandemic. Among other challenges:

  • Segments of the workforce may be teleworking for the first time.
  • Those engaged in remote work may not be aware of or understand applicable policies and practices, and advance training may be (or might have been) impractical.
  • The rapid move to remote work may rely on a greater variety of devices, including home devices, that might not otherwise be favored. And in many cases, employee-owned, or even company-issued, devices may be shared with multiple users in the home (for example, students taking classes online).
  • Furloughs and workforce reductions in times of quarantine may complicate onboarding and off-boarding where legal holds are in place or are triggered during the pandemic.

Continue Reading

COVID-19 and U.S. Statutes of Limitation

At the federal and state levels, there have been calls to suspend statutes of limitations during the COVID-19 outbreak. A number of states have already acted, but state approaches vary and are open to future changes as the challenges of the pandemic play out at the national, state and local levels. This uncertainty affects businesses considering when they must file actions and those assessing whether a risk of anticipated litigation has been extinguished. It also affects companies facing potential civil or criminal enforcement actions including, for example, those for whom the clock is running on antitrust merger reviews.

Although the global response to COVID-19 is unprecedented, suspensions of limitations periods in times of great business interruptions are not. Legislation was issued to toll limitations periods, for example, during the Civil War and the subsequent world wars. In more recent times, limitations periods have been extended to account for the aftermaths of hurricanes and Sept. 11, 2001. Continue Reading

Adapting E-Discovery Workflows to a Remote Work Environment

As courts and litigants adapt to the new normal by instituting social distancing measures through remote hearings and depositions, how we preserve, collect and produce documents should not be an afterthought. While the practice of e-discovery may already be well suited to remote work given the advanced evolution of technologies available to address challenges, below are five key areas to address in the current COVID-19 environment.

1. Litigation Holds: How Are Your Custodians Communicating and Saving Documents?

Now may be a good time to check in to determine whether any additional guidance should be given to custodians and system owners, given the fact that the majority of Americans are now working from home due to COVID-19 social distancing measures. Do your current Bring Your Own Device and Employee Document policies address the different ways your employees may be communicating and saving work? They may be using platforms, such as text messaging or instant messaging services, that are not employer-provided as a matter of practicality and convenience, or saving data locally to their personal devices. Have legal hold recipients been reminded of where they should or should not be saving data? A written reminder may help protect the employer and save the cost and time required to conduct a messy collection from personal devices or platforms. Out of an abundance of caution, legal holds may need to be supplemented to include personal devices.

2. Custodial Interviews: Then v. Now

Custodial interviews can be easily conducted over the phone or by videoconference. Factor into your questions the custodian’s work-from-home environment and how that may have changed their relevant practices. Best practices still weigh against custodial self-collections; use technology to collect and narrow data for review.

3. Remote Collections: Some Challenges Remain

Technology affords us the ability to remotely access an enormous array of electronic data on servers, in cloud environments and even on personal devices without leaving the comfort of our homes. However, there are still some sources that may require physical, on-site collection (think back to the olden days of paper files). If you have media or papers that cannot be physically accessed at this time, identify them as soon as possible and consider negotiating phased discovery with your adversaries and/or the court. Make sure that those sources are adequately preserved in the meanwhile. Postpone that discovery until such a time it is safe and permissible to collect the potentially relevant data. Diligence, transparency and cooperation performed now may avert a crisis down the road.

4. Off-Site Review: Find Alternative Means of Feedback and Supervision

Vendors who are hired to collect/review discoverable materials will likely have to do this job remotely given travel bans and social distancing measures, which may last well into the future. Most vendors and review platforms are well equipped for remote work, but valuable real-time feedback from project managers given to groups of reviewers all located in a designated review center may be lost as the team learns the case, particularized privilege issues and relevant universe. Utilize calls and videoconferencing to compensate for any potential loss of communication as reviewers work individually at home. Make sure that reviewers sign remote work policies that factor in security. Some vendors offer unique security add-ons—be sure to ask your vendors about their remote review offering.

5. Data Confidentiality and Security: Protect Your Client’s Information

With attorneys, vendors and reviewers now working remotely, don’t neglect ensuring that all the ways in which you are communicating, sending, reviewing and producing discovery are secure and adequately protect your potentially privileged and confidential information from accidental or malicious loss or disclosure. It has been widely reported that data security risks have increased in the age of COVID-19. Consult competent counsel to vet vendor contracts for appropriate security and liability provisions and protect your data.

The CLOUD Act and the Warrant Canaries That (Sometimes) Live There

The Clarifying Lawful Overseas Use of Data Act (Pub. L. No. 115-141 (2018), or the CLOUD Act, was enacted in the U.S. on March 23, 2018, in response to difficulties U.S. law enforcement agencies (LEAs) had when attempting to gain access to data held by cloud service providers through Stored Communication Act (SCA) warrants, as the SCA did not contemplate cloud computing when it was enacted into law; likewise, LEAs were also forced to utilize U.S. Senate-approved mutual legal-assistance treaties (T.I.A.S. No. 10-201 or MLATs) or letters rogatory to access data stored overseas.

The CLOUD Act was occasioned by the U.S. v. Microsoft litigation, in which Microsoft had argued that it was not required to provide access to its users’ private data stored on Dublin servers. Microsoft lost the case in 2014, but won an appeal in 2016. The U.S. Supreme Court heard argument on the case in February 2018. Demonstrating the CLOUD Act’s importance for LEA, in late March 2018 (immediately following the CLOUD Act’s passage), the U.S. Department of Justice (DOJ) asked the U.S. Supreme Court to drop the pending Microsoft litigation as moot, as the DOJ could (and did) alternatively use the CLOUD Act to issue a new warrant for the data held by Microsoft in Dublin. Continue Reading

E-discovery, the Cloud and Blockchain – How New Practices May Require a ‘Back to School’ Approach

The practice of e-discovery has always incorporated considerations of new and emerging technologies as well as related attorney competence. With the advent of cloud services and significant use by clients, e-discovery practitioners incorporated knowledge of those new platforms and offerings into their preservation strategies and requests for production, appropriately considering a variety of client and party uses of the cloud, especially for heavily used services such as email, customer relationship manager (CRM) platforms, and document storage and sharing. This focus on the cloud came to a head in the 2014 Brown v. Tellermate Holdings litigation, which examined the defendant’s use of a cloud provider and raised the following considerations for practitioners:

Continue Reading