Morgan Stanley fined for electronic communications failures

Angelika Hellweger of Rahman Ravelli assesses the first UK enforcement action of its kind.

In exercising its enforcement functions, Ofgem (the Office of Gas and Electricity Markets) acts on behalf of the UK’s Gas and Electricity Markets Authority.

Under the Electricity and Gas (Market Integrity and Transparency) (Enforcement etc.) Regulations 2013, Ofgem has the power to monitor, investigate, enforce and sanction under REMIT – Regulation (EU) No 1227/2011 on wholesale energy market integrity and transparency. REMIT is retained under national legislation by effect of the European Union (Withdrawal) Act 2018 and amended by the Electricity and Gas (Market Integrity and Transparency) (Amendment) (EU Exit) Regulations 2019 (SI 2019/534).

Regulation 8 of the Enforcement Regulations sets out the legal requirement on market participants to record and retain records. It requires wholesale energy market participants to take reasonable steps to ensure that any electronic communications about trading wholesale energy products are recorded and retained, and to take reasonable steps to prevent electronic communications taking place which cannot be recorded.

Ofgem has recently imposed a £5.41 million fine on Morgan Stanley & Co. International plc (MSIP) for not recording and retaining electronic communications. It is the first-ever UK fine issued under the transparency rules aimed at protecting consumers from market manipulation and insider trading.

The communications that were not retained and recorded were made between January 2018 and March 2020 by wholesale energy traders on privately-owned phones via WhatsApp. They involved discussions of energy market transactions.

The breach became known as a result of MSIP’s responses to information requests made using the information collection powers that Ofgem has under REMIT. Ofgem found that MSIP had policies in place that forbid the use of WhatsApp for trading communications. But MSIP did not take sufficient reasonable steps to ensure compliance with its own policies and the requirements of the regulations.

MSIP admitted the breaches. It has taken steps such as improved staff training and strengthening of its internal systems and controls to prevent any repeat of the breaches. The fine was discounted by 30% because MSIP agreed to settle the case. The company had cooperated fully with the investigation.

First

It is perhaps quite surprising that it was the energy regulator and not a financial services regulator – such as the Financial Conduct Authority (FCA) – that brought this first UK enforcement action of its kind. But UK regulators have not been very active in pursuing WhatsApp-related penalties. The FCA has questioned banks about WhatsApp use but has not yet made any announcements about fines being imposed.

This is in contrast to the US. A year ago, US regulators reached settlements with a dozen banks after investigations into global financial firms’ failure to monitor employees’ communications on unauthorised messaging apps. The penalties imposed totalled more than $2 billion. Just last month, Wall Street firms using private messaging apps to communicate with 11 brokerage firms and investment advisers agreed to pay $549 million in fines.

Regardless of the severity or otherwise of the approaches taken to this issue by regulators, regulated firms are advised to take steps to ensure that employees are not misusing private messaging services to conduct business. These steps should include compliance policies to police off-channel communications by employees. Specific guidance should also be issued (and attention needs to be paid) in relation to record-keeping.