appleinsider logo
Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Encrypted iMessage chats lead to record-breaking SEC fines for Wells Fargo, Wall Street

Securities and Exchange Commission

Several banks and Wall Street firms have just been fined millions of dollars for hiding messages in a variety of different messaging apps, including Apple's own iMessage.

Apple, along with other messaging companies, find themselves in the mix of a series of new SEC fines, albeit not legally, thanks to features like end-to-end encryption. This properly secures messages on platforms like iMessage, WhatsApp, and Signal, but it also means conversations can become inaccessible.

Both the SEC and the Commodity Futures Trading Commission (CFTC) both levied major fines against several institutions, several of which fall under the Wells Fargo umbrella, as reported by The Verge. As such, it's Wells Fargo that will pay out most of the combined $549 million in fines after the companies confirmed they were not able to surface conversations regarding official company business that were made on personal devices using encrypted messaging services.

Employees at these firms and institutes, including "those at senior levels," used standard messaging apps like Apple's Messages, WhatsApp, Signal, and others to discuss company business dating back as far as 2019. These all offer end-to-end encryption, which means data is inaccessible once deleted, and Apple or the other app makers can't recover conversations.

Those conversations were apparently not "maintained or preserved," and therefore violate the 1934 Securities Exchange Act's record-keeping rules as well as the Investment Advisers Act of 1940, according to the SEC. The CFTC has its own set of record-keeping requirements, which the companies also violated.

Wells Fargo companies share the brunt of the fines, paying out $125 million to the SEC and another $75 million to the CFTC. SEC enforcement director Gurbir S. Grewal said, "Here are three takeaways for those firms who haven't yet done so: self-report, cooperate and remediate. If you adopt that playbook, you'll have a better outcome than if you wait for us to come calling."

Here's how it all breaks down, per agency:

SEC penalties

  • Wells Fargo Securities, LLC; Wells Fargo Clearing Services, LLC; Wells Fargo Advisors Financial Network, LLC: Agree to pay $125 million
  • BNP Paribas Securities Corp.; SG Americas Securities, LLC: Agree to pay $35 million
  • BMO Capital Markets Corp.; Mizuoho Securities USA, LLC: Agree to pay $25 million
  • Houlihan Lokey Capital, Inc.: Agrees to pay $15 million
  • Moelis & Company, LLC; Wedbush Securities Inc.: Agree to pay $10 million
  • SMBC Nikko Securities America, Inc.: Agrees to pay $9 million

CFTC penalties

  • BNP Paribas S.A. and BNP Paribas Securities Corp.: Agree to pay $75 million
  • Societe Generale SA and SG Americas Securities, LLC: Agree to pay $75 million
  • Wells Fargo Bank NA and Wells Fargo Securities, LLC: Agree to pay $75 million
  • Bank of Montreal: Agrees to pay $35 million

User and device security are major feature pillars for Apple, and it has pushed for end-to-end encryption support for years, and not just in iMessage. Governments all across the globe have tried to argue that these apps are a criminal's dreamland. The company has gone as far as to say it will shut down services like iMessage in the United Kingdom if the government passes a bill to limit end-to-end encryption.