Email Review Aids in Detecting Compliance and Law Violations
About one week ago, the Board of Governors of the Federal Reserve System issued an order to cease and desist and an order of an assessment of civil money penalty against The Goldman Sachs, Group, Inc. The Goldman Sachs, Group, Inc. is a registered bank holding company which owns and controls Goldman, Sachs & Co. (“Goldman Sachs” or “the Firm”). The Board of Governors of the Federal Reserve System supervises Goldman Sachs.
Goldman Sachs provides regulatory advisory services to supervised financial institutions. The Firm was aware that in those instances in which it provided regulatory advisory services to supervised financial institutions, it was prohibited from using or disclosing the Board of Governors’ confidential supervisory information, absent regulatory approval. The failure to obtain prior approval from the appropriate agency before using or disclosing confidential supervisory information is illegal and constitutes a violation of the Federal Deposit Insurance Act.
The Board of Governors found that Goldman Sachs’ “personnel improperly used confidential supervisory information, including confidential supervisory information relating to institutions other than the Firm, of the Board of Governors and other banking regulators in presentations to its clients and prospective clients in an effort to solicit business for the Firm.” Employees of Goldman Sachs had confidential supervisory information that belongs to the Board of Governors and other banking regulators. The possession of this information by senior managers and other personnel was a violation of the law. An employee of Goldman Sachs was specifically found to have engaged in the criminal theft and subsequent dissemination of confidential supervisory information of the Board of Governors and other banking regulators.
Goldman Sachs terminated the employee who stole the confidential supervisory information as well as his direct supervisor and then reported the matter to the Federal Reserve Bank of New York. Goldman Sachs reached a settlement agreement with the New York Department of Financial Services (“NYDFS”) in connection with the Firm’s unauthorized possession of NYDFS confidential supervisory information.
Of particular importance, the Board of Governors found that Goldman Sachs “lacked adequate policies and procedures designed to detect or prevent the unauthorized dissemination and use of confidential supervisory information” belonging to banking regulators including the Board of Governors. The Board specifically noted that Goldman Sachs failed to monitor email for documents containing confidential supervisory information. As a result of its violation of the Federal Deposit Insurance Act, Goldman Sachs was ordered to pay a civil money penalty of $36,300,000. Further, the Firm was ordered to submit a written plan to the Board of Governors to enhance the effectiveness of compliance functions and internal controls as well as training for “Goldman Sachs personnel regarding the restrictions, controls and legal requirements governing the use of confidential supervisory information.”
The recent order from the Board of Governors which has been the highlight of this discussion underscores the importance of supervisory oversight. It also reveals the potential consequences a firm might face when it fails to provide adequate supervision to personnel including review of email. Click here to read the Board of Governors’ order in its entirety and contact us if you are interested in our email review compliance services.