The US Commodity Futures Trading Commission (CFTC) has fined three Citi affiliates $4.5 million for failing to diligently supervise their audio preservation system, which led to the deletion of almost 2.8 million audio recordings, some of which were subject to a CFTC subpoena.
In an Order filing and settling the charges, CFTC says in spite of a known design flaw, which was flagged by a staff member in 2014 and described as a “ticking time bomb”, Citi failed to take timely and appropriate steps to fix the problem in its audio preservation system, leading to the systematic deletion of files after two years.
in December 2017, CFTC Division of Enforcement staff sent a subpoena to Citi in connection with an ongoing investigation for, among other things, audio recordings of certain Citi traders on a particular day. On February 9, 2018, Citi communicated to Division staff that a hold notice had been issued to its staff and confirmed that responsive audio recordings would be preserved. Relying on this information, Division staff agreed to Citi’s request that it be permitted to prioritise production of electronic communications and defer production of the requested audio recordings until a later date. On October 30, 2018, Division staff requested that Citi produce the responsive audio recordings.
On December 3, 2018, Citi notified Division staff that it had deleted the responsive recordings roughly three weeks earlier due to the design flaw in its audio preservation system. As a result, the system deleted more than 2.77 million audio files for 982 users, including recordings that were responsive to the December 2017 subpoena and which Citi had assured Division staff were being preserved.
As well as failing to address the system’s design flaw, CFTC says Citi further did not maintain adequate internal controls with respect to its preservation of audio. The Order notes that Citi also failed to employ staff with adequate technical knowledge in its Global Voice Operations (GVO) unit, nor did it have adequate procedures in place to document, understand, and test changes to the system.
The Order also notes that two key GVO employees, including the staff member who highlighted the design flaw the previous year, left the bank in October 2015, adding, “[These two] were the only employees who understood the risk of automatic deletion” under the prevailing structure. It further notes that three other employees left the GVO unit in the next eight months, leading to pressure on the remaining team who, according to an employee memo to management, did not have the resources to deal with all the issues in the department in a timely manner. The same employee also told management that the GVO team had “not had the time to train properly” for some of the issues they were facing, the Order states.
“Registrants have obligations to diligently supervise all aspects of their business related to their duties, including all systems used to comply with CFTC recordkeeping requirements, document requests, and subpoenas,” says CFTC Division of Enforcement director James McDonald. “These regulations exist to promote the integrity of the marketplace. When registrants fail to meet their supervision obligations, they will be penalised.”