Last week, the Financial Post reported that Scotiabank was fined $22.5 million dollars by U.S. regulators as a result of staffers using unapproved, “off channel” communication platforms like whatsapp and text messages.
The Globe and Mail similarly reported the fines were levied after Scotiabank workers avoided corporate sanctioned communication systems and instead used personal devices, apps and accounts for work purposes.
The fines largely focus on the personal device use of brokers, swap dealers and financial advisors at the bank’s subsidiary Scotia Capital.
The Commodity Futures Trading Commission (CTFC) and the Securities Exchange Commission (SEC) issued the hefty fines in response to the bank’s failure to adhere to supervisory and record keeping protocols. The agencies said Scotiabank is required to keep records of these communications but failed to preserve them, violating federal securities laws.
This report raises several interesting employment issues:
First, many financial advisors who work with the big Canadian banks have contracts that straddle two worlds. Often they are brought on as “contractors” but in many ways are treated as employees. Frequently, financial advisors manage their own staff and expenses.
There has been much litigation over whether or not financial advisors are independent contractors or employees at the banks. Working with financial professionals for over a decade, I have seen firsthand that advisors are often incentivized by banks to work autonomously to drive growth but often have complicated contractual arrangements that can deprive advisors from employee status.
It’s no surprise then that advisors routinely have used their personal devices to transact business.
Secondly, the large fines hint at the underbelly of remote work. The flexibility remote work provides to employees certainly poses security risks for sensitive financial data. The fact is, it’s harder to manage how information is communicated and transmitted when bank employees transact seamlessly over corporate and personal devices.
Third, with the advent of ChatGPT and other AI technology, the use of third-party software to facilitate work tasks is on a steep rise. I have heard anecdotally that many employees in various industries have tested it out to help with work tasks like writing reports, press releases and even emails.
While I am dubious of ChatGPT’s ability to disrupt employment law, there is no question that it’s power knows no bounds in workplaces everywhere. If regulators are looking to crackdown on employees’ use of non-sanctioned software, the first place to look is AI. Employees are naively feeding these platforms confidential information and company trade secrets in the hopes of wowing their superiors with streamlined reports in a fraction of the time.
Scotiabank’s regulator fines signals what could be the next wave in employment law: employee data enforcement.
With the uptick of employee flexibility, most employers will naturally amp up data security guidelines. In a remote world, privacy and data security are major commodities; the power of which should never be underestimated.
Have a workplace issue? Maybe I can help! Email me at sunira@worklylaw.com and your question may be featured in a future column.
The content of this article is general information only and is not legal advice.