It makes no mention of evading regulation. This fine is for a failure to retain written communications. Which is impossible to do for some of these communications channels.
Not retaining written comms is evading regulations - "retain written comms" is one, and using Signal/WhatsApp is evading it.
Nobody working in banking is unaware of the written comms rules. Nobody using Signal or WhatsApp in that context is unaware they can't retain written comms. Can you prove intent? Probably not. Is it clear as daylight why this happened? Uh, yes.
And so the SEC hits them where it hurts at least a little bit, in the wallet.
Also, if you pay attention to the banking space... this is pretty much the usual cast of characters. There's absolutely no surprise.
Keep on carrying water for the NSA. We can live in a total surveilace world just by triggering you with "banks are bad."
People use iMessage/Signal/WhatsApp for myriad reasons: some good, some bad. There's no evidence in this case that any of what was said was in furtherance of a crime. The crime they've been fined for is that people--just people--were talking in totally normal communications channels, and their employer has failed to scrape one end of their E2E communications and save it to show to the SEC whenever it asks.
If you are working in banking, you know you are supposed to archive comms. If you then knowingly don't archive, you are deliberately sidestepping existing regulations.
That's a much stronger issue than "if you've got nothing to hide, you don't need secrecy" nonsense that I suppose your NSA comment is supposed to refer to. Nobody is making that argument here.
As for "it's just people talking" - what else do you suppose a "archive all communications" regulation refers to?
And sure there's no evidence. Hence my "can you prove intent" statement. But if it's a regulatory violation that other banks have already been fined for, years ago, and you still sidestep the regulation, there's a strong question why you keep sidestepping it.
If you don't like that, you might not want to work in a space with regulatory oversight.
You support heavy handed and intrusive violation of the privacy of all people who work in the financial sector. You support big brother. Sugar coat it all you want, but you're the one who is cheering on the NSA to de-network encrypted platforms that depend on network effects for our protection
What do you think we should assume about your communications on encrypted channels? This entire thing is yet another federal effort to criminalize encrypted communications, and it even works on the HN crowd. All they have to say is "big banks bad" and people here go from freedom fighters to government pawns.
This has nothing to do with encryption. Banks are free to encrypt their communications. But they need to keep communication logs and make the plain text available to regulators in certain circumstances.
It's end to end encryption, as in, there are ends on each side where it is decrypted, usually for the humans to read. At the ends the records should have been maintained, the regulations aren't incompatible with E2E.
I'll respond to all three of you: yes it is difficult to retain all potentially work-related communications that take place on your employees' personal devices, so the alternative is to retain all communications.
It is absolutely incompatible with E2E encryption to mandate a third party access to one of the Es for surveillance purposes.
"Banks fined millions evading regulation with Signal & WhatsApp"
News headlines have rules they use to make for shorter sentences.
They'd probably write
"Banks fined millions, delete records, use E2E apps"