Microsoft Word - BofA Order 9-20-2022 clean

UNITED STATES OF AMERICA

Before the

COMMODITY FUTURES TRADING COMMISSION

In the Matter of:

Bank of America, N.A., BofA

Securities, Inc., and Merrill Lynch,

Pierce, Fenner & Smith

Incorporated,

Respondents.

)

CFTC Docket No. 22-38

ORDER INSTITUTING PROCEEDINGS PURSUANT TO

SECTION 6(c) AND (d) OF THE COMMODITY EXCHANGE ACT, MAKING

FINDINGS, AND IMPOSING REMEDIAL SANCTIONS

I. INTRODUCTION

The Commodity Futures Trading Commission (“Commission”) has reason to believe that

from at least 2015 to the present (“Relevant Period”), Bank of America, N.A., BofA Securities,

Inc., and Merrill Lynch, Pierce, Fenner & Smith Incorporated (collectively, “BofA” or

“Respondents”) violated, as set forth below, Sections 4g, 4s(f)(1)(C), 4s(g)(1) and (3), and

4s(h)(1)(B) of the Commodity Exchange Act (“Act”), 7 U.S.C. §§ 6g, 6s(f)(1)(C), 6s(g)(1), (3),

6s(h)(1)(B), and Commission Regulations (“Regulations”) 1.31, 1.35, 23.201(a), 23.202(a)(1)

and (b)(1), 23.602(a), and 166.3, 17 C.F.R. §§ 1.31, 1.35, 23.201(a), 23.202(a)(1), (b)(1),

23.602(a), 166.3 (2021). Therefore, the Commission deems it appropriate and in the public

interest that public administrative proceedings be, and hereby are, instituted to determine

whether Respondents engaged in the violations set forth herein and to determine whether any

order should be issued imposing remedial sanctions.

In anticipation of the institution of an administrative proceeding, Respondents have

submitted an Offer of Settlement (“Offer”), which the Commission has determined to accept.

Respondents admit the facts set forth in Section II below, except for the facts set forth in

Sections II.A.2 and II.C.2, which facts they neither admit nor deny, acknowledge that their

conduct violated the Act and Regulations and consent to the entry of this Order Instituting

Proceedings Pursuant to Section 6(c) and (d) of the Commodity Exchange Act, Making Findings,

and Imposing Remedial Sanctions (“Order”), and acknowledge service of this Order.

Respondents agree that the findings of fact and conclusions of law in this Order shall be taken as true and correct

and be given preclusive effect without further proof in this proceeding and any other proceeding brought by the

RECEIVED CFTC

Office of Proceedings

Proceedings Clerk

12:25 pm, Sep 27, 2022

II. FINDINGS

The Commission finds the following:

A. SUMMARY

1. BofA Employee Use of Unapproved Communication Methods

The Act and Regulations impose recordkeeping and supervision requirements on

Commission registrants to ensure that they responsibly discharge their crucial role in our

markets. Compliance with these requirements is essential to the Commission’s efforts to

promote the integrity, resilience, and vibrancy of the U.S. derivatives markets through sound

regulation.

In or about May 2021, Commission staff brought to BofA’s attention the potential use of

unapproved communication methods by at least one BofA trader, and head (“Desk Head”) of one

of BofA’s trading desks (“Desk”). Notwithstanding Commission staff flagging this issue, traders

on the Desk continued to use unapproved messaging methods to conduct firm business for

several months. In October 2021, Commission staff again flagged to BofA that it had serious

concerns regarding the use of unapproved methods by BofA employees.

Thereafter, BofA voluntarily undertook an investigation that included a review of the

potential use of unapproved communication methods by members of the Desk. In addition,

BofA completed a separate but related review of the potential use of unapproved communication

methods by other BofA employees. BofA also disclosed to Commission staff that in 2018, it had

undertaken a review of potential employee use of unapproved communication methods. These

reviews by BofA demonstrated that there was widespread and longstanding use of unapproved

methods to engage in business-related communications by BofA employees. BofA also

identified a communication that took place on an unapproved communication method that should

have been but was not promptly produced in response to a subpoena issued by Commission staff.

2. BofA Employee’s Deletion of Business-Related Communications and

Request that Third-Party Brokers Delete Business-Related

Communications

The Commission’s investigation also revealed that the Desk had a longstanding practice

of using unapproved methods to communicate about business on their personal devices,

including at the direction of the Desk Head. The Desk Head routinely directed traders on the

Desk to delete messages with business contacts from their personal devices, and traders on the

Desk had a practice of deleting messages, including business-related messages, from their

personal devices. In March 2021, at a point in time when BofA was aware that Commission

staff were investigating certain trading on the Desk, the Desk Head instructed three of his

subordinates to delete messages from their personal devices and to communicate via the

Commission or to which the Commission is a party or claimant, including but not limited to, a proceeding in

bankruptcy or receivership. Respondents do not consent to the use of the Offer or this Order, or the findings or

conclusions in this Order, by any other party in any other proceeding.

unapproved messaging application Signal when off the Desk, and to have such communications

set to auto-delete. The Desk Head made similar requests to two third-party brokers. The Desk

used their personal devices for business communications even though the traders had been issued

company-owned devices that would have allowed them to exchange text messages consistent

with BofA’s policies and in a manner BofA could monitor. Despite BofA being alerted in May

2021 by the Commission staff of his use of off-channel communications, the Desk Head

continued to supervise the desk until he resigned in 2022.

3. BofA Violated Commission Recordkeeping and Supervision

Requirements

Overall, during the Relevant Period, BofA employees, including at senior levels,

communicated both internally and externally using unapproved methods, including via personal

text messages, WhatsApp, and Signal. These written communications were sent and received by

BofA employees and included messages related to BofA’s businesses as Commission registrants

that were required to be maintained under Commission-mandated recordkeeping requirements.

These written communications were generally not maintained and preserved by BofA, and BofA

generally would not have been able to furnish the communications promptly to a Commission

representative if and when requested. As a result, BofA violated, as set forth below, Sections 4g,

4s(f)(1)(C), and 4s(g)(1) and (3) of the Act, 7 U.S.C. §§ 6g, 6s(f)(1)(C), 6s(g)(1), (3), and

Regulations 1.31, 1.35, 23.201(a), and 23.202(a)(1) and (b)(1), 17 C.F.R. §§ 1.31, 1.35,

23.201(a), 23.202(a)(1), (b)(1) (2021).

In addition, the widespread use of unauthorized communication methods by BofA’s

employees to conduct BofA business violated BofA’s own policies and procedures, which

prohibited such communications. BofA did not maintain adequate internal controls with respect

to business-related communications on unapproved communication methods. Indeed, some of

the very same supervisory personnel at BofA responsible for ensuring compliance with BofA’s

policies and procedures themselves utilized unapproved methods of communication to engage in

business-related communications, in violation of company policy. Because BofA failed to

implement a diligent supervisory system to ensure compliance with Commission recordkeeping

requirements and the BofA’s own policies and procedures, and because the widespread use of

unauthorized communication methods resulted in BofA’s failure to maintain Commission-

required records, BofA failed to diligently supervise matters related to its business as a

Commission registrant in violation of Section 4s(h)(1)(B) of the Act, 7 U.S.C. § 6s(h)(1)(B), and

Regulations 166.3 and 23.602(a), 17 C.F.R. §§ 166.3, 23.602(a) (2021), as set forth below.

B. RESPONDENTS

Bank of America, N.A. is a national banking association with its main office in Charlotte,

North Carolina. Bank of America, N.A. is provisionally registered with the Commission as a

swap dealer.

BofA Securities, Inc. is a company with its principal place of business in New York, New

York. BofA Securities, Inc. is registered with the Commission as a Futures Commission

Merchant (“FCM”).

Merrill Lynch, Pierce, Fenner & Smith Incorporated is a company with its principal place

of business in New York, New York. Merrill Lynch, Pierce, Fenner & Smith Incorporated was

registered with the Commission as an FCM until May 14, 2019 and is currently registered with

the Commission as an introducing broker.

C. FACTS

1. BofA’s Supervision and Record-Keeping Failures

During the course of a Commission investigation into certain of BofA’s trading,

Commission staff learned, based on information provided by a third party, of BofA employee use

of non-company approved communication methods, like WhatsApp, on personal devices.

In May 2021, Commission staff first alerted BofA that Commission staff were aware of

potential employee use of unapproved communications methods, and that Commission staff

intended to interview a BofA supervisor regarding unapproved channel communications on the

Desk. In October 2021, Commission staff again flagged to BofA that it had serious concerns

regarding the use of unapproved methods by BofA employees on the Desk.

Thereafter, BofA conducted a review of certain of its employees’ use of unapproved

communication methods, including the use of unapproved communication methods on the Desk.

Around the same time, BofA conducted a separate but related review of the use of unapproved

communication methods by its employees. In addition, BofA disclosed that it had conducted a

review of similar issues in 2018 as to eleven employees. These reviews by BofA demonstrated

the widespread and longstanding use of unapproved communication methods by BofA

employees—including senior-level employees—to engage in firm business, including relating to

trading in CFTC regulated derivatives markets.

Overall, the reviews revealed that numerous traders and desk heads, participated in

extensive internal and external discussions using unapproved communication methods. For

example, BofA’s 2018 review identified that one managing director, who is a co-head of global

rates trading, had hundreds of messages using unapproved methods. Further, out of an analysis

of the personal devices of thirty BofA employees, including three associated persons of BofA’s

Futures Commission Merchant business, the vast majority had violated BofA’s communications

policies and procedures by using personal text message and other unapproved methods to

communicate with coworkers and other market participants. Moreover, the reviews conducted

by BofA revealed that dozens more BofA employees (including numerous supervisors and

managing directors) conducted firm business via unapproved methods. The communications

included messages among BofA personnel, as well as with brokers and other market participants.

Certain of these communications constituted records that were required to be kept pursuant to

Commission recordkeeping requirements, and these communications were generally not

preserved and maintained by BofA.

BofA also identified that in at least one instance, an unapproved-channel communication

between BofA employees that was responsive to an earlier subpoena issued to BofA by

Commission staff, but was not promptly produced in response to the subpoena because BofA did

not collect or review its traders’ off-channel messages. BofA had not previously collected this

message or produced it to the Commission because the message was sent or received through an

unapproved communication method on an employee’s personal device. Further, because

business-related communications that occurred through an unapproved communication method

on certain employees’ personal devices were routinely deleted, BofA could not confirm that it

had completely responded to all prior Commission subpoenas.

Importantly, during the Relevant Period, BofA’s policies and procedures broadly

prohibited employees from using unapproved methods, such as personal text messages and

WhatsApp, to engage in business-related communications. As part of its procedures, BofA also

provided certain employees with company-issued personal devices in order for them to exchange

messages in a way that the bank could monitor and supervise them. However, BofA did not take

adequate steps to ensure that its employees were using those devices or to detect that certain

employees were frequently failing to use those devices for all business-related communications.

Messages sent through BofA-approved communications methods were monitored,

subject to review, and when appropriate, archived. By contrast, messages sent using unapproved

communication methods, including over personal WhatsApp, email, and text messages, were

generally not monitored, subject to review, or archived.

As a result of BofA’s failure to ensure that employees—including supervisors and senior-

level employees—complied with BofA’s communications policies and procedures, BofA failed

to maintain thousands of business-related communications, including communications in

connection with its Futures Commission Merchant and Swap Dealer businesses, and thus failed

diligently to supervise its businesses as Commission registrants. These supervision failures

resulted in the widespread use of unapproved methods of communication by many BofA

employees in violation of BofA’s policies and procedures, as well as a widespread failure to

maintain certain records required to be maintained pursuant to Commission recordkeeping

requirements.

BofA’s recordkeeping and supervision failures were company-wide and involved

employees at all levels of authority. Moreover, employees’ use of unapproved communication

methods was not hidden within BofA. To the contrary, certain supervisors—the very people

responsible for supervising employees to prevent this misconduct—routinely communicated

using unapproved methods on their personal devices. In fact, managing directors and senior

supervisors responsible for implementing BofA’s policies and procedures, and for overseeing

employees’ compliance with those policies and procedures, themselves failed to comply with

BofA policies by communicating using unapproved methods on their personal devices about

BofA’s Commission-regulated businesses.

2. BofA Employee’s Deletion of Business-Related Communications and Request

that Third-Party Brokers Delete Business-Related Communications

As a stark example of BofA’s failure to enforce its communications policies, from at least

fall 2015 until approximately August 2021, members of the Desk regularly used unapproved

communication methods to communicate, including about BofA’s Commission-regulated

business and, in fact, took steps to ensure that those messages were not retained or monitored.

Further, certain traders on the Desk used their personal devices for these messages

notwithstanding the fact that starting in 2020, BofA began issuing personal devices with

company-approved communication methods that the traders could and should have been using

instead.

Initially, starting at least around the fall of 2015, certain traders on the Desk used Short

Message Service (“SMS”), the basic messaging service of cell phones, to engage in a group chat.

In late 2020 or early 2021, the Desk Head, who was a managing director, instructed several

subordinates on the desk to switch their SMS messages to WhatsApp. The Desk Head also

orally reminded his subordinates that they—like he—should delete messages from their personal

devices, which included business-related messages, on a routine basis. As one trader on the

Desk wrote to another BofA employee in December 2020: “We [i.e., traders on the swaps desk]

use WhatsApp all the time but / We delete convos [conversations] / Regularly.” Deletion

instructions from the Desk Head became more frequent during the first quarter of 2021.

Additionally, on a Sunday morning at the end of February 2021, the Desk Head called a

broker at a third-party swaps brokerage firm, to convey, in sum and substance, that the broker

should delete the communications between them from his personal device, which included

business-related communications. The Desk Head also asked the broker to contact the broker’s

co-worker and request that the co-worker delete messages with a BofA trader. As a result of the

Desk Head’s request, the broker deleted messages he had with the Desk Head.

In early March 2021, the Desk Head asked the broker to start using the messaging

application Signal for their personal-device communications. The same week, the Desk Head

messaged another broker at a separate swaps brokerage firm and asked him to stop using SMS,

to delete the SMS messages between them (“no more sms” / “delete all”), and to use Signal for

further personal-device communications.

Around the same time, the Desk Head began a Signal group chat with three subordinate

traders on the Desk. Shortly thereafter, the Desk Head instructed one of those traders to set the

desk group chat messages to delete (and thus become unrecoverable) after one day. As a result

of the Desk Head’s instruction to set the messages to delete, messages within the group Signal

chat were deleted from early March 2021 until the end of May 2021.

In May 2021, Commission staff indicated to BofA their interest in speaking with the

Desk Head about off-channel communications. Notwithstanding that Commission staff

specifically raised this issue, traders on the Desk continued to use Signal for business-related

communications. The Desk Head, at approximately the same time, disabled the one-day delete

setting on the Desk’s group Signal chat (such that the messages were retained), and began to

instruct the traders on the Desk to conduct business-related communications over bank-approved

and monitored channels. However, between late May and early August 2021, approximately 250

messages were still sent through the Desk’s group Signal chat, including messages where the

Desk Head and three traders at times communicated about specific trades and positions, and

where on certain occasions the traders sought the Desk Head’s sign-off or advice before

engaging in particular transactions. During this time, the participants to the group Signal chat

sent messages, if not daily, at least several times a week. It was not until August 2021 that the

Desk Head and traders closed their Signal chat. Despite BofA being alerted in May 2021 by the

Commission staff of his use of off-channel communications, the Desk Head continued to

supervise the desk until he resigned in 2022.

Although BofA had policies in place that prohibited employees from communicating

about business on unapproved channels, the bank’s controls to ensure that those policies were

being followed were inadequate. Despite issuing its traders mobile devices with company-

approved communication methods, BofA did not take adequate steps to ensure employees were

using those devices and BofA’s controls were not adequate to detect that employees were

frequently not using those devices for all business-related communications. Further, BofA’s

training of its staff on, and enforcement of, its communications and recordkeeping policies and

procedures were inadequate to deter members of the Desk, including its supervisor, from

violating those policies for several years. Indeed, Signal is designed with encryption that makes

capturing and reviewing messages difficult. For that reason, BofA may not have been able to

review and monitor such messages even were the bank aware of them, making such messages

effectively unmonitorable.

III. LEGAL DISCUSSION

A. Bank of America, N.A.’s Failure to Maintain Required Records in Violation

of Sections 4s(f)(1)(C) and 4s(g)(1) and (3) of the Act and Regulations

23.201(a) and 23.202(a)(1) and (b)(1)

Section 4s(f)(1)(C) of the Act obligates swap dealers to keep “books and records of all

activities related to its business as a swap dealer . . . in such form and manner and for such period

as may be prescribed by the Commission by rule or regulation” and those books and records

must be kept “open to inspection and examination by any representative of the Commission.”

7 U.S.C. § 6s(f)(1)(C); see also Section 4s(g)(1) and (3) of the Act, 7 U.S.C. § 6s(g)(1), (3)

(requiring swap dealers to keep daily trading and counterparty records). These statutes are

implemented, among other places, at Regulations 23.201(a) and 23.202(a)(1) and (b)(1),

17 C.F.R. §§ 23.201(a), 23.202(a)(1), (b)(1) (2021).

Regulation 23.201(a) obligates a swap dealer to “keep full, complete, and systematic

records, together with all pertinent data and memoranda, of all its swaps activities,” including

“[r]ecords of each transaction, including all documents on which transaction information is

originally recorded.” Regulation 23.202(a)(1) and (b)(1) requires, in relevant part, every swap

dealer to keep daily trading records of all swaps and related cash and forward transactions it

executes including, specifically, a record of oral and written communications provided or

received concerning quotes, solicitations, bids, offers, instructions, trading, and prices that led to

the execution of a swap transaction or the conclusion of a related cash or forward transaction.

During the Relevant Period, as a result of the widespread employee use of unapproved

communication methods, Bank of America, N.A. failed to maintain Commission-required

transaction records and pre-execution communications. By this conduct, Bank of America, N.A.

violated Sections 4s(f)(1)(C) and 4s(g)(1) and (3) of the Act and Regulations 23.201(a) and

23.202(a)(1) and (b)(1).

B. BofA Securities, Inc. and Merrill Lynch, Pierce, Fenner & Smith

Incorporated’s Failure to Keep Required Records in Violation of Section 4g

of the Act and Regulation 1.35

Section 4g of the Act requires FCMs and other registrants to create and keep books and

records pertaining to transactions and positions in such form and manner and for such period as

may be required by the Commission. 7 U.S.C. § 6g. Regulation 1.35(a)(1), 17 C.F.R.

§ 1.35(a)(1) (2021), sets forth some of the books and records that are required to be created and

maintained by FCMs. Specifically, an FCM must:

(i) Keep full, complete, and systematic records . . . of all transactions relating to

its business of dealing in commodity interests . . . which shall include all orders

(filled, unfilled, or canceled), . . . and all other records, which have been prepared

in the course of its business of dealing in commodity interests . . . .

***

(iii) Keep all oral and written communications provided or received concerning

quotes, solicitations, bids, offers, instructions, trading, and prices that lead to the

execution of a transaction in a commodity interest . . . whether transmitted by

telephone, voicemail, facsimile, instant messaging, chat rooms, electronic mail,

mobile device, or other digital or electronic media . . . .

With the exception of pre-trade communications, all such records are required to be “kept in a

form and manner that allows for the identification of a particular transaction.” Regulation

1.35(a)(5), 17 C.F.R. § 1.35(a)(5) (2021).

As a result of the widespread use of unapproved methods of communication by their

employees, which communications were not preserved and maintained, BofA Securities Inc. and

Merrill Lynch, Pierce, Fenner & Smith Incorporated failed to keep full, complete, and systematic

records of all transactions relating to its business of dealing in commodity interests, in violation

of Section 4g of the Act and Regulation 1.35.

C. Bank of America, N.A., BofA Securities, Inc., and Merrill Lynch, Pierce,

Fenner & Smith Incorporated’s Failure to Keep Records in Required

Manner in Violation of Regulation 1.31

Regulation 1.31(b)(4), 17 C.F.R. § 1.31(b)(4) (2021), requires that registrants keep all

books and records that are required to be maintained under the Act and Regulations in such

manner as to make them “readily accessible” for a period of two years for paper records and for

the duration of the retention period for electronic records. Upon request of the Commission, all

of these documents are required to be “promptly” produced. Regulation 1.31(d), 17 C.F.R.

§ 1.31(d) (2021). Regulation 23.203(b)(1), 17 C.F.R. § 23.203(b)(1) (2021), requires that

records required to be kept pursuant to Part 23 of the Regulations, be kept in accordance with

Regulation 1.31, 17 C.F.R. § 1.31 (2021).

By failing to keep all Commission-required records in such a manner as to make them

“readily accessible,” Bank of America, N.A., BofA Securities, Inc., and Merrill Lynch, Pierce,

Fenner & Smith Incorporated violated Regulation 1.31. In addition, Bank of America, N.A.,

BofA Securities, Inc., and Merrill Lynch, Pierce, Fenner & Smith Incorporated violated

Regulation 1.31 by not promptly producing such communications upon request in connection

with the Commission’s investigation, as described above.

D. Bank of America, N.A.’s Failure to Supervise Diligently in Violation of

Section 4s(h)(1)(B) of the Act and Regulation 23.602(a)

Section 4s(h)(1)(B) of the Act, 7 U.S.C. § 6s(h)(1)(B), requires “diligent supervision of

the business of the registered swap dealer[.]” Regulation 23.602(a) requires that each swap

dealer “shall establish and maintain a system to supervise, and shall diligently supervise, all

activities relating to its business performed by its partners, members, officers, employees, and

agents (or persons occupying a similar status or performing a similar function).” 17 C.F.R.

§ 23.602(a) (2021). The operative language of Regulation 23.602(a) is similar to the language of

the Commission’s longstanding supervision regulation for futures and options, Regulation 166.3,

17 C.F.R. § 166.3 (2021).

Under Regulation 23.602(a), a violation is demonstrated by showing either that: (1) the

registrant’s supervisory system was generally inadequate; or (2) the registrant failed to perform

its supervisory duties diligently. See In re JPMorgan Chase Bank, N.A., CFTC No. 22-07, 2021

WL 6098347, at *6 (Dec. 17, 2021) (consent order); see also In re Commerzbank AG, CFTC No.

19-03, 2018 WL 5921385, at *10-11 (Nov. 8, 2018) (consent order) (noting textual similarities

between Regulation 23.602 and Regulation 166.3, applying case law concerning Regulation

166.3, and citing In re Murlas Commodities, Inc., CFTC No. 85-29, 1995 WL 523563, at *9

(Sept. 1, 1995), and In re Paragon Futures Assoc., CFTC No. 88-18, 1992 WL 74261, at *14

(Apr. 1, 1992)); In re INTL FCStone Markets, LLC, CFTC No. 15-27, 2015 WL 4980321, at *3

(Aug. 19, 2015) (consent order) (same). Either showing “alone is sufficient to establish a

violation of the supervision requirement.” Commerzbank, 2018 WL 5921385, at *10

(interpreting Regulation 23.602 in light of Regulation 166.3 precedents). No evidence of an

underlying violation is necessary. In re Collins, CFTC No. 94-13, 1997 WL 761927, at *10

(Dec. 10, 1997) (interpreting Regulation 166.3). Evidence of violations that “‘should be detected

by a diligent system of supervision, either because of the nature of the violations or because the

violations have occurred repeatedly,’ is probative of a failure to supervise.” See In re Bank of

Nova Scotia, CFTC No. 20-26, 2020 WL 4926053, at *10 (Aug. 19, 2020) (consent order)

(quoting In re Société Générale Int’l Ltd., CFTC No. 19-38, 2009 WL 4915485, at *7 (Sept. 30,

2019) (consent order)).

Bank of America, N.A. failed to supervise its swap dealer business activities diligently

during the Relevant Period. Bank of America, N.A. failed to maintain an adequate supervisory

system to ensure that employees did not utilize unapproved methods to engage in

communications relating to its business, including the swap dealer business. Bank of America,

N.A.’s failure to supervise is demonstrated by its failure to detect, prevent, and remediate

repeated violations of the Commission’s recordkeeping requirements and company policies and

procedures. Supervisory personnel failed to ensure that employees complied with Bank of

America, N.A.’s Commission recordkeeping requirements and firm communications policies and

in some instances themselves violated the policies. These supervision failures also resulted in

the failure to keep and maintain Commission-required records, the failure to maintain the records

in such a manner as to make them readily available, and the failure to produce the records

promptly upon request. By this conduct, Bank of America, N.A. failed to supervise diligently its

officers, employees, and agents, in violation of Section 4s(h)(1)(B) of the Act and Regulation

23.602(a).

E. BofA Securities, Inc. and Merrill Lynch, Pierce, Fenner & Smith

Incorporated’s Failure to Diligently Supervise in Violation of Regulation

166.3

Regulation 166.3 states:

Each Commission registrant, except an associated person who has no supervisory

duties, must diligently supervise the handling by its partners, officers, employees

and agents (or persons occupying a similar status or performing a similar

function) of all commodity interest accounts carried, operated, advised or

introduced by the registrant and all other activities of its partners, officers,

employees and agents (or persons occupying a similar status or performing a

similar function) relating to its business as a Commission registrant.

17 C.F.R. § 166.3 (2021).

A violation under Regulation 166.3 is an independent violation for which no underlying

violation is necessary. See Collins, 1997 WL 761927, at *10. A violation of Regulation 166.3 is

demonstrated by showing either that: (1) the registrant’s supervisory system was generally

inadequate; or (2) the registrant failed to perform its supervisory duties diligently. Murlas

Commodities, Inc., 1995 WL 523563, at *9; Sansom Refining Co. v. Drexel Burnham Lambert,

Inc., CFTC No. 82-R448, 1990 WL 282783, at *11 (Feb. 16, 1990) (noting that, under

Regulation 166.3, registrants have “duty to develop procedures for the detection and deterrence

of possible wrongdoing by [their] agents” (internal quotation omitted)); In re GNP Commodities,

Inc., CFTC No. 89-1, 1992 WL 201158, at *17-19 (Aug. 11, 1992) (providing that, even if an

adequate supervisory system is in place, Regulation 166.3 can still be violated if the supervisory

system is not diligently administered); see also In re Rosenthall Collins Grp., LLC, CFTC No.

12-18, 2012 WL 1242406, at *6 (Apr. 12, 2012) (consent order) (respondent failed to perform

supervisory duties diligently by not following its compliance procedures that were in place).

Evidence of violations that “should be detected by a diligent system of supervision, either

because of the nature of the violations or because the violations have occurred repeatedly” is

probative of a failure to diligently supervise. In re Paragon Futures Assoc., CFTC No. 88-18,

1992 WL 74261, at *14 (Apr. 1, 1992) (“The focus of any proceeding to determine whether Rule

166.3 has been violated will be on whether [a] review [has] occurred and, if it did, whether it was

‘diligent.’”).

BofA Securities, Inc. and Merrill Lynch, Pierce, Fenner & Smith Incorporated failed to

supervise their business as a Commission registrant by failing to maintain adequate supervisory

systems to ensure that employees complied with Commission recordkeeping requirements and

company policies and procedures that prohibited business-related communications on

unapproved methods of communication. The inadequacy of BofA Securities, Inc. and Merrill

Lynch, Pierce, Fenner & Smith Incorporated’s supervisory systems is demonstrated by the

longstanding and repeated violations of BofA Securities, Inc. and Merrill Lynch, Pierce, Fenner

& Smith Incorporated’s Commission recordkeeping regulations and company policies and

procedures, including by supervisory personnel, and the fact that the supervisory failures resulted

in the repeated failure to maintain Commission-required records, to ensure that the required

records were readily accessible, and that the records could be promptly produced upon request.

By this conduct, BofA Securities, Inc. and Merrill Lynch, Pierce, Fenner & Smith Incorporated

failed to supervise diligently its officers, employees, and agents in violation of Regulation 166.3.

IV. FINDINGS OF VIOLATIONS

Based on the foregoing, the Commission finds that, during the Relevant Period, Bank of

America, N.A. violated Sections 4s(f)(1)(C), 4s(g)(1) and (3), and 4s(h)(1)(B) of the Act, 7

U.S.C. §§ 6s(f)(1)(C), 6s(g)(1), (3), 6s(h)(1)(B), and Regulations 1.31, 23.201(a), 23.202(a)(1)

and (b)(1), and 23.602(a), 17 C.F.R. §§ 1.31, 23.201(a), 23.202(a)(1), (b)(1), 23.602(a) (2021);

and BofA Securities, Inc. and Merrill Lynch, Pierce, Fenner & Smith Incorporated violated

Section 4g of the Act, 7 U.S.C. § 6g, and Regulations 1.31, 1.35, and 166.3, 17 C.F.R. §§ 1.31,

1.35, 166.3 (2021).

V. OFFER OF SETTLEMENT

Respondents have submitted the Offer in which they:

A. Acknowledge service of this Order;

B. Admit the facts described in Sections II above, except for the facts set forth in Sections

II.A.2 and II.C.2, which facts they neither admit nor deny, and acknowledge that their

conduct violated the Act and Regulations;

C. Admit the jurisdiction of the Commission with respect to all matters set forth in this

Order and for any action or proceeding brought or authorized by the Commission based

on violation of or enforcement of this Order;

D. Waive:

1. The filing and service of a complaint and notice of hearing;

2. A hearing;

3. All post-hearing procedures;

4. Judicial review by any court;

5. Any and all objections to the participation by any member of the Commission’s

staff in the Commission’s consideration of the Offer;

6. Any and all claims that they may possess under the Equal Access to Justice Act,

5 U.S.C. § 504, and 28 U.S.C. § 2412, and/or the rules promulgated by the

Commission in conformity therewith, Part 148 of the Regulations, 17 C.F.R.

pt. 148 (2021), relating to, or arising from, this proceeding;

7. Any and all claims that they may possess under the Small Business Regulatory

Enforcement Fairness Act of 1996, Pub. L. No. 104-121, tit. II, §§ 201–253, 110

Stat. 847, 857–74 (codified as amended at 28 U.S.C. § 2412 and in scattered

sections of 5 U.S.C. and 15 U.S.C.), relating to, or arising from, this proceeding;

and

8. Any claims of Double Jeopardy based on the institution of this proceeding or the

entry in this proceeding of any order imposing a civil monetary penalty or any

other relief, including this Order;

E. Stipulate that the record basis on which this Order is entered shall consist solely of the

findings contained in this Order to which Respondents have consented in the Offer; and

F. Consent, solely on the basis of the Offer, to the Commission’s entry of this Order that:

1. Makes findings by the Commission that Bank of America, N.A. violated Sections

4s(f)(1)(C), 4s(g)(1) and (3), and 4s(h)(1)(B) of the Act, 7 U.S.C. §§ 6s(f)(1)(C),

6s(g)(1), (3), 6s(h)(1)(B), and Regulations 1.31, 23.201(a), 23.202(a)(1) and (b)(1),

and 23.602(a), 17 C.F.R. §§ 1.31, 23.201(a), 23.202(a)(1), (b)(1), 23.602(a)

(2021); and BofA Securities Inc. and Merrill Lynch, Pierce, Fenner & Smith

Incorporated violated Section 4g of the Act, 7 U.S.C. § 6g, and Regulations 1.31,

1.35 and 166.3, 17 C.F.R. §§ 1.31, 1.35, 166.3 (2021);

2. Orders Bank of America, N.A. to cease and desist from violating Sections

4s(f)(1)(C), 4s(g)(1) and (3), and 4s(h)(1)(B) of the Act, and Regulations 1.31,

23.201(a), 23.202(a)(1) and (b)(1), and 23.602(a); and BofA Securities Inc. and

Merrill Lynch, Pierce, Fenner & Smith Incorporated to cease and desist from

violating Section 4g of the Act and Regulations 1.31, 1.35, and 166.3;

3. Orders Respondents to pay, jointly and severally, a civil monetary penalty in the

amount of one hundred million US dollars ($100,000,000), plus post-judgment

interest within fourteen days of the date of entry of this Order; and

4. Orders Respondents and their successors and assigns to comply with the conditions

and undertakings consented to in the Offer and as set forth in Part VI of this Order;

and

G. Represent that they have engaged in a review of certain recordkeeping failures and begun

a program of remediation.

Upon consideration, the Commission has determined to accept the Offer.

VI. ORDER

Accordingly, IT IS HEREBY ORDERED THAT:

A. Bank of America, N.A. and its successors and assigns shall cease and desist from violating

Sections 4s(f)(1)(C), 4s(g)(1) and (3), and 4s(h)(1)(B) of the Act, 7 U.S.C. §§ 6s(f)(1)(C),

6s(g)(1), (3), 6s(h)(1)(B), and Regulations 1.31, 23.201(a), 23.202(a)(1) and (b)(1), and

23.602(a), 17 C.F.R. §§ 1.31, 23.201(a), 23.202(a)(1), (b)(1), 23.602(a) (2021); and BofA

Securities Inc. and Merrill Lynch, Pierce, Fenner & Smith Incorporated and their

successors and assigns shall cease and desist from violating Section 4g of the Act, 7 U.S.C.

§ 6g, and Regulations 1.31, 1.35, and 166.3, 17 C.F.R. §§ 1.31, 1.35, 166.3 (2021).

B. Respondents shall pay, jointly and severally, a civil monetary penalty in the amount of

one hundred million US dollars ($100,000,000) (“CMP Obligation”), within fourteen

days of the date of the entry of this Order. If the CMP Obligation is not paid in full

within fourteen days of the date of entry of this Order, then post-judgment interest shall

accrue on the CMP Obligation beginning on the date of entry of this Order and shall be

determined by using the Treasury Bill rate prevailing on the date of entry of this Order

pursuant to 28 U.S.C. § 1961.

Respondents shall pay the CMP Obligation and any post-judgment interest by electronic

funds transfer, U.S. postal money order, certified check, bank cashier’s check, or bank

money order. If payment is to be made other than by electronic funds transfer, then the

payment shall be made payable to the Commodity Futures Trading Commission and sent

to the address below:

MMAC/ESC/AMK326

Commodity Futures Trading Commission

6500 S. MacArthur Blvd.

HQ Room 266

Oklahoma City, OK 73169

[email protected]

If payment is to be made by electronic funds transfer, Respondents shall contact Tonia

King or her successor at the above email address to receive payment instructions and

shall fully comply with those instructions. Respondents shall accompany payment of the

CMP Obligation with a cover letter that identifies the paying Respondent(s) and the name

and docket number of this proceeding. The paying Respondent(s) shall simultaneously

transmit copies of the cover letter and the form of payment to the Chief Financial Officer,

Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street, NW,

Washington, D.C. 20581;

C. Respondents and their successors and assigns shall comply with the following conditions

and undertakings set forth in the Offer:

1. BofA shall conduct:

a. A comprehensive review of BofA’s supervisory, compliance, and other

policies and procedures designed to ensure that BofA’s electronic

communications, including those found on personal electronic devices,

including without limitation, cellular phones (“Personal Devices”), are

preserved in accordance with the requirements of the Act, the Regulations,

and BofA’s policies and procedures.

b. A comprehensive review of training conducted by BofA to ensure personnel

are complying with the requirements regarding the preservation of electronic

communications, including those found on Personal Devices, in accordance

with the requirements of the Act and the Regulations, and BofA’s policies and

procedures, including by ensuring that BofA personnel certify in writing on a

quarterly basis that they are complying with preservation requirements.

c. An assessment of the surveillance program measures implemented by BofA to

ensure compliance, on an ongoing basis, with the requirements found in the

Act, the Regulations, and BofA’s policies and procedures to preserve

electronic communications, including those found on Personal Devices.

d. An assessment of the technological solutions that BofA has begun

implementing to meet the record retention requirements of the Act, the

Regulations, and BofA’s policies and procedures, including an assessment of

the likelihood that BofA personnel will use the technological solutions going

forward and a review of the measures employed by BofA to track employee

usage of new technological solutions.

e. An assessment of the measures used by BofA to prevent the use of unauthorized

communications methods for business communications by employees. This

assessment should include, but not be limited to, a review of BofA’s policies

and procedures to ascertain if they provide for any significant technology and/or

behavioral restrictions that help prevent the risk of the use of unapproved

communications methods on Personal Devices (e.g., trading floor restrictions).

f. A review of BofA’s electronic communications surveillance routines to ensure

that electronic communications through approved communications methods

found on Personal Devices are incorporated into BofA’s overall

communications surveillance program.

g. A comprehensive review of the framework adopted by BofA to address

instances of non-compliance by BofA employees with BofA’s policies and

procedures concerning the use of Personal Devices to communicate about

BofA business in the past. This review shall include a survey of how BofA

determined which employees failed to comply with BofA policies and

procedures, the corrective action carried out, an evaluation of who violated

policies and why, what penalties were imposed, and whether penalties were

handed out consistently across business lines and seniority levels.

2. Written Report of Findings:

a. Within forty-five (45) days after completion of the review set forth in sub-

paragraphs 1.a. through 1.g. above, BofA shall submit a detailed written report

of its findings to the Commission staff (the “Report”). The Report shall

include a description of the review performed, the names of the individuals

who performed the review, the conclusions reached, and a summary of the

plan for implementing the recommended changes in or improvements to

BofA’s policies and procedures.

b. BofA shall adopt all recommendations contained in the Report within one

hundred and thirty-five (135) days of the date of the Report.

c. The Report will likely include confidential financial, proprietary, competitive

business or commercial information. Public disclosure of the reports could

discourage cooperation, impede pending or potential government investigations

or undermine the objectives of the reporting requirement. For these reasons,

among others, the reports and the contents thereof are intended to remain and

shall remain non-public, except: (1) pursuant to court order; (2) as agreed to by

the parties in writing; (3) to the extent that the Commission determines in its

sole discretion that disclosure would be in furtherance of the Commission’s

discharge of its duties and responsibilities; or (4) is otherwise required by law.

3. One-Year Evaluation: BofA shall assess its program for the preservation, as required

under the Act, Regulations, and BofA’s policies and procedures, of electronic

communications, including those found on Personal Devices, commencing one year

after submitting the Report required by Paragraph 2.a. above. BofA shall require this

review to evaluate BofA’s progress in the areas described in Paragraph 1.a. through 1.g.

above. After this review, BofA shall submit a report (the “One Year Report”) to the

Commission staff and shall ensure that the One Year Report includes an updated

assessment of BofA’s policies and procedures with regard to the preservation of

electronic communications (including those found on Personal Devices), training,

surveillance programs, and technological solutions implemented in the prior year period.

4. Reporting Discipline Imposed: For two years following the entry of this Order, BofA

shall notify the Commission staff as follows upon the imposition of any discipline

imposed by BofA, including, but not limited to, written warnings, loss of any pay,

bonus, or incentive compensation, or the termination of employment, with respect to

any employee found to have violated BofA’s policies and procedures concerning the

preservation of electronic communications, including those found on Personal

Devices: (1) at least 48 hours before the filing of a Form 8-T; or (2) within ten (10)

days of the imposition of other discipline.

Recordkeeping: BofA shall preserve, for a period

not less than six (6) years from

the end

the fiscal year last used, the first two (2) years in an easily accessible place,

any record

compliance with these undertakings.

Public Statements: Respondents agree that neither they nor any

their successors

and assigns, agents or employees under their authority or control shall take any action

or make any public statement denying, directly or indirectly, any findings or

conclusions in this Order or creating, or tending to create, the impression that this

Order is without a factual basis; provided, however, that nothing in this provision

shall affect Respondents': (1) testimonial obligations; or (2) right to take legal

positions in other proceedings to which the Commission is not a party. Respondents

and their successors and assigns shall comply with this agreement, and shall

undertake all steps necessary to ensure that all

their agents and/or employees under

their authority or control understand and comply with this agreement.

Cooperation, in General: Respondents shall cooperate fully and expeditiously with

the Commission, including the Commission's Division

Enforcement, in this action,

and in any current or future Commission investigation or action related thereto.

Respondents shall also cooperate in any investigation, civil litigation, or

administrative matter related to, or arising from, the subject matter

this action.

Partial Satisfaction: Respondents understand and agree that any acceptance by the

Commission

any partial payment

Respondents' CMP Obligation shall not be

deemed a waiver

their obligation to make further payments pursuant to this Order, or a

waiver

the Commission's right to seek to compel payment

any remaining balance.

Deadlines: For good cause shown, Division staff may extend any

the procedural

dates relating to the undertakings. Unless otherwise specified, deadlines for procedural

dates shall be counted in calendar days, except that

the last day falls on a weekend or

federal holiday, the next business day shall be considered to be the last day.

. Change

Address/Phone: Until such time as Respondents satisfy in full their CMP

Obligation as set forth in this Order, Respondents shall provide written notice to the

Commission by certified mail

any change to their telephone numbers and mailing

addresses within ten calendar days

the change.

The provisions

this Order shall be effective as

this date.

By the Commission.

~t~

Christopher

Kirkpatrick

Secretary

the Commission

Commodity Futures Trading Commission

Dated: September 27, 2022