A swap dealer settled CFTC charges for failing to provide certain audio recordings during an investigation.
According to the CFTC, Goldman Sachs & Co. LLP was required as a swap dealer to maintain audio recordings of activity on the phone lines for trading and sales desks but failed to do so for twenty calendar days due to a technical malfunction. The CFTC found that as a result of the reported malfunction, Goldman Sachs was unable to fulfill the agency's request to provide certain recordings and, ultimately, "impeded" an ongoing investigation.
To settle the charges, Goldman Sachs agreed to (i) cease and desist from further violating CFTC regulations, (ii) pay a $1,000,000 civil monetary penalty and (iii) comply with the conditions and undertakings outlined in the Offer.
According to the Order, the problem here was caused by a malfunction that occurred during a system upgrade involving the installation of a "Microsoft security patch" on software that Goldman uses, which, in turn, caused the recording hardware to malfunction - which in turn, was exacerbated by the failure of the hardware's "failsafe alarm" system to alert Goldman of the failure. The Order goes on to state that "[a]t the time Goldman had followed the vendor's configuration instructions and was unaware of the vulnerability of the recording hardware it utilized."
The matter illustrates the very high cost - in terms of monetary sanctions - that a financial firm can incur from any technological glitch, here involving the installation of a software security patch, which presumably was meant to protect the firm from cybersecurity threats that under CFTC policy can subject the firm to sanctions if allowed to fester. So you try to fix one problem and you unintentionally cause another: no rest for the weary (in the IT department), as the saying goes. But the policy issue here is whether the harm to the public, or the deterrent value, resulting from an unfortunate and presumably good-faith error, justifies a million-dollar penalty.
Sometimes, stuff happens.