The Fiduciary Reckoning, Part III: The Public Record on Merrill Lynch and Bank of America
A note on this series
In Parts I and II of this series, we walked the public regulatory record of Wells Fargo and Morgan Stanley.1 Two firms. Combined documented federal and state enforcement and admitted misconduct: approximately $13 billion across the windows the two installments covered. One word still on the marketing materials at both firms: fiduciary.
Part III turns to Merrill Lynch and Bank of America.
This installment treats both entities together. The reason is structural. Merrill Lynch has operated as a wholly owned subsidiary of Bank of America since the 2009 acquisition; the wealth management business and the bank holding company are not separable in any meaningful sense, and the structural argument the series makes (that "fiduciary" loses its meaning when wealth management sits inside an enterprise with revenue streams that conflict with fiduciary duty) is expressed in this combined corporate structure more concretely than in any other firm we will cover. The integrated banking and wealth management business is the structural argument made literal.
As in Parts I and II, this is not about individuals at any firm. It is about a structural problem the industry has built around a word it has been allowed to dilute. A reader picking up the series here can do so without having read the earlier installments. The argument restates each time. The receipts are what change.
The same structural question
The structural distinction at the heart of this series is between two regulatory regimes. Investment Adviser Representatives, or IARs, operate under the Investment Advisers Act of 1940 and a true fiduciary duty of loyalty and care. Broker-dealer registered representatives operate under FINRA and Regulation Best Interest, a "best interest" standard rather than a fiduciary one, which explicitly contemplates substantial conflicts of interest provided they are disclosed.
Most "advisors" at the major wirehouses, including Merrill Lynch, are dual-registered. The same person operates under both regimes depending on which kind of account is being discussed and which kind of transaction is being executed. The client cannot tell which standard governs a given conversation. The firm's compensation structure does not depend on the client being able to tell.
The public regulatory record is what the structure produces.
The Merrill Lynch wealth management record (2016–2025)
Customer Protection Rule violations, admitted (June 2016)
On June 23, 2016, the Securities and Exchange Commission announced that Merrill Lynch had agreed to pay $415 million and admit wrongdoing to settle charges that it misused customer cash to generate profits for the firm and failed to safeguard customer securities from the claims of its creditors.2 The SEC's Enforcement Director at the time, Andrew J. Ceresney, described the settlement as "by far the largest customer protection settlement in SEC history."
The conduct ran across two distinct categories and two overlapping time periods.
From 2009 to 2012, Merrill Lynch engaged in what the SEC described as "complex options trades that lacked economic substance" (specifically, leveraged conversion trades using listed options financed by customers through margin loans extended by the firm) to artificially reduce the deposit of customer cash required in the firm's Customer Reserve Account. The maneuver freed up billions of dollars per week, which Merrill Lynch then used to finance its own trading activities. Had Merrill Lynch failed in the midst of these trades, the SEC noted, the firm's customers would have been exposed to a massive shortfall in the reserve account.
From 2009 to 2015, Merrill Lynch held up to $58 billion per day of fully paid customer securities in a clearing account that was subject to a general lien by its clearing bank, plus additional customer securities in accounts worldwide that were similarly subject to liens. The firm thus failed to adhere to the Customer Protection Rule's requirement that fully paid customer securities be held in lien-free accounts shielded from claims by third parties should the firm collapse. Had Merrill Lynch collapsed at any point during that period, customers would have been exposed to significant risk and uncertainty about getting back their own securities.
Merrill Lynch admitted the violations in writing. The same SEC order also found that Merrill Lynch had used severance agreement language that improperly impeded employees from coming forward to the SEC with information about violations.
The same week, in two parallel actions, Bank of America agreed to pay $10 million to settle SEC charges that it had issued misleading offering materials for structured notes tied to a proprietary volatility index, sold to retail investors through Merrill Lynch. Merrill Lynch separately agreed to pay $5 million to FINRA for failing to disclose material facts in those same structured note sales.
Recordkeeping failures (September 2022)
On September 27, 2022, the SEC announced settlements with fifteen broker-dealers and one investment adviser for widespread and longstanding failures by employees, including senior personnel, to preserve business communications conducted on personal devices and unapproved messaging platforms. The aggregate penalties totaled $1.1 billion. BofA Securities together with Merrill Lynch paid $125 million, among the highest individual firm penalties in the sweep, matching the amount Morgan Stanley paid in the same proceeding (covered in Part II).3
The firms admitted the facts set forth in the SEC's orders, acknowledged that their conduct violated recordkeeping provisions of the federal securities laws, and agreed to begin implementing improvements to their compliance policies and procedures. The conduct period ran from January 2018 through September 2021.
A pattern of share class and mutual fund waiver failures (2014–2022)
Across the article's twelve-year window, FINRA brought a series of enforcement actions against Merrill Lynch related to mutual fund share class selection and sales charge waivers, the kind of fee-layering decisions that compound across years of advisory client holdings.
In June 2014, FINRA fined Merrill Lynch $8 million and ordered approximately $24.2 million in restitution for failing to offer mutual fund sales charge waivers to certain retirement accounts and charitable organizations.4 In May 2022, a separate FINRA action required $15.2 million in restitution for failing to provide mutual fund sales waivers to over 13,000 accounts through April 2017. In June 2022, FINRA brought a further action concerning Class C share supervision; Merrill Lynch had failed to prevent Class C share purchases (with annualized expenses up to 80 basis points higher than alternatives) when Class A shares were available at a discount. In August 2022, another FINRA action required $7.2 million in restitution for mutual fund overcharges. Earlier, in April 2020, the SEC closed its Share Class Disclosure Initiative with a final settlement that included Merrill Lynch, covering 12b-1 fees from January 2014 through May 2018 where less expensive share classes of the same funds were available to clients but were not used.
FINRA characterized Merrill's cumulative restitution from mutual fund share class and waiver issues as exceeding $119 million by the time of the May 2022 action. Each individual case is smaller than the 2016 Customer Protection settlement. Read together, across a decade, they describe a pattern: discrete enforcement actions on the same category of retail wealth management harm, recurring at intervals, never definitively ending.
Cash sweep (January 2025)
On January 17, 2025, the SEC announced settled charges against Wells Fargo Clearing Services, Wells Fargo Advisors Financial Network, and Merrill Lynch, Pierce, Fenner & Smith Incorporated for failing to adopt and implement written policies and procedures reasonably designed to prevent violations of the Investment Advisers Act of 1940 relating to the firms' cash sweep programs.5 The firms agreed to pay $60 million in combined civil penalties. Merrill Lynch's share was $25 million.
According to the SEC's orders, Merrill Lynch offered bank deposit sweep programs as the only cash sweep option for most advisory clients and received "a significant financial benefit from advisory client cash" in those programs.
This is the same coordinated proceeding covered in Part I. The SEC charged Wells Fargo Advisors and Merrill Lynch in the same order, on the same date, for the same conduct. By the time of this article, Part III is the third installment in this series to walk a firm's public regulatory record, and the same SEC proceeding has now appeared in two installments (Part I and Part III) as direct enforcement, and in Part II as the open question of an investigation that closed under a different administration without enforcement. The pattern this series identifies is now visible across firms and across installments, in the regulators' own actions.
The broader Bank of America record (2014–2023)
The Merrill Lynch record above is one part of the picture. The broader Bank of America corporate-level regulatory record over the same window provides the structural context. The bank holding company that owns the wealth management business has its own pattern of regulatory accountability, and current Merrill Lynch clients hold their advisory accounts inside that structure.
Residential mortgage-backed securities (August 2014)
On August 21, 2014, the Department of Justice announced that Bank of America would pay $16.65 billion to resolve federal and state civil claims related to residential mortgage-backed securities. Then-Attorney General Eric Holder called it "the largest civil settlement with a single entity in American history."6 The settlement included $9.65 billion in cash payments and $7 billion in consumer relief. A parallel SEC settlement added $245 million.
The DOJ press release expressly identified the conduct as occurring at Countrywide Financial and Merrill Lynch prior to Bank of America's acquisition of those entities. Bank of America had acquired both firms in 2008–2009; the 2014 settlement reflected the assumption of pre-acquisition liability by the parent corporation. In the settlement's Statement of Facts, Bank of America acknowledged that the firm, through Countrywide, Merrill Lynch, and Bank of America's own conduct, had sold billions of dollars of RMBS without disclosing to investors key facts about the quality of the securitized loans. Certain wholesale-channel loans were characterized in internal communications referenced in the Statement of Facts as "toxic waste."
This entry differs from the others in this article in an important respect: the conduct period is pre-acquisition, and the Bank of America employees who run the bank today were not the employees who originated the conduct. The settlement nonetheless sits squarely within the article's window because the parent corporation that owns Merrill Lynch today is the entity that admitted to the conduct in 2014 and the entity that paid the $16.65 billion. Merrill Lynch clients hold their accounts inside that corporate structure.
Fake accounts, junk fees, and withheld credit card rewards (July 2023)
On July 11, 2023, the Consumer Financial Protection Bureau and the Office of the Comptroller of the Currency announced coordinated orders requiring Bank of America to pay $250 million for what the CFPB characterized as systematic violations across three categories of consumer banking conduct.7 The total comprised approximately $100 million in consumer redress plus $90 million in CFPB civil penalties and $60 million in OCC civil penalties.
Three categories of conduct appear in the CFPB and OCC orders.
First: opening accounts without consumer consent. The CFPB found that "from at least 2012, in order to reach now disbanded sales-based incentive goals and evaluation criteria, Bank of America employees illegally applied for and enrolled consumers in credit card accounts without consumers' knowledge or authorization." The conduct description is structurally identical to the conduct at Wells Fargo that produced the September 2016 enforcement actions covered in Part I of this series.
Second: double-dipping non-sufficient funds fees. Bank of America charged the standard $35 NSF fee on transactions declined for insufficient funds; when a merchant resubmitted the declined transaction, the customer was hit with another $35 fee for the same underlying transaction. The CFPB and OCC found this generated tens of millions of dollars in fees on resubmitted transactions and that "the bank's disclosures did not clearly explain that multiple fees could result from the same transaction."
Third: withheld credit card reward bonuses. Bank of America offered sign-up bonuses for new credit card customers but illegally withheld those promised bonuses from tens of thousands of customers.
CFPB Director Rohit Chopra's framing of the action used three words that may carry more weight than any of the individual conduct categories. He characterized Bank of America as "a repeat offender," citing prior enforcement against the bank. Repeat-offender language in a federal consumer protection press release is unusual, and the SEC, CFPB, and DOJ records bear out the characterization: the 2023 action sat alongside additional consumer banking enforcement during the same window, including a $10 million civil penalty (2022) for unlawful out-of-state garnishments, $225 million in consumer redress (2022) for what the CFPB termed "botched disbursement of state unemployment benefits at the height of the COVID-19 pandemic" through an over-aggressive fraud detection program, and a $20 million civil penalty (2022) for charging 1.9 million consumers for credit monitoring services they never received.
A note on what this article does not cover
Bank of America's regulatory history, and Merrill Lynch's regulatory history, both extend earlier than the 2014 starting point of this article. The 2003 Global Research Analyst Settlement, in which Merrill Lynch was one of ten investment firms that paid into an aggregate $1.4 billion to resolve enforcement actions concerning conflicts of interest between equity research analysts and investment banking personnel, is the most prominent earlier example. Merrill Lynch's share of that settlement was approximately $200 million.8 This earlier action is mentioned here so the reader cannot fairly argue that this article cherry-picks a recent window of an otherwise unblemished history. The structural argument the series makes does not depend on pre-2014 material; the body of this article focuses on the past twelve years.
The pattern
Twelve years. Six federal and state agencies: SEC, DOJ, CFPB, OCC, FINRA, and state attorneys general. The cumulative documented federal and state enforcement and admitted misconduct across this article's window is dominated numerically by the 2014 mortgage settlement; excluding that single resolution, the wealth management and other in-window penalties total approximately $2 billion. With the 2014 settlement included, the documented total approaches $18.7 billion. The article reports both figures because the structural point is what matters, not the headline number.
What the record covers, taken together: the largest customer protection settlement in SEC history, on admitted misconduct in which the firm held up to $58 billion per day of customer securities at risk. Recordkeeping failures resulting in $125 million in admitted violations of federal books-and-records requirements. A pattern of share class and mutual fund waiver failures across the entire window. Cash sweep enforcement that places Merrill Lynch alongside Wells Fargo Advisors in the same coordinated SEC proceeding, structurally identical conduct treated identically by the same regulator on the same date. Fake-accounts conduct at the bank holding company that mirrors Wells Fargo's record from Part I. A "repeat offender" characterization, in writing, from the federal consumer protection regulator. And a $16.65 billion mortgage settlement that the parent corporation paid for pre-acquisition conduct at the firms it acquired, settled in 2014, included in the article's window because the corporate liability sat where the wealth management business sits today.
What this record does not contain is any pattern of conduct that the structural model (broker-dealer revenue capture and consumer banking revenue capture inside an enterprise that also markets itself as a fiduciary wealth manager) would predict against. The pattern is the pattern.
The same word still appears on the marketing materials. The structural distinction Parts I and II drew (the fiduciary standard governs only some of the conversation when the same employee operates under two regulatory regimes inside a single corporate enterprise with revenue streams that conflict with fiduciary duty) is the distinction the record continues to illustrate.
What this means for the series
Part I of the Fiduciary Reckoning argued that the regulatory record of the major wirehouses is the predictable output of a business model in which the firm's revenue depends on something other than client outcomes. Part II extended that argument to Morgan Stanley. Part III extends it to Merrill Lynch and Bank of America, and the cumulative case across the three installments now spans approximately $32 billion in combined documented federal and state enforcement and admitted misconduct across the window, three firms, and six federal regulators.
Parts IV and V will cover Goldman Sachs and JPMorgan Chase. An optional Part VI will offer the synthesis: what the cumulative record across the five firms shows about the structural model, the BD-vs-RIA distinction, and what a wealth management firm built differently looks like.
Fiduciary rhetoric is a marketing layer. The structure is what governs. The receipts continue.
This material is educational and reflects our analytical framework based on the public regulatory record. It is not a recommendation to buy, sell, or hold any security. Past regulatory action does not predict future conduct or performance. Information presented is drawn from primary regulatory sources cited in the footnotes and represents the public record as of the date of publication.
Commons Capital is a fee-only Registered Investment Adviser regulated under the Investment Advisers Act of 1940. We have no broker-dealer arm, no proprietary products, no commission incentives. This series reflects our editorial position on the structural model underlying the major wirehouses and the meaning of fiduciary duty.
1. Commons Capital. "The Fiduciary Reckoning, Part I: The Public Record on Wells Fargo." May 2026. https://www.commonsllc.com/insights/the-fiduciary-reckoning-part-i-the-public-record-on-wells-fargo · "The Fiduciary Reckoning, Part II: The Public Record on Morgan Stanley." May 2026.
2. U.S. Securities and Exchange Commission. "Merrill Lynch to Pay $415 Million for Misusing Customer Cash and Putting Customer Securities at Risk." Press Release 2016-128. June 23, 2016. https://www.sec.gov/newsroom/press-releases/2016-128
3. U.S. Securities and Exchange Commission. "SEC Charges 16 Wall Street Firms with Widespread Recordkeeping Failures." Press Release 2022-174. September 27, 2022. https://www.sec.gov/newsroom/press-releases/2022-174
4. Financial Industry Regulatory Authority. AWC 2011029999301 (June 2014). Subsequent FINRA actions referenced in the paragraph: AWC 050322 (May 2022, available at https://www.finra.org/sites/default/files/2022-06/ML_C_Share_AWC_050322.pdf); FINRA actions June and August 2022. SEC Share Class Disclosure Initiative final settlement, April 2020.
5. U.S. Securities and Exchange Commission. "SEC Charges Pair of Wells Fargo Advisory Firms and Merrill Lynch with Compliance Failures Relating to Cash Sweep Programs." Press Release 2025-16. January 17, 2025. https://www.sec.gov/newsroom/press-releases/2025-16
6. U.S. Department of Justice. "Bank of America to Pay $16.65 Billion in Historic Justice Department Settlement for Financial Fraud Leading up to and During the Financial Crisis." August 21, 2014. https://www.justice.gov/opa/pr/bank-america-pay-1665-billion-historic-justice-department-settlement-financial-fraud-leading · Parallel SEC settlement: U.S. Securities and Exchange Commission, "Bank of America Admits Disclosure Failures to Settle SEC Charges," Press Release 2014-172, August 21, 2014, https://www.sec.gov/newsroom/press-releases/2014-172
7. Consumer Financial Protection Bureau. "CFPB Takes Action Against Bank of America for Illegally Charging Junk Fees, Withholding Credit Card Rewards, and Opening Fake Accounts." July 11, 2023. https://www.consumerfinance.gov/about-us/newsroom/bank-of-america-for-illegally-charging-junk-fees-withholding-credit-card-rewards-opening-fake-accounts/
8. U.S. Securities and Exchange Commission. Litigation Release No. 18115, April 28, 2003 (settlement of Merrill Lynch's role in the Global Research Analyst Settlement). https://www.sec.gov/litigation/litreleases/lr18115.htm
