ENFORCEMENT—SEC and CFTC fine JPMorgan $200 million for widespread records violations that thwarted investigations - 21 December 2021
JPMorgan employees routinely used personal communications means to discuss business matters, circumventing books and records requirements and ultimately hindering SEC and CFTC investigations.
In parallel settled proceedings, the SEC and CFTC imposed civil penalties totaling $200 million against JPMorgan Chase Bank N.A. and affiliated entities for serious recordkeeping failures that impeded the regulators’ ability to investigate potential violations of federal law. From at least 2015, employees including senior supervisors communicated about business matters using personal communication channels and failed to preserve thousands of records as required. As a result, some records have been permanently lost, causing the entities to inadequately respond to SEC and CFTC requests for information and hinder investigations. In addition to the $125 million SEC penalty and $75 million CFTC penalty, the entities agreed to complete undertakings to improve compliance policies and procedures (In the Matter of JPMorgan Chase Bank, N.A., J.P. Morgan Securities LLC, and J.P. Morgan Securities plc, Release No. 34- 93807, CFTC Docket No. 22-07, December 17, 2021).
“As technology changes, it’s even more important that registrants ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight,” said SEC Chair Gary Gensler. “Unfortunately, in the past we’ve seen violations in the financial markets that were committed using unofficial communications channels, such as the foreign exchange scandal of 2013.”
Although not specifically discussed in the orders, the use of unapproved personal communications channels to conduct bank business, outside of the bank’s security systems, could also raise cybersecurity concerns.
Improper use of unofficial communications. The CFTC issued subpoenas to JPMorgan for certain communications during a Commission investigation into certain of JPMorgan’s trading. Based on communications received from a third party, CFTC staff knew that JPMorgan traders had been using personal text messages and WhatsApp to communicate, and that certain of those communications were responsive to the Commission’s subpoenas. However, JPMorgan did not maintain or preserve the records as required and did not produce the responsive communications to the Commission.
When the CFTC brought the failure to JPMorgan’s attention, JPMorgan notified Commission staff that the firm was aware of widespread and longstanding use by JPMorgan employees of unapproved methods to engage in business-related communications, including WhatsApp and text messages.
According to the CFTC order, the failures were firm-wide and involved employees at all levels of authority. Moreover, employees’ use of unapproved communication methods was not hidden within the firm. In fact, certain managing directors and senior supervisors—the very people responsible for supervising employees to prevent this misconduct—routinely communicated using unapproved methods and failed to preserve records as required.
The SEC found similar widespread improper use of personal communications, systemic recordkeeping violations, and failure to respond adequately to requests for information.
Violations and penalties. In addition to multiple recordkeeping violations under the Commodity Exchange Act and the Securities Exchange Act of 1934 and related regulations, the CFTC and SEC found that the entities had failed to adequately supervise employees.
The SEC imposed a $125 civil monetary penalty and required JPMorgan to retain a compliance consultant who will conduct a comprehensive review of policies and procedures, training, surveillance programs, and framework for addressing non-compliance. The compliance consultant must submit a report containing recommendations for improvement, which JPMorgan must adopt within 90 days of the report.
The CFTC imposed a $75 million civil monetary penalty and required JPMorgan to conduct its own comprehensive reviews and submit a report to the CFTC detailing a plan for implementing improvements, with recommendations to be adopted within 135 days.
“The message of today’s enforcement action could not be more clear: the Division of Enforcement will aggressively investigate potential recordkeeping and related supervision violations, and the Commission will impose appropriate penalties for violations of these critical regulatory requirements,” said CFTC Acting Chairman Rostin Behnam.
This is Release No. 34- 93807 and CFTC Docket No. 22-07.
© 2021 CCH Incorporated and its affiliates and licensors. All rights reserved.