JP Morgan has agreed to pay $200 million to securities regulators for “widespread and longstanding failures” to preserve employee communications in the bank’s broker-dealer unit, where bankers routinely talked shop using WhatsApp, personal email accounts, and text messages on personal devices.
The bank will pay $125 million to the Securities and Exchange Commission, the agency’s largest fine ever for recordkeeping failures at a broker-dealer, plus another $75 million to the Commodities and Futures Trading Commission. Both agencies announced the settlement Friday morning.
We can start with the SEC’s settlement order, which does not paint a pretty picture for JP Morgan. The misconduct happened from at least January 2018 through November 2020, and even supervisors in the broker-dealer unit — the people who were supposed to enforce compliance with records-retention policies — engaged in the same bad habits.
“Dozens of managing directors across the firm and senior supervisors responsible for implementing JPMorgan’s policies and procedures, and for overseeing employees’ compliance with those policies and procedures, themselves failed to comply with firm policies by communicating using non-firm approved methods on their personal devices about the firm’s securities business,” the complaint said. Ooof.
In addition to the $125 million penalty, JP Morgan agreed to implement a raft of compliance improvements immediately. Moreover, the bank also admitted to the SEC’s factual findings — a departure from the usual wishy-washy language we see in SEC cases, where the target company neither admits nor denies the allegations in question.
Even worse: the SEC only discovered JP Morgan’s record-keeping failures by coming across those communications while investigating other companies. Those failures ended up delaying said investigations while JP Morgan chased down the missing messages, since they’d never been properly preserved in the first place.
“As today’s order reflects, JPMorgan’s failures hindered several commission investigations and required the staff to take additional steps that should not have been necessary,” Sanjay Wadhwa, the SEC’s deputy director of enforcement, said in a statement. “This settlement reflects the seriousness of these violations. Firms must share the mission of investor protection rather than inhibit it with incomplete recordkeeping.”
As SEC settlement announcements go, you can almost see the steam coming out of the Enforcement Division’s ears. They are not happy about this, and I’d suggest every compliance officer working at broker-dealer firms start deleting WhatsApp from your traders’ phones right now.
‘Failures Across Its Business’
The SEC order gives several examples of the abuses here, and they make you wince. One executive director and co-supervisor of a trading desk launched a WhatsApp group chat in April 2019, and invited the other 19 members of the trading desk to join. That group then swapped at least 1,100 messages through the rest of the year. The messages included discussion of investment strategy, client meetings, and analysis of market events, among other subjects.
Another executive director who worked on the capital markets desk at JP Morgan texted with more than 100 coworkers, as well as “dozens of managing directors and heads of several business lines.” He also chatted with dozens of JPMorgan’s customers, clients, third-party advisers, and market participants — at least 2,400 messages, from November 2019 through November 2020.
JP Morgan also had secondary failures in dealing with the SEC. For example, at one point the SEC sent a subpoena to the bank to produce messages relevant to some investigation — but JP Morgan didn’t have those messages to turn over, because the messages were on employees’ personal devices and apps. I’ll let the settlement order take it from here:
When questioned by commission staff, counsel to JPMorgan confirmed that the firm had not collected or produced any text messages sent or received through unapproved communications methods on personal devices. Approximately one year after receipt of the initial subpoena, and three months after the Commission staff alerted JPMorgan to the issue, JPMorgan began to produce such text messages and continued to do so for months thereafter. The text messages were responsive to the staff’s initial subpoena.
And remember, all this only came to light because other parties in this investigation were turning over employee communications, and those records included material from JP Morgan employees participating in the convo.
Compliance Remediation to Come
To exactly zero surprise, JP Morgan also agreed to take numerous compliance remediation measures. Foremost, the bank will hire an independent compliance consultant to conduct a comprehensive review of JP Morgan’s recordkeeping policies and procedures. That consultant will review:
- JP Morgan’s policies and procedures for recordkeeping and electronic communications, including the training that JP Morgan provides to employees;
- The surveillance technology JP Morgan uses to monitor employee communications;
- The technology JP Morgan is implementing to improve its compliance, “including an assessment of the likelihood that JP Morgan personnel will use the technological solutions going forward, and a review of the measures employed by JP Morgan to track employee usage of new technological solutions;”
- The measures JP Morgan uses to address instances of non-compliance, including a review of how the bank determined which employees had violated its personal device policy and the disciplinary actions those employees did or didn’t receive.
That consultant’s review must be completed within 90 days of the person’s arrival; and then JP Morgan has another 90 days to adopt any recommendations the consultant puts forward and that the bank’s audit committee reviews and approves.