We begin the week before Christmas by looking at one heck of a compliance failure (or perhaps series of compliance failures) which led JPMorgan Chase Bank, NA, J.P. Morgan Securities LLC, and J.P. Morgan Securities plc (JPMorgan) to paying some $200 million in fines and penalties to the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC). It breaks down with $125 million to the SEC and $75 million to the CFTC. While that is probably just a rounding error to JPMorgan, it will purchase many, many lumps of coal that JPMorgan will probably get from Santa this year as they clearly have been very, very naughty. Both the SEC and CFTC settled via Orders, (herein CFTC Order and SEC Order).
Matt Kelly, writing in Radical Compliance, said of the underlying facts they do “not paint a pretty picture for JP Morgan. The misconduct happened from at least January 2018 through November 2020, and even supervisors in the broker-dealer unit — the people who were supposed to enforce compliance with records-retention policies — engaged in the same bad habits.” JPMorgan received numerous subpoenas for documents from the SEC between 2018 and 2020. JPMorgan failed to comply with these subpoenas as “JPMorgan frequently did not search for records contained on the personal devices of JPMorgan employees relevant to those inquiries.” Moreover, these failures “impacted the Commission’s ability to carry out its regulatory functions and investigate potential violations of the federal securities laws across these investigations; the Commission was often deprived of timely access to evidence and potential sources of information for extended periods of time and, in some instances, permanently.”
In ongoing investigations, the SEC was provided What’s App, text messaging and emails from parties who were in contact with JPMorgan. The SEC brought this information to the attention of JPMorgan and the bank “identified other recordkeeping failures that it subsequently” reported to the SEC. The bank’s “Supervisory policies tasked supervisors with ensuring that employees completed training in the firm’s communications policies and adhered to JPMorgan’s books and recordkeeping requirements” were just as guilty of such conduct. The internal function charged with the screening and review of electronic communications, the compliance department’s e-surveillance group, “failed to implement a system of follow-up and review to determine that supervisors’ responsibility to supervise was being reasonably exercised so that the supervisors could prevent and detect employees’ violations of the books and records requirements. Even when employees used approved communications methods, including on personal phones, for business communications, JPMorgan failed to implement sufficient monitoring to assure that its recordkeeping and communications policies were being followed.” The Order concluded, “Even after the firm became aware of significant violations, the widespread recordkeeping failures and supervisory lapses continued with a significant number of JPMorgan employees failing to follow basic recordkeeping requirements.”
As a part of the remediation effort during the investigation, the Board of Director’s Audit Committee …….