JPMorgan Chase executives were supposed to make sure employee communications were archived for regulatory scrutiny. But for years, even the bosses were using their mobile phones to tap out work-related messages — a practice so pervasive that U.S. authorities dropped the hammer Friday, imposing $200 million in fines.
The revelation that even “managing directors and other senior supervisors” had shrugged off surveillance duties by using platforms such as WhatsApp or personal email addresses helped prompt the Securities and Exchange Commission and Commodity Futures Trading Commission to impose unusually stiff penalties on the firm and its subsidiaries for record-keeping violations.
Both agencies even extracted rare admissions from the largest U.S. bank that it broke rules — rather than letting the company settle without acknowledging wrongdoing. JPMorgan will pay a $125 million penalty to resolve the SEC’s case, while the CFTC fine is $75 million.
“JPMorgan’s failures hindered several commission investigations and required the staff to take additional steps that should not have been necessary,” Sanjay Wadhwa, the SEC’s deputy director of enforcement, said in a statement. “This settlement reflects the seriousness of these violations. Firms must share the mission of investor protection rather than inhibit it.”
The parallel investigations sent shivers through JPMorgan’s workforce this year, when the company ordered traders, bankers, financial advisers and even some branch employees to preserve messages on personal devices in case they need to be inspected later. Regulators hope the fines will now send a message industrywide, where use of platforms such as WhatsApp has become common in recent years — especially during a pandemic that’s sent legions of Wall Streeters home.
The SEC’s punishment for JPMorgan dwarfs the $15 million penalty the agency imposed on Morgan Stanley in 2006 during a prior look at industry record keeping.
“As technology changes, it’s even more important that registrants ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight,” SEC Chair Gary Gensler said in the statement.
Probe continues
The CFTC said it found lapses as early as mid-2015, while the SEC focused on record-keeping from January 2018 through November of 2020. That agency noted that JPMorgan has already taken corrective measures.
SEC officials said they’re aware of more than 100 people and tens of thousands of messages that skirted routine surveillance at JPMorgan — but even that may be scratching the surface. The communications that investigators are aware of involved discussions of company business, client meetings, investment strategies, and market analysis and color.
The probe is ongoing and will look at other firms, officials said, adding that they’re encouraging companies to self-report any violations. The officials declined to say whether executives might be targeted too.
Wall Street firms have been required for decades to closely monitor and save their employees’ business communications, a task that’s been complicated in recent years by the proliferation of mobile technology and messaging apps. The system was strained all the more as firms sent workers home at the start of the COVID-19 pandemic, making it harder to see who might be using an unmonitored device.
Around mid-2021, JPMorgan asked staff to root through their devices for messages sent or received since the start of 2018, saving those related to work until the company’s legal department instructed them otherwise.
The firm later disclosed in an August filing that it had been responding to requests for information “concerning its compliance with records preservation requirements in connection with business communications sent over electronic messaging channels that have not been approved by the firm.”