The broker-dealer subsidiary of JP Morgan has been punished for failings linked to the way in which the firm and its staff used private emails, WhatsApp and personal devices to conduct business. The story highlights the challenges that modern communications platforms create.

The broker-dealer subsidiary of JP Morgan was fined $125 million late last week by the Securities and Exchange Commission for “widespread and longstanding” failings by the firm and its staff to protect and maintain written communications. Employees often communicated about business on personal devices, using texts, WhatsApp and personal emails, the SEC said.

The SEC punished JP Morgan Securities. The regulator said this business has admitted the facts set forth in the SEC’s order and acknowledged that its conduct violated the federal securities laws. The firm agreed to pay a $125 million penalty and implement “robust improvements” to its compliance policies and procedures to settle the matter.

The regulator said in a statement on December 17 that its probe into the JP Morgan business had prompted it to look at similar practices across the financial service industry. 

The story highlights the risks banks and other financial firms run when staff use non-official channels to communicate with clients, a situation that creates new compliance challenges at a time when conventional communications were already changing before the COVID-19 crisis two years ago. 

“Since the 1930s, recordkeeping and books-and-records obligations have been an essential part of market integrity and a foundational component of the SEC’s ability to be an effective cop on the beat. As technology changes, it’s even more important that registrants ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight,” SEC chair Gary Gensler, said. “Unfortunately, in the past we’ve seen violations in the financial markets that were committed using unofficial communications channels, such as the foreign exchange scandal of 2013.”

As described in the SEC’s order, JPMS admitted that from at least January 2018 through November 2020, its employees often communicated about securities business matters on their personal devices. None of these records were preserved by the firm as required by the federal securities laws.

JPMS further admitted that these failures were firm-wide and that practices were not hidden within the firm. Indeed, supervisors, including managing directors and other senior supervisors – the very people responsible for implementing and ensuring compliance with JPMS’s policies and procedures – used their personal devices to communicate about the firm’s securities business, the regulator said in its statement.

JPMS received both subpoenas for documents and voluntary requests from SEC staff in numerous investigations during the period when the firm failed to maintain required records. In responding to these subpoenas and requests, JPMS frequently did not search for relevant records contained on the personal devices of its employees, the SEC continued.  

“JPMS acknowledged that its recordkeeping failures deprived the SEC staff of timely access to evidence and potential sources of information for extended periods of time and in some instances permanently. As such, the firm’s actions meaningfully impacted the SEC’s ability to investigate potential violations of the federal securities laws,” the SEC said. 

JPMS was ordered to cease and desist from future violations of those provisions, was censured, and ordered to pay the $125 million penalty. JPMS also agreed to retain a compliance consultant to, among other things, conduct a comprehensive review of its policies and procedures relating to the retention of electronic communications found on personal devices and JPMS’s framework for addressing non-compliance by its employees with those policies and procedures.