News Update: JP Morgan to pay $200M for Electronic Recordkeeping Lapses

December 2021

Overview & Summary

JP Morgan has agreed to pay the SEC and CFTC a combined $200 million in response to regulatory findings which include “widespread and longstanding failures” surrounding the retention of employee electronic communications. The settlement order alleges that JP Morgan employees regularly communicated using personal email accounts, text messages, and WhatsApp as a means of conducting business. Such communication also took place on personal devices rather than firm-issued and controlled devices despite JP Morgan’s written policies and procedures and industry recordkeeping regulations. 

According to the settlement order, the failures stemmed from communications-related misconduct between January 2018 and November 2020. The settlement order also states that supervisory personnel participated in the misconduct it should have been supervising and preventing; this makes the offense particularly egregious. The settlement order enumerates various specific issues relative to the failures in recordkeeping as well as JP Morgan’s responsiveness and level of cooperation with the SEC during the examination process with respect to the producing of requested communications documents. 

Our Take

Electronic communications and related recordkeeping practices have been a hot topic amongst regulators in recent years. This landmark settlement is a clear indication that regulatory interest in this area is not waning and, as such, should be on the forefront of all compliance teams’ focus areas in 2022. 

As always, CRC reminds firms that the best compliance program is a proactive one. Accordingly, we suggest that firms (whether registered with FINRA as a BD or with the SEC as an RIA) who permit the use of text messages, chat features, and use of personal devices for the purpose of conducting firm-related business have sufficient oversight over such processes and have appropriate record-keeping practices in place for such communication methods.  Further, where firm policies and procedures have clear prohibitions or limitations on use of personal email, personal devices, chat features of social media platforms and other chat applications, text messages, etc., CRC recommends that firms ensure that controls and procedures in place allow sufficient oversight into this area. 

As with any compliance initiative, CRC recommends that all personnel are well trained, and that such training is highly specific to firm policies and procedures and is appropriately documented. 

Opportunities for CRC to Assist Your Firm

• CRC is available for outsourced support with respect to email review and electronic communications archiving solutions. We are versed with industry-leading email review and retention platforms (e.g., Global Relay, Smarsh) and can advise on appropriate compliance-driven configuration that meets regulatory standards. 
• CRC can proactively conduct a review of your current compliance program and electronic communications to identify opportunities to potentially implement enhancements in preparation for regulatory examinations.
• CRC is available to assist with examination responses.
• CRC can prepare written electronic communications and record retention policies and procedures designed to comply with relevant industry rules, regulations and laws. 
• CRC offers best practices guidance to firms that seek to improve current protocols or to further strengthen current program compliance. 

Please contact Mitch Avnet for more information.

Mitch Avnet at mavnet@compliance-risk.com or (646) 346.2468