As the regulatory landscape is constantly evolving, Compliance Risk Concepts (“CRC”) is issuing its monthly […]
December 2021
Overview & Summary
JP Morgan has agreed to pay the SEC and CFTC a combined $200 million in response to regulatory findings which include “widespread and longstanding failures” surrounding the retention of employee electronic communications. The settlement order alleges that JP Morgan employees regularly communicated using personal email accounts, text messages, and WhatsApp as a means of conducting business. Such communication also took place on personal devices rather than firm-issued and controlled devices despite JP Morgan’s written policies and procedures and industry recordkeeping regulations.
According to the settlement order, the failures stemmed from communications-related misconduct between January 2018 and November 2020. The settlement order also states that supervisory personnel participated in the misconduct it should have been supervising and preventing; this makes the offense particularly egregious. The settlement order enumerates various specific issues relative to the failures in recordkeeping as well as JP Morgan’s responsiveness and level of cooperation with the SEC during the examination process with respect to the producing of requested communications documents.
Our Take
Electronic communications and related recordkeeping practices have been a hot topic amongst regulators in recent years. This landmark settlement is a clear indication that regulatory interest in this area is not waning and, as such, should be on the forefront of all compliance teams’ focus areas in 2022.
As always, CRC reminds firms that the best compliance program is a proactive one. Accordingly, we suggest that firms (whether registered with FINRA as a BD or with the SEC as an RIA) who permit the use of text messages, chat features, and use of personal devices for the purpose of conducting firm-related business have sufficient oversight over such processes and have appropriate record-keeping practices in place for such communication methods. Further, where firm policies and procedures have clear prohibitions or limitations on use of personal email, personal devices, chat features of social media platforms and other chat applications, text messages, etc., CRC recommends that firms ensure that controls and procedures in place allow sufficient oversight into this area.
As with any compliance initiative, CRC recommends that all personnel are well trained, and that such training is highly specific to firm policies and procedures and is appropriately documented.
Opportunities for CRC to Assist Your Firm
Please contact Mitch Avnet for more information.
Mitch Avnet at mavnet@compliance-risk.com or (646) 346.2468