At the end of 2021, J.P. Morgan Securities (JPMS) agreed to pay $200 million to resolve charges from the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC). It would pay the SEC $125 million and the CFTC $75 million.
The size of these fines certainly grabbed attention—but what really made everyone sit up and take notice was why these fines were being issued. JPMorgan was being fined for “failures by the firm and its employees to maintain and preserve written communications.”
In other words, the firm wasn’t being fined for fraud, theft, misselling, market manipulation, insider trading, or any other act that warrants a front-page article in the Wall Street Journal. Instead, it was being fined for the rather dull misdeed of failing to keep accurate records—and asked to pay an eye-watering $200 million for its mistake.
The High Stakes of SEC Recordkeeping
Why such an extreme fine? Well, we’re not talking about a handful of missing emails and text messages here. The firm’s recordkeeping failures were “widespread and longstanding.”
According to the SEC, the firm’s “employees often communicated about securities business matters on their personal devices, using text messages, WhatsApp, and personal email accounts. None of these records were preserved by the firm as required by the federal securities laws. JPMS further admitted that these failures were firm-wide and that practices were not hidden within the firm. Indeed, supervisors, including managing directors and other senior supervisors—the very people responsible for implementing and ensuring compliance with JPMS’s policies and procedures—used their personal devices to communicate about the firm’s securities business.”
So, a key reason for these large fines from the SEC and CFTC was the lack of emphasis that JPMorgan placed on compliant recordkeeping. It simply wasn’t being treated as a priority within the firm. And with these fines, regulators are signaling that they will no longer tolerate non-compliance. Some very high stakes are now attached to recordkeeping, and if companies want to reduce their compliance risks, they have to pay attention to recordkeeping.
Moreover, the recordkeeping landscape has changed—there are more communication channels and platforms than ever to keep track of. “As Wall Street sent most employees to work from home at the onset of the Covid-19 pandemic, the question emerged of how securities firms would maintain their tight grip on employee communications as required by regulators—even prompting an industrywide alert from the Securities and Exchange Commission’s inspections unit,” reads a Bloomberg article.
Now more than ever, employees are working remotely, using personal devices, and relying on collaboration platforms like Slack and MS Teams to communicate. These developments have created new challenges that demand improved recordkeeping systems and processes. One (very effective) way for regulators to ensure that firms address these new recordkeeping challenges is with high fines like those imposed on JPMorgan.
Recordkeeping: The Foundation of All Compliance
The above being said, there is a deeper (and even more central) reason for the steep fines levied against JPMorgan. Yes, comprehensive recordkeeping is important—especially in an environment where online communication channels are proliferating and continuously evolving—but it should be viewed within the broader compliance context.
The simple fact is: Recordkeeping rules do not exist for their own sake. Nor is recordkeeping an isolated and tangential compliance issue. It is the foundation of all compliance. Without adequate recordkeeping, it becomes very difficult to investigate those “serious” crimes that result in handcuffed executives being perp-walked in front of news cameras.
Gurbir S. Grewal, SEC Director for the Division of Enforcement, said the following in an October 2021 speech:
“Recordkeeping violations may not grab the headlines, but the underlying obligations are essential to market integrity and enforcement. Take for example an enforcement action the Commission brought last year against a California broker-dealer for failing to preserve business-related text messages. The SEC’s order found that some of the firm’s registered representatives used their personal devices when communicating with each other, with firm customers, and with other third parties concerning, among other things, the size of orders, the timing of trades, and the pricing of certain securities. These messages were potentially responsive to a records request SEC staff made to the firm in an unrelated investigation and the firm’s failure to retain and produce them directly impacted that investigation.
Unfortunately, this is not an isolated example. We continue to see in multiple investigations instances where one party or firm that used off-channel communications has preserved and produced them, while the other has not. Not only do these failures delay and obstruct investigations, they raise broader accountability, integrity, and spoliation issues.”
The same happened in the case of JPMorgan. Initially, regulators weren’t investigating the firm for recordkeeping failures. They were looking into other regulatory matters—and when they delivered subpoenas for documents and records related to these investigations, the firm repeatedly failed to provide the requested information.
“JPMorgan’s failures hindered several Commission investigations and required the staff to take additional steps that should not have been necessary. This settlement reflects the seriousness of these violations. Firms must share the mission of investor protection rather than inhibit it with incomplete recordkeeping,” said Sanjay Wadhwa, SEC Deputy Director of Enforcement, during the announcement of the JPMorgan settlement.
A New Era of Inquiry
The announcement of the JPMorgan settlement also said that, “as a result of the findings in this investigation, the SEC has commenced additional investigations of record preservation practices at financial firms.”
This is backed up by a Reuters report, which revealed that the SEC opened a broad inquiry into how Wall Street banks maintain records of employee communications.
“SEC enforcement staff contacted multiple banks in recent weeks to check whether they have been adequately documenting employees' work-related communications, such as text messages and emails, with a focus on their personal devices, said the people, who spoke on the condition of anonymity,” states the report.
From this, it’s clear that recordkeeping will be a priority for regulators like the SEC and CFTC going forward. In response, firms should be proactive and adopt industry best practices. In particular, they must implement solutions that enable the compliant capture and preservation of modern online data sources like websites, team collaboration tools (Slack, MS Teams, etc.), social media accounts, mobile text messages, and messaging apps like WhatsApp. Firms that choose to ignore this compliance risk could see themselves facing similar fines in the near future.
Want to learn more about SEC-compliant recordkeeping of modern data sources? Pagefreezer has produced a comprehensive free guide that discusses how this data should be collected and stored to ensure compliance with SEC recordkeeping regulations. Click the button below to download the guide.