Skip to content

Search the site

JPMorgan hit with $125m fine for avoiding regulators with persistent WhatsApp, private email usage

"Since the 1930s, recordkeeping has [vital] to the SEC’s ability to be an effective cop on the beat..."

JPMorgan has been fined $125 million by the Security and Exchanges Commission (SEC) for persistent use by its staff of informal communications channels like WhatsApp. The markets watchdog said that the bank’s employees “communicated about securities business matters on their personal devices, using text messages, WhatsApp, and personal email accounts” – in breach of federal securities laws requiring transparent and auditable communications chains. It has been ordered to implement “robust improvements” to compliance.

JPMorgan admitted the wrongdoing and the compliance breach. With the fine worth approximately just four hours of the bank’s $119 billion revenues last year however, it is unclear whether it will have lasting impact. (Financial services communications applications like Symphony with compliant bridges to WhatsApp have been available for some time. The use by JPMorgan of non-compliant tools lets users evade regulatory oversight.)

“Since the 1930s, recordkeeping and books-and-records obligations have been an essential part of market integrity and a foundational component of the SEC’s ability to be an effective cop on the beat. As technology changes, it’s even more important that registrants ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight,” said SEC Chair Gary Gensler, adding in a Dec 17 statement: “Unfortunately, in the past we’ve seen violations in the financial markets that were committed using unofficial communications channels, such as the foreign exchange scandal of 2013.

Follow The Stack on LinkedIn

“Books-and-records obligations help the SEC conduct its important examinations and enforcement work. They build trust in our system. Ultimately, everybody should play by the same rules, and today’s charges signal that we will continue to hold market participants accountable for violating our time-tested recordkeeping requirements.”

JPMorgan admitted that its conduct violated Section 17(a) of the Securities Exchange Act of 1934 and Rules 17a-4(b)(4) and 17a-4(j) and that the firm "failed reasonably to supervise its employees with a view to preventing or detecting certain of its employees’ aiding and abetting violations" as the SEC put it. The bank was ordered to "cease and desist from future violations of those provisions, was censured, and hit with the $125 million penalty.

It has agreed to "conduct a comprehensive review of its policies and procedures relating to the retention of electronic communications found on personal devices and JPMS’s framework for addressing non-compliance by its employees with those policies and procedures."

The incident comes after the UK's FCA earlier this year also fired a warning shot at firms over compliance while teams are working remotely, noting in particular that it would be easy for companies to drop the ball on the recording regime in SYSC 10A (Senior Management Arrangements, Systems and Controls) which requires all firms to take “reasonable steps” to record telephone conversations and keep a copy of electronic communications of activities.