CFTC Orders J.P. Morgan to pay $200 million for failing to to surveil billions of order messages from 2014 through 2021.
Summary:
Facts:
"The magnitude of the gaps in JPM’s surveillance was large: On DCM-1, for example, JPM failed to ingest into its surveillance systems—and thus failed to surveil—billions of order messages from 2014 through 2021."
Penalty?:
Statement of Commissioner Kristin N. Johnson on Settlement Agreement Resolving Enforcement Action on Compliance and Supervision Failures
Today, the Commodity Futures Trading Commission (Commission or CFTC) announced a settlement agreement with J.P. Morgan Securities LLC (J.P. Morgan) following over a decade of trade surveillance supervision failures in violation of Regulation 166.3.[1]
Supervision is the cornerstone of customer protection. From its inception in the 1970s, the Commission has emphasized that supervision is a linchpin in our regulatory framework.[2] Under Regulation 166.3, each Commission registrant
must diligently supervise the handling by its partners, officers, employees and agents (or persons occupying a similar status or performing a similar function) of all commodity interest accounts carried, operated, advised or introduced by the registrant and all other activities of its partners, officers, employees and agents (or persons occupying a similar status or performing a similar function) relating to its business as a Commission registrant.[3]
Today’s resolution evidences the Commission’s commitment to achieve greater accountability, reduce repeated compliance failures through both general and specific deterrence,[4] and enable the Commission to maximize the use of limited resources. The resolution is consistent with the Commission’s goals outlined in the Division of Enforcement’s Advisory Regarding Penalties, Monitors and Consultants, and Admissions.[5]
Under the terms of this settlement, J.P. Morgan: (1) admits to compliance and supervision failures from 2014 through 2023; (2) agrees to a civil monetary penalty (CMP) of $200 million with up to $100 million to be credited for amounts paid in parallel actions initiated by prudential regulators;[6] and (3) agrees to additional undertakings, including the appointment of a compliance monitor.
Admissions Foster Accountability, Transparency, and Market Integrity and Stability
Admissions advance a number of important enforcement goals. Admissions promote accountability, transparency in the relationship between regulated market participants and regulators, and justice. Transparency leads to greater market integrity and stability.
J.P. Morgan admits notable compliance failures.[7] Admissions comprise a critical component in remediation efforts and may foster deterrence. All too often, and in far too many instances, enforcement matters are resolved without an acknowledgment of the mistakes, misconduct, or compliance failures at the center of the enforcement action.
Notwithstanding Reliance on Critical Third-Party Service Providers, Compliance with CFTC Regulations Rests with Registrants
Today’s resolution underscores the challenges and the urgency of refining regulatory oversight for registrants that rely on critical third-party service providers to ensure visibility into the integrity of transactions in our markets as well as other essential front or back office functions, or cyber system safeguards.
Over the last few years, in multiple public statements, I have emphasized the importance of advancing regulatory policy and enforcement approaches that establish clear expectations regarding registrants’ compliance with CFTC regulations, even when registrants rely on critical third-party service providers to facilitate an important component of compliance.[8]
Even the most carefully crafted compliance programs—celebrated for integrating innovative, advanced, and even artificial intelligence-driven technologies—may fail. An increasing global reliance on third-party service providers to perform essential compliance and risk management functions heightens the risk of interoperability or incompatibility in pairing disparate software systems. Reliance on critical third-party service providers offers no defense to regulatory violations. When relying on a third-party to provide critical front and back office services or trade surveillance, a registrant remains responsible for compliance with the Commission’s regulations.
In fact, registrants that outsource or partner with critical third-party service providers may need to scale risk management and compliance programs to account for attendant risks. In other words, registrants who fail to successfully assess and address the compliance risks of relying on third-party service providers should anticipate the costs or consequences. Assumptions regarding the effectiveness of third-party services may lead to gaps in compliance that require implementing redundancy measures that ensure against such gaps. In the words of the old adage as it relates to the matter resolved today, J.P. Morgan should have measured twice and cut once.
Monitors to Ensure Compliance Monitoring
Finally, the resolution reached today appoints a compliance monitor as part of broader efforts. By appointing a compliance monitor, the Commission introduces an important pathway for independent assessment and heightened supervision. As I have previously noted, a monitor “shift[s] the costs of enforcement from the government and the public to” the firm that has experienced substantial and persistent compliance failures.[9]
A monitor may offer a valuable, independent assessment of compliance and supervision. In light of identified challenges with the use of monitors, I have also noted that “[i]t is imperative [] that the Commission continue to expand, refine, and adapt” the use of compliance monitors to ensure that the monitors introduce “well-tailored [] resolutions that address escalating compliance failures or misconduct.”[10]
Effective supervision and surveillance enable market participants to detect and address compliance failures, enhancing the integrity and stability of global derivatives markets.
Conclusion
This matter benefitted from the efforts of many in the Division of Enforcement, including Meredith Borner, R. Stephen Painter, Jr., Lenel Hickson, Jr., and Manal M. Sultan.
Statement of Commissioner Caroline D. Pham on Reasonable Accommodation
“I find it deeply disturbing that the CFTC did not provide reasonable accommodation to respect a religious holiday. The CFTC demanded that legal submissions be produced on Yom Kippur. I do not believe the CFTC would have done the same thing if it were Christmas Day. This raises concerns regarding unequal treatment under the law based on religion. The CFTC is not above the Constitution—no matter what. These actions are yet another example of why I have called for a GAO study on the CFTC’s internal procedures. While I support this significant settlement and remind all registrants that they must ensure diligent supervision under our regulations, that is no excuse for the CFTC’s apparent lack of respect for rights.”
TLDRS:
- In 2021, J.P. Morgan (JPM) discovered issues with its surveillance of trading on multiple venues and systems during the onboarding of a new trading exchange.
- Significant gaps were found in JPM's trade surveillance on various venues.
- A global review revealed that data gaps affected surveillance on at least 30 global trading venues, some under the Commission's jurisdiction.
- JPM began addressing these gaps, some dating back to 2014.
- The gaps were caused by various issues, including configuration problems with a third-party surveillance system used since 2014.
- Billions of orders on a particular venue were not captured in JPM's surveillance systems.
- Most missed orders were related to trades on a U.S. designated contract market and certain registered foreign boards of trade open to U.S. customers.
- In 2020, JPM resolved charges of spoofing and manipulation in precious metals and U.S. Treasuries futures markets from 2008 to 2016.
- As part of the 2020 resolution, JPM claimed improvements to its compliance program since 2014 to better detect spoofing.
- JPM disclosed the data gaps to the Commission in 2021, stating it was unaware of them previously and they were not discussed during the 2020 resolution.
- Consequently, at the time of the 2020 resolution, JPM was not surveilling certain order messages.
- Penalty? $200 million fine.
- Commissioner Kristin N. Johnson: Admissions promote accountability, transparency, market integrity, and stability.
- Commissioner Caroline D. Pham finds it disturbing that the CFTC did not accommodate a religious holiday, Yom Kippur.
