SEC fines JPMorgan: 47M key emails removed

JP Morgan BTC


  • The SEC fined JP Morgan Securities $4 million for accidentally deleting 47 million emails from 2018.
  • This is the third incident in which the company has accepted sanctions for failing to maintain electronic records.
  • Deleted, unrecoverable communications raise uncertainty about the impact on regulatory investigations.

The Securities and Exchange Commission (SEC) fined JPMorgan Chase’s brokerage subsidiary $4 million after it accidentally deleted about 47 million emails from early 2018, according to an administrative order Thursday.

Some of these deleted emails were requested by subpoenas in at least a dozen regulatory investigations, but could no longer be recovered, the SEC’s order against JP Morgan Securities LLC noted. On the other hand, others “could be related to future investigations, legal matters, and regulatory inquiries,” the order added.

The emails, which were accidentally deleted in 2019, originated from and were addressed to approximately 8,700 mailboxes, including those of up to 7,500 employees who had regular contact with Chase customers.

Many of the mails were business records required to be retained under federal securities law, the order said.

Sanction and Background Agreement

JP Morgan Securities agreed to the SEC’s sanction, which also censured the firm. The company had submitted a settlement offer in anticipation of administrative proceedings related to the removals, and the SEC accepted that offer.

In addition, the SEC ordered the firm to “cease and desist from committing any future violation” of the securities law that requires stockbrokers to retain originals of all communications for at least three years.

This is the third time the investment adviser has accepted a penalty for failing to preserve electronic records. In late 2021, the firm agreed to pay $125 million in penalties for failing to preserve text messages and other electronic communications sent between January 2018 and November 2020. In 2005, the firm paid $700,000 in penalties for failing to preserve electronic records from mid 1999 to mid 2002.

JPMorgan spokeswoman Patricia Wexler declined to comment on the latest penalty.

Removal Process Details

In its order on Thursday, the SEC noted that in 2016, JPMorgan began a project to remove old communications and documents from the system that no longer required retention. Those messages included old emails, instant messages, and communications sent through the Bloomberg Terminal service.

However, there were “flaws” in the project. Resolving that issue in June 2019, the firm’s employees “executed removal tasks on first quarter 2018 electronic communications,” the order noted.

Those employees “mistakenly” believed, based on assertions from the firm’s archiving provider, that all those documents were encrypted in a way that prevented the permanent deletion of those records that were required by law to be kept for three years“However, the provider did not apply the default retention settings on a particular email domain,” the order clarified.

Consequences and Future Resolutions

The takedowns were discovered in October 2019, when emails from early 2018 were found to be missing by a JPMorgan team responsible for producing records for related legal cases. JPMorgan reported the takedowns to the SEC in January 2020.

The order noted that, “in at least twelve regulatory investigations related to civil securities, eight of which were conducted by Commission [SEC] staff, JPMorgan received subpoenas and document requests for communications that could not be retrieved or produced because they had been permanently deleted.”.

He added, “JPMorgan notified only one of the Commission’s eight investigative teams that its production in response to the subpoenas had been compromised by the 2019 takedown event.”

Because deleted communications “are unrecoverable, it is unknown – and unknowable – how the lost records may have affected regulatory investigations. “In fact, a member of JPMorgan’s compliance department acknowledged in an internal email after the deletions were discovered that “the missing documents could be related to future investigations, legal matters, and regulatory inquiries,” the order concluded.