Categories
FCPA Compliance Report

Karen Woody on JPMorgan and Nikola SEC Enforcement Actions


In this episode of the FCPA Compliance Report, I am joined by Professor Karen Woody. We discuss the recent SEC enforcement actions involving JPMorgan and Nikola which were announced in December 2021. Highlights of this podcast include:

  1. Background on both cases.
  2. Why was the SEC so excised with JPMorgan?
  3. What are the broader lessons for the Compliance Professional?
  4. Compliance Consultant or Monitor or both?
  5. Nikola and the trouble with SPACs?
  6. What is the intersection of puffing, faking it til you make it and illegal conduct?
  7. SPACs and Due Diligence.
  8. Could Nikola change the SEC approach to SPACs?
  9. From visionary to founder to CEO of a public company?
  10. The shadow of Elizabeth Holmes?

Resources-Tom on the FCPA Compliance and Ethics Blog
JPMorgan
Nikola

Categories
Compliance Into the Weeds

Compliance into the Weeds: On the Naughty List-JPMorgan $200 Settlement

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Today, Matt and Tom take a deep dive into the JPMorgan settlement with the SEC and CFTC for faulty electronic record-keeping. Some of the issues we consider are:

·      Why does Matt ‘almost feel bad’ for JPMorgan?
·      There was a paucity of facts. So why is the fine so high?
·      Is it a ‘Compliance Consultant’ or a Monitor?
·      The remediation agreed to by JPMorgan.
·      Lessons learned for the compliance professional and ephemeral communications.
·      Focus on consistent and even-handed discipline for JPMorgan employees going forward.
Resources
Matt in Radical Compliance
Tom in the FCPA Compliance and Ethics Blog

Categories
Blog

On the Naughty List – JPMorgan and Failures for Record Keeping

We begin the week before Christmas by looking at one heck of a compliance failure (or perhaps series of compliance failures) which led JPMorgan Chase Bank, NA, J.P. Morgan Securities LLC, and J.P. Morgan Securities plc (JPMorgan) to paying some $200 million in fines and penalties to the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC). It breaks down with $125 million to the SEC and $75 million to the CFTC. While that is probably just a rounding error to JPMorgan, it will purchase many, many lumps of coal that JPMorgan will probably get from Santa this year as they clearly have been very, very naughty. Both the SEC and CFTC settled via Orders, (herein CFTC Order and SEC Order).
Matt Kelly, writing in Radical Compliance, said of the underlying facts they do “not paint a pretty picture for JP Morgan. The misconduct happened from at least January 2018 through November 2020, and even supervisors in the broker-dealer unit — the people who were supposed to enforce compliance with records-retention policies — engaged in the same bad habits.” JPMorgan received numerous subpoenas for documents from the SEC between 2018 and 2020. JPMorgan failed to comply with these subpoenas as “JPMorgan frequently did not search for records contained on the personal devices of JPMorgan employees relevant to those inquiries.” Moreover, these failures “impacted the Commission’s ability to carry out its regulatory functions and investigate potential violations of the federal securities laws across these investigations; the Commission was often deprived of timely access to evidence and potential sources of information for extended periods of time and, in some instances, permanently.”
In ongoing investigations, the SEC was provided What’s App, text messaging and emails from parties who were in contact with JPMorgan. The SEC brought this information to the attention of JPMorgan and the bank “identified other recordkeeping failures that it subsequently” reported to the SEC. The bank’s “Supervisory policies tasked supervisors with ensuring that employees completed training in the firm’s communications policies and adhered to JPMorgan’s books and recordkeeping requirements” were just as guilty of such conduct. The internal function charged with the screening and review of electronic communications, the compliance department’s e-surveillance group, “failed to implement a system of follow-up and review to determine that supervisors’ responsibility to supervise was being reasonably exercised so that the supervisors could prevent and detect employees’ violations of the books and records requirements. Even when employees used approved communications methods, including on personal phones, for business communications, JPMorgan failed to implement sufficient monitoring to assure that its recordkeeping and communications policies were being followed.” The Order concluded, “Even after the firm became aware of significant violations, the widespread recordkeeping failures and supervisory lapses continued with a significant number of JPMorgan employees failing to follow basic recordkeeping requirements.”
As a part of the remediation effort during the investigation, the Board of Director’s Audit Committee hired a consultant to help in the effort. The SEC Order broadened this initiative out further to a “Compliance Consultant” to be retained to lead a variety of remedial efforts. (This sounds suspiciously like a monitor). Some of these efforts will include:

  • A comprehensive review of JPMorgan’s supervisory, compliance, and other policies and procedures.
  • A comprehensive review of training conducted by JPMorgan to ensure personnel are complying with the requirements.
  • An assessment of the surveillance program measures implemented by JPMorgan to ensure compliance.
  • An assessment of the technological solutions that JPMorgan implements to meet the record retention requirements.
  • An assessment of the measures used by the firm to prevent the use of unauthorized communications methods for business communications by employees.
  • A review of JPMorgan’s electronic communications surveillance routines.
  • A comprehensive review of the framework to address instances of non-compliance, including (1) how JPMorgan determined which employees failed to comply, (2) the corrective action carried out, (3) an evaluation of who violated policies, (4) why and what penalties were imposed, and (5) whether penalties were handed out consistently across business lines and seniority levels.

There were also additional reporting obligations from the Compliance Consultant in the SEC Order that bear mentioning. In addition to a report at one year of the overall JPMorgan compliance program on record keeping for electronic communications; at two years the Compliance Consultant is to report on any discipline imposed on employees for violations of the record keeping policies. This includes, “written warnings, loss of any pay, bonus, or incentive compensation, or the termination of employment, with respect to any employee found to have violated JPMorgan’s policies and procedures”. JPMorgan’s Internal Audit function is also mandated to conduct an internal audit to determine compliance with the firm’s record keeping policies for electronic communications.
All of these obligations should be studied by compliance professionals for not only best practices but to determine any gaps in your company’s electronic data record keeping regime. This is critical even if you are not under the regulatory regime imposed on financial institutions or other regulated industries. The Department of Justice (DOJ) has long mandated that companies both understand and capture ephemeral communications but if your company gets into a Foreign Corrupt Practices Act (FCPA) or other similar investigation you will need to demonstrate compliance for a FCPA perspective and to then internally investigate any claims. Not much will be worse for your company than if the DOJ or SEC finds out about some FCPA-violative conduct and comes to your company and then you find out your business folks have been communicating through technology you were completely unaware of, you have no record of it and you cannot capture it.
Everyone was aware of the changes in risk when most companies went to WFH. Now are we RTO those risks have changed again. Even if you are aware of and have approved the use of Teams, Slack, Zoom or other technology to collaborate in the RTO environment; these tools are coming out with new features literally weekly that may change your risk profile. Use the JPMorgan SEC and CFTC enforcement actions as benchmarks to guide you through an assessment of your electronic record keeping program as well as key areas to enhance.
Matt Kelly and myself take a deep dive into this matter on this week’s Compliance into the Weeds, which will post Wednesday AM.

Categories
Daily Compliance News

December 20, 2021 the Brain Control Edition


In today’s edition of Daily Compliance News:

  • Brain control tech company placed on blacklist. (WaPo)
  • OSHA vaccine mandate reinstated. (NYT)
  • Corruption at the heart of college sports? (Chronicle of Higher Ed)
  • JPMorgan settles record keeping failures suite. (Reuters)
Categories
Daily Compliance News

November 23, 2021 the High Stakes edition


In today’s edition of Daily Compliance News:

  • What’s behind the Dimon/Musk feud?(WSJ)
  • The stakes for Holmes. (NYT)
  • Civil crackdown on corrupt BODs in China. (Bloomberg)
  • AMLO has little to show in the fight against corruption. (FT)
Categories
Compliance Into the Weeds

A Single Source of Truth


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Today, Matt and Tom take a the recently filed lawsuit by Shaquala Williams against JPMorgan for alleged retaliation for her internal whistleblowing. Williams was in a compliance function at the bank and claimed she was terminated for raising the issues that JPMorgan was not living up to its reporting requirements under a DPA.Some of the issues we consider are:

  • Facts of the claim?
  • Made in the context of an ongoing DPA.
  • The lack of lack of documented policies and procedures.
  • Siloed nature of compliance functions.
  • Inconsistency in risk assessments.
  • Why is a single source of truth so critical?

Resources
Matt in Radical Compliance, That Lawsuit Against JP Morgan

Categories
Daily Compliance News

November 17, 2021 the He Knew All Along edition


In today’s edition of Daily Compliance News: