J.P. Morgan to Pay $200 Million for Widespread Trade Surveillance Lapses

J.P. Morgan Securities LLC has agreed to pay $200 million to settle regulatory charges that it failed for over a decade to properly monitor billions of trading orders on a major U.S. futures exchange due to lapses in its trade surveillance systems.

The Commodity Futures Trading Commission announced the civil penalty on Wednesday, finding that J.P. Morgan violated regulations requiring the diligent supervision of its business as a registered broker-dealer and swap dealer. According to the CFTC order, J.P. Morgan discovered in 2021 that its surveillance tools had failed to capture order data flowing directly from multiple trading venues, including one designated U.S. futures exchange, dating back to 2014.

On that domestic futures exchange alone, the bank failed to ingest and surveil billions of order messages over a seven-year period, largely involving sponsored access trading by three major algorithmic trading firms.

"CFTC registrants must take appropriate steps to ensure complete trade and order data are being ingested into surveillance systems," said CFTC Enforcement Director Ian McGinley. "This enforcement action makes clear the importance of rigorous testing."

The lapses resulted from J.P. Morgan's failure to properly configure data feeds to ensure order information was making it into the bank's monitoring tools, the CFTC stated. The bank relied on an erroneous assumption that data flowing directly from exchanges was a "golden source" that didn't require testing.

Under the settlement, J.P. Morgan admitted to certain facts around the scope and causes of the surveillance failures from 2014 to 2023. The $200 million penalty will be offset by up to $100 million paid under related resolutions with the Office of the Comptroller of the Currency and Federal Reserve.

In a statement, CFTC Commissioner Kristin Johnson emphasized the importance of enforcement admissions in fostering accountability and transparency around compliance lapses. She also highlighted challenges with third-party service providers performing critical compliance functions.

"Even when registrants rely on third parties for key services, they remain responsible for compliance with our regulations," Johnson said. "Registrants must scale risk management programs to account for those risks."

The CFTC order requires J.P. Morgan to cease the supervisory violations and comply with remedial undertakings, including the appointment of an independent compliance monitor to assess its reforms. J.P. Morgan stated its surveillance issues were fully remediated by 2023. A spokesperson said the bank is "committed to strengthening pertinent controls" related to trade monitoring.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.