Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Businesses

JPMorgan Hit With $200 Million in Fines for Letting Employees Use WhatsApp To Evade Regulators' Reach (cnbc.com) 63

Posted by msmash from the how-about-that dept.
JPMorgan Chase is paying $200 million in fines to two U.S. banking regulators to settle charges that its Wall Street division allowed employees to use WhatsApp and other platforms to circumvent federal record-keeping laws. From a report: The Securities and Exchange Commission said Friday that JPMorgan Securities agreed to pay $125 million after admitting to "widespread" record-keeping failures in recent years. The Commodity Futures Trading Commission also said Friday that it had fined the bank $75 million for allowing unapproved communications since at least 2015. SEC officials who spoke to reporters Thursday evening said JPMorgan's failure to preserve those offline conversations violated federal securities law and left the regulator blind to exchanges between the bank and its clients.

Federal law requires financial firms to keep meticulous records of electronic messages between brokers and clients so regulators can make sure those firms aren't skirting anti-fraud or antitrust laws. The move is the latest sign of an ongoing battle between regulators, banks and employees over the use of personal devices. Policing the use of unofficial channels became even more pressing when most of Wall Street went remote during the coronavirus pandemic. Regulators in New York and London have ratcheted up enforcement of record-keeping rules recently as traders migrated to encrypted messaging platforms including WhatsApp, Signal or Telegram. While phone conversations and messages on official company devices and software platforms are preserved, it's much harder for bank compliance departments to surveil communications on third-party apps.
This discussion has been archived. No new comments can be posted.

JPMorgan Hit With $200 Million in Fines for Letting Employees Use WhatsApp To Evade Regulators' Reach More

JPMorgan Hit With $200 Million in Fines for Letting Employees Use WhatsApp To Evade Regulators' Reach

Comments Filter:

  • Bold move (Score:5, Insightful)

    by MarchTheMonth ( 1232442 ) <[MarchTheMonth] [at] [gmail.com]> on Monday December 20, 2021 @12:07PM (#62099631)

    The fact that the compliance folks of JPM were doing this as well is staggering.

    • Modern communication methods are essential for businesses, especially, as noted, when everyone went remote during the pandemic. I'm guessing JPMorgan thought the cost of the inevitable lawsuit would be grossly outweighed by the ability of their employees to use standard messaging apps. And, I'm sure, not reporting conversations to the SEC was an added bonus--but that can hurt them too, as they couldn't snoop on things they'd be very much interested in snooping on.

      • Many standard messaging apps do allow for archival and compliance. Any of these companies probably only short list apps that are officially compliant. That's not to say that people were side-stepping "official" channels to communicate in the dark, which is what I imagine This fine captured. I suppose the lack of oversight from the bank's was so prevalent to incur this wrath.

    • Re: (Score:2)

      by vlad30 ( 44644 )
      So Far My experience is that people using these types of apps have something to hide. To the JPM example I will add the following some obvious some not:-

      (1) Drug dealers

      (2) Teenagers and children hiding stuff from their parents

      (3) because of (2) pedophiles this helps them immensely

      (4) Other criminals

      I do not know too many business that really need encrypted communications on a daily basis for their legitimate communications as most as in the JPM example need to be recorded for regulatory purposes

    • And, shockingly, not entirely surprising. I keep watching The Big Short on Pluto because it is as funny as it is shocking. Perhaps what the banks are doing is not as shady as what they were doing in the 2000s, but they fact that they are still cheating is still infuriating.

  • The (new) most feared phrase from a government enforcement agency should be: Hydraulic Goatse-fication Tongs
    • Except it's not a LART. You can bet JPM made (concealed) more than $200M profit because of this, so it's really just a slight decrease in overall profit rather than any real fine. They'll pay it and go back to doing the same thing again. This is why EU regulators have started levying fines expressed as "x% of total revenue", that actually hits large corporations and forces them to take notice.

  • We're going to see more and more cases like this (Score:5, Interesting)

    by Anonymous Coward on Monday December 20, 2021 @12:13PM (#62099653)

    One of the odd things currently annoying me in my world, is that my employment uses my phone. Whereas as recently as ten years ago I'd have an employer-issued one for running the apps they want me to run, communicate with my cow orkers (and clients, sometimes) through it, etc.

    It's still my phone in that I also use it for personal stuff and of course I bear all the expenses. But if I were in a highly-regulated business, I can see how regulators would have a valid claim to access my phone, precisely because I use it for company business.

    That sucks.

    Hopefully the trend of moving responsibility away from employers to employees isn't leaking into these regulated professions, or else those workers are being put into a particularly nasty situation, and it's already bad enough in my unregulated on, where I have to run slow, memory-sucking shit like Slack.

    • Re:We're going to see more and more cases like thi (Score:4, Insightful)

      by JackieBrown ( 987087 ) on Monday December 20, 2021 @12:24PM (#62099695)

      I was given a work phone. My last job let me use my phone and gave me a stipend to pay the bill.

      That said, I'd rather use my phone without the stipend then carry two phones around.

      • Re: (Score:2)

        by vlad30 ( 44644 )

        I was given a work phone. My last job let me use my phone and gave me a stipend to pay the bill.

        That said, I'd rather use my phone without the stipend then carry two phones around.

        most current phones let you have 2 sims no need for 2 phones or divert a business line to your personal phone great when a employee leaves just move the number to new employee

      • Re: (Score:3, Insightful)

        by Required Snark ( 1702878 )
        Do you work in the financial sector? Do you use your phone for any work related information that is under federal guidelines of any kind?

        Unless you answer yes to any of these questions why should anyone give a rat's ass about what you like? It's irrelevant.

        • I'm baffled at your response and rudeness and will respond in kind.

          Are you dense? Did you somehow skip the post I was responding too?

          The post I responded to was not someone that worked at either types of places you mentioned.

          And yes, I am a government contractor with the VA.

    • Re:We're going to see more and more cases like thi (Score:4, Interesting)

      by monkeyxpress ( 4016725 ) on Monday December 20, 2021 @12:53PM (#62099761)

      my employment uses my phone

      You just need to buy two phones and use one only for work then. Don't be a cheapskate about it. This actually puts you in a better position than if they gave you a work phone.

      Sure it sucks, but lots of things suck and you still need to act in your own best interests.

      Many employees and even business owners do not create a clear distinction between what is 'the company's' and what is 'theirs'. It comes back to bite them big time as soon as any sort of dispute happens - which after a few years in the game you realise is far more common than you could ever imagine.

    • Re: (Score:2)

      by fermion ( 181285 )
      Over the past 20 years we have worked out accountability with personal devices. In 2000 e pe rations on personal and business devices were evolving. Certainly some carried 2 devices, some used this business device as a person device then complained when an employer snooped on a dive the employer owned.

      I think the compromise now is that we are going to carry one device, most of us choose personal so the employer does not have the right to snoop. We use it as a terminal to access online resources. As s

      • >most of us choose personal so the employer does not have the right to snoop. [...] As soon as an employer starts paying, we lose that privacy

        Not quite. In practice you almost certainly lose that privacy as soon as you use your personal device for any aspect of work that regulations or your employment contract requires be available for snooping.

        You employer is interested in reducing costs - they care not one whit if they screw you over in the process, and will likely attempt to bury that detail unless a

    • Re: (Score:2)

      by splutty ( 43475 )

      I've worked in the banking world for a long time. If they want you to communicate with customers, they provide everything needed for that, and *everything* is recorded.

      If you're found to have made deals outside of that, it's cause for immediate termination, depending on specifics.

      You should *never* have to agree to having your personal and private phone/computer/whatever monitored, as long as *you* don't use it to do business.

  • What??? They couldn't even find a 'rogue' employee at the IT outsourcing company to throw in prison? Wow the SEC isn't even trying to create the pretence of justice anymore. Next up they will slap a janitor with a literal wet bus ticket as punishment for massive fraudulent activity by an investment bank.

  • This is very complicated (Score:5, Interesting)

    by brunes69 ( 86786 ) <[slashdot] [at] [keirstead.org]> on Monday December 20, 2021 @12:45PM (#62099737)

    The summary is deceiving, because it uses the word "let", when the reality is JPMC has very little control over this, and it is finding itself in quite the pickle.

    When you read what is happening, the nut of the issue here, is that traders are choosing to converse with their broker/dealers messages via WhatsApp/Signal etc, presumably specifically for the increased E2E encryption and security that brings. The problem is, there is no way for JPMC to keep records of those conversations, which legally they must due to insider trading regulations.

    So in order to comply, you need to force people who interact with you to use a known-insecure method - specifically so that you can record all of their conversations. Not really a win for privacy.

    • Re:This is very complicated (Score:5, Interesting)

      by MooseTick ( 895855 ) on Monday December 20, 2021 @01:21PM (#62099851) Homepage

      "you need to force people who interact with you to use a known-insecure method"

      Are you implying JPMorgan (market cap ~$450B) doesn't have the technical expertise and/or can't afford to offer a secure and archivable method for its employees to communicate with each other and its customers?

      • Re: (Score:3)

        by brunes69 ( 86786 )

        It depends on a lot of factors.

        As a customer, if my brokerage forced me to use some kind of proprietary app to communicate with them that I knew nothing about, when I knew with another brokerage I could communicate using a tool I already use and trust, I would not think of that very favorably, and could be a reason for me to leave.

        Doubly so if I knew that all my conversations were being recorded.

        The SEC wants JPMCs client conversations all recorded, so they can enforce insider trading laws. As a customer, t

        • Which is precisely why it should be regulated, so all brokerages have to use a similar setup.
        • So what illegal activity are you trying to hide?

        • so, yes. JPMorgan has the technical expertise and capital to be compliant with the law.

          And, again, are you implying that if JPMorgan (market cap ~$450B) pushed out a way to communicate with customers regarding managing multi-million dollar accounts, you'd be suspicious the tech isn't properly secure? And even it it wasn't, what liability do you think you'd have if those communications were compromised?

      • "you need to force people who interact with you to use a known-insecure method"

        Are you implying JPMorgan (market cap ~$450B) doesn't have the technical expertise and/or can't afford to offer a secure and archivable method for its employees to communicate with each other and its customers?

        Sure, but developing, deploying, and maintaining such as system, as well as organizing, storing, and preserving all those communications might well cost more than the $200 million fine they were given.

        • And what about next weeks $200million fine. And the one after that? You are going to have to find a solution eventually. That's probably not the reason.

          Another reason to pay the hundred of millions of dollars in fines as a cost of doing shady business. Is that it avoids the billions of dollars of fines you would have to pay if actually caught doing shady business.

          While phone conversations and messages on official company devices and software platforms are preserved, it’s much harder for bank complia

      • Re: (Score:3)

        by pla ( 258480 )
        You're missing the point, but so is the SEC.

        My company recently switched from using totally unlogged Skype to fully logged Teams. Take a wild guess what percent of casual conversations between coworkers now occur via secure 3rd party channels that HR (or PHBs) can't intimidate IT into turning over. I'll give you a hint - I don't even know if my Teams client is still working since we got 21H2.

        The problem here isn't a technical or legal problem, it's a human one. Until someone can guarantee me that my

    • Why would they need another app for this? Couldn't JPMorgan just require that all customer communications are CC'd to a company address for record keeping, e.g. compliance@jpmorgan.com? Then they could setup a server (or an army of clerks) to receive and archive those messages.

      • Ho do you prove that *every* message is CCed? Certainly nobody is going to want to create a CCed record of their illegal dealings, the discovery of which is the entire point of ensuring that *all* messages are archived.

        • How do you prove that *every* message is CCed?

          You can't, but that will be a problem with any communication system that JPMorgan allows. Staff can always sneak around it using non-CC'd messages, phone calls, burner phones or whatever.

          But this provides a simple alternative for approved communications -- just use whatever channel is convenient and CC the compliance department, rather than building some whole new communication system (which staff can also work around).

          • The difference being that
            a) You need to also convince customers to all CC their side of the communications (not going to happen)
            b) Employees can credibly claim they "forgot" to CC some messages, while using an alternative communication channel in violation of policy is pretty compelling evidence that they're intentionally seeking to avoid mandatory record-keeping requirements.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      when the reality is JPMC has very little control over this, and it is finding itself in quite the pickle.

      Nonsense. Use approved communication platforms + channels only on approved work devices or face disciplinary action, including termination. This is the policy where I work - why should a financial institution be any different?

      Not really a win for privacy

      Every single financial institution where I'm a client has a a privacy policy I can review ahead of time to determine if they should have my business or not. If they do get my business - there is a secure and compliant messaging platform offered by the financial institute I can commu

  • Oh no, $200 million in fines (Score:5, Insightful)

    by Smidge204 ( 605297 ) on Monday December 20, 2021 @12:58PM (#62099777) Journal

    JP Morgan claimed total revenue of $122.9 billion in 2020. They probably spent more than $200 million on catering services that year.

    How about a fine that's actually a punishment? Maybe 20% of gross annual revenue minimum ($25 billion) and go up from there depending on how bad it is?
    =Smidge=

    • Re: (Score:2)

      by thomn8r ( 635504 )

      JP Morgan claimed total revenue of $122.9 billion in 2020. They probably spent more than $200 million on catering services that year.

      Fines like this are simply considered to be the cost of doing business, on the same plane as catering or janitorial services, and the cost is just passed on to the customers. Until some C-level execs end up in FPMITAP, there will be no change.

      • JP Morgan claimed total revenue of $122.9 billion in 2020. They probably spent more than $200 million on catering services that year.

        Fines like this are simply considered to be the cost of doing business, on the same plane as catering or janitorial services, and the cost is just passed on to the customers. Until some C-level execs end up in FPMITAP, there will be no change.

        While it is absolutely true that C-suite people should be prosecuted and going to actual prison for this sort of thing, and that is what is needed to fix casual corporate scoffing at the law, the claim that fines are just passed on to customers and do no harm to the company profit margin at all is false though it sounds plausible and is commonly quoted - an example of "truthiness". And the reason is very simple and obvious - corporations cannot raise their prices/fees arbitrarily and remain competitive, if

        • > And the reason is very simple and obvious - corporations cannot raise their prices/fees arbitrarily and remain competitive, if they could simply raise more revenue by charging more why aren't they doing that already?

          This assumes a uniform marketplace. JP Morgan already booked excess revenues due to private messaging (more than $200M) so they had a value-added service baked in. That's effectively a discount they could offer to lure customers competitively, because those people would have to pay market r

    • Re: (Score:2)

      by sjames ( 1099 )

      Imagine, upon review of speed cameras you are found to have been speeding every day since 2016. The gavel comes down and the judge says "That'll be $100, see you in 5 years".

    • How about a real punishment? Like prison sentences for the executives who allowed such illegal activity on their watch.

      Oops, sorry, I forgot. That'd be personal responsibility, and thus anti-ethical to both the letter and spirit of corporatism.

      • I don't disagree, but the difficulty is in proving guilt of specific individuals.

        Maybe if you make the financial penalties sufficiently harsh it will actually be a deterrent, if only because executives who do that shit might fear the stockholders ousting them for hurting their portfolios.
        =Smidge=

        • Make the CEO responsible by default. They have ultimate authority, short of getting tossed out by the board. With authority comes responsibility - ensuring "their" company is complying with the law is ultimately their responsibility, don't let them fob it off with plausible deniability. Especially not if it's apparently (un?)official company policy. The buck stops here. Captain goes down with the ship. Etc.

          Maybe there should be a grace period after a change of power for problems that started under the

      • Neither the SEC nor the CFTC have criminal prosecution powers. They can levy fines, but for criminal behavior the best they can do is refer to the DOJ. Prosecution is up to the DOJ.

  • Illegal to have private business conversations? (Score:3)

    by dog77 ( 1005249 ) on Monday December 20, 2021 @12:59PM (#62099783)
    Does this mean all conversations related to business must now be recorded? Because it seems silly that electronic communication is held to a different standard than verbal communication.

    • Re: (Score:3)

      by DaHat ( 247651 )

      No. From TFA:

      Federal law requires financial firms to keep meticulous records of electronic messages between brokers and clients so regulators can make sure those firms aren’t skirting anti-fraud or antitrust laws.

      Plenty of verbal communications can fall under recording requirements as well, anything where there may be a dispute later as to what was/wasn't said. It's near impossible to prevent two people from stepping away from their desks and discussing how they will/are doing things which evade overs

    • Re: (Score:3)

      by splutty ( 43475 )

      Yes. That's exactly what it means if you work in certain areas of the banking world. And if you're a bank, you're required by law to record those conversations.

    • Re: (Score:2)

      by jonadab ( 583620 )
      > Does this mean all conversations related to business must now be recorded?

      All conversations related to business? No, of course not.

      All conversations with your stock broker? Yes, and there is nothing new about this. The trading of stocks has always been *heavily* regulated.

  • No broker licenses suspended? (Score:5, Insightful)

    by laughingskeptic ( 1004414 ) on Monday December 20, 2021 @01:13PM (#62099829)
    Every broker has to have their Series 7 license and in the process of getting that license they are made aware of the strict requirements for auditing and the retention of all client communications. Yes JP Morgan is supposed to make sure their brokers are obeying the rules, but the brokers themselves are responsible under the law. The excuses of the brokers are just that. I have no doubt that there were extensive shenanigans associated with the untracked communications. The SEC, by not yanking the licenses of traders willfully violating the requirements of their certifications is failing to do its job of protecting the market. Through this fine, JP Morgan is protecting its money makers and the SEC is allowing this.
  • J.P. Morgan, as part of the J.P. Morgan Council, said last week that cyber is the most dangerous weapon in the world [cnn.com].

    It appears cyber can be financially profitable if you can get away with it. If not, you'll pay, and get to deduct it from your taxes as part of doing busines.

  • I mean, we've already seen you can run an email server out of your house to avoid FOIA requests and get away with it

  • ...you can be guaranteed that they reaped at least $201 million in profit by doing this.
  • I have some insight on this one, as I worked at JPMC during this time. I actually recall email blades going out firmwide telling people not to use unapproved apps for any regulated or proprietary communication (still allowed for stuff like coordinating lunch plans, etc.) It's a tough situation for client facing functions though - often it might be a client reaching out via WhatsApp and you have to either get them to chat on an approved platform or look unresponsive. Either one ends up coming off as inconve

  • You find someone breaking the law, fire them.

    You would be surprised how quickly people start obeying the law.

    Also, take away their license for doing that. (You need a license to be a trader, they don't let criminals do it. Except when they overlook it, like they did here).

Slashdot Top Deals

And it should be the law: If you use the word `paradigm' without knowing what the dictionary says it means, you go to jail. No exceptions. -- David Jones

Close