On December 17, 2021, the SEC announced charges against J.P. Morgan Securities LLC (JP Morgan), a broker-dealer subsidiary of JPMorgan Chase & Co. The SEC alleged that the broker-dealer failed to maintain and preserve certain written communications. JP Morgan admitted that it had violated the federal securities laws and agreed to pay a $125 million penalty. The firm also agreed to implement robust improvements to its compliance policies and procedures.

The SEC’s enforcement action has serious implications for Registered Investment Advisers (“RIAs”), since investment advisers are subject to their own books and records rule. The Commission’s press release quoted SEC Chair Gary Gensler who declared:

Since the 1930s, recordkeeping and books-and-records obligations have been an essential part of market integrity and a foundational component of the SEC’s ability to be an effective cop on the beat. As technology changes, it’s even more important that registrants ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight.

Gensler noted that in the past, the SEC has observed violations in the financial markets that were committed using unofficial communications channels. Books and records requirements are designed to help the SEC to conduct its important examinations and enforcement work.

The Crux of the SEC’s allegations

The broker-dealer admitted that from at least January 2018 through November 2020, the firm’s employees often communicated about securities business matters on their personal devices. They often utilized text messages, WhatsApp, and personal email accounts for securities-related communications. Nonetheless, these records were not preserved in the manner stipulated by the federal securities laws.

The enforcement action gave several examples of the broker-dealer’s failure to preserve records. For instance, in conjunction with work performed on behalf of an investment banking client, JPMorgan employees, including desk heads, managing directors, and other senior executives, sent and received more than 21,000 securities business-related text and email messages on their personal devices. These communication methods were unapproved. SEC found out about these communications from third parties.

These noncompliant practices were not a secret and occurred throughout the firm. Supervisors, including managing directors and other senior supervisors, used their personal devices to communicate regarding the firm’s securities business. The SEC learned that dozens of managing directors across the firm and senior supervisors responsible for implementing policies and procedures committed the same violations. They routinely failed to comply with the firm’s policies and procedures by communicating using unapproved methods on their personal devices.

The broker-dealer failed to implement a system of follow-up and review to determine that supervisory responsibility was being reasonably exercised in order to prevent and detect employees’ violations of books and records requirements. Although employees were permitted to use personal phones for business communications, the broker-dealer failed to implement sufficient monitoring to ensure that its recordkeeping and communications policies were being followed.

Prior to the enforcement action, the broker-dealer had received subpoenas for documents, as well as voluntary requests from SEC. When it responded to those subpoenas and requests, the broker-dealer frequently did not search for relevant records contained on the personal devices of its employees. The firm acknowledged that its recordkeeping failures deprived the SEC of timely access to evidence and potential sources of information for extended periods of time and even permanently in some cases. These failures undermined the SEC’s ability to investigate potential violations of the federal securities laws.

The SEC stressed that recordkeeping requirements are at the heart of the Commission’s enforcement and examination programs. When firms fail to comply with those requirements, they directly undercut the SEC’s ability to protect investors and preserve market integrity. The Director of the SEC’s Division of Enforcement encouraged registrants to scrutinize their document preservation processes. Firms should self-report failures like those committed by the broker-dealer and must consider policies and procedures to prevent them.

The SEC concluded that the broker-dealer violated Section 17(a) of the Securities Exchange Act of 1934 and Rules 17a-4(b)(4) and 17a-4(j) thereunder. The firm failed to act reasonably to supervise its employees in an effort to prevent or detect violations. In addition to the $125 million penalty, the broker-dealer was ordered to cease and desist from future violations of those provisions and was censured. The broker-dealer also agreed to retain a compliance consultant to conduct a comprehensive review of its policies and procedures relating to the retention of electronic communications found on personal devices. The consultant would also review the firm’s framework for addressing non-compliance by employees with those policies and procedures.

The SEC’s harsh penalties were higher than might otherwise be the case, because the firm hindered several of the SEC’s investigations and required the Commission’s staff to take additional steps that should not have been necessary. Firms must cooperate with the SEC’s mission of investor protection rather than inhibit it with incomplete record keeping


Examiners may suspect that RIAs are failing to maintain and preserve written communications. The press release warned that as a result of the findings in this enforcement action, the SEC has commenced additional investigations of record preservation practices at financial firms.

RIAs should scrutinize their own record preservation practices to determine if their employees are communicating about business matters using their personal devices. We urge our clients to take all necessary steps to capture all associated persons’ client communications in their electronic recordkeeping systems. If such systems are not available or unable to capture the required records, we urge our clients to prohibit the use of personal email accounts, texts messages or encrypted apps (i.e., Telegram, WhatsApp, Signal, etc.)  for business communications.

We also urge clients to distribute this compliance alert to all staff to warn them about the potential repercussions of recordkeeping violations.

The SEC’s press release is available here.

About RIA Compliance Group: RIA Compliance Group is an investment adviser compliance consulting firm based in Delray Beach, Florida. The firm’s mission is to provide affordable, timely, practical, and cost-effective compliance advice. We help investment advisers to comply with the myriad of state and SEC regulations and compliance obligations facing their firms. RIA Compliance Group takes pride in giving personal service and real world compliance advice, not theoretical concepts and legalese. The firm interacts on a daily basis with SEC and state securities regulators.

RIA Compliance Group, LLC – 701 SE 6th Ave, Suite 201, Delray Beach, FL 33483 – Tel: 561-600-0564 – sales@ria-compliance.com