The Securities and Exchange Commission fined the broker-dealer subsidiary of JPMorgan Chase $4 million for accidentally deleting about 47 million emails from early 2018, according to an administrative order Thursday.
Others “could relate to potential future investigations, legal matters and regulatory inquiries,” the order said.
The emails, which were accidentally deleted in 2019, were from and to about 8,700 email boxes, which included those of up to 7,500 employees who had regular contact with Chase customers.
Many of the emails were “business records required to be retained pursuant” to federal securities law, the order said.
J.P. Morgan Securities consented to the SEC sanction, which also censured the firm.
The firm had submitted a settlement offer in anticipation of administrative proceedings related to the deletions, and the SEC accepted that offer.
The SEC also ordered the firm to “cease and desist from committing any future violations” of the securities law requiring broker-dealers to retain for at least three years the originals of all communications.
This is the third time the investment advisor has agreed to punishment for failing to preserve electronic records.
The firm in late 2021 agreed to pay $125 million in penalties for failing to preserve text messages and other electronic communications sent between January 2018 and November 2020.
In 2005, the firm paid $700,000 in penalties for not preserving electronic records from mid-1999 to mid-2002.
JPMorgan spokeswoman Patricia Wexler declined to comment on the latest sanction.
In its order Thursday, the SEC noted JPMorgan in 2016 began a project “to delete from its system older communications and documents no longer required to be retained.”
Those messages included old emails, instant messages and communications sent over the Bloomberg terminal service.
But there were “glitches” in the project, “with the identified documents not, in fact, being expunged,” the order said.
While troubleshooting that issue in June 2019, employees of the firm “executed deletion tasks on electronic communications from the first quarter of 2018,” the order said.
Those employees “erroneously” believed — based on claims by the firm’s archiving vendor — that all of those documents were coded in a way to prevent the permanent deletion of those records that were required by law to be kept for three years, the order said.
“In fact, however, the vendor did not apply the default retention settings in a particular email domain,” the order said.
“And those communications, including many required to be maintained pursuant to the broker-dealer recordkeeping rules, were permanently deleted.”
Those deletions were discovered in October 2019, when a JPMorgan team responsible for producing records related to legal cases detected that emails were missing from early 2018, the order said.
JPMorgan reported the deletions to the SEC in January 2020.
The order noted that, “In at least twelve civil securities-related regulatory investigations, eight of which were conducted by the [SEC] Commission staff, JPMorgan received subpoenas and document requests for communications which could not be retrieved or produced because they had been deleted permanently.”
And, the order added, “JPMorgan notified only one of the eight investigative teams at the Commission that its production in response to the subpoenas had been compromised by the 2019 deletion event.”
The order noted that because the deleted communications “are unrecoverable, it is unknown – and unknowable – how the lost records may have affected the regulatory investigations.”
In fact, a member of JPMorgan’s compliance department acknowledged in an internal email after the deletions came to light that “lost documents could relate to potential future investigations, legal matters and regulatory inquiries,” the order said.