Statement of Commissioner Kristin N. Johnson on Settlement Agreement Resolving Enforcement Action on Compliance and Supervision Failures
May 23, 2024
Today, the Commodity Futures Trading Commission (Commission or CFTC) announced a settlement agreement with J.P. Morgan Securities LLC (J.P. Morgan) following over a decade of trade surveillance supervision failures in violation of Regulation 166.3.[1]
Supervision is the cornerstone of customer protection. From its inception in the 1970s, the Commission has emphasized that supervision is a linchpin in our regulatory framework.[2] Under Regulation 166.3, each Commission registrant
must diligently supervise the handling by its partners, officers, employees and agents (or persons occupying a similar status or performing a similar function) of all commodity interest accounts carried, operated, advised or introduced by the registrant and all other activities of its partners, officers, employees and agents (or persons occupying a similar status or performing a similar function) relating to its business as a Commission registrant.[3]
Today’s resolution evidences the Commission’s commitment to achieve greater accountability, reduce repeated compliance failures through both general and specific deterrence,[4] and enable the Commission to maximize the use of limited resources. The resolution is consistent with the Commission’s goals outlined in the Division of Enforcement’s Advisory Regarding Penalties, Monitors and Consultants, and Admissions.[5]
Under the terms of this settlement, J.P. Morgan: (1) admits to compliance and supervision failures from 2014 through 2023; (2) agrees to a civil monetary penalty (CMP) of $200 million with up to $100 million to be credited for amounts paid in parallel actions initiated by prudential regulators;[6] and (3) agrees to additional undertakings, including the appointment of a compliance monitor.
Admissions Foster Accountability, Transparency, and Market Integrity and Stability
Admissions advance a number of important enforcement goals. Admissions promote accountability, transparency in the relationship between regulated market participants and regulators, and justice. Transparency leads to greater market integrity and stability.
J.P. Morgan admits notable compliance failures.[7] Admissions comprise a critical component in remediation efforts and may foster deterrence. All too often, and in far too many instances, enforcement matters are resolved without an acknowledgment of the mistakes, misconduct, or compliance failures at the center of the enforcement action.
Notwithstanding Reliance on Critical Third-Party Service Providers, Compliance with CFTC Regulations Rests with Registrants
Today’s resolution underscores the challenges and the urgency of refining regulatory oversight for registrants that rely on critical third-party service providers to ensure visibility into the integrity of transactions in our markets as well as other essential front or back office functions, or cyber system safeguards.
Over the last few years, in multiple public statements, I have emphasized the importance of advancing regulatory policy and enforcement approaches that establish clear expectations regarding registrants’ compliance with CFTC regulations, even when registrants rely on critical third-party service providers to facilitate an important component of compliance.[8]
Even the most carefully crafted compliance programs—celebrated for integrating innovative, advanced, and even artificial intelligence-driven technologies—may fail. An increasing global reliance on third-party service providers to perform essential compliance and risk management functions heightens the risk of interoperability or incompatibility in pairing disparate software systems. Reliance on critical third-party service providers offers no defense to regulatory violations. When relying on a third-party to provide critical front and back office services or trade surveillance, a registrant remains responsible for compliance with the Commission’s regulations.
In fact, registrants that outsource or partner with critical third-party service providers may need to scale risk management and compliance programs to account for attendant risks. In other words, registrants who fail to successfully assess and address the compliance risks of relying on third-party service providers should anticipate the costs or consequences. Assumptions regarding the effectiveness of third-party services may lead to gaps in compliance that require implementing redundancy measures that ensure against such gaps. In the words of the old adage as it relates to the matter resolved today, J.P. Morgan should have measured twice and cut once.
Monitors to Ensure Compliance Monitoring
Finally, the resolution reached today appoints a compliance monitor as part of broader efforts. By appointing a compliance monitor, the Commission introduces an important pathway for independent assessment and heightened supervision. As I have previously noted, a monitor “shift[s] the costs of enforcement from the government and the public to” the firm that has experienced substantial and persistent compliance failures.[9]
A monitor may offer a valuable, independent assessment of compliance and supervision. In light of identified challenges with the use of monitors, I have also noted that “[i]t is imperative [] that the Commission continue to expand, refine, and adapt” the use of compliance monitors to ensure that the monitors introduce “well-tailored [] resolutions that address escalating compliance failures or misconduct.”[10]
Effective supervision and surveillance enable market participants to detect and address compliance failures, enhancing the integrity and stability of global derivatives markets.
Conclusion
This matter benefitted from the efforts of many in the Division of Enforcement, including Meredith Borner, R. Stephen Painter, Jr., Lenel Hickson, Jr., and Manal M. Sultan.
[1] 17 C.F.R. § 166.3.
[2] Adoption of Customer Protection Rules, 43 Fed Reg 31886, 31889 (July 24, 1978).
[3] 17 C.F.R. § 166.3. See also Adoption of Customer Protection Rules, 43 Fed Reg 31886, 31889 (July 24, 1978). As the Commission noted in the adopting release, “the basic purpose of the rule is to protect customers by ensuring that their dealings with the employees of Commission registrants will be reviewed by other officials in the firm.” Id
[4] References to general deterrence describe the effect on the general public of observing consequences of compliance failures or misconduct and the impact of such observations on their future conduct. Specific deterrence refers to the impact of a consequence on the future behavior or conduct of a party that has engaged in conduct that leads to a penalty.
[5] CFTC, Division of Enforcement, Advisory Regarding Penalties, Monitors and Consultants, and Admissions (Oct. 17, 2023), https://www.cftc.gov/PressRoom/PressReleases/8808-23.
[6] The Office of the Comptroller of the Currency (OCC) and the Board of Governors of the Federal Reserve System (Board of Governors) initiated parallel actions against J.P. Morgan in connection with the same surveillance gaps at issue in this matter. J.P. Morgan separately entered into resolutions with the OCC and Board of Governors. On March 14, 2024, the OCC and Board of Governors announced penalties of $250 million and $98.2 million, respectively. Neither the OCC nor the Board of Governors will permit J.P. Morgan to offset these penalties through payments to other regulators.
[7] The matter resolved today has a notable history. In September of 2020, the Commission issued an order resolving an investigation of trade surveillance compliance failures from 2008 through 2016. See CFTC, Press Release, CFTC Orders JPMorgan to Pay Record $920 Million for Spoofing and Manipulation (Sept. 29, 2020), CFTC Orders JPMorgan to Pay Record $920 Million for Spoofing and Manipulation | CFTC. At the time of the earlier resolution, the Commission found that J.P. Morgan failed to “provide supervision to its employees sufficient to enable [J.P. Morgan] to identify, adequately investigate, and put a stop to [certain trading] misconduct.” See Order Instituting Proceedings Pursuant to Section 6(c) and (d) of the Commodity Exchange Act, Making Findings, and Imposing Remedial Sanctions, CFTC Docket No. 20-69 (Sept. 29, 2020), CFTC Orders JPMorgan to Pay Record $920 Million for Spoofing and Manipulation | CFTC. In connection with the 2020 settlement, J.P. Morgan expressed the firm’s adoption of certain trade surveillance enhancements intended to systematically improve compliance and surveillance programs. Unfortunately, the “enhancements” touted as a central component in the 2020 remediation efforts failed, shrouding continuing compliance and supervision failures as the implicated trades climbed into the billions.
[8] See, e.g., Kristin N. Johnson, Commissioner, CFTC, Statement Regarding the CFTC’s Notice of Proposed Rulemaking on Operational Resilience Program for FCMs, SDs, and MSPs (Dec. 18, 2023), Statement of Commissioner Kristin N. Johnson Regarding the CFTC’s Notice of Proposed Rulemaking on Operational Resilience Program for FCMs, SDs, and MSPs | CFTC.
[9] Veronica Root Martinez, Public Reporting of Monitorship Outcomes, 136 Harvard L. Rev. 757, 823 (2023); see also Kristin N. Johnson, Commissioner, CFTC, Statement on Mitigating the Systemic Risks of Swap Data Reporting Compliance Failures and Enhancing the Effectiveness of Enforcement Actions (Sept. 29, 2023), Statement of Commissioner Kristin N. Johnson on Mitigating the Systemic Risks of Swap Data Reporting Compliance Failures and Enhancing the Effectiveness of Enforcement Actions | CFTC.
[10] Kristin N. Johnson, Commissioner, CFTC, Statement on Mitigating the Systemic Risks of Swap Data Reporting Compliance Failures and Enhancing the Effectiveness of Enforcement Actions (Sept. 29, 2023), Statement of Commissioner Kristin N. Johnson on Mitigating the Systemic Risks of Swap Data Reporting Compliance Failures and Enhancing the Effectiveness of Enforcement Actions | CFTC.
-CFTC-