According to the CFTC’s order, the bank failed to configure some key data feeds, which meant that trade and order data stemming from these trading venues was not being ingested into its surveillance systems.
The problems were uncovered in June 2021 while the bank was onboarding a new trading exchange and dated back as far as 2014, with 30 global trading venues affected.
Missed order activity
Most of the missed order activity connected to a US-designated contract market as well as registered foreign boards of trade open to trading by US customers.
Because of the time during which the issues with the feeds went undetected, billions of order messages were not surveilled. According to the bank, these largely consisted “of sponsored access trading activity for three significant algorithmic trading firms.”
A quarterly reconciliation process that was designed and intended to ensure data completeness was not followed because the bank made “an erroneous assumption that data directly from an exchange was from a ‘golden source’” and so did not require testing.
You can’t outsource the risk
CFTC Commissioner Kristin Johnson’s admonition is worth quoting in full as it reflects the views of regulators more generally when it comes to outsourcing key functions within financial (and other highly regulated) institutions.
“Registrants that outsource or partner with critical third-party service providers may need to scale risk management and compliance programs to account for attendant risks. In other words, registrants who fail to successfully assess and address the compliance risks of relying on third-party service providers should anticipate the costs or consequences. Assumptions regarding the effectiveness of third-party services may lead to gaps in compliance that require implementing redundancy measures that ensure against such gaps.”
JPMorgan’s admission
The case is another trade-surveillance enforcement action by regulatory agencies, and this one has the added significance of JPMorgan admitting to wrongdoing. The CFTC has increasingly been pushing for admissions of guilt when agreeing to settle with companies over misconduct to highlight accountability.
Bank’s trade surveillance program
In mid-March, the bank was fined $250m by the OCC and $98m by the US Fed in a joint action by the agencies.
The OCC investigation found that, since at least 2019, the trade surveillance program at JPMorgan has “operated with certain deficiencies that have compromised its effectiveness.”
The regulators said the bank had failed to establish “adequate governance over trading venues on which it is active” and had in place a trade surveillance program that “operated with gaps in venue coverage and without adequate data controls.”