NEW YORK –JPMorgan Chase has been fined $4 million by the U.S. Securities and Exchange Commission after about 47 million emails belonging to its retail banking group were mistakenly and permanently deleted.
The emails dated from Jan. 1 to April 23, 2018, and were deleted in June 2019 from about 8,700 mailboxes, including those belonging to as many as 7,500 employees who regularly worked with customers.
Many of the emails were business records that the largest U.S. bank was required under SEC rules to keep for three years.
The deletions occurred after JPMorgan‘s corporate compliance technology department, which had been trying unsuccessfully to delete some communications from the 1970s and 1980s, sought help from an outside vendor managing the bank’s email storage.
According to a cease-and-desist order, the vendor failed to properly apply the three-year retention setting to “Chase“ emails from early 2018.
“As a result, the troubleshooting exercise permanently deleted all of the emails in that domain from that period which were not subject to legal holds,” the order said.
JPMorgan, which is based in New York, did not admit or deny wrongdoing in agreeing to the civil settlement. It has adopted its own email coding procedures to avoid a recurrence.
“JPMorgan takes its record-keeping obligations seriously,” the bank said in a statement.
According to the SEC, JPMorgan has been unable in at least 12 civil securities-related regulatory probes to comply with subpoenas and document requests for communications that had been permanently deleted.
READ: