Trading Unit of 5-Count Felon JPMorgan Chase Gave 550 Customer Passwords and User Names to an “Active Customer” for More than a Decade; SEC Fines It a Paltry $2.75 Million

By Pam Martens and Russ Martens: August 6, 2021 ~

When it comes to the top watchdog of trading on Wall Street, the Securities and Exchange Commission (SEC), that dog can’t hunt. It’s not that the career professionals at the SEC haven’t tried to hunt, it’s that when they get too close to ensnarling some powerful person on Wall Street, they are told to stand down. Having a Wall Street defense lawyer at the helm of the SEC under both Presidents Obama and Trump certainly hasn’t helped the matter. (See here and here.) The jury is still out on President Biden’s SEC Chair, Gary Gensler, who just took office on April 17. (It should be noted, however, that the case described below was settled by the SEC after he took office.)

With that as a backdrop, consider the press release and order that the SEC released on June 29 against Neovest Inc., an electronic trading platform owned by the 5-count felon, JPMorgan Chase.

The press release headlined the matter as if the case was all about JPMorgan Chase failing to register its Neovest trading platform as a registered broker dealer, like it was a paperwork glitch. But that was just the tip of the iceberg of what was going on here.

First of all, it didn’t just slip JPMorgan’s mind to register this trading platform with regulators. According to the SEC order, Neovest had been registered as a broker dealer with the SEC and the Wall Street self-regulator, FINRA, under the name Neovest Trading for more than a decade: from March 1996 through December 2006. JPMorgan bought Neovest in September 2005 and consciously made the decision to deregister Neovest Trading as a broker dealer in December of the following year. That meant that it fell off of the SEC and FINRA radar screens for supervision and monitoring.

JPMorgan has been trading on Wall Street for more than a century. It has hundreds of compliance personnel that fully understand that broker dealers engaging in trades with customers have to be registered with the SEC and FINRA. So if it consciously made the decision to deregister Neovest, while allowing it to continue conducting the same trading activity with customers – which the SEC order says it did – then it would appear that JPMorgan might have had an agenda.

According to the SEC order, Neovest had 550 customers, which were “mostly institutional investors and asset managers.” Buried in the SEC order is a startling and almost inconceivable breach of protecting the security of the accounts of those 550 customers. The SEC reveals this:

“From 2004 to April 2018, Neovest replicated an internal database containing customer authentication information from a server used to log customers onto the Market Data Platform to a server set up locally at one of Neovest’s most active and longstanding customers, which allowed that customer to log on to the OEMS Platform without having to connect through Neovest’s server. The replicated authentication database contained customer user names, passwords, email addresses, answers to security questions, and dashboard layout preferences.”

Let that sink in for a moment: one active customer – out of a total of 550 customers – was singled out to have access to the user names and passwords of 550 trading accounts, for 14 years.

A person with even a modest amount of curiosity would immediately want to know the name of that “active customer.” Was it a hedge fund that was allowed for 14 years to access 549 other institutional trading accounts and see what and when they were trading, thus gaining a huge market advantage?

The SEC does not provide the name of this “active customer.” It does not provide the names of the people at Neovest that gave this access to this “active customer,” nor does it charge these individuals or fine them.

We also do not learn from the SEC order whether the SEC examined the access logs on the “active customer’s” server to find out if it was, indeed, snooping into the trading of other customers’ accounts.

JPMorgan Chase reported an historic record $36.4 billion in profits for 2019 and $29.1 billion for the pandemic-impacted year of 2020. The SEC’s fine in this matter of a meaningless $2.75 million doesn’t even qualify as the cost of doing business; it’s not even the cost of doing lunch at JPMorgan Chase.

The SEC remains a dog that cannot or will not hunt. It has left Wall Street a dangerous and unrepentant band of thieves as a result.

Bookmark the permalink.

Comments are closed.