FINRA Fines JPMorgan Securities $3.25M for Ignoring 10,000 Supervisory Alerts

Nearly 10,000 supervisory alerts. More than 2,500 flagged for over-concentration. Four years of a leveraged investment strategy running through elderly and moderate-risk investor accounts.

FINRA’s April 6, 2026 enforcement action against JPMorgan Securities LLC didn’t find a firm that had no supervisory system. It found a firm whose supervisory system worked — and nobody actually used it.

TL;DR

• FINRA fined JPMorgan Securities $3.25M and issued a censure for Rule 3110 supervisory failures spanning January 2016 – April 2020
• The firm’s systems generated nearly 10,000 supervisory alerts; most were closed without substantive account-level review
• JPMorgan altered customer risk tolerance records from “moderate” to “aggressive” without verifying changes with clients
• Total cost: $55M+ in customer arbitration payments vs. $3.25M FINRA fine — the fine is the smallest line item

What FINRA Found

A registered representative at JPMorgan Securities ran a leveraged investment strategy built on concentrated positions in high-yield securities — specifically heavy exposure to energy and financial sector stocks — financed through margin and other forms of leverage. The pitch was straightforward: generate income from higher-yielding assets that would exceed the cost of borrowing.

The execution was the problem. The strategy was applied broadly to clients who were unsuitable for it: seniors, investors with documented moderate risk tolerances, and holders of non-discretionary accounts who had not authorized their broker to trade without asking first.

The strategy ran from January 2016 through April 2020 — four years. During that window, JPMorgan Securities’ own supervisory systems flagged the activity extensively:

“Closed without substantive review” is the critical phrase in FINRA’s findings. A supervisory review that says “reviewed — OK” without examining specific account details, the client’s risk profile, or the nature of the concentration doesn’t qualify as review under Rule 3110. FINRA’s enforcement position is that documentation of review is not the same as review.

In March 2020, when pandemic market volatility hit energy and financial sectors hard, the leverage worked in reverse. Concentrated, margined positions triggered margin calls. Clients were forced to liquidate holdings at the worst moment. Losses materialized across accounts that the supervisory system had been flagging — and not acting on — for years.

The broker was discharged by JPMorgan in 2021 for what the firm described as “loss of confidence in his adherence to internal policies and order handling requirements.”

The Four Specific Failures

FINRA’s action identified four distinct supervisory breakdowns operating simultaneously. Each is remediable independently — but all four happening together for four years suggests a systemic culture problem, not an isolated oversight.

1. Alert Closure Without Substantive Review

The supervisory system generated alerts. Supervisors closed them. But “closing” an alert is only compliant if the closure reflects an actual examination of the account-level facts.

Generic closures — entries that acknowledge receipt without addressing the specific alert type, the relevant account, or the reason no action was warranted — don’t satisfy Rule 3110. FINRA’s position, reinforced here, is that alert documentation must be able to demonstrate what the supervisor looked at and why they concluded no escalation was needed.

What compliance teams need to build: Alert closure templates that require account-specific fields — not just timestamps. A closure that can’t be tied to a specific account review is evidence of a failure, not evidence of compliance.

2. Risk Tolerance Manipulation Without Client Consent

This is the finding that gets less attention but may be the most operationally dangerous.

JPMorgan Securities altered recorded risk tolerances for certain customers — changing profiles from “moderate” to “aggressive” — without verifying those changes with the clients. If a client’s profile says “aggressive” but the client never agreed to that classification, the entire suitability analysis built on that profile is invalid. Every subsequent “suitable” recommendation documented against an incorrect risk profile is potentially a suitability violation.

This is also a records integrity issue under FINRA Rule 4511. Altering a client’s New Account Form or risk profile without client consent isn’t a supervisory procedure problem — it’s a falsification problem.

What compliance teams need to build: A reconciliation process for any customer risk tolerance changes, with documented evidence of client-initiated requests (signed updates, recorded calls, or digital consent confirmations) for every change in the system.

3. Margin Notification Suppression

Margin notifications exist to give clients visibility into deteriorating leveraged positions before they reach forced-liquidation thresholds. Suppressing those notifications removes one of the last safeguards between a client and a margin call they didn’t see coming.

FINRA found that margin notifications were suppressed in this case. The finding didn’t specify who authorized the suppression or how — but the enforcement precedent is clear: suppression of regulatory notifications to clients is a supervisory and records failure.

What compliance teams need to build: A dual-approval process for any suppression or delay of margin notifications, with documented supervisor sign-off and a defined maximum suppression window (if any suppression is even permissible for the account type).

4. Unauthorized Discretionary Trading in Non-Discretionary Accounts

Non-discretionary accounts require client consent before trades are executed. Executing trades in a non-discretionary account without client authorization isn’t a gray area — it’s a violation of the account agreement and of FINRA rules.

The presence of this violation alongside the alert-suppression and risk-tolerance-manipulation findings suggests the supervisory controls weren’t just under-resourced. They were being actively circumvented.

The Real Cost: $59 Million and Counting

The $3.25 million FINRA censure is the headline number. It is not the total cost.

The fine is 5.4% of total remediation costs. The other 94.6% came from individual FINRA arbitrations — each one requiring legal fees, expert witnesses, settlement negotiations, and arbitration panel proceedings. Multiply that across the number of affected accounts over four years, and the arbitration cost isn’t a byproduct of the fine — it is the penalty.

The supervisory failure that FINRA penalized at $3.25 million cost JPMorgan more than $55 million before FINRA’s action even closed. That math is useful for any CCO making a business case for supervisory technology or enhanced alert review processes.

The Supervisor-of-Supervisors Problem

This case also surfaces a failure mode that tends to get lost in post-enforcement analysis: the supervisor-of-supervisors gap.

When one registered representative generates 10,000 supervisory alerts over four years — including 2,500 over-concentration flags — that pattern is statistically anomalous. If your firm has 200 reps and they collectively generate 15,000 alerts a year, one rep generating 10,000 over four years is generating alerts at roughly 13x the average rate.

That outlier pattern should itself be a trigger for escalation beyond the direct supervisor. FINRA Rule 3110 requires not just first-level supervisory review, but a supervisory system that catches when first-level review is failing. Firms with mature supervisory architectures have second-level review processes — compliance officers reviewing what branch managers are reviewing — specifically to catch this.

When the pattern isn’t visible at the second level, it’s often because the alert data isn’t aggregated and reported in a way that surfaces outliers. Most supervisory alert systems flag individual alerts; fewer produce per-rep alert volume trending that a CCO could see monthly.

Five Things to Fix Before Your Next FINRA Exam

1. Pull your alert closure quality report

For the past 90 days, what percentage of supervisory alert closures include account-specific documentation vs. generic entries? If you can’t answer this question from your current system, that’s the first problem to fix.

2. Rank registered reps by alert volume

Run a trailing 12-month ranking. Any rep in the top 10% by alert volume — especially concentration and suitability alerts — should receive a CCO-level review of their alert history, not just branch-level review.

3. Audit all risk tolerance changes

Pull a list of every customer whose recorded risk tolerance changed in the past 24 months. For each change, confirm there’s documented client-initiated consent. Any change entered by the firm without that documentation needs to be corrected in the records and potentially disclosed to the affected client.

4. Review your margin notification process

If your firm uses margin, document who has authority to suppress or delay margin notifications. Is that authority dual-controlled? Is there a log of suppressions? If the answer to either is “no,” that’s a gap FINRA examiners will find.

5. Upgrade your alert closure templates

If your supervisors can close an alert by typing “reviewed, no issues” with no account-specific fields required, your system is generating documentation of compliance activity without evidence of compliance. Templates should require: which account was examined, what the alert specifically flagged, what the supervisor found when they reviewed the account, and the rationale for the closure decision.

Context: Where This Fits in 2026 Enforcement

This action is consistent with FINRA’s 2026 examination priorities, which specifically called out supervisory system effectiveness — not just supervisory system existence. The distinction matters.

Earlier this year, the $80 million FinCEN/SEC/FINRA penalty against Canaccord Genuity for AML supervision failures sent the same message in a BSA context: having a compliance program on paper isn’t enough if the controls aren’t working in practice.

And the SEC’s FY2025 enforcement report makes clear that regulators across the board are prioritizing individual accountability, with an eye toward whether firms are actually identifying and escalating problems — or just documenting that alerts exist.

For investment advisers dealing with similar issues, the Voyager Pacific Capital Ponzi case shows what happens when internal control failures go undetected for years — the SEC and DOJ both show up.

The pattern isn’t subtle: supervisory failures that would have been discovered by functional internal controls are increasingly getting discovered by regulators instead. The cost differential is massive.

The Practical Bottom Line

Ten thousand alerts. Two years to fire the broker after FINRA raised concerns. Fifty-five million dollars paid to customers before the regulatory penalty even landed.

The JPMorgan Securities case is not an indictment of a corrupt firm — it’s a case study in how alert fatigue, documentation shortcuts, and second-level review gaps combine into a regulatory liability that costs far more than the underlying supervisory investment would have.

If your firm’s compliance team is tracking supervisory alerts, findings, and remediation in spreadsheets or shared drives, this case is a very specific argument for a purpose-built system. An Issues Management Tracker gives compliance teams the audit trail FINRA expects: who reviewed what, when, what the account-specific finding was, and how the issue was resolved — searchable and exportable for exam prep.

Sources: GRC Report: JPMorgan FINRA Fine | Daily Hodl Coverage | AdvisorHub | FINRA Rule 3110 | FINRA Disciplinary Actions