U.S. banking regulators Monday issued orders against JPMorgan Chase & Co., requiring it to improve risk management and oversight of its chief investment office, which caused major trading losses at the bank last year.

The U.S. Federal Reserve Board and the Office of the Comptroller of the Currency (OCC) both issued consent cease and desist orders against JPMorgan (the Fed targets the parent company, while the OCC deals with the bank subsidiaries).

One of the orders requires JPM to take corrective action to continue ongoing enhancements to its risk-management program and its finance and internal audit functions, particularly relating to its chief investment office (CIO), which managed a large synthetic credit portfolio that suffered significant losses in 2012.

The OCC reports that it found that the bank’s internal controls “failed to identify and prevent certain credit derivatives trading conducted by the CIO that resulted in substantial loss to the bank, which has exceeded US$6 billion.”

It notes that it has conducted several targeted exams which found deficiencies related to the credit derivatives trading practices conducted by the CIO: inadequate oversight and governance to protect the bank from material risk, inadequate risk management processes and procedures, inadequate control over trade valuation, inadequate development and implementation of models used by the bank, and inadequate internal audit processes.

The bank has consented to the issuance of the orders designed to remedy deficiencies, which the bank has neither admitted nor denied, in its board and management oversight, as well as bank governance, risk management, model risk management, valuation control, and internal audit programs.

The second order requires JPM to take corrective action to enhance its program for compliance with anti-money laundering requirements at its various subsidiaries, which is designed to remedy deficiencies that the bank has also neither admitted nor denied.

The OCC says it found that the bank’s compliance program had critical deficiencies with respect to suspicious activity reporting, monitoring transactions, conducting customer due diligence and risk assessment, and implementing adequate systems of internal controls and independent testing. These findings resulted in violations by the bank of statutory and regulatory requirements to maintain an adequate compliance program, file suspicious activity reports, and conduct appropriate due diligence on business and commercial banking customers, it says.