Investment bank reverses previous assurance that fingerprint and eye scans for entry at flagship Manhattan skyscraper would be voluntary
JP Morgan Chase, the largest bank in the US, has told staff moving into its new multibillion-dollar global headquarters in New York that they must share their biometric data to access the building.
The mandate marks a significant U-turn for the investment bank, which had previously signaled that the registration of biometric data—including retina and fingerprint scans to pass through security gates—would be an optional process for employees at the new Manhattan skyscraper.
However, staff who began working at the headquarters since August received internal emails stating that biometric access was “required,” according to communications . The requirement replaces the traditional method of swiping ID badges, streamlining entry for the 10,000 employees expected to occupy the facility once it is fully operational later this year.
The headquarters, which is reported to have cost USD 3 Bn to construct, is understood by the major media organisation to be mandating the system to enhance security.
The move immediately raises questions about employee privacy and data consent, particularly as the policy appears inconsistent across the organization.
Privacy Paradox
Sources close to the company indicate that while the mandatory scan is a strict condition for entry at the new NYC headquarters, biometric enrollment remains voluntary at other JP Morgan offices.
This disparity is highlighted by the system used in locations such as the bank’s Bank Street office in London. In the UK, the voluntary hand biometric system encrypts the employee’s hand print in such a way that the company itself cannot access the underlying data—a process designed to operate similarly to Apple’s Face ID, which keeps facial data stored locally on the user’s device.
The requirement for staff to share their biometric identifiers (fingerprints or eye scans) for core building access in New York appears to abandon this privacy-preserving model, forcing employees to choose between providing sensitive personal data and performing their jobs.
Although there are reported exemptions for some employees who will still be able to use traditional ID badges, the bank has not clarified the criteria for these exceptions. JP Morgan Chase declined to comment on the policy change.
The bank is simultaneously introducing a digital platform, the “Work at JPMC” mobile app, which functions as a digital badge alongside providing employee services such as guest registration, indoor map navigation, and pre-ordering meals from the building’s 19 on-site dining vendors.