SEC Hits JPMorgan, UBS, TradeStation for Identity Theft Violations

News July 27, 2022 at 05:14 PM
Share & Print

The Securities and Exchange Commission on Wednesday separately charged J.P. Morgan Securities LLC, UBS Financial Services Inc., and TradeStation Securities, Inc. for deficiencies in their programs to prevent customer identity theft, violating the SEC's Identity Theft Red Flags Rule, or Regulation S-ID.

According to the SEC's orders, from at least January 2017 to October 2019, the firms' identity theft prevention programs "did not include reasonable policies and procedures to identify relevant red flags of identity theft in connection with customer accounts or to incorporate those red flags into their programs."

The SEC's orders also found that the firms' programs "did not include reasonable policies and procedures to respond appropriately to detected identity theft red flags, or to ensure that the programs were updated periodically to reflect changes in identity theft risks to customers."

Carolyn Welshhans, acting chief of the SEC Enforcement Division's Crypto Assets and Cyber Unit, said in a statement that Regulation S-ID "is designed to help protect investors from the risks of identity theft."

Welshhans added, "Today's actions are reminders that broker-dealers and investment advisors must design and operate identity theft prevention programs that are appropriately tailored to their businesses and update them in response to the increased threat and changing nature of identity theft."

Without admitting or denying the SEC's findings, each firm agreed to cease and desist from future violations of the charged provision, be censured and pay the following penalties: JPMorgan — $1.2 million, UBS — $925,000 and TradeStation — $425,000.

The SEC also found that JPMorgan "failed to exercise appropriate and effective oversight of all service provider arrangements and failed to train staff to effectively implement one of its identify theft prevention programs in 2017."

The UBS order states that it "failed to periodically review new or existing types of customer accounts to determine whether and how its identity theft prevention program should apply to them; failed to adequately involve the board of directors in the oversight, development, implementation, and administration of the program; and failed to train its employees to effectively implement the program."

TradeStation's found that the firm "failed to adequately involve its board of directors in the oversight, development, implementation, and administration of its identity theft prevention program and failed to exercise appropriate and effective oversight of service provider arrangements."

This news follows separate regulatory action being taken against JPMorgan, Bank of America, Morgan Stanley and several other large banks over their failure to monitor employees using unauthorized messaging apps; overall, fines related to these deficiencies total $1 billion.

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Resource Center