SoFi Securities Hit With $1.1M FINRA Fine Over Theft in Cash Accounts

News May 03, 2024 at 02:55 PM
Share & Print

FINRA building in Philadelphia

The Financial Industry Regulatory Authority has censured and fined SoFi Securities $1.1 million for failing to establish and maintain a reasonable Customer Identification Program for SoFi Money, its cash management brokerage account, which resulted in $2.5 million in stolen funds.

According to FINRA's order, from December 2018 through April 2019, SoFi used "a largely automated process to approve the opening of SoFi Money accounts that was not reasonably designed to verify the customers' identity and was, therefore, vulnerable to fraud perpetrated by third parties using fictitious or stolen identities."

The firms approved the opening of approximately 800 accounts that third parties then used to transfer approximately $8.6 million from the accounts of customers at other financial institutions without authorization, FINRA's order states. Approximately $2.5 million of those transfer were subsequently withdrawn by these third parties from the SoFi Money accounts.

"As a result, SoFi violated FINRA Rules 33 l0(b) and 2010," FINRA found. "During this period, SoFi also failed to develop and implement a written Identity Theft Prevention Program (ITPP) reasonably designed to detect, prevent, and mitigate identity theft."

The matter originated after SoFi self-reported to FINRA that third parties had fraudulently transferred funds from accounts at unaffiliated financial institutions without authorization to SoFi Money accounts.

"SoFi Money applicants stole from customers of other financial institutions and used SoFi Money to withdraw the funds," the order states.

Red Flags

The order found that SoFi failed to implement a reasonable program to respond to red flags of identity theft identified elsewhere in the Identity Theft Prevention Program, or ITPP.

For example, "the firms ITPP noted red flags of identity theft, including inconsistencies in the personal identifying information such as an address that does not match a consumer reports, or the Social Security number has not been issued or is listed on the Social Security Administration's Death Master File, or personal identifying information presented has been used on an account the fnm knew was fraudulent," FINRA said.

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Resource Center