The Financial Industry Regulatory Authority has censured and fined SoFi Securities $1.1 million for failing to establish and maintain a reasonable Customer Identification Program for SoFi Money, its cash management brokerage account, which resulted in $2.5 million in stolen funds.
According to FINRA's order, from December 2018 through April 2019, SoFi used "a largely automated process to approve the opening of SoFi Money accounts that was not reasonably designed to verify the customers' identity and was, therefore, vulnerable to fraud perpetrated by third parties using fictitious or stolen identities."
The firms approved the opening of approximately 800 accounts that third parties then used to transfer approximately $8.6 million from the accounts of customers at other financial institutions without authorization, FINRA's order states. Approximately $2.5 million of those transfer were subsequently withdrawn by these third parties from the SoFi Money accounts.
"As a result, SoFi violated FINRA Rules 33 l0(b) and 2010," FINRA found. "During this period, SoFi also failed to develop and implement a written Identity Theft Prevention Program (ITPP) reasonably designed to detect, prevent, and mitigate identity theft."