FINRA Fines Thrivent $325K Over Forged E-Signatures

The Financial Industry Regulatory Authority has censured and fined Thrivent Investment Management $325,000 for failing to establish and maintain a supervisory system to detect possible instances of electronic signature forgery or falsification.

From July 2017 to the present, at least 15 Thrivent registered representatives electronically signed customer names on over 260 documents, including documents that were required books and records of the firm, according to FINRA’s order.

Certain Thrivent registered reps “sent documents requiring a customer’s electronic signature to their own personal and work email addresses, and corresponding authorization codes to their own phones, and then falsified or forged customer electronic signatures on firm documents,” the order states.

Thrivent representatives “were able to electronically sign documents and to obtain electronic signatures from customers remotely, by emailing customers a link to documents that the customers could electronically sign,” according to the order.

“After an individual electronically signed a document, Thrivent would receive a certificate of completion identifying, among other things: the email address that sent and received the document, the cell phone number used to receive authentication codes to access documents, and the Internet Protocol (IP) addresses of devices used to electronically sign documents,” the order explains.

Thrivent’s written supervisory procedures required representatives to obtain authentic customer signatures on firm documents.

“Thrivent’s WSPs did not, however, include any procedure to supervise use of electronic signatures or provide reasonable guidance to supervisors on what they should look for in attempting to assess whether an electronic signature was genuine,” the order states.

As a result, “the firm did not reasonably investigate certain red flags contained in the certificates of completion, such as instances where representatives sent a document from their work email address to an email address not recorded in the customer’s account information such as their personal email address, sent an authentication code to their own cell phone number, or instances where the representative and customer’s remote signatures were sent from the same IP address,” FINRA said.

“The falsifications and forgeries were not in furtherance of unauthorized activity, there was no customer harm, and no customer complained,” the order states.