The US Securities and Exchange Commission (SEC ) has charged and settled with J.P. Morgan Securities, UBS Financial Services and TradeStation Securities, all broker-dealers, for lapses in each of their programs to prevent customer identity theft.
Though firms neither accepted nor denied any charges, they allegedly violated the US regulator’s identity Theft Red Flags Rule or Regulation S-ID.
Apart from the cease and desist order for future such violations to which all three companies agreed, JPMorgan has to pay a penalty of $1.2 million, UBS a fine of $925,000 and TradeStation $425,000.
The Lapses
The US securities regulator detailed that none of the three firm’s identity theft programs included “reasonable policies and procedures” to red flag identity thefts between at least January 2017 and October 2019.
Furthermore, the SEC found that none of the companies had any “reasonable policies and procedures” to respond to any detected identity theft attempt. Also, they did not update their programs regularly to ensure protection to customers against risks.
Additionally, the regulator revealed that JPMorgan failed to oversee its service provider agreement and even train staff to implement identity theft prevention programs. In the case of UBS and TradeStation, both failed to get involved in the oversight and implementation of the programs.
Moreover, UBS failed to train staff, whereas TradeStation had lapses in overseeing service provider agreements.
“Regulation S-ID is designed to help protect investors from the risks of identity theft,” said Carolyn Welshhans, the Acting Chief of the SEC Enforcement Division's Crypto Assets and Cyber Unit.
“Today’s actions are reminders that broker-dealers and investment advisers must design and operate identity theft prevention programs that are appropriately tailored to their businesses and update them in response to the increased threat and changing nature of identity theft.”
