The SEC has separately charged JP Morgan Securities, UBS Financial Services and TradeStation for deficiencies relating to the prevention of customer identity theft.
According to the SEC’s orders, from at least January 2017 to October 2019, the companies’ identity theft prevention programs did not include reasonable policies and procedures to identify relevant red flags or identify theft in connection with customer accounts or to incorporate those red flags into their programs.
The SEC’s orders find that the firms’ programs did not include reasonable policies and procedures to respond appropriately to detected identity theft red flags or to ensure that the programs were updated periodically to reflect changes in identity theft risks to customers.
The SEC’s orders find that each company violated Rule 201 of Regulation S-ID. Without admitting or denying the SEC’s findings, each company agreed to cease and desist from future violations of the charged provision to be censured. JP Morgan will pay a $1.2m penalty, UBS a $925,000 penalty and TradeStation a $425,000 penalty.
SEC acting chief for the enforcement division’s crypto assets and cyber unit Carolyn Welshhans said, “Regulation S-ID is designed to help protect investors from the risks of identity theft. Today’s actions are reminders that broker-dealers and investment advisers must design and operate identity theft prevention programs that are appropriately tailored to their businesses and update them in response to the increased threat and changing nature of identity theft.”
Copyright © 2022 FinTech Global