On July 27th, the SEC charged two large Investment Banks and a Broker-Dealer for deficiencies in their programs to prevent customer identity theft. As a result of these findings the firms paid a cumulative $2.55 Million to the SEC.
What were the Deficiencies for each Firm?
The SEC found that each of these firms violated Rule 201 of Regulation S-ID, the SEC’s rule designed to protect investors from identity theft. Additionally, the SEC found that the firms were independently culpable of the following:
- Investment Bank #1:
- Failed to use proper oversight of their service provider arrangements.
- Failed to effectively train staff to implement a 2017 identity theft prevention program.
- Investment Bank #2:
- Failed to periodically review customer accounts to determine how its identity theft prevention program should be applied.
- Failed to properly involve the board of directors in the development, implementation, and administration of its identity theft prevention program.
- Failed to train employees to effectively implement the program.
- Broker Dealer:
- Failed to involve the board of directors in the development, implementation, and administration of its identity theft prevention program.
- Failed to exercise proper oversight of service provider arrangements.
What were the Final Penalties for each Firm?
Each of the firms neither admitted nor denied the findings, but rather agreed to cease and desist from future violations of the rule and paid the following penalties:
- Investment Bank #1: $1.2 Million
- Investment Bank #2: $925 Thousand
- Broker-Dealer: $425 Thousand
If you need assistance in reviewing or updating your Firms policies and procedures, contact us.