JPMorgan and UBS accused of poor identity theft protection • The Register


JPMorgan Securities, UBS Financial Services and TradeStation Securities are not doing enough to thwart scammers who want to steal customer identities, says the US financial watchdog.

The SEC announced on Wednesday that it is accusing investment management firms of flaws in their identity theft prevention systems. These systems are supposed to prevent fraudsters, for example, from opening accounts in the name of their victims.

All three were fined without admission of liability: JPMorgan will pay $1.2 million, UBS will pay $925,000 and TradeStation will be fined $425,000.

To put those numbers into perspective, JPMorgan Chase made a profit of $48.3 billion. [PDF] last year, UBS’s annual profit reached $7.5 billion in 2021, and TradeStation recorded a $31.7 million net loss (of $210 million in revenue) for its last fiscal year.

In other words: a slight annoyance rather than a deterrent effect.

In addition to the money, the three companies promised to stay on the right side of the law. Crucially, the trio didn’t “admit or deny” the SEC allegations they broke Rule 201 of the S-ID Regulation, which requires trading teams to have measures in place “designed to detect, prevent and mitigate identity theft in connection with the opening of a Covered Account or any existing Covered Account” .

The SEC said its investigators found that between January 2017 and October 2019, the three companies’ identity theft prevention programs did not include “reasonable policies and procedures” to, among other things, detect identity theft signals. alarm indicating probable identity theft, then preventing and mitigating that risk.

Specific to JPMorgan, the watchdog claimed [PDF] the financial giant failed to “exercise appropriate and effective oversight of all agreements with service providers” and that it did not train staff on how to implement its theft prevention program identify.

Meanwhile, UBS also failed to provide sufficient training to its employees and review client accounts to see if its identity theft prevention program should apply to them, according to the SEC. [PDF].

Additionally, the regulator said UBS and TradeStation [PDF] have not involved their boards of directors in the development and administration of their identity theft prevention programs.

“Today’s actions are a reminder that broker-dealers and investment advisers must design and operate identity theft prevention programs tailored to their businesses and update them in response to the increased threat and changing nature of identity theft,” Carolyn Welshhans, acting chief of the SEC’s Enforcement Division’s Crypto-Assets and Cybersecurity Unit, said in a statement. canned statement.

The SEC’s allegations come as identity theft becomes a growing problem for individuals and businesses, according to the FBI’s latest annual Internet Crime Report.

The study found that 51,629 identity theft complaints were filed with the federal government last year, up from 43,330 in 2020, an increase of 19%. These crimes cost businesses and individuals more than $278 million in losses last year, according to the bureau. ®


Comments are closed.