The latest compliance news: regulatory developments, punishments, guidance, permissions and new product and service offerings.
Securities and Exchange Commission
The Securities and Exchange Commission has settled charges against GWFS Equities, a Colorado-based registered broker-dealer for breaching rules for filing Suspicious Activity Reports. The firm had been aware of “increasing attempts by external bad actors” to access retirement accounts but did not file sufficient information in its SARs.
The organization is an affiliate of Great-West Life & Annuity Insurance Company.
According to the SEC’s order, from September 2015 through October 2018, GWFS was aware of the attempts to access retirement accounts of individual plan participants. GWFS realised that the bad actors attempted or gained access by, among other things, using improperly obtained personal identifying information of the plan participants, and that the bad actors were frequently in possession of electronic login information such as user names, email addresses, and passwords.
Under current rules, broker-dealers must file SARs for certain transactions suspected to involve fraudulent activity or a lack of an apparent business purpose.
GWFS “failed to file approximately 130 SARs, including in cases when it had detected external bad actors gaining, or attempting to gain, access to the retirement accounts of participants in the employer-sponsored retirement plans it serviced,” the SEC said. “Further, for nearly 300 SARs that GWFS did file, the order finds that GWFS did not include the `five essential elements’ of information it knew and was required to report about the suspicious activity and suspicious actors, including cyber-related data such as URL addresses and IP addresses.”
“Across the financial services industry, we have seen a large increase in attempts by outside bad actors to gain unauthorized access to client accounts,” Kurt L Gottschall, director of the SEC’s Denver regional office, said. “By failing to file SARs and by omitting information it knew about the suspicious activity it did report, GWFS deprived law enforcement of critical information relating to the threat that outside bad actors pose to retirees’ accounts, particularly when the unauthorized account access has been cyber-enabled.”
The SEC’s order notes that significant cooperation by GWFS with the SEC’s investigation and subsequent remedial efforts were taken into account in the determination to accept the company’s settlement offer. The remedial efforts included adding dedicated anti-money laundering (AML) staff and systems, replacing key personnel, clarifying delegation of responsibility for filing SARs, and implementing new SAR-related policies, procedures, standards, and training.