Stoltmann Law Offices is investigating brokers who have failed to protect customers’ personal information from identity theft. The Securities and Exchange Commission (SEC) has separately charged J.P. Morgan Securities, UBS Financial Services and TradeStation Securities, for “deficiencies in their programs to prevent customer identity theft, in violation of the SEC’s Identity Theft Red Flags Rule, or Regulation S-ID.”
“From at least January 2017 to October 2019, the firms’ identity theft prevention programs did not include reasonable policies and procedures to identify relevant red flags of identity theft in connection with customer accounts or to incorporate those red flags into their programs. In addition, the SEC’s orders find that the firms’ programs did not include reasonable policies and procedures to respond appropriately to detected identity theft red flags, or to ensure that the programs were updated periodically to reflect changes in identity theft risks to customers.”
“Regulation S-ID is designed to help protect investors from the risks of identity theft,” said Carolyn Welshhans, Acting Chief of the SEC Enforcement Division’s Crypto Assets and Cyber Unit. The agency’s actions “are reminders that broker-dealers and investment advisers must design and operate identity theft prevention programs that are appropriately tailored to their businesses and update them in response to the increased threat and changing nature of identity theft.”
The SEC’s orders find that each firm violated Rule 201 of Regulation S-ID. Without admitting or denying the SEC’s findings, each firm agreed to cease and desist from future violations of the charged provision, to be censured, and to pay the following penalties: JPMorgan: $1.2 million, UBS: $925,000, and TradeStation: $425,000. The JPMorgan order also finds that the firm “failed to exercise appropriate and effective oversight of all service provider arrangements and failed to train staff to effectively implement one of its identify theft prevention programs in 2017.” In addition, the UBS order finds “that the firm failed to periodically review new or existing types of customer accounts to determine whether and how its identity theft prevention program should apply to them; failed to adequately involve the board of directors in the oversight, development, implementation, and administration of the program; and failed to train its employees to effectively implement the program.” The TradeStation order states that the firm “failed to adequately involve its board of directors in the oversight, development, implementation, and administration of its identity theft prevention program and failed to exercise appropriate and effective oversight of service provider arrangements.”
If your identity has been compromised due to a data breach of your brokerage firm, bank, or investment advisor, you have legal rights to pursue through class action or FINRA Arbitration. Please contact Stoltmann Law Offices, P.C. at 312-332-4200 for a free, no obligation consultation with a securities attorney. Stoltmann Law Offices is a contingency fee law firm which means we do not get paid until you do!