United States SEC Fines JP Morgan, UBS & TradeStation $2.55 Million for Failure to Prevent Customer Identity Theft
28th July 2022 | Hong Kong
The United States Securities & Exchange Commission (SEC) has fined JP Morgan, UBS & TradeStation a total of $2.55 million for failure to prevent customer identity theft (Violating SEC Identity Theft Red Flags Rule – Regulation S-ID) between 2017 to 2019, including failure to train staff, review customer accounts, adequately involve board of directors in the oversight of the program. Carolyn M. Welshhans, Acting Chief of the SEC Enforcement Division’s Crypto Assets and Cyber Unit: ”Regulation S-ID is designed to help protect investors from the risks of identity theft. Today’s actions are reminders that broker-dealers and investment advisers must design and operate identity theft prevention programs that are appropriately tailored to their businesses and update them in response to the increased threat and changing nature of identity theft.” JPMorgan: “The JPMorgan order also finds that the firm failed to exercise appropriate and effective oversight of all service provider arrangements and failed to train staff to effectively implement one of its identify theft prevention programs in 2017.” UBS: “The UBS order also finds that the firm failed to periodically review new or existing types of customer accounts to determine whether and how its identity theft prevention program should apply to them; failed to adequately involve the board of directors in the oversight, development, implementation, and administration of the program; and failed to train its employees to effectively implement the program.” (Fines: JP Morgan: $1.2 million, UBS: $925,000, and TradeStation: $425,000)
“ United States SEC Fines JP Morgan, UBS & TradeStation $2.55 Million for Failure to Prevent Customer Identity Theft “
United States SEC Statement
The Securities and Exchange Commission today separately charged J.P. Morgan Securities LLC, UBS Financial Services Inc., and TradeStation Securities, Inc. for deficiencies in their programs to prevent customer identity theft, in violation of the SEC’s Identity Theft Red Flags Rule, or Regulation S-ID. According to the SEC’s orders, from at least January 2017 to October 2019, the firms’ identity theft prevention programs did not include reasonable policies and procedures to identify relevant red flags of identity theft in connection with customer accounts or to incorporate those red flags into their programs. In addition, the SEC’s orders find that the firms’ programs did not include reasonable policies and procedures to respond appropriately to detected identity theft red flags, or to ensure that the programs were updated periodically to reflect changes in identity theft risks to customers.
“Regulation S-ID is designed to help protect investors from the risks of identity theft,” said Carolyn M. Welshhans, Acting Chief of the SEC Enforcement Division’s Crypto Assets and Cyber Unit. “Today’s actions are reminders that broker-dealers and investment advisers must design and operate identity theft prevention programs that are appropriately tailored to their businesses and update them in response to the increased threat and changing nature of identity theft.”
JPMorgan: The JPMorgan order also finds that the firm failed to exercise appropriate and effective oversight of all service provider arrangements and failed to train staff to effectively implement one of its identify theft prevention programs in 2017.
UBS: The UBS order also finds that the firm failed to periodically review new or existing types of customer accounts to determine whether and how its identity theft prevention program should apply to them; failed to adequately involve the board of directors in the oversight, development, implementation, and administration of the program; and failed to train its employees to effectively implement the program.
TradeStation: The TradeStation order also finds that the firm failed to adequately involve its board of directors in the oversight, development, implementation, and administration of its identity theft prevention program and failed to exercise appropriate and effective oversight of service provider arrangements.
The SEC’s orders find that each firm violated Rule 201 of Regulation S-ID. Without admitting or denying the SEC’s findings, each firm agreed to cease and desist from future violations of the charged provision, to be censured, and to pay the following penalties: JPMorgan: $1.2 million, UBS: $925,000, and TradeStation: $425,000.
The SEC’s investigations were conducted by Laura D’Allaird, Kathleen Hitchins, Jennie B. Krasner, and Martin Zerwitz of the Crypto Assets and Cyber Unit and supervised by Paul Kim, Deborah Tarasevich, and Carolyn Welshhans. The examinations that led to the investigations were conducted by Colin Ray, Christine Sibille, Lindsay Topolosky, and Eric Garvey of the Division of Examinations.
Sign Up / Register
Caproasia Users
- Manage $20 million to $3 billion of assets
- Invest $3 million to $300 million
- Advise institutions, billionaires, UHNWs & HNWs
Caproasia Platforms | 11,000 Investors & Advisors
- Caproasia.com
- Caproasia Access
- Caproasia Events
- The Financial Centre | Find Services
- Membership
- Family Office Circle
- Professional Investor Circle
- Investor Relations Network
Monthly Roundtable & Networking
Family Office Programs
The 2024 Investment Day
- March 2024 - Hong Kong
- March 2024 - Singapore
- July 2024 - Hong Kong
- July 2024 - Singapore
- Sept 2024 - Hong Kong
- Sept 2024 - Singapore
- Oct 2024 - Hong Kong
- Nov 2024 - Singapore
- Visit: The Investment Day | Register: Click here
Caproasia Summits
- The Institutional Investor Summit
- The Investment / Alternatives Summit
- The Private Wealth Summit
- The Family Office Summit
- The CEO & Entrepreneur Summit
- The Capital Markets Summit
- The ESG / Sustainable Investment Summit