Financial institutions JP Morgan, UBS and TradeStation all settled with the Securities and Exchange Commission over accusations that their identity theft protection protocols were not up to the legally required standards.
In the case of JP Morgan, the SEC said its program spent a lot of time describing legal obligations to identify red flags, as well as provided some examples copy/pasted from the SEC's own documents, but did not actually explain how someone at JP Morgan was to identify any red flags or how to respond. While JP Morgan has taken action on identity theft, this seemed to be more of an ad-hoc response versus something part of a consistent program.
When it came to UBS, the SEC complaint said that its program had been compliant with the identity theft protection requirements of the Fair and Accurate Credit Transactions Act of 2003, implemented in 2007, but did not make any material changes when the rules were updated via Regulation S-ID in 2013. Further, it did not periodically review accounts to see whether they were covered by the new Regulation S-ID. Also like JP Morgan, its program did not really go over how exactly someone was meant to identify and respond to red flags.
For TradeStation Securities, the SEC said that it simply did not have or otherwise incorporate by reference reasonable policies and procedures to identify relevant red flags and incorporate them into its program. The SEC noted that what policies were there were not appropriate to its business model: For instance, while the broker-dealer talked about making sure that the photograph or physical description of the person is consistent with their identification, nearly all the company's accounts were opened online, meaning no one would have even had the opportunity to compare their physical appearance to their ID. When it came to actual red flags identified, the company instructed people to just perform additional due diligence with no specifics as to what things should actually be done. The SEC further stated that the board was only informed of identity theft cases when they exceeded $50,000 per quarter.
SEC headquarters
Bloomberg News
"Regulation S-ID is designed to help protect investors from the risks of identity theft," said Carolyn Welshhans, acting chief of the SEC Enforcement Division's Crypto Assets and Cyber Unit in a statement. "Today’s actions are reminders that broker-dealers and investment advisers must design and operate identity theft prevention programs that are appropriately tailored to their businesses and update them in response to the increased threat and changing nature of identity theft."
The SEC’s orders find that each company violated Rule 201 of Regulation S-ID. Without admitting or denying the findings, each company agreed to cease and desist from future violations of the charged provision, to be censured, and to pay the following penalties: JPMorgan: $1.2 million, UBS: $925,000, and TradeStation: $425,000.
Ninety percent of tax leaders say they are invited to weigh in on business decisions before they are made, and that their recommendations carry significant weight, according to a BDO survey.
The Internal Revenue Service has overhauled its technology modernization plans in response to reductions in funding and staffing under the Trump administration.
The Internal Revenue Service is starting to give taxpayers access to the memo from IRS Appeals Officers about why a decision was made for or against them.
The Internal Revenue Service needs to do more to raise awareness of the adoption tax credit and plans to conduct more outreach, according to a new report.
The Top 25 Firm based in New York acquired substantially all the assets of Barkin, Perren, Schwager & Dolan LLP, a firm based in Woodland Hills, California.
