Firm Settles Charges Over E-Signature Forgeries
Commentary by Glen Barrentine
A firm settled FINRA charges for failing to establish a supervisory system to detect possible instances of electronic signature forgery or falsification.
According to the AWC, firm representatives were able to electronically sign documents and obtain customer signatures remotely. FINRA said the firm failed to provide guidance to supervisors on what they should look for to assess whether an electronic signature was genuine. FINRA found that the firm failed to investigate red flags in the certificates of completion, such as documents sent to non-customer email addresses or authentication codes sent to representatives' own phones. FINRA found that at least 15 representatives falsified or forged over 260 documents without causing customer harm or complaints.
As a result, FINRA found that the firm violated FINRA Rules 3110 ("Supervision"), 2010 ("Standards of Commercial Honor and Principles of Trade") and 4511 ("General Requirements") as well as SEA Section 17(a) ("Records and Reports") and SEA Rule 17a-3 ("Records to be made by certain exchange members, brokers and dealers").
To settle the charges, the firm agreed to (i) a censure, (ii) pay a $325,000 fine, (iii) an undertaking to remediate the issues identified and (iv) implement a supervisory system.
Commentary
In the AWC, FINRA states that "[t]he falsifications and forgeries were not in furtherance of unauthorized activity, there was no customer harm, and no customer complained." In other words, it appears that the signature forgeries or falsifications were likely done for convenience rather than for nefarious reasons. Nonetheless, and even though the firm had no prior history of similar violations, the firm agreed to pay a $325,000 fine to resolve this matter. While this seems like a large fine for an activity where there was no actual customer harm, the size of the fine most likely reflects concern that these practices could easily harm customers.
The AWC points out that, in the event a customer electronically signed a document, the firm's systems would produce a certificate of completion identifying the email address that sent and received the document, the cell phone number used to receive authentication codes to access documents and the IP address of devices used to electronically sign documents. In other words, while the firm had an audit trail to link electronically signed documents back to a customer, the firm failed to avail itself of this audit trail to confirm the customer's receipt and electronic authorization. More generally, firms should see FINRA Regulatory Notice 22-18, which includes a discussion of multiple methods that can be used to identify digital signature forgery or falsification.