JPMorgan, UBS and TradeStation Resolve SEC Identity Theft Rule Violations


The Securities and Exchange Commission (SEC) charged J.P. Morgan Securities LLC (JPMS), UBS Financial Services Inc., and TradeStation Securities Inc. for deficiencies in their programs to prevent customer identity theft, the agency announced Wednesday. The cease-and-desist orders separately settle charges against the financial powerhouses and assess penalties: JPMorgan: $1.2 million, UBS: $925,000, and TradeStation: $425,000.

They explain that the identity theft rules promulgated by the SEC require financial institutions, including broker-dealers and registered investment advisers, to develop and implement a written identity theft prevention program designed to detect, prevent, and mitigate identity theft in connection with customer accounts. Such programs must reflect the size and complexity of the institution as well as the nature and scope of its activities.

In the case of JPMS, the company allegedly failed on numerous fronts by: failing to identify relevant red flags, respond thereto, and periodically update the program. Secondarily, the cease-and-desist order said that JPMS failed to exercise sufficient oversight of the program and train staff.

Of UBS, the SEC said that the firm failed to review new and existing client accounts to determine identity theft program applicability, while TradeStation was accused of failing to adequately involve its board.

The orders find that the firms violated the rules and each, without admitting or denying the SEC’s findings, agree to cease and desist from future violations.