US financial firms face growing regulatory fines for poor security management

US financial firms face growing regulatory fines for poor security management

August 4, 2022 0 By administrator
A person walks past the JP Morgan Chase headquarters building on Madison Avenue on July 14, 2022, in New York City. (Photo by Michael M. Santiago/Getty Images)

It’s not just upfront financial losses and reputational damage that U.S. banks and investment firms need to worry about when it comes to cyber risk. Increasingly, financial regulators are levying large fines for banks that fail to manage their security and authentication protocols and processes.

Recently, JP Morgan Chase & Co., UBS and online broker TradeStation faced charges from the Securities and Exchange Commission (SEC) over having “deficient customer identity programs,” while U.S. Bancorp was fined by the Consumer Financial Protection Bureau (CFPB) for opening “unauthorized accounts.” The three financial firms agreed to pay more than a combined $2.5 million in fines.

According to investment regulator the SEC, the two banks and the online broker all violated the so-called Identity Theft Red Flags Rule, or Regulation S-ID — which aims to protect investors from the risk of identity theft — for nearly three years from early 2017 to late 2019.

“All three financial institutions were charged with not including reasonable policies and procedures to identify red flags for identity theft through customer accounts,” according to eMarketer. “The financial institutions’ programs also lacked policies and procedures on how to respond to identity theft red flags once they were identified.” JPMorgan, the largest U.S. bank with nearly $3 trillion in assets, was also charged with “failure to provide effective oversight of service providers and to train staff on how to effectively implement its identity theft prevention program.”

Meanwhile, UBS did not perform periodical reviews on new and existing customer accounts in order to plan how its identity theft program should be applied, nor did the international bank “properly train staff on program implementation or include its board of directors in oversight,” eMarketer said. TradeStation did not alert its board of directors of their oversight duties and did not exercise oversight of service providers, according to the SEC.

The three cited financial institutions agreed to be censured and not to commit future violations. The trio of financial firms all agreed to pay fines, $1.2 million for JPM; $925,000 for UBS; and $425,000 for TradeStation.

CFPB fines US Bank $37.5 million for opening unauthorized accounts

Separately, regulatory consumer watchdog CFPB fined U.S. Bank $37.5 million last week, in a consent order, which cited the Minneapolis-based institution’s having allegedly used customers’ credit reports without permission to open unauthorized bank accounts in their names, according to a CFPB release. In addition, U.S. Bank will need to remunerate affected customers. Much like Wells Fargo & Co. and other banks and investment companies previously, U.S. Bank apparently set employee sales goals, offering incentives to those…

(Excerpt) To read the full article , click here
Image credit: source