Close Close
ThinkAdvisor

Regulation and Compliance > Federal Regulation > SEC

SEC Slaps BD for Failing to File Suspicious Activity Reports

X
Your article was successfully shared with the contacts you provided.

What You Need to Know

  • GWFS was ordered to pay the SEC a $1.5 million civil monetary penalty.
  • The BD failed to file approximately 130 SARs and omitted information from 297 SARs it did file.
  • GWFS was aware of increasing attempts by external bad actors to gain access to the retirement accounts of individual plan participants.

The Securities and Exchange Commission announced settled charges against GWFS Equities Inc., a Colorado-based registered broker-dealer for failing to file suspicious activity reports, or SARs, related to external bad actors’ attempts to gain access to the retirement accounts of individual plan participants.

GWFS, an affiliate of Great-West Life & Annuity Insurance Co. that provides services to employer-sponsored retirement plans, was ordered to pay the SEC a $1.5 million civil monetary penalty.

According to the SEC’s order, from September 2015 through October 2018, GWFS was aware of increasing attempts by external bad actors to gain access to the retirement accounts of individual plan participants.

During that time period, GWFS failed to file certain SARs with the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) and omitted from certain filed SARs important information it knew, and was required to report, about the suspicious activities.

Over the course of the relevant period, “GWFS began detecting increasing numbers of attempts by bad actors to gain unauthorized access to the retirement accounts of individual plan participants and the funds therein,” the order states.

The bad actors generally tried to access the accounts by using improperly obtained personal identifying information of the plan participants.

More on this topic

“Although GWFS concluded that the personal identifying information was not obtained in connection with any breach of GWFS’ systems, the bad actors frequently were in possession of electronic login information — such as user names, email addresses, and passwords — of the plan participants,” the order states.

GWFS detected most of these attempts before the bad actors could request a distribution from a plan participant’s account, but some incidents involved successful distributions, according to the order.

These attempts, whether or not funds were ultimately withdrawn, are referred to as “account takeovers.”

During the Relevant Period, GWFS failed to implement its anti-money laundering program consistently in practice.

As a result, GWFS, according to the SEC: failed to file approximately 130 SARs, including in cases when it had detected external bad actors gaining, or attempting to gain, access to the retirement accounts of participants in the employer-sponsored retirement plans it serviced; and omitted, from approximately 297 SARs it did file, information it knew, and was required to report, about the suspicious activity and suspicious actors.

The Bank Secrecy Act requires broker-dealers to file SARs with FinCEN to report a transaction (or pattern of transactions of which the transaction is a part) conducted or attempted by, at, or through the broker-dealer involving or aggregating funds or other assets of at least $5,000.