The Financial Industry Regulatory Authority has issued a reminder to its member firms about their responsibility to guard against digital signature forgery and falsification amid an increase in incidents.
The self-regulator “has received an increasing number of reports regarding registered representatives and associated persons (representatives) forging or falsifying customer signatures, and in some cases signatures of colleagues or supervisors, through third-party digital signature platforms,” it said in a regulatory notice from last week.
Forgery is “when one person signs or affixes, or causes to be signed or affixed, another person’s name or initials on a document without the other person’s prior permission,” while falsification is “when a person creates a document or entry in a firm’s system that creates a false appearance by including altered or untrue information,” Finra said.
Both violate Finra’s rule 2010, which aims to promote “high standards of commercial honor and just and equitable principles of trade,” according to its website.
In the notice, Finra laid out five scenarios its members reported involving forgery or falsification of customer signatures by representatives. These include:
- Customer inquiries or complaint investigations. By investigating customer inquiries or complaints, some firms discovered situations where representatives forged or falsified customer signatures. Specifically, customers raised concerns regarding account transfers and securities transactions. Firms have also identified issues involving forms such as account opening documents and updates, account activity letters, discretionary trading authorizations, wire instructions and even documents internal to the firm regarding customer transaction reviews, Finra says.
- Digital signature audit trail reviews. Digital signature platforms typically store signatories’ identifying information in an audit trail or completion certificate, Finra notes. Upon review of this information, firms found cases where customer signatures came from email addresses associated with their representative or email addresses that were otherwise inconsistent with the one on file for the customer, a discrepancy between the location of the person applying the signature and the customer’s residence and a discrepancy between the internet protocol addresses for the representative and customer signatures, Finra says.
- Email correspondence reviews. Upon reviewing emails, firms found cases where documents were sent to emails not belonging to the customer including a representative’s personal or business email address or an email address associated with a representative’s approved outside business activity, Finra says. Email reviews can also reveal alterations to a customer’s email address such as it being changed to the representative’s email address, Finra says.
- Administrative staff inquiries. Administrative staff have raised concerns to management or compliance after being instructed by representatives to manipulate the digital signature process, with the representatives claiming that doing so qualified as making acceptable accommodations to the customer, Finra says. Firms can train administrative staff to help them resist pressure to manipulate the digital signature process and raise concerns should they encounter it.
- Customer authentication supervision. In some cases, representatives have been able to successfully complete verification processes that require a customer’s personal information because that information was available in the customer’s files, Finra says. For this reason, firms should not rely solely on this process and should clarify restrictions on access representatives have to information such as customer passwords and answers to verification questions, Finra says.
Do you have a news tip you’d like to share with FA-IQ? Email us at email@example.com.