On August 3, 2022, FINRA issued Regulatory Notice 22-18 in response to reports of registered representatives and associated persons forging or falsifying customer signatures, or signatures of colleagues or supervisors, through the use of third-party digital signature platforms. To aid member firms in understanding and satisfying their related regulatory obligations and mitigate risk, FINRA identified five scenarios and methods used to identify violations which were reported by member firms.
FINRA reminded members that forgery and falsification by associated persons constitutes a violation of FINRA Rule 2010 (Standards of Commercial Honor and Principles of Trade) and the books and records provision of FINRA Rule 4511. FINRA also emphasized a firm’s corollary duty under FINRA Rule 3110(a) (Supervisory System) to supervise activities of associated persons consistent with the FINRA Rules, in particular the duty to identify and respond to red flags. FINRA staff highlighted guidance in Regulatory Notice 09-64 (Verification of Instructions to Transmit or Withdraw Assets from Customer Accounts) which reminded member firms of the need to update their supervisory systems and procedures to keep up with technology.
FINRA’s alert outlined scenarios and methods used to identify the forgeries and falsifications:
Customer Inquiries or Complaint Investigations:
Member firms’ investigations of customer complaints involving account transfers or securities transactions revealed instances of representatives forging or falsifying customer signatures. The investigations identified situations where: (i) representatives falsified digital signatures on documents facilitating account transfers; and (ii) in complaints involving securities transactions, representatives forged signatures on disclosure forms which acknowledged a product’s alignment with the customer’s investment objectives. FINRA noted that firms identified similar issues on a wide range of forms from account opening documents, discretionary trading authorizations, and wire instructions, to internal firm documents.
Digital Signature Audit Trail Reviews:
Member firms reviewing the audit trail data or completion certificates of digital signature platforms were able to identify forgeries or falsifications based upon the Internet Protocol (IP) and email address information contained therein. Particularly, firms paid attention to red flags such as: (i) signatures originating from inconsistent customer email addresses; (ii) discrepancies in user location versus the customer’s listed residence; and (iii) customer IP addresses that match the representative’s.
Email Correspondence Reviews:
Reviews of email correspondence revealed representatives had forged or falsified signatures, where the representatives had sent documents to non-customer email addresses which were actually email addresses over which the representative had control. Email reviews may assist in identifying instances where customer email addresses have been altered “in ways that are indicative of attempts to conceal information from customers.” Examples included occurrences where representatives changed the customer’s email address to the representative’s email address, or the same email address was used for unrelated customers.
Administrative Staff Inquiries:
In other cases, firm administrative staff raised concerns to management or compliance when they were directed to manipulate digital signatures by representatives. In that vein, FINRA emphasized that appropriately training staff can encourage them to resist such pressure and report concerns.
Customer Authentication Supervision:
Finally, FINRA warned that although authentication questions using customers’ personal information to verify their signature can be helpful, firms found that representatives with access to such information were able to circumvent those safeguards. FINRA cautioned firms not to rely solely on this method, and instead advised that firms should ensure their procedures contain appropriate additional safeguards.
Questions can be submitted to authors Kathryn B. Rockwood and Patrick J. Medeo.