Regulatory Notice 22-18 reminds firms of their rule obligation related to forgery and falsification of records and provides Firm’s with some specific examples that they have encountered from other Firms. These examples are great tools to review against your program and audit to ensure that your Firm is meeting rule requirements.
What is Forgery or Falsification of a Record?
- Forgery occurs when one person signs or affixes, or causes to be signed or affixed, another person’s name or initials on a document without the other person’s prior permission.
- Falsification occurs when a person creates a document or entry in a firm’s system that creates a false appearance by including altered or untrue information.
FINRA Regulatory Obligations
FINRA notes that both forgery and falsification are violations of FINRA rule 2010. This rule requires associated persons to observe high standards of commercial honor and just and equitable principles of trade in the conduct of their business. FINRA Rule 4511 requires members to “make and preserve books and records as required under the FINRA rules, the Exchange Act, and the applicable Exchange Act rules The Firm has additional supervisory responsibilities to supervise the activities of associated persons to ensure compliance with securities laws and regulations under FINRa Rule 3110(a). Finally, Regulatory Notice 09-64 requires that Firm safeguard customer assets and review systems.
Recent Trends Identified
FINRA provided five examples where member firms reported to FINRA instances of forged or falsified customer signatures, including the methods firms used to identify the forgeries or falsifications.
Customer Inquiries or Complaint Investigations- Customers raised questions and complaints about signing forms on behalf of the customer digitally including disclosure forms, suitability information and disbursement information.
Digital Signature Audit Trail Reviews- Firms identified instances where representatives used their email to sign into the platform. The sign in location and IP address were the same as the representative.
Email Correspondence Reviews- Email reviews uncovered representatives sending client documents for signature to a non-firm email address.
Administrative Staff Inquiries- Administrative staff was asked by representatives to alter signatures.
Customer Authentication Supervision- Authentication questions are questions the representative would know (from information in the account record) and could therefore be used to gain entry into the dual authentication system.
Best Practices for Compliance
Firms should take note of this Notice and review their compliance program and procedures for any instances where the Firm may be vulnerable. We suggest the following:
- Training for representatives and support personnel on the Firm’s policies, how to spot red flags and what to do if you are pressured to falsify or forge a document.
- Internal audits of programs that are most vulnerable to attack including onboarding, disbursements, product changes and complaints.
- Review the Firm’s email keywords to ensure that the Firm uses keywords that would allow reviewers to detect forgery and falsification.
- Be on the lookout for emails from representatives being sent to non-firm emails.
- Review and supervise digital signature trails to ensure compliance.
MasterCompliance provides consulting with compliance foundations including compliance and operational issues presented by digital signatures as they relate to their business. If you would like to explore additional assistance or services, please contact us.