FINRA Reminder to Supervise for Digital Signature Falsification
Regulatory Notice 22-18
The Financial Regulatory Authority (FINRA) recently issued Regulatory Notice 22-18 (“the Notice”) to remind member firms of their regulatory obligation to monitor digital signatures to prevent or detect forgery or falsification activities.
The Notice highlights the need for member firms that allow digital signatures to have adequate controls to detect possible instances of signature forgery or falsification.
What Constitutes Forgery or Falsification?
- Forgery occurs when one person signs or affixes, or causes to be signed or affixed, another person’s name or initials on a document without the other person’s prior permission.
- Falsification occurs when a person creates a document or entry in a firm’s system that creates a false appearance by including altered or untrue information.
Forgery and falsification are violations of FINRA Rule 2010, which requires associated persons to observe high standards of commercial honor and just and equitable principles of trade in the conduct of their business. Where the forged or falsified document is a book or record that the member firm maintains, the associated person may also separately violate FINRA Rule 4511. In addition, FINRA Rule 3110(a) requires each member to establish and maintain a system to supervise the activities of each associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations and with applicable FINRA rules.
Helpful Ways to Identify Digital Signature Forgery or Falsification
The Notice suggests the following five (5) methods to help firms identify and monitor for forgeries or falsifications:
- Following up on customer inquiries or complaint investigations
- Reviewing digital signature audit trails
- Reviewing email correspondence
- Conducting administrative staff inquiries
- Implementing customer authentication controls and supervisory reviews
In addition, the Notice describes various scenarios in which member firms discovered and reported to FINRA situations in which representatives forged or falsified customer signatures. Among other things, it noted the following instances:
- Account transfers where firm investigations revealed that representatives facilitated the transfer process by digitally signing forms on behalf of customers
- Customer signatures originating from email addresses associated with their representative or other email addresses that were inconsistent with customer email addresses the firm maintained
- Discrepancies between the location of the user (e.g., the individual affixing the customer’s digital signature) and the customer’s residence
- Identical IP addresses for the representative and customer digital signatures on a document
- Complaints from administrative staff that representatives directed them to manipulate the digital signature process, claiming the modifications were acceptable accommodations to the customer
Firms should take note of this Notice and assess their practices and procedures for:
- Maintaining procedures that properly address methods to identify and respond to suspicious activity;
- Conducting training related to digital forgeries and falsifications, including how to spot “red flags” and how to resist pressure to manipulate or modify documents;
- Promptly reviewing customer complaints, digital signature audit trails, and email correspondence; and
- Ensuring procedures and controls address safeguards around the authentication/verification process and clearly indicate any restrictions on employee access to customer passwords and answers to verification questions.
How we help
We can help broker-dealers understand the compliance and operational issues presented by digital signatures as they relate to their business. Our consultants can assist in designing customized procedures that will detail the steps needed to address digital signature requirements as they relate to your firm.
For more information about digital signatures, forgery, and falsification, or to find out how we can help your firm comply, please reach out to your ACA consultant or contact us below.