Thanks to its ‘significant’ cooperation with investigating authorities, and subsequent implementation of remedial measures, GWFS Equities Inc. (GWFS) appears to have been spared some embarrassment and possibly stiffer penalties as the Securities Exchange Commission (SEC) accepted its offer of a settlement.
Colorado-based GWFS is a subsidiary of Great-West Life & Annuity Insurance Company and services retirement plans sponsored by employers. It has been under investigation for violation of federal securities laws related to filing reports of suspicious activities.
GWFS replaced key staff, added a dedicated team and systems for anti-money laundering activities, pinpointed responsibility for filing the required suspicious activity reports while implementing new procedures and policies and rolling out a training plan for it. Further, without denying or admitting the findings of the SEC, GWFS agreed to a penalty of $1.5 million and censure. It also agreed to an order to cease and desist from similar violations in the future.
The violations pertain to a period that starts in September 2015 and ends in October 2018. SEC has contended that during this period, GWFS was aware of increasing attempts being made by criminals to gain access to retirement accounts of participants of the individual plans. These attempts were made through improper obtention of the participants’ identifying information, frequently including digital access credentials such as usernames and passwords, apart from email IDs.
It appears that GWFS failed to file the required suspicious activity reports in almost 130 cases. These included instances detected by GWFS of criminals accessing or trying to access, participant accounts serviced by them.
According to the Financial Crimes Enforcement Network of the Treasury Department, reporting institutions ought to include the “who, when, what, why and where” of the activity under the lens, in order to strengthen the hands of the enforcement agencies responsible for investigating them.
GWFS has also been found to be negligent in the construction of these reports in almost 300 other cases, frequently failing to include the five essential elements even though they may have possessed those pieces of information. They also failed to provide cyber-crime-specific information such as URLs and IP addresses.
It is incumbent upon broker-dealers to report suspicious transactions, including ones that do not appear to have an apparent underlying reason.
Kurt Gottschall, director of the SEC’s Denver regional office, summed up GWFS’ failures and the potential impact of such failures with: “Across the financial services industry, we have seen a large increase in attempts by outside bad actors to gain unauthorized access to client accounts. By failing to file [suspicious activity reports] and by omitting information it knew about the suspicious activity it did report, GWFS deprived law enforcement of critical information relating to the threat that outside bad actors pose to retirees’ accounts, particularly when the unauthorized account access has been cyber-enabled.”