Between September 2015 and October 2018 GWFS, a registered broker-dealer, failed to send off certain suspicious activity reports with the US Treasury Department’s Financial Crimes Enforcement Network and also sent SARs that lacked important information that it had and was required to report.
GWFS provides services to retirement plans. In 2015-18 it detected fraudsters trying in increasing numbers to gain access to monies in the retirement accounts of individual plan participants, generally by the use of improperly obtained personal identifying information. They often knew the electronic login information (user names, email addresses, passwords etc) of the plan participants. GWFS spotted most of these attempts before money could change hands, but not all. These attempts, whether or not the fraudsters obtain the funds, are known as “account takeovers.”
At all times GWFS knew that it had to report account takeovers (and, indeed, any transactions that have no good business purpose or apparent lawful purpose) involding $5,000 or more apiece in accordance with the Bank Secrecy Act 1970.
GWFS decided throughout the era that the fraudsters had not obtained any personal information by hacking its systems; the regulator, in its cease-and-desist order, seems to view this stance as a trifle complacent.
At any event, GWFS failed to send off approximately 130 SARs, some of them after it had detected external people gaining, or trying to gain, access to retirement accounts. It also sent off 297 SARs that did not include the right information.
Exchange Act Rule 17a-8 (issued under section 17(a) Exchange Act) requires broker-dealers registered with the SEC to comply with the reporting, record-keeping, and record retention requirements of the BSA and it is this that the SEC has accused GWFS of breaking.