Kyle Brasseur, 12 May 2021
A Colorado-based broker-dealer will pay $1.5 million as part of a settlement with the Securities and Exchange Commission (SEC) announced Wednesday for lapses in the filing of suspicious activity reports (SARs) related to the threat of cyber-breaches.
GWFS Equities, an affiliate of Great-West Life & Annuity Insurance Company, provides services to employer-sponsored retirement plans. The company was allegedly the victim of multiple attempts by bad actors to access the retirement accounts of individual plan participants. GWFS failed to file approximately 130 SARs related to these incidents as required, according to the SEC.
The details: From September 2015 through October 2018, GWFS was aware of the breach attempts. The bad actors were often in possession of the electronic login information—such as usernames, email addresses, and passwords—of plan participants in attempting to breach the accounts, according to the SEC’s order.
GWFS warded off most these attempts, though some were successful, the SEC noted. Regardless, the incidents are required to be reported under the Bank Secrecy Act (BSA) and regulations from the Financial Crimes Enforcement Network (FinCEN) when the attempted breach involves at least $5,000.
Of the nearly 300 SARs GWFS did file regarding the incidents, none included the “five essential elements”—who? what? when? where? and why?—firms are expected to include as stated by FinCEN, according to the SEC.