MVA White Collar Defense, Investigations, and Regulatory Advice Blog

In response to ever increasing reports of forgery and falsification of records in the digital signature space, FINRA issued Regulatory Notice 22-18. This Notice reminds FINRA members of relevant regulatory obligations, while also addressing misuse scenarios and identification methods, in order to help members mitigate risk in this area.

In the Notice, FINRA highlights that forgery occurs when an individual “signs or affixes, or causes to be signed or affixed,” the name of another person to a document without that person’s prior permission. FINRA further stated that falsification occurs when a person “creates a document or entry in a member firm’s system that creates a false appearance by including altered or untrue information.” See Regulatory Notice 22-18 at 1-2. FINRA also reminds members that by engaging in forgery and falsification, associated persons violate the high standards of commercial honor and just and equitable trade mandates of FINRA Rule 2010. FINRA further stated that where the forged or falsified document is a record maintained by the member firm, the person also violates the accurate record keeping requirements of FINRA Rule 4511.    

FINRA’s disciplinary sanctions for these types of violations can be significant. For example, in one matter, FINRA found that a former broker had electronically forged and had also falsified annuity applications, which were submitted to the firm without the customers’ authorization or consent. The forgery involved digital signatures which were executed through the use of a fake email address for the customers, and the email address was also used to impersonate those customers.  FINRA further found that the broker provided false and misleading information during its investigation. Without admitting or denying the findings, the broker agreed to be barred from associating with any FINRA member. See FINRA AWC No. 2018059175201 (Aug. 13, 2021), available at https://www.finra.org/rules-guidance/oversight-enforcement/finra-disciplinary-actions-online.

In Regulatory Notice 22-18, FINRA reiterated the responsibility of member firms to establish and maintain a supervisory system that is reasonably designed to achieve regulatory compliance in the context of forgery, falsification, and recordkeeping. FINRA also mentioned the obligations of member firms to identify and respond to red flags of misconduct.

Regulatory Notice 22-18 also discusses various scenarios where the misuse of digital signatures has occurred, as well as the methods that firms have used to detect such misconduct, including:

• Customer inquiries or complaints about the forgeries or falsifications in scenarios such as those involving account transfers;
• Digital signature audit trail reviews where data for the electronic signatures was inconsistent with the customer’s IP address or physical location;
• Electronic correspondence reviews where forms are electronically signed through email addresses that do not belong to the customer;
• Administrative staff inquiries where such staff raised questions to the firm about representatives directing them to improperly use the electronic signature process in what representatives claimed were acceptable accommodations to the customer; and
• Customer authentication process circumvention where representatives have access to and use customer information in order to verify customer signatures as if they were the customer.

Given the prevalence of electronic signature use in the industry today, FINRA member firms and their associated persons should review Regulatory Notice 22-18 for further information.