The SEC has settled charges against GWFS Equities Inc., a Colorado-based registered broker-dealer and affiliate of Great-West Life & Annuity Insurance Company, for violating the federal securities laws governing the filing of suspicious activity reports. GWFS provides services to employer-sponsored retirement plans.
According to the order filed by the SEC, from September 2015 through October 2018, GWFS was aware of increasing attempts by external bad actors to gain access to the retirement accounts of individual plan participants. The order further finds that GWFS was aware that the bad actors attempted or gained access by, among other things, using improperly obtained personal identifying information of the plan participants, and that the bad actors frequently were in possession of electronic login information such as user names, email addresses, and passwords.
The order stated that GWFS failed to file approximately 130 SARs, including in cases when it had detected external bad actors gaining, or attempting to gain, access to the retirement accounts of participants in the employer-sponsored retirement plans it serviced. Further, for nearly 300 SARs that GWFS did file, the order finds that GWFS did not include the “five essential elements” of information it knew and was required to report about the suspicious activity and suspicious actors, including cyber-related data such as URL addresses and IP addresses.
Without admitting or denying the SEC’s findings, GWFS agreed to a settlement that imposes a $1.5 million penalty, a censure, and an order to cease and desist from future violations.