SoFi Securities LLC

SoFi Securities was fined $1,100,000 for findings that it created, and rolled out to the public, a cash management brokerage account wherein applicants were able to steal from customers of other institutions, and used the firm’s cash management brokerage account to withdraw the funds.

The findings stated that the firm approved the opening of approximately 800 accounts that third parties then used to transfer approximately $8.6 million from customer accounts at other financial institutions without authorization. Approximately $2.5 million of those transfers were subsequently withdrawn by these third parties from these accounts. Subsequently, all injured parties were reimbursed.

The findings also stated that the firm failed to establish and maintain a Customer Identification Program (CIP) reasonably designed to verify customers’ identity because its account approval process allowed opening of the cash management brokerage accounts without a reasonable review of potential red flags associated with some applicants.

The firm used a largely automated process to approve the opening of cash management brokerage accounts that was not reasonably designed to verify the customers’ identity and was, therefore, vulnerable to fraud perpetrated by third parties using fictitious or stolen identities.

The findings also included that the firm developed and implemented a program that was not reasonably designed to detect, prevent, and mitigate identity theft. The firm failed to identify cash management brokerage accounts as a covered account in its written Identity Theft Prevention Program (ITPP); failed to implement a reasonable program to respond to red flags of identity theft identified elsewhere in the ITPP; and failed to implement timely reviews of other red flags that it separately detected.