May 12, 2021
Registered broker-dealer GWFS Equities Inc.
will pay a penalty of $1.5 million
to settle allegations that it failed to respond appropriately when it detected external bad actors gaining, or attempting to gain, access to the retirement accounts of participants in the employer-sponsored retirement plans it serviced, including through the use of improperly obtained electronic login information, user names, email addresses, and passwords. There was no allegation that this personal identifying information was disclosed in a breach of GWFS systems. However, the bad actors used this information to request distributions from plan participant accounts. While GWFS detected and blocked many of these attempts, the SEC charged that GWFS failed to file suspicious activity reports, or filed incomplete SARs, with respect to the account takeovers. SEC