According to FINRA, Thrivent Investment Management Inc. was censured and fined $325,000 for failing to establish and maintain a supervisory system reasonably designed to detect possible instances of signature forgery or falsification.
Firm registered representatives electronically signed customer names on documents, including documents that were required books and records of the firm. While Thrivent's written supervisory procedures required representatives to obtain authentic customer signatures on firm documents, the procedures did not include any procedure to supervise the use of electronic signatures or provide reasonable guidance to supervisors on what to look for in assessing whether an electronic signature was genuine.
As a result, the firm did not reasonably investigate certain red flags contained in certificates of completion, such as instances where representatives sent a document from their work email address to an email address not recorded in the customer's account information (such as their personal email address), sent an authentication code to their own cell phone number, or instances where the representative's and customer's remote signatures were sent from the same IP address. The firm failed to detect that certain representatives sent documents requiring a customer's electronic signature to their own personal and work email addresses, sent corresponding authorization codes to their own phones, and then falsified or forged customer electronic signatures on firm documents.
FINRA noted that the falsifications and forgeries were not in furtherance of unauthorized activity, there was no customer harm, and no customer complained. Nevertheless, the maintenance of accurate books and records is a fundamental regulatory requirement, and the forgery of customer signatures, even without fraudulent intent, represents a serious breach of trust and compliance obligations.
This case highlights the challenges firms face in supervising electronic signature processes. While electronic signatures offer convenience and efficiency, they also create opportunities for abuse if not properly supervised. Firms must implement controls to verify that electronic signatures are actually being executed by customers, not by representatives on customers' behalf. Investors should be alert to requests to provide authentication codes or to sign documents through unfamiliar processes.
