Compliance is one space the place wealth administration corporations can’t afford to take shortcuts. That mentioned, with so many features of the enterprise requiring compliance checks, it’s tough to foretell which route regulators will take throughout an audit, and thus tough to assign compliance sources successfully. Predicting the place regulators will focus their investigations is like navigating with no map. Based mostly on present safety tendencies and up to date occasions within the wealth administration business, it’s a protected guess that digital signature fraud shall be an X on the audit map.
Because the COVID-19 pandemic necessitated distant work, wealth corporations have been compelled to shortly reinforce cybersecurity and processes for shielding delicate information. Digital signature processes have been assumed to be safe. That’s, till early 2023, when LPL Monetary, one of the most important impartial dealer/sellers obtained a $3 million nice after dozens of its brokers have been discovered to have falsified signatures.
It’s simple to grasp how wealth corporations have been lulled right into a false sense of safety. All common e-signature platforms tout their security measures. The massive nice supplies a painful reminder that corporations shouldn’t threat their status—or their purchasers’ information—on the idea that the outsourced surveillance of their digital signature safety processes has been absolutely and appropriately vetted.
Based mostly on FINRA Regulatory Discover 22-18, corporations ought to have the next insurance policies and procedures in place prematurely of a digital signature audit:
- Worker coaching on the right utilization of digital signature platforms and methods to establish potential forgery or different misuse;
- Pre-use checks on all digital signature platforms;
- Supervision of all digital signature platform utilization;
- Evaluate of buyer data and transaction information to establish potential digital signature fraud;
- Investigation of any potential situations of digital signature irregularities or points.
In case your agency doesn’t have all of those insurance policies and procedures in place, it’s time to re-evaluate your digital signature course of. In any other case, you can be headed for an costly and pointless penalty for not checking the tech behind the X in your digital varieties.
For 2024, it’s much more crucial compliance groups perceive their corporations’ digital signing processes. Among the many multitude of areas FINRA scrutinizes, they’ll actually need to guarantee corporations have reliable signer authentication in place, equivalent to multifactor authentication or ID verification; that compliance course of documentation is evident, concise, and up-to-date; and that these processes embody methodical surveillance for detecting digital signature fraud purple flags, e.g., the identical IP deal with, cell phone quantity, and/or electronic mail deal with used to authenticate the digital signature of a number of signing events.
As a result of monitoring for digital signature purple flags is a crucial a part of the supervisory system talked about particularly in RN 22-18, it is smart to pay explicit consideration to this side of your agency’s compliance posture. Importantly, consultants or subcontractors ought to embody related auditing capabilities and safeguards.
In case you haven’t already, inquire about your agency’s digital signature processes and the compliance insurance policies that govern them to see if they’re detailed sufficient to face up to an audit. If not, there’s no higher time than the current to start out.