Representing financial professionals, financial institutions and investors in investment loss, employment and disclosure matters, and in regulatory investigations nationwide.

FINRA penalizes SoFi $1.1 million for violations involving fraud prevention

On Behalf of | May 10, 2024 | FINRA Compliance

Brokerage firm SoFi Financial was hit with a $1.1 million fine from the Financial Industry Regulatory Authority over fraud prevention failures, ThinkAdvisor reported.

The San Francisco-based firm was found to have failed to establish and maintain a reasonable Customer Identification Program for SoFi Money, its cash management brokerage account that included check writing and debit cards.  As a result, third parties transferred millions from customer accounts without authorization, leading to $2.5 million in stolen funds.

SoFi accepted and consented to the findings by FINRA without admitting or denying them.  Along with the financial penalty, the firm was also censured.

FINRA detailed the allegations in a letter of acceptance, waiver and consent.  The authority said that from December 2018 through April 2019, SoFi used a largely automated process to approve the opening of SoFi Money accounts that was not reasonably designed to verify the customers’ identity.  As a result, it was vulnerable to fraud perpetrated by third parties using fictitious or stolen identities.

It was determined that the firm approved the opening of about 800 accounts that third parties then used to transfer approximately $8.6 million from the accounts of customers at other financial institutions without authorization.  About $2.5 million of those transfers were then withdrawn by these third parties from the SoFi Money accounts.  These were violations of FINRA Rules 33 l0(b) and 2010.

By using the stolen or fictitious identities, the applicants were able to link the accounts they had opened on the SoFi money platform to external bank accounts they had fraudulently accessed.  They used the SoFi platform to extract money from those separate accounts into SoFi money accounts and withdraw it through ACH transfers, ATM withdrawals and debit card purchases.

According to FINRA, SoFi also failed to develop and implement a written Identity Theft Prevention Program reasonably designed to detect, prevent, and mitigate identity theft, thus violating Rule 201 of Regulation S-ID of the Securities Exchange Act of 1934 and FINRA Rule 2010.

Regulators said the case originated when SoFi self-reported to FINRA that third parties had fraudulently transferred funds from accounts at unaffiliated financial institutions without authorization to SoFi Money accounts.

The attorneys at Lewitas Hyman include former senior attorneys at the SEC whose legal experience and industry knowledge make them uniquely qualified to provide counsel on securities regulatory, compliance and enforcement matters. Our attorneys fully understand the regulatory scrutiny financial professionals and their firms face from the various regulators that oversee the financial services industry. If your firm is facing an investigation from a regulatory agency, please contact Lewitas Hyman at (888) 655-6002 or through our online contact form.