Great-West B-D to pay $1.5 million over retirement account failures
The Securities and Exchange Commission says the firm knew that hackers were trying to access participant accounts but didn’t report them.
The Securities and Exchange Commission has censured and imposed a $1.5 million penalty on Colorado-based GWFS Equities, a broker-dealer affiliate of Great-West Life & Annuity Insurance Co. that specializes in managing retirement accounts, for failing to file approximately 130 suspicious activity reports.
GWFS is record keeper for retirement plans with approximately 9.4 million participant accounts and more than $700 billion in assets, according to the SEC.
The SEC charged that from September 2015 through October 2018, GWFS was aware that hackers were making increasing attempts to gain access to the retirement accounts of individual plan participants.
[More: Cybersecurity is a ticking time bomb for 401(k)s]
“GWFS was aware that the bad actors attempted or gained access by, among other things, using improperly obtained personal identifying information of the plan participants, and that the bad actors frequently were in possession of electronic login information such as user names, email addresses and passwords,” the SEC said in a release.
The SEC said GWFS omitted important information on the nearly 300 SARs that it did file.
[More: Cybersecurity guidance for 401(k) fiduciaries is lacking, GAO says]
Retirees who saved up aren’t spending down
Learn more about reprints and licensing for this article.