Mon. Feb 6th, 2023

The Securities and Exchange Commission said Wednesday it has settled charges against GWFS Equities Inc., a Greenwood Village-based registered broker-dealer and affiliate of Empower Retirement, for not properly reporting attempts to hack into individual retirement accounts over a three-year period.

As part of the settlement, regulators fined the subsidiary of the retirement plan services giant $1.5 million and censured it for failing to file approximately 130 Suspicious Activity Reports, or SARs, on attempts, some successful, to illegally gain access to retirement plan accounts. Of the nearly 300 reports GWFS did file, some lacked the cyber information needed to help authorities track down the fraudsters, the SEC said.

“Across the financial services industry, we have seen a large increase in attempts by outside bad actors to gain unauthorized access to client accounts,” said Kurt L. Gottschall, director of the SEC’s Denver Regional Office, in a news release. “By failing to file SARs and by omitting information it knew about the suspicious activity it did report, GWFS deprived law enforcement of critical information relating to the threat that outside bad actors pose to retirees’ accounts, particularly when the unauthorized account access has been cyber-enabled.”

Between September 2015 and October 2018, GWFS saw repeated attempts to gain unauthorized access to the retirement accounts of individual retirement plan participants, the SEC said. The hackers often had improperly acquired personal identifying information, in some cases the electronic login information, including user names, email addresses and passwords.

By senior