FINRA recently released a Regulatory Notice 22-18, reminding firms about their obligation to supervise registered representatives to prevent falsification of digital signatures. Available at https://www.finra.org/sites/default/files/2022-08/Regulatory-Notice-22-18.pdf . FINRA’s guidance comes on the heels of multiple investigations concerning instances when registered representatives forged or falsified client signatures on account transfer documentation or on disclosure forms, “acknowledging a products alignment with the customer’s investment objective and risk tolerance . . . .”
FINRA’s notice explains the varied methods used to forge or falsify electronic signatures and how firms can thwart such forgeries or detect them after the fact. Generally, electronic signatures have an audit trail with identifying information such as the recipient’s IP address and e-mail address. Financial advisors have been admonished for sending documents to their personal e-mail addresses or to an assistant to sign the documents themselves. Firms also found instances where documents were sent to an IP address that was the same as the registered representative or that was inconsistent with the customer address on file. Sometimes representatives sent e-mails to the e-mail address associated with an outside business activity. FINRA’s guidance recommends that firms review correspondence to look for these red flags.
FINRA reports that, in some cases, administrative staff raised issues to management about pressure by representatives to manipulate the digital signature process. FINRA encourages training for such staff to encourage them to resists such pressure.
FINRA noted that some firms use an authentication process that asks the customers to answer certain questions to authenticate their signatures. The problem, however, is that representatives have been able to circumvent this process because they have enough information about the customer to answer the questions themselves. FINRA warns firms from relying solely on such authentication processes for supervision.
Of course, FINRA’s position and guidance make sense when a registered representative is trying to deceive their customer. FINRA, however, states that, “[f]orgery occurs when one person signs or affixes, or causes to be signed or affixed, another person’s name or initials on a document without the other person’s prior permission.” FINRA goes on to state that forgery is a violation of FINRA Rule 2010. FINRA’s definition of forgery does always line up with state law. For example, in New York and New Jersey, the crime of forgery requires an intent to defraud. The Model Penal Code adopted by many states also requires an intent to defraud or injure to establish forgery. So if a representative electronically signs a customer’s document solely for the customer’s convenience they have not committed forgery. For example, imagine that a customer mails a check to fund their account but forgets to endorse it. The registered representative decides to sign the customer’s name and deposit the check to avoid any delay in getting the money into the account. The registered representative is not guilty of forgery but we know that FINRA still deems this a violation of FINRA Rule 2010.
FINRA also states that it is only forgery when done “without the other person’s permission.” Is FINRA saying that a registered representative can sign a document on behalf of a customer, electronically or otherwise, if they have the customer’s permission? That seems doubtful. As a practical matter, every firm likely has a policy against letting registered representatives sign documents even with a client permission so it is not a wise thing to do. A violation of a firm policy, however, is not necessarily a violation of FINRA Rule 2010. “A FINRA Rule 2010 violation requires either bad faith or a breach of ethical norms in the industry. In the context of Rule 2010 violation, the SEC has defined bad faith as a dishonest belief or purpose, and unethical conduct as conduct inconsistent with the moral norms or standards of professional conduct.” It would seem that when it comes to forgery and Rule 2010, FINRA should start differentiating between bad faith behavior designed to harm or deceive a customer and behavior that is solely to avoid inconveniencing a customer.
 Dep’t of Market Reg. v. Paul C. Dotson, 2015 FINRA Discip. LEXIS 47, at *83 (OHO Aug. 7, 2015) citing Blair Alexander West, Exchange Act Release No. 74030, 2015 SEC LEXIS 102, at *20 (Jan. 9, 2015) and Edward S. Brokaw, Exchange Act Release No. 70883, 2013 SEC LEXIS 3583, at *33 (Nov. 15, 2013).