The news: The Securities and Exchange Commission (SEC) has charged JPMorgan, UBS, and online broker TradeStation with having deficient customer identity programs. Elsewhere, the Consumer Financial Protection Bureau (CFPB) has fined U.S. Bank for opening unauthorized accounts.

Identity verification: The SEC said customer identification programs at JPMorgan, UBS, and TradeStation each violated the Identity Theft Red Flags Rule, or Regulation S-ID from January 2017 to October 2019. Regulation S-ID seeks to protect investors from the risk of identity theft.

• All three financial institutions were charged with not including reasonable policies and procedures to identify red flags for identity theft through customer accounts. The FIs’ programs also lacked policies and procedures on how to respond to identity theft red flags once they were identified.
• JPMorgan was also charged with failure to provide effective oversight of service providers and to train staff on how to effectively implement its identity theft prevention program.
• UBS did not perform periodical reviews on new and existing customer accounts to determine how its identity theft program should be applied to the accounts, nor did it properly train staff on program implementation or include its board of directors in oversight.
• TradeStation also neglected to include its board of directors in oversight duties and did not exercise oversight of service providers.

All three FIs agreed to cease and desist from future violations, to be censured, and to pay fines of $1.2 million, $925,000, and $425,000 respectively.

Unauthorized accounts: The CFPB issued a $37.5 million consent order against U.S. Bank for allegedly using customers’ credit reports without permission to open unauthorized bank accounts in their names.

• The bank set sales goals for its employees and offered incentives to sell products like checking and savings accounts, credit cards, and lines of credit.
• In addition to the fine, U.S. Bank was ordered to make the affected customers whole.

The bigger picture: The incidents reflect broader occurrences in the industry, like Wells Fargo’s account opening scandal, and TD Bank’s recent customer abuse allegations. But it’s surprising that these events continue to occur at such big financial institutions.

• Customers are willing to take extra steps to ensure their identity is protected. 73% of consumers who access financial accounts via multiple devices are willing to log in with alternative authentication methods.
• Banks also have powerful tools and programs at their fingertips. For example, Plaid offers customer identification and fraud detection services via APIs.
• And regulators won’t be turning a blind eye. In 2021 the Office of the Comptroller of the Currency (OCC) slapped Wells Fargo with a fine for violating a 2018 consent order regarding loss mitigation practices in its mortgage arm, indicating that agencies will follow through to ensure change—or at least monetary consequences—at offending banks.

The big takeaway: The recurring scandals and breaches of customer trust will eventually have long-term effects on banks. Reputation is key to maintaining customer relationships, and customers are paying attention now more than ever to how banks are treating them. With the proliferation of neobanks and the entrance of Big Tech and super apps into the banking space, customers have plenty of choices when deciding who manages their money. And some of these players have the advantage of already having gained customers’ confidence from interactions in other aspects of their lives.