The enforcement action focuses on Thrivent’s systems that allow representatives and customers to remotely sign documents.
After a customer electronically signed a document, Thrivent would receive a signature completion record. This record included the email addresses that sent and received the document, the cell phone numbers that received codes for two-factor authentication associated with the filing, and the numerical IP address of the device used to electronically sign the documents, according to FINRA.
However, Thrivent’s supervisory systems were “not reasonably designed to detect possible instances of electronic signature forgery or falsification,” because the firm did not outline how supervisors should assess the authenticity of an electronic signature. As a result, the firm did not reasonably investigate certain red flags in the certificates of completion, such as when a representative sent the email with the electronic signature link from their work email to their personal email address.
