The Securities and Exchange Commission (SEC) in the US has penalised brokerage units of JPMorgan Chase & Co. and UBS Group for not maintaining proper measures to prevent customer identity theft.

The brokerages, which did not admit or deny the allegations, agreed to pay a combined $2.1m in penalties, reported Bloomberg News.

The SEC said that the firms’ identity theft prevention programs did not include enough procedures or policies in place to detect identity theft linked to client accounts from at least January 2017 to October 2019.

Additionally, the firms did not have sufficient procedures to respond appropriately to detected red flags of identity theft and failed to update their programmes to reflect changes to identity theft risks to customers.

This violated regulations that lay out requirements for financial firms’ prevention programmes, it added.

SEC Enforcement Division Crypto Assets and Cyber Unit acting chief Carolyn Welshhans said: “Today’s actions are reminders that broker-dealers and investment advisers must design and operate identity theft prevention programs that are appropriately tailored to their businesses and update them in response to the increased threat and changing nature of identity theft.”

JPMorgan will pay $1.2m and UBS $925,000 to settle the cases.

UBS said in a statement to the news agency: “Protecting the privacy and security of our client data is of the utmost importance to UBS.

“The SEC did not find that any clients were impacted and acknowledged that UBS had made substantial enhancements to its program.”

A spokesperson for JPMorgan told the news agency that the bank is committed to protecting clients from identity theft and fraud.

The person added: “The deficiencies described today were addressed years ago and there was no finding of client impact. The firm is in full compliance with regulatory requirements.”