US brokerage units of JPMorgan Chase & Co. and UBS Group AG agreed to pay a combined $2.1 million in penalties to settle allegations from the Securities and Exchange Commission that they didn’t have the proper policies and programs in place to prevent customer identity theft.

According to the SEC, from at least January 2017 to October 2019 the firms didn’t have sufficient procedures for detecting identity theft in connection with client accounts. The brokerages, which didn’t admit or deny the allegations, violated regulations that lay out requirements for financial firms’ prevention programs, the agency said on Wednesday.

JPMorgan agreed to pay $1.2 million and UBS $925,000 to settle the cases, the SEC said.

“Protecting the privacy and security of our client data is of the utmost importance to UBS,” the firm said in a statement, adding that it was pleased to have resolved the matter. “The SEC did not find that any clients were impacted and acknowledged that UBS had made substantial enhancements to its program.”

A representative for JPMorgan said the bank is committed to protecting clients from identity theft and fraud.

“The deficiencies described today were addressed years ago and there was no finding of client impact,” the spokesperson said. “The firm is in full compliance with regulatory requirements.”

-With assistance from Hannah Levitt and Sally Bakewell.

This article was provided by Bloomberg News.