by Howard Haykin

A small Madison, WI-based broker-dealer that provides retail B/D and IA services, agreed to a $50K fine to settle FINRA charges that it failed to have in place adequate supervisory policies and procedures to review and monitor the transmittals of funds from customer accounts to third-party accounts. [A lower fine was imposed after considering, among other things, the firm’s revenue and financial resources.]

FINRA FINDINGS.    In 2015, the firm had approximately 100 customers who utilized a bill payment service whereby regular fund transfers were made by the Firm from the customers' securities accounts to pay invoices from 3rd parties. For transfers involving $100,000 or more, the Firm's clearing firm required a letter of authorization ("LOA") signed by the customer.

That said, the firm’s WSPs did not address wire transfers of customers' funds to 3rd-party accounts. Instead, requests to wire funds from a customer's account to a 3^rd party account followed a routine and accepted practice at the Firm - - -

• Customers who utilized the Firm’s bill payment service would sign a blank LOA form, so they would not have to sign a new LOA for each 3^rd party funds transfer.
• When the customer made a request to wire funds to a 3^rd party account, a Firm representative or sales assistant would contact the customer - typically by email - about the specifics, which he or she would post to the copy of a (signed in blank) LOA.
• The LOA was then submitted to a compliance assistant, who reviewed the information and effected the wire transfer.
• The LOA was not sent to the customer for confirmation.

    HACK OF CUSTOMER’S EMAIL ACCOUNT AND UNAUTHORIZED TRANSFERS OF FUNDS.   In or about February 2015, a customer notified her registered rep (“RR”) that the Firm should expect her to request fund transfers in the near future from her trust account – though no details were provided at the time.

On February 27, 2015, the customer called the Firm and requested a wire transfer for $569,700.53 to a title company -  which the Firm processed as usual, using a pre-signed, but otherwise blank LOA form from the customer's file. Within the next few days, the customer's email account was hacked and the following 3^rd party wires were fraudulently requested via the customer's hacked email account:

1.  March 4, 2015 for $77,000 to "R.A. Transport & Sales Service";

2.  March 5, 2015 for $16,000 to "Sandra B";

3.  March 9, 2015 for $57,000 to "Chibi Betanjo Business Acct";

4.  March 9, 2015 $73,000 to "Transcom Limited";

5.  March 11, 2015 $61,300 to "Transcom Limited".

While the first request (for $77K) did not go through because the ‘R.A. Transport & Sales Service’ account was closed, the others – totaling $207,300 - were wired out of the customer’s account

    FRAUD DISCOVERED.    When the Firm received, yet, another wire request on March 11^th – this time to transfer $205,710 to a company in Malaysia - the Firm became suspicious and called the customer to confirm. The customer said the transfers were fraudulent. The Firm and its clearing firm were able to retrieve all but $61,932.35 of the previously wired funds.  

A month later, the Firm reimbursed this remaining amount to the customer, and self-reported the violations to FINRA, under FINRA Rule 4530, Reporting Requirements.

This case was reported in FINRA Disciplinary Actions for October 2018.

For details on this case, go to ...  FINRA Disciplinary Actions Online, and refer to Case #2015045144001.