Recently, FINRA accepted a letter of acceptance, waiver and consent from a brokerage firm to settle alleged rule violations. The settlement concerns a series of unauthorized Automated Clearing House (ACH) transfers from a senior trust customer’s brokerage account. Between December 2019 and April 2020, $332,457.73 was allegedly illegally transferred out of the account through 278 ACH transfers initiated by third parties that illegally obtained information relating to a checking feature attached to the consumer’s account. 

According to the letter, FINRA Rule 3110(a) mandates that member firms must establish systems to supervise associated persons and reasonably ensure compliance with securities laws, regulations, and FINRA rules, including the responsibility to investigate and act on red flags indicating misconduct. The failure to do so also constitutes a violation of FINRA Rule 2010, which “requires a firm to observe high standards of commercial honor and just and equitable principles of trade in the conduct of its business.”

The respondent firm allegedly failed to maintain an adequate system to review and monitor externally-initiated ACH transfers of consumer funds as their proprietary tool only monitored internally-initiated ACH transfers. As a result, none of the fraudulent transactions were flagged. The respondent firm also failed to identify several red flags in connection with such ACH transfers, including that the transactions were out of character for the customer, the volume of transactions as compared to any other account,  and not identifying five fraudulent transactions that were included on an end-of-year report.

Despite these oversights, the bank processing the ACH transfers ultimately credited back all the stolen funds to the customer’s account, and the respondent provided information to the bank to support the remediation.

Respondent agreed to a censure and to pay a $225,000 fine.