On August 25, 2009, the Financial Industry Regulatory Authority ("FINRA") announced that it had barred from the securities industry Tamara Lanz Moon (a former sales assistant for Citigroup Global Markets Inc. ("CGMI") at the firm's Palo Alto, California, branch office) for wrongfully taking over $850,000 in funds from at least 22 customers, whom FINRA found she had targeted because they were elderly, ill, or otherwise vulnerable and unable to monitor their accounts. FINRA additionally charged her with falsifying numerous account records, engaging in unauthorized trades in customer accounts and related recordkeeping violations.
In furtherance of her scheme, Moon forged signatures on letters of instruction requesting unauthorized address changes, trades and transfers between and to accounts controlled by Moon for the purpose of paying her personal expenses, remodeling her home and making personal investments in other real estate properties. In settling this matter, Moon neither admitted nor denied the charges, but consented to the entry of FINRA's findings. Citigroup compensated the victims.
That was August 2009.
And then the days fall off the calendar and the hours tick by. Not six months. Not a year. Nearly two years come and go. Then, as if awakened from a deep slumber, FINRA takes some belated action against CGMI as a result of allegations arising, in part, from the Moon fiasco.
For the purpose of proposing a settlement of alleged rule violations and without admitting or denying the findings, CGMI submitted a Letter of Acceptance, Waiver and Consent ("AWC") to FINRA, which the self-regulatory organization accepted. In the Matter of Citigroup Global Markets, Inc., Respondent (AWC 2008013231502, August 9, 2001).
SIDE BAR: CGMI is a wholly-owned, New York City-based subsidiary of Citigroup Financial Products, Inc. and indirectly is a wholly-owned subsidiary of Citigroup, Inc. CGMI, a full-service broker-dealer, provides a full range of financial services including investment banking, underwriting debt and equity securities and providing financial advice to corporate and institutional clients. Among such services, CGMI trades securities for institutional and retail customers and proprietary accounts.
According to regulatory records, CGMI had previously consented to a $250,000 fine based on findings that it failed to establish adequate supervisory controls, including a separate system of follow-up and review relating to internal audits, at its Palo Alto Smith Barney branch office, the same branch office at issue in this Street Sweeper column. In Citigroup Global Markets, Inc., (NYSE Hearing Panel Decision 06-15, May 10, 2006).
According to FINRA, from approximately January 2001 to March 2008 (the "relevant period"), CGMI failed to supervise Moon, who the member firm terminated on March 31, 2008 after she admitted to misappropriating client funds. Don't pass too quickly over this preliminary fact: the relevant period is more than seven years in duration. Also, remember that Moon was not a stockbroker but a mere sales assistant.
As a result of an in-house investigation, CGMI determined that Moon had misappropriated $749,978 from 22 customers, falsified numerous account records and engaged in unauthorized trades in customer accounts. Accordingly, the firm reimbursed the victims.
Moon took advantage of CGMI's supervisory lapses at the branch to facilitate her wrongful taking of customer funds by targeting elderly, ill or otherwise vulnerable customers, whom she believed were unable to monitor their accounts. Moon's victims included her father, elderly widows, and a senior with Parkinson's disease.
In her role as a registered sales assistant, Moon provided operational support to registered representatives including processing new account applications and addressing irregularities identified by certain exception reports, among other duties. Consequently, those duties provided Moon with access to confidential client account information, which she used to the disadvantage of vulnerable firm customers.
CMGI used Experian Reports as a supervisory tool to detect red flags in new account applications, including information that may be inaccurate or fraudulent.
SIDE BAR: Experian describes itself as a global leader in business credit reporting and marketing services that help companies manage the risk and reward of commercial and financial decisions. The Experian Reports used by CMGI were designed to highlight the existence of mismatches between new account information and information kept in Experian's database.
During the period Moon was engaged in misappropriating funds from customer accounts, FINRA alleged that the Experian Reports provided to CMGI's Palo Alto Branch identified primary address mismatches in account opening documents. Notwithstanding, CMGI apparently relied on Moon's unverified (and often nonresponsive) explanations, such as that the client had moved. In one incident in which a report had identified social security numbers as belonging to deceased individuals, CGMI left it to Moon to resolve . Given that Moon was the individual who had entered the questionable numbers in the first place, that was a dubious practice, made worse by FINRA's allegation that there was inadequate follow-up.
FINRA also alleged that CMGI had failed to detect patterns of irregular and suspicious activity involving Letters of Authorization ("LOAs"), which were used to undertake transfers, disbursements and address changes in accounts used by Moon to misappropriate customer funds. CMGI's review of the questioned LOAs appears to have been little more than confirming that the documents were properly completed.
When confronted with examples of multiple transfers between unrelated accounts, CGMI did not satisfactorily inquire as to the circumstances, thus furthering Moon's machinations. Pointedly, FINRA was troubled by the "money in, money out" nature of several cash transfers from account X to account Y, and then shortly thereafter from account Y to an account controlled by Moon - such quick bursts of movement often indicate issues that need to be investigated.
Among the most classic of compliance red flags is when a customer bounces a check for insufficient funds - and when the customer is an employee, that's a doubly potent warning. Between January 1, 2006, and October 30, 2006, CMGI's Palo Alto Branch was notified on 20 separate occasions (some of those occasions involving multiple checks) that Moon's account potentially had insufficient funds ("NSF") to pay presented checks. Despite such NSF incidents, FINRA alleged that CMGI failed to take reasonable steps to follow up or investigate Moon's possible financial difficulties.
Recognizing (as do most FINRA member firms) that employee accounts (and employee "related" accounts) are best monitored through the use of a separate, dedicated range of account numbers to facilitate oversight, CMGI had such a protocol in place but, inexplicably, failed to assign the appropriate code to an account created by Moon in the name of her father. During the interval between the account's opening in August 2006 and its eventual employee coding in March 2007, FINRA found the activity in the father's account to be suspicious, including the transfer of funds between unrelated accounts and the issuance of a checkbook to Moon's residential address.
Among the first lines of defense for compliance oversight is the timely review of new account applications by a branch office. In deeming CGMI's policies deficient in this regard, FINRA noted that for 2007 to March 2008, one of the Palo Alto managers typically limited her review of new account applications to the four corners of the application to determine whether required fields had been filled out.
Perhaps aware of such a perfunctory once over, Moon created a new account for her father by using a different address from that which was reflected on his pre-existing, bona fide account. FINRA was particularly incensed by the fact that even a cursory review at the branch would have easily disclosed the discrepancy between the two addresses.
An even more glaring failure of oversight occurred when Moon created an account in the name of a customer after CGMI had been notified of his death; and, to add insult to injury, thereafter, Moon created a false account for the widow. On June 1, 2007, Moon caused the transfer of $10,440.46 from the false account of the deceased to the false account of his widow - and later in that month caused checks in the amounts of $5,000 and $2,500 to be issued from the bogus widow's account to Moon's personal bank account.
Following an investigation prompted by the Moon situation, FINRA concluded that CGMI had not engaged in reasonable supervision of customer accounts. Among the factors highlighted by FINRA were the firm's failure to implement a reasonable system concerning the supervision of employee accounts and accounts deemed abandoned property.
For example, an American diplomat working out of the U.S. Embassy in Rabat, Morocco had held custodial accounts at CGMI for each of his two daughters, but CGMI deemed those accounts abandoned in September 2002. Notwithstanding, from January to June 2003, Moon gained access to these accounts, engaged in unauthorized trades and misappropriated at least $48,000 in customer funds.
CMGI had in place something called a Risk and Control Self-Assessment ("RCSA"), which candidly strikes me as one of those high-fallutin' names that gives the impression of a far more serious undertaking than is often borne out by reality. However, that's an aside and an editorial, so take it for what it's worth. Regardless, using its RCSA and branch examinations, CMGI supposedly routinely tested branch supervisory systems. According to FINRA, CMGI failed in that testing process because of the numerous deficiencies that were not detected and/or timely acted upon.
For example, for the first quarter 2006, CMGI rated the Palo Alto Branch's review of employee accounts as "unsatisfactory." Despite this low rating, CMGI did not produce evidence that the branch had implemented a reasonable corrective action plan to address the deficiency. For the branch's fourth quarter 2006 evaluation, issues with employee accounts were again noted, and although the branch corrected the coding on the employee accounts identified in the report, it failed to implement a corrective action plan to address the broader deficiency. All of which underscored FINRA's concern that CMGI did not have in place an adequate process. Pointedly, FINRA admonished CMGI for apparently relying solely upon employees to notify the firm of the opening of an employee/employee-related account, and thereafter, not ensuring their timely coding.
For the reasons cited above, FINRA imposed a Censure and a $500,000 fine upon CMGI.
FINRA makes a fair case against CMGI and I have no issue with the sanctions imposed via settlement. Nonetheless, what the hell took FINRA some two years to finally resolve the matter against CMGI? After all, given that FINRA announced its settlement with Moon in August 2009, did it really require two years to sanction CMGI?
From my perspective, FINRA should either have charged CMGI in mid-2010 and have gone to hearing by year's end; or, this matter seems to have been amenable to an announced settlement at least in 2010, at the very latest. All the facts noted in the Moon settlement that resulted in her being barred were, in and of themselves, sufficient to prosecute CMGI for failure to supervise. I find it hard to justify investing two more years of FINRA's time and resources in jawboning with CMGI.
Finally, why are there no individual CMGI managers or supervisors named by name in FINRA's press release or underlying regulatory documents? I doubt that a small member firm would get off without at least some human beings being named. CMGI is an acronym but that organization is not run by computers.
If FINRA found such significant supervisory lapses that a half million dollar fine was warranted, how is it that no human beings are referenced in the official regulatory report other than Moon? If CMGI is cited for failure to supervise, then there must have been some men and women who dropped the ball. If FINRA has cited such supervisors and managers separately in their own settlements, then they should at least be referenced in CMGI's.