Wells Fargo Hit By Email Hacker LOAs

June 19, 2013

These days, you just never quite know who you are dealing with online.  Email, instant messaging, social media -- sure, their "handle" or address says one thing but are you really sure about who is behind the message?  Consider the ramifications to one Wall Street employee's career when the sender may not have been the customer.

For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, Jennifer Marie Burton submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. In the Matter of Jennifer Marie Burton, Respondent (AWC 20120328433, June 12, 2013). 

Burton entered the securities industry in June 2004 as a sales assistant and first became registered in 2005. Between June 2007 and May 2012, Burton was employed as a registered sales assistant with Wachovia Securities, LLC (k/n/a Wells Fargo Advisors, LLC) in its  Westwood branch office in Los Angeles, CA, where she was responsible for assisting approximately four registered representatives.  The AWC asserts that Burton had no prior disciplinary history.

Gone Phishing?

In April 2012, while a broker was on vacation, Burton was granted delegate access to the broker's Wells Fargo email account in order to respond to any customer inquiries. On April 9, 2012, the broker received an email purporting to be from a customer requesting the balances in his accounts, as well as information concerning wiring funds from the account both domestically and internationally.  

In and of itself, a fairly mundane communication. Branch offices get similar ones multiple times each day. Unfortunately, the customer's personal email address had been hacked into and that hacker was pretending to be the customer -- hiding behind the email address on the  subject email to the vacationing broker.  In the initiating email, the imposter stated that he would be "very busy today."

Down The Slippery Slope

Burton replied to the imposter from her Wells Fargo email address indicating that the broker was out of the office, but that she could assist. Burton provided the imposter the account balances for the customer's three accounts (which included a family account opened in January 2009 by the customer and his wife with the now vacationing broker) and attached a blank LOA form to complete and return to her for wire transfer requests. 

Later on April 9th, the imposter sent Burton another email requesting two cash transfers totaling $85,000 from the  Family Account to "his clients" in Australia and faxed two LOAs to Burton. The imposter requested the wire transfer occur on April 10,2012. The two LOAs were purportedly signed by the customer, but were missing the account's number and a recitation of the purpose for the wire transfers. 

Two April 9th LOAs

The first April 9, 2012 LOA was for the transfer of $43,000 from the Family Account to a third-party's bank account in Australia. The imposter also provided the third-party's account number and routing number at the Australian bank. 

The second April 9, 2012, was for the transfer of $42,000 from the Family Account to another third-party's bank account in Australia ("Second LOA"). The imposter also provided this third-party's account number and routing number at the Australian bank. 

Filling In The Blanks

On April 10, 2012, Burton entered the missing account numbers and the purpose for the wires in the document verification forms for the two LOAs. In contravention of her firm's written procedures, Burton falsely represented on the document verification forms that she:

spoke to the client this morning to confirm the instructions and he advised that the funds should come out of [LM Family] and that the funds are being sent to his business partner in Australia. 

Burton forwarded the document verification forms for the LOAs to the operations department for review. In the comments field on the Service Request for each of the LOAs, Burton apparently noted that she had confirmed the instructions with the customer that morning, who indicated to her that he was wiring funds to his partner in Australia to invest in property. 

The AWC alleges that, in fact, Burton, never spoke with the customer and the imposter never provided Burton with a purpose, i.e. investing in property, for the wire transfer requests or a business partner. 

April 11th Requests

On April 11, 2012, the imposter requested that an additional $23,000 and $52,000 be wired from the Family Account to a bank in Florida and another bank in Australia. 

SIDE BAR: During the relevant times of the transactions noted above, Burton's firm had in place the following policies and procedures, which required employees to process wire transfer requests in a firm web-based system called Service Request
For wire transfer requests over $10,000, firm personnel were required to verbally confirm the wire instructions with the customer, as well as verify the client's identity during that discussion. 
Employees were required to enter notes of the verbal confirmation into a comment box on Service Request
Moreover, customers were required to sign a Letter of Authorization ("LOA") when requesting a disbursement of funds to a third-party or an account with a different name or account registration. 

Tripping The Alarm

Although unexplained why in the AWC, at this point, Burton apparently became suspicious of the wire request activity and finally telephoned the customer to verify the requests. The customer informed Burton that he never made any wire transfer requests. 

Thankfully, the firm was able to reverse the wire transfer instructions and return the $43,000 and $42,000 subject to the two April 9th LOAs to Family Account without any loss to the customer. 

SIDE BAR: During the relevant times of the transactions noted above, Burton's firm had the following Policies and Procedures required employees to process wire transfer requests in a firm web-based system called Service Request. For wire transfer requests over $10,000, firm personnel were required to verbally confirm the wire instructions with the customer, as well as verify the client's identity during that discussion. Employees were required to enter notes of the verbal confirmation into a comment box on Service Request. Moreover, customers were required to sign a Letter of Authorization ("LOA") when requesting a disbursement of funds to a third-party or an account with a different name or account registration. 

Paying The Price

On June 4, 2012, the Wells Fargo notified FINRA that Burton was terminated for falsely stating that she spoke with a customer to confirm  wire instructions notwithstanding that she did not speak with the customer.  

Pursuant to its investigation, FINRA asserted that by falsely attesting on the firm's document verification forms and wire service request forms that she spoke with the customer, as well as providing a fictitious purpose for the wire request, Burton violated FINRA Rule 2010. Burton also violated FINRA Rules 4511 and 2010 by causing her FINRA regulated broker dealer to maintain false books and records concerning these wire transfer requests. In accordance with the terms of the AWC, FINRA imposed upon Burton a $7,500 fine and a one-month suspension from associating with any FINRA regulated broker-dealer in any capacity. 

Also READ:  
NEW EPISODE OF 
SIDE BAR WITH BILL SINGER 
NOW ONLINE
Brian Carlis, Esq. Talks About Industry Arbitration