Imposter Sends Email Wire Transfer Requests

August 19, 2013

Here we go again. An email from a customer. Or so it appears. And the customer desperately needs funds wired from the account. All of which sets off a cavalcade of compliance disaster.

For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, DeCarla Mathis submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. In the Matter of DeCarla Mathis, Respondent (AWC 2012033078801, July 31, 2013).

Mathis entered the securities industry in May 1999 and first became registered in 2001. From 2007 through June 2012, she was registered with Wells Fargo Advisors.  The AWC asserts that Mathis had no prior disciplinary history.

May 7th Email

During the morning of May 7, 2012, the registered representative for whom Mathis was working received an email, purportedly sent from a customer's personal email account.  This email requested the necessary information to initiate an outgoing domestic wire transfer of $27,530. Following receipt of the customer's request, the registered person forwarded the email to Mathis with instructions for her to process the transfer.

SIDE BAR: In 2012, Mathis worked as a Wells Fargo sales assistant, and her duties included processing certain transactions, including wire transfers.  The firm's policies and procedures required verbal customer authorization for wire requests in excess of $10,000.

Unknown to Mathis, the email was sent by an imposter.  In an effort to accomplish her assigned task, Mathis exchanged emails with the imposter, who sent the sales assistant what appeared to be a bona fide signed letter of authorization.  Following receipt of the authorization, Mathis falsely noted on a transfer form that she had both spoken with the customer and verified the wire instructions -- steps that were required by Wells Fargo Advisors' policies and procedures. In fact, Mathis had no conversations with the customer but had merely communicated via email with the imposter. 

On May 8, 2012, the funds were wired out of the customer's account.

May 9th Email

During the afternoon of May 9, 2012, Mathis received another email from the customer's personal email account (again sent by an imposter) requesting an international wire transfer of $85,500 to a bank in Malaysia. Following several email exchanges with who she thought was the customer, Mathis collected the necessary information and received yet another supposedly bona fide signed letter of authorization. Once again, Mathis falsely asserted on a transfer form that she had spoken to the customer and also confirmed the wire instructions. 

On May 9th, the funds were wired out from the customer's account.

SIDE BAR: The AWC asserts that Mathis was permitted to voluntarily resign by Wells Fargo Advisors in June 2012.

FINRA Sends Its Own Message

FINRA alleged that Mathis's preparation of two forms falsely attesting that she had spoken to the customer and having confirmed wire instructions constituted a violation of FINRA Rule 2010; and, moreover, such conduct caused Wells Fargo Advisors to maintain false books and records in violation of FINRA Rules 4511 and 2010.

In accordance with the terms of the AWC, FINRA imposed upon Mathis a $5,000 fine and a 30-day suspension from association with any FINRA member firm in all capacities.

Bill Singer's Comment

Yet another link in a growing chain of FINRA regulatory actions involving imposters and wire requests or letters of authorization.  Although I am sympathetic to the lowly sales assistants who typically wind up getting these seemingly mundane requests dumped in their laps, I am also mindful of the imperative to follow company policies and procedures when dealing with customer requests that emanate from emails.  By now -- in 2013 -- virtually all of us have been bombarded with bogus emails and the plague of Internet viruses attached to messages or hidden on some site.  Where once, perhaps a decade ago, it might have been more understandable if we blindly accepted the bona fides of an email, in this day and age, such a mind set is dangerous and, frankly, absurd.

As I have often noted in BrokeAndBroker, many in-house rules and regulations seem, at first blush, petty and silly.  On the other hand, it is only after someone fails to follow those so-called foolish policies that their purpose becomes clear.  Certain customer email requests should be confirmed, particularly when they involve transfers of substantial sums of money or seek the disclosure of confidential information.  

For the sake of expedience (and perhaps a misguided sense of customer service),  industry personnel often fail to go through the required steps of speaking with the customer at his or her phone number of record -- and, to compound that shortcoming, many industry folks merely go through the motions of checking off boxes affirming that a confirmation of instructions was received.  Sure, maybe the odds are in your favor. Maybe nine times out of ten it's not big deal. But that one time out of ten can be a killer. All of which leads us to messes such as this.

Think that Mathis is an isolated situation?  Think again.  READ: