Email Imposter Thwarted At Morgan Stanley

January 16, 2014

It's a new year but the same-old-same-old compliance and regulatory issues bedevil Wall Street.  We start 2014 with another installment of how emails and Letters of Authorization ("LOA") challenge those industry men and women who just don't have a penchant for following their firms' policies and procedures.  In today's BrokeAndBroker Blog, we have the story of one particularly obstinate registered person -- who was previously warned about getting a client's authorization to transfer funds and didn't quite learn her lesson.

Note: As of August 22, 2018, the Blog has redacted the respondent's name in its sole discretion.

For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, Respondent submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. In the Matter of [REDACTED], Respondent (AWC 2013036479301, January 7, 2014).

In 1997, Respondent entered the securities industry and subsequently was registered with Morgan Stanley from 1999 until March 2013.

Once Burned

On November 13, 2012, Morgan Stanley had issued to Respondent a Letter of Education for falsely indicating on a LOA submitted for processing that she had received the client's verbal authorization to transfer funds. In that instance, an imposter had hacked into the client's email account and sent a forged LOA requesting a $10,000 transfer to a third party account. In contravention of Morgan Stanley policy, Respondent did not verbally confirm the request with the client. Thankfully, Respondent had discovered the fraudulent attempt before the transfer of funds occurred.

Half As Wise?

On March 1, 2013, a Morgan Stanley sales assistant forwarded to Respondent an e-mail request to wire $68,300 from a customer's account to a domestic third-party beneficiary. The request and wire instructions appeared to have originated from the customer's email account. In response, Respondent (who was employed at the branch as a registered sales assistant) replied that she needed a signed LOA, which was subsequently provided with the client's signature. 

The AWC concedes that Respondent "under the mistaken belief that a verbal confirmation had been obtained, processed the wire transfer without first getting verbal confirmation of the wire request . . ." In processing the LOARespondent falsely indicated to Morgan Stanley that she had obtained the customer's verbal approval. On March 5, 2013, Respondent submitted the wire transfer request for processing. 

Where There's Smoke . . .

On March 6th, the previously wired-out $68,300 was reversed and returned to the customer's account because of an  incorrect account number (provided by the customer) for the receiving bank account. 

On that same day, the customer submitted another signed LOA with instructions to wire $168,300 to a different third party. Yes, the replacement LOA and wire instructions had been upped from $68,300 to $168,300. In response to this second set of instructions, Respondent tried to reach the client on his cell phone, but was only able to leave a voicemail. Once again, although Respondent had not, in fact, spoken to the customer, she again falsely confirmed to her firm that she had obtained verbal approval from the client. This time around, Respondent apparently didn't even operate under a mistaken belief. No verbal confirmation had been obtained and, notwithstanding, the wire transfer request was submitted for processing.

Uh Oh

In the afternoon of March 6th, the customer responded to Respondent's earlier voicemail and informed her that he had not previously requested wire transfers from his account. Thereafter, Morgan Stanley recalled the wire and the customer did not sustain any losses arising from the transfers. 

A Nasty Surprise!

Yup -- the sender of the two emails on March 1 and March 6 was an imposter who had apparently hacked into the customer's email account and submitted forged signatures and bogus wire transfer requests.

No Harm But Plenty Of Fouls

On March 11, 2013, Morgan Stanley terminated Respondent's employment as a result of her apparent disregard of the prior warnings in the Letter of Education and the recurrence of another wire-transfer compliance violation. 

FINRA asserted that by falsely stating that she spoke with the customer to confirm wire transfer instructions, Respondent violated FINRA Rule 2010. Moreover,  Respondent also violated FINRA Rule 4511 and FINRA Rule 2010 by causing Morgan Stanely to maintain false books and records. In accordance with the terms of the AWC, FINRA imposed upon Respondent a $5,000 fine and a 30-day suspension from association with any FINRA member firm in all capacities.

Bill Singer's Comment

The first email from the imposter was apparently not sent directly to Respondent but to the servicing stockbroker's sales assistant. The AWC does not explain why the assistant who first received the email did not process the request but passed it on to Respondent. A possible explanation is that Respondent is described as a "registered" sales assistant, whereas the employee who received the email is merely described as a "sales assistant." Regardless of what a registered sales assistant may do in addition to an unregistered counterpart,  that predicate issue is not raised by me to offer an excuse for Respondent's handing of the wire request. 

The AWC made a point of noting that in response to the processing of the first wire request, Respondent handled the transfer under the mistaken belief that a verbal confirmation had been obtained.  Frankly, FINRA should have minimally explained the basis for Respondent's belief: Was she relying upon any representations made by the other sales assistant, was she relying upon policies/protocol that the other sales assistant presumably should have followed prior to handing off the email request?   Notwithstanding that the AWC has not satisfactorily addressed the predicate conduct at issue, the sanctions imposed upon Respondent seem fair given her prior misconduct and the potential for disaster posed by not confirming the bona fides of any email request seeking to transfer money out of a customer's account.

Also READ: