Hacker Tricks Morgan Stanley In Wire Transfer

January 27, 2014

Here we go again. Another email request for a wire transfer. Another stockbroker handing the matter off to a sales assistant. And, just as usual, FINRA comes down on the lowly sales assistant when things go awry.

For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, Magnolia Gaerlan submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. In the Matter of Magnolia Gaerlan, Respondent (AWC 2013036717601, January 15, 2014).

In 1996, Gaerlan entered the securities industry and by 2009 she was employed at Morgan Stanley Smith Barney LLC as a registered sales assistant until her resignation on October 3. 2013. The AWC asserts that Gaerlan had no prior disciplinary history.

July 11th Email

On July 11, 2011, a stockbroker to whom Gaerlan was assigned received an email from a Morgan Stanley customer's personal email account requesting that $250,000 be wired out to a third-party's account. The customer's email explained that the transfer was needed in order to utilize the funds to finance a new business. At the time, the account held some $265,000 in assets.

The AWC states that the customer and the stockbroker exchanged several emails during the day in which they discussed the timing of the wire transfer, the source of funds, and the account to which the funds should be transmitted. At the stockbroker's request, the customer provided routing instructions. 

Enter The Sales Assistant

In accordance with Morgan Stanley policies and procedures, the stockbroker allegedly asked registered sales assistant Gaerlan to send a blank Letter of Authorization ("LOA") to the customer for his completion. Thereafter, the stockbroker received an email from the customer with an attached, executed LOA authorizing the $250,000 transfer to a foreign bank account.

By The Book

The AWC alleges that during the relevant times, Morgan Stanley's policies and procedures required that registered representatives receive verbal authorization before processing wire transfer requests. Moreover, the firm required that the registered person confirm via a prescribed protocol that they were speaking with the customer or authorized agent. Further, registered representatives were required to complete a Verbal Client Instructions for Same Name or Third Party Fed Funds ($100,000 or Less) Form ("Form VCI") indicating that they had spoken with the customer and verified the customer's identity. For wire transfers over $100,000, registered representatives had to complete a Verification Form and submit an LOA on which they indicated that they had spoken to the customer. 

SIDE BAR ON THE MYSTERIES OF LIFE AND WALL STREET: The AWC asserts that although Gaerlan "believed" that the stockbroker had "spoken" to the customer, in fact, the stockbroker asserted that he did not tell Gaerlan that he had spoken to the customer. Odd bit of parsing of language by FINRA in this AWC.  The self-regulatory organization goes to some pains to assert that the unnamed stockbroker never told Gaerlan that he had spoken to the customer.  
    • Did Gaerlan ask the stockbroker whether such a conversation had occurred but the broker side-stepped the issue and didn't respond?  
    • Did the stockbroker merely -- and meticulously -- tell Gaerlan that he had "communicated" or "emailed" the customer but never, ever, no way, said that he had "spoken" with the customer?  
    • Was the stockbroker reprimanded or disciplined by Morgan Stanley and/or FINRA?  
Oh well, life is a mystery filled with questions, many of which are never answered.  

And Away We Go

According to the AWC, Gaerlan affixed a stamp to the LOA on which she falsely indicated that she had spoken to the customer on July 12, 2011. Also, Gaerlan falsely stated on a July 14, 2011, Verification Form that she had spoken to the customer and verified the wire instructions. The $250,000 wire was processed in response to the submission of the Verification Form and the LOA.

July 15th Email

On July 15, 2011, the customer requested that the stockbroker wire out the remaining $15,000 balance in the brokerage account - this time the purported reason for the transfer was home repairs. The stockbroker promptly forwarded the email to Gaerlan for processing but, once again, the AWC asserts that the stockbroker did not tell Gaerlan that he had spoken with the customer. 

The AWC asserts that on a July 15, 2011, VCI Form, Gaerlan falsely stated that she had spoken to the customer. Once again, in reliance of the submitted form, Morgan Stanley wired out $15,000 to the customer. 

Surprise, surprise, surprise!

As it turns out - and I'm sure that this will likely come as a big "duh" to most of you - the emails from the so-called customer weren't from the customer but, in reality, the dastardly efforts of someone who had hacked into the victim's email account. Voila!  Yet another email imposter has struck Wall Street. (Yawn).

The FINRA Woodshed

The AWC asserts that Gaerlan violated FINRA Rule 2010 by falsely stating on the VCI and Verification Forms and the LOA that she had spoken to the customer and confirmed the wire transfer instructions. Further, her conduct resulted in Morgan Stanley maintaining false books and records in violation of NASD Rule 3110 and FINRA Rule 2010. In accordance with the terms of the AWC, FINRA imposed upon Gaerlan a $5,000 fine and a one-month suspension from association with any FlNRA member firm in all capacities

Bill Singer's Comment 

Excuse my bluntness but just when in the hell will the industry and FINRA wake up and recognize a recurring pattern with these email hacker wire transfer cases?  Routinely, the whole weight of regulation seems to come down on the sales assistant. And just as routinely, we are advised that these sales assistants "believed" that their stockbroker had spoken to the customer or that the broker had at least confirmed the bona fides of the requested wires. 

Wall Street compliance policies seem to place the onus for verification of emailed wire transfer requests on "a" registered person and, gee, you'd sort of think that such an approach would require the servicing stockbroker to personally telephone or contact the customer to ensure everything is proper.  Except, you know, the policies don't exactly say that the onus will be on the registered stockbroker and, go figure, there seems to be some loophole that literally removes the regulatory noose from the stockbroker and places it around the neck of a registered sales assistant. A registered sales assistant who is typically compensated at a far, far, far lower level than the registered stockbroker. A registered sales assistant who is typically a woman.  

Amazing, ain't it?  Somehow the lower-paid women on Wall Street always seem to be set up as the fall guy . . . ummm, sorry, fall girl . . . in the industry's compliance and regulatory scheme. What a shock (he says with dripping sarcasm).

SIDE BAR: Also read:
Perhaps it's time to put some skin in the game and hold the registered stockbroker liable as well as his lowly sales assistant when these wires for hacked accounts are processed without someone actually reaching out and speaking to the customer.  A truly novel idea would be to prepare an internal form on which both the stockbroker and the sales assistant confirm that they have independently each verified the sender's identity as the customer and have further confirmed with the customer that he/she requested the transfer.