A Modern Tale of Cybercriminals, Fake ID, and a FINRA Arbitration

January 25, 2021

If your pocket has been picked, your first reaction is likely shock and anger. Then you want to find out who did it and exact some revenge. More often than not, your wallet's gone, your cash has been spent, and someone is online racking up charges on your stolen credit cards. Other than fuming, there's probably not much you can do. In a modern-day version of pick-pocketing, two brokerage firms got hit by fraudsters. One firm was targeted by cybercriminals, who traded via hacked customer accounts. The other firm was targeted by someone using a fake identity to open an account and trade through it. Apparently, two random frauds but for the fact that some of the losing trades in the hacked accounts may have generated winning trades in the fake-identity account. All of which seemed to invite a claw-back of sorts. Or so one of the firms argued.

Case In Point

In a FINRA Arbitration Statement of Claim filed in July 2020, FINRA member firm ChoiceTrade asserted against member firm Precision Securities causes of action for negligence and gross negligence, violation of Rule 10b-5, and failure to supervise. Claimant sought $175,695.42 in compensatory damages plus interest, and treble punitive damages, costs, and fees. Respondent ChoiceTrade generally denied the allegations and asserted various affirmative defenses. In the Matter of the Arbitration Between ChoiceTrade, Claimant, v. Precision Securities, LLC, Respondent (FINRA Arbitration Award 20-02321)

Respondent moved to dismiss pursuant to FINRA Code of Arbitration Procedure Rule 13504, which Claimant opposed. Following oral argument, the FINRA Arbitration Panel granted the motion to dismiss, and offered this rationale:

The Claimant in this matter was the victim of cybercriminals who hacked into several of their customers' accounts and conducted a number of trades which resulted in losses to these accounts. The Respondent was likewise the victim of fraud in which a party, using a false identity, opened an account, funded it, conducted a number of generally profitable trades, and withdrew funds from the account. Many of the trades in this account were involving the same securities as those in the accounts at the Claimant's firm which resulted in losses. 

The Respondent here is a direct access broker which provides a trading platform for experienced traders. The Respondent uses Vision Financial Markets LLC as an introducing/clearing arranger for them to execute and clear trades. An individual using a name (the SEC concluded they could not prove this was the individual involved in the account) opened a self-directed online trading account at Respondent which was funded and engaged in trading activity, resulting in profits, some of which were withdrawn and sent to a bank account in the same individual's name. The account was opened in typical fashion with a questionnaire filled out, two forms of identification provided, and background checks performed. The account was self-directed, there was no financial advisor for the account, no assistance, guidance or advise was provided to the account holder and the account entered its own trades. The activity in the account did not raise any concerns. 

The basis to grant the Motion to Dismiss requires that the Panel find the Respondent was not associated with the accounts at the Claimant. There has not been any evidence provided that Respondent was in anyway associated with the accounts at Claimant that were fraudulently traded. In fact, there is no showing that the Respondent was even aware of the Claimant or the accounts held there. Secondly, there has been no showing that the Respondent was associated or aware of the securities involved in this matter. As has been stated the Respondent did not advise or engage in any of the activity or selection of securities traded in the account at their firm, or the decisions to withdrawn funds from the account. Finally, no connection between the Respondent and the activity that occurred at the Claimant's firm has been shown. 

Based on the above, pursuant to Rule 13504(a)(7), it is the unanimous decision of the Panel that the Respondent's Motion to Dismiss is granted.

Bill Singer's Comment

Apparently, cybercriminals had hacked into the accounts of Claimant ChoiceTrade's customers, and, thereafter, engaged in trading that produced losses. Separately, a fraudster opened accounts at Respondent Precision Securities and engaged in largely profitable trades. Apparently, if you paired off some of the trades at issue, you would have discovered transactions involving trades from the hacked ChoiceTrade accounts and the fraudster's account at Precision. Pointedly, the arbitrators found that beyond some off-setting trades involving ChoiceTrade and Precision customers, that the latter firm had no awareness of any misconduct. 

Okay, ummm, how does that impose liability on Precision for ChoiceTrade's alleged damages? 

That threshold question seems to have tripped up ChoiceTrade when it came to its burden of proof. 

When all was said and done, it looked like ChoiceTrade wanted to claw back some of the profits made in the fraudster's account at Precision because -- well, that's where one's passions and desires get tripped up by the demands of the law. What exactly was the legal theory behind the proposed clawback?  Why should Precision be held accountable for losses in the accounts of ChoiceTrade's customers? As the FINRA arbitrators noted, ChoiceTrade failed to demonstrate that Precision had any association to the hackers who struck Claimants' customers' accounts.