FINRA fines Merrill Lynch after reps steal over $6M from customers
The United States Financial Industry Regulatory Authority (FINRA) has imposed a fine of $950,000 on Merrill Lynch, Pierce, Fenner & Smith Incorporated for its failure to detect how two of its representatives stole several million dollars from customers.
From May 2013 through November 2018, Merrill failed to reasonably supervise the transmittal of customer funds via externally-initiated ACH (Automated Clearing House) transfers. As a result, the firm failed to detect that two of its registered representatives were able, in separate schemes that ran for multiple years, to steal in excess of $6 million from 13 customers of the firm. Therefore, Merrill violated NASD Rules 3010 and 30122 and FINRA Rules 3110 and 2010.
From May 2013 through November 2018, Merrill’s system to review and monitor the transmittal of customer funds via ACH transfers was not reasonably designed to identify improper transfers from customer accounts by the firm’s registered representatives. In addition, the firm failed to follow up on red flags of potential misconduct.
While associated with Merrill from January 2011 to December 2017, Representative 1 made approximately 270 unauthorized ACH transfers from five customer accounts to his credit card accounts. These transfers totaled approximately $3.2 million. Four of the customers were seniors. He concealed his fraud, in part, by creating and distributing unofficial account summaries to the customers, which contained inflated account values.
Separately, from December 2007 through November 2018, Representative 2 made over 300 unauthorized ACH transfers from eight customer accounts, primarily to pay his credit card accounts. These transfers also totaled approximately $3.2 million.
Representatives 1 and 2 initiated the ACH transfers from financial institutions other than Merrill, which acted as the receiving financial institution.
Despite being aware in May 2013 that one of its registered representatives had converted customer funds via externally-initiated ACH transfers, the firm’s supervisory system was not reasonably designed to identify such theft: (i) the firm did not have a system to screen all ACH transfers to detect instances in which identified beneficiaries were also representatives of the firm; (ii) the fraud unit was not instructed or trained to examine flagged ACH transfers for the possibility that firm representatives were responsible for the flagged transaction; and (iii) the firm relied on the registered representatives of the customers to clear certain of the alerts, including alerts relating to transactions where the representatives themselves were named as beneficiaries.
Merrill discovered Representative 1’s misconduct after a customer complained in December 2017. Subsequently, Merrill conducted a review of its controls and developed a tool to monitor externally-initiated ACH transfers that are made for the benefit of certain firm personnel, including the registered representative assigned to the customer’s account. When the firm ran the tool for the first time in November 2018, it discovered Representative 2’s conversion of millions of dollars of customer funds via ACH transfer.
By failing to reasonably supervise the transmittal of customer funds, Respondent violated FINRA Rules 3110 and 2010 and NASD Rules 3010 and 3012.