Merrill Lynch Wealth Management was fined $950,000 by the Financial Industry Regulatory Authority on Monday for allegedly ignoring vulnerabilities in its fraud detection systems that allowed two brokers to steal $6 million.
The settlement explains how two brokers, Christopher Hibbard of Kentucky and Marcus Boggs of Illinois, were able to get around the wirehouse’s compliance policies. (For their thefts, Hibbard and Boggs are serving eight and three-and-a-half years in jail, respectively.)
Merrill’s systems, according to FINRA, did not adequately screen Automated Clearing House transfers from clients’ accounts to detect whether one of Merrill’s registered agents was the recipient of those payments. Merrill’s internal fraud-detection system, according to the letter, was only “intended to detect fraud by third parties” or “persons other than its own brokers.”
According to the settlement letter, despite the fact that the industry’s self-regulator had alerted Merrill about difficulties with its monitoring of customer fund transfers in 2013, the business failed to implement alerts or appropriately follow up on red flags until at least 2018.
According to the document, between 2011 and 2017, Hibbard, who is only designated as “representative 1” in the FINRA letter, stole $3.2 million by making 270 illicit ACH transactions from the accounts of five customers–including four seniors–to his credit card accounts.
According to the letter, the broker was able to hide his fraud from customers by giving unauthorized account summaries with inflated balances. Merrill failed to “properly follow up on the emails, which were red flags of potential misbehavior,” despite Merrill’s email monitoring system flagging four emails for inspection.
“Had it done so, the firm may have detected Representative 1’s theft,” FINRA concluded, noting that the issue was discovered after a customer complaint in December 2017.
Boggs, also known as “representative 2,” stole $3.2 million from eight client accounts with 300 fraudulent ACH payments between 2007 and 2018. According to the letter, the monies were mostly utilized to pay his credit card bills.
According to the settlement, when transfer requests were escalated to the fraud unit in at least four occasions, the brokers were still ultimately responsible for authenticating that the request was in fact originated by the consumers.
Brad Bennett, a former chief of enforcement at FINRA and a lawyer in Washington, said of Merrill’s prior supervisory regime, “Obviously you don’t want the fox in control of the hen house.”
Merrill has now been censured and punished by FINRA for failing to monitor the transfer of customer funds to third-party accounts for the second time. Merrill was censured and fined $450,000 in August 2012 for that issue after one of its registered agents converted $887,931 from 13 customer accounts, according to the letter.
Merrill violated FINRA Rule 3110 and its predecessor National Association of Securities Dealer Rule 3010 and 3012, which require brokerages to monitor customer fund transfers, maintain supervisory systems, and enforce policies and procedures that are “reasonably designed to review and monitor all transmittals of funds from customers to third party accounts, outside entities, and locations other than a customer’s primary residence,” according to FINRA.
According to the FINRA letter, Merrill also broke FINRA’s catch-all Rule 2010 requiring it to “observe high standards of commercial honor.”
Merrill settled the matter without admitting or denying the findings and has since upgraded its compliance systems. According to the letter, the company has also “taken reasonable attempts to pay reparations to each of the consumers or their estates.”
In an email, a Merrill representative said, “As the settlement acknowledges, we built an upgraded monitoring system several years ago to detect possible unlawful transactions.” “Clients who were harmed as a result of the actions of these two former Financial Advisors were paid.”
Merrill told the regulators in January 2018 that it had terminated a broker for theft and other wrongdoing, prompting FINRA to launch an investigation.
The settlement illustrates that the era of the rogue broker is likely probably not over, even in the age of high-tech compliance at giant brokerage firms, according to a former Securities and Exchange Commission enforcement official.
“Even in the most robust compliance systems, individuals predisposed to commit fraud will find a way to do so,” said Jacob Frenkel, a former senior counsel in the SEC’s Division of Enforcement who now chairs Dickinson Wright’s government investigations and securities enforcement unit in Washington, D.C.
Maddox Hargett & Caruso, P.C. represents investors nationwide who are trying to recover their losses. You can call or email our senior partner Mark Maddox to have your potential case evaluated at no charge. Please call 317-598-2043 or email him at mmaddox@mhclaw.com.