Skip to content

Our Privacy Statement & Cookie Policy

All Thomson Reuters websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.


Shared passwords, data shortcuts, email impostors, online auctions: ‘red flags’ for brokers in the digital era

Richard Satran  Financial Journalist, Thomson Reuters Regulatory Intelligence

Richard Satran  Financial Journalist, Thomson Reuters Regulatory Intelligence

Compliance red flags involving technology are well established in the securities industry. Nevertheless, brokers and compliance staff continue to get suspended for violations related to online communications and data-handling, and U.S. regulators have been cracking down where technology use raises the risk of online fraud.

The number of enforcement actions will only rise further as brokers and sales associates adapt to a digital transformation that has expanded from Wall Street trading houses to retail brokerages.

In professional markets enforcement, cases involving bad data and reporting gaps have become the largest disciplinary category. A similar enforcement refocus is emerging in sales-practice cases, but these retail cases more often involve individuals.

Firms have been urging brokers to spend more time outside of the office bringing in fee-generating assets to manage, with registered sales associates providing support and becoming the “power users” of technology. The support roles, a traditional path to high-paying wealth management jobs, have become increasingly perilous amid the focus on retail practices — any disciplinary action can halt advancement.

The latest monthly report on brokerage discipline by the Financial Industry Regulatory Authority (FINRA) included five cases where individuals faced suspensions based entirely on violations of rules for technology use. Those cases made no allegation of fraud, and financial losses were rare. The common thread was the risk that the violations posed to firms and customers. Risk factors arising in “back office” routines can be triggered by even small lapses in managing known vulnerabilities or by entirely new schemes used by fraudsters.

Recent cases target passwords, confirmations, audits & online activity

In one case, for example, a staff member was suspended for using a shared password, with her supervisor’s approval, to handle a firm’s operations. In that case, a Wells Fargo sales associate handled work sheets using a common password for more than 10 years. FINRA suspended the woman, Megan Nina Weakland, for a rule violation that merits suspension under sanctioning guidelines. Weakland failed to convince FINRA that she should not be held liable for carrying out what was an approved sales practice in her firm. She was suspended for two months and fined $3,500.

In another case that involved large losses by a customer, a former Denver-based Charles Schwab sales supervisor, Deming Anthony Payne, was suspended by FINRA for allegedly failing to confirm a series of online money-transfer requests with a mandated phone call to the customer. The transfers totaling $794,860 turned out to have been requested by an impostor who had gained access to the client’s email account.

FINRA alleged that Payne had tried unsuccessfully to reach the client but kept approving the transfers after the first one went through unimpeded. Payne agreed to resign from the firm and has left the industry. FINRA fined him $5,000 and suspended him for three months. Schwab said the customer was reimbursed. The impostor vanished with all but $50,000 that the firm managed to recover.

In another case, a former Raymond James compliance associate’s job in his first year consisted of reviewing questionnaires on outside business activities, and, when indicated by a numerical score, looking deeper at the broker’s activity.

But the associate, Vincent Joseph Storms, routinely began to eliminate the red-flag ratings entered at 60 branch offices he audited, FINRA said. The record seemed improbable to supervisors, and an internal probe led to Storms’ termination. He now faces FINRA charges that could result in a permanent ban.

Not all cases of tech-related sanctions involved lower-level employees. A chief compliance officer and co-founder of investment bank Park Sutton Advisors, Jaime Carvallo, was an art collector banned by two large auction houses for reneging on payment obligations. He continued to bid using accounts of other, unwitting employees at Park Sutton, according to FINRA.

His activities led to an investigation by the Manhattan District Attorney’s office, which charged him with forgery and identity theft. The charges were reduced to a non-criminal settlement, but not before his firm terminated him and filed an official “U5” separation notice. FINRA then barred Carvallo from the industry in a sanction which Carvallo’s lawyer called “heavy handed.”

Enforcement actions in changing landscape

These cases show how enforcement agencies like FINRA are adapting to online workflow, new technology and a changing landscape. For example, the Wells Fargo shared-password case shows the potential risks ahead for support staff.

“More often than not it’s the female sales assistant who gets blamed in regulatory cases,” said Bill Singer, a securities lawyer in New York. The case also showed that individual actions may come under a harsh light even when the whole company is under scrutiny. Wells Fargo’s retail banking unit had recently settled with state and federal regulators over charges that included misconduct in the opening of 2 million accounts without authorization from clients.

Cases in which email was an element show how brokerage firms’ adoption of new technology was accompanied by new-style violations. And while firms had once discouraged brokers from using email in place of telephone calls to clients, rule violators were blazing a new path. Disciplinary actions referring to email use rose tenfold between 2008 and 2013, FINRA records show. Similar enforcement trends for newer technologies can be expected as they enter the industry at an accelerating rate.

Indeed, technology can offer faster processes, more accuracy, and deeper information, but it can also put firms and their customers at risk in new ways. Regulators will be watching and adjusting their focus.

More answers