FINRA Slaps Fidelity for Supervisory Failures

According to a statement from the Financial Industry Regulatory Authority (FINRA), Fidelity Brokerage Services LLC was fined $500,000 and ordered to pay nearly $530,000 in restitution for failing to detect or prevent the theft of more than $1 million from nine of its customers, eight of whom were senior citizens, by a fraudster posing as a Fidelity broker.

Lisa Lewis posed as a Fidelity broker, obtained her victims’ personal information, and systematically stole customer assets through numerous transfers and debit-card transactions.

Fidelity says the firm regrets that the fraud committed by Lewis—who is now serving prison time—included nine of its customers. “We take the protection of customer accounts very seriously,” Adam Banker, a spokesman for Fidelity, tells PLANADVISER. “We assisted law enforcement with this matter and have since taken steps to further strengthen our controls, including enhancing account monitoring and surveillance.”

FINRA found that from August 2006 until her fraud was discovered in May 2013, Lewis was running a conversion scheme by targeting former customers from another brokerage firm from which she had been fired. Lewis told the victims she was a Fidelity broker and urged them to establish accounts at the firm and also established joint accounts with her victims in which she was listed as an owner. She eventually established more than 50 accounts and converted assets from a number of these accounts for her own personal benefit. In June 2014, Lewis pleaded guilty to wire fraud, and was sentenced to 15 years in prison and was ordered to pay more than $2 million in restitution to her victims.

FINRA found that Fidelity failed to detect or adequately follow up on multiple “red flags” related to Lewis’s scheme. For example, though Lewis’ victims were unrelated to one another, their various accounts shared a number of common identifiers tying them all to Lewis, such as a common email address, physical address or phone number.

NEXT: Fidelity’s new security measures

Fidelity also failed to detect Lewis’ consistent pattern of money movements and overlooked red flags in telephone calls handled by its customer-service call center, in which there were indications that Lewis was impersonating or taking advantage of her senior investor victims.

FINRA also found Fidelity’s inadequate supervisory systems and procedures contributed to the failure to detect and prevent fraudulent activities by Lewis. Though Fidelity maintained a report designed to identify common email addresses shared across multiple accounts, it failed to implement procedures regarding the report's use and dedicate adequate resources to the review and investigation of the reports. As a result, there was a backlog in reviewing thousands of reports, including a report in March 2012 showing that Lewis’ email address was associated with dozens of otherwise unrelated accounts. The report was not reviewed by anyone at Fidelity until April 2013, more than a year after it was generated.

In settling this matter, Fidelity neither admitted nor denied the charges, but consented to the entry of FINRA's findings.

Banker says new measures include additional surveillance of disbursements from accounts, and explains that enhanced monitoring of certain account distributions was already in development at the time Lewis was committing her allegedly fraudulent actions.

“We have implemented elder financial exploitation surveillance, which monitors various types of money movement in accounts owned by senior investors,” Banker says. “Both measures are aimed at identifying and preventing precisely the type of fraud Lewis committed. We have also further enhanced our employee awareness and training about issues that can affect senior investors, including elder financial exploitation. This training and related employee education programs help our associates and employees identify and appropriately respond to instances of potential elder financial exploitation.”

In October, Fidelity was accused by Massachusetts securities regulators of allowing unregisteredindividuals to use its platforms and perform inappropriate functions.