optionsExpress, Inc. (OX), a subsidiary of Charles Schwab Corporation, was fined US $150,000 by the Financial Industry Regulatory Authority for permitting an identity thief to transfer funds using the automated clearinghouse process from a customer’s account when he was unauthorized. According to FINRA, OX failed to have adequate written supervisory policies and procedures to review transfers of funds from customer accounts to outside bank accounts and did not adequately follow up on red flags in connection with transactions that appeared on an internal exception report that identified potentially suspicious conduct. As a result of the unauthorized activity in March and April 2012, the relevant customer sustained losses totaling US $443,000 that the firm ultimately reimbursed. Among the ignored red flags, the identity thief, pretending to be the OX customer, (1) contacted the OX customer service center and was not able to correctly answer security questions; (2) called the OX customer service center using Skype, evidencing a heavy Eastern European accent, and did not appear to understand English, even though the actual customer lived in Illinois; and (3) repeatedly accessed the customer’s account from a Texas IP address (when the customer was living in Illinois) with numerous failed efforts to reset the account security PIN.
Compliance Weeds: If not doing so already, brokers should develop a process to collect in a single location all adverse information on every customer from every source (e.g., exchange requests, exceptions from automated or other surveillance, financial issues), and automatically generate exception reports that identify potentially problematic customers and why. Too often red flags are missed because they litter a company’s offices over disparate locations, and are not collated and reviewed in a systematic manner.