FINRA disciplinary action update 2024/6

Disciplinary decisions issued February 10 – 16, 2024.

TradeStation Securities censured and fined for alleged AML program failings connected to suspicious trade reporting

Between 2016 and 2019 a legacy trade surveillance system was in place, which generated approximately 100 alerts per day. The alerts included false positives and were reviewed by two to three compliance analysts who also had other responsibilities.

The legacy system was replaced with a more robust solution, which reduced the number of false alerts and generated approximately 50 alerts per day. Three additional compliance analysts were hired to assist with the review of the alerts.

To compound the issues with the high volume of alerts the firm did not have in place adequate processes and procedures to address the alerts. The analysts did not consistently:

  • document their investigations or the reasons for their actions;
  • escalate suspicious activity to the AML department which was tasked with the filing of SARs.

And the firm did not have in place a system that would supervize the analysts and their actions connected to the alerts.

The firm’s independent AML testing revealed the deficiencies in 2016 and 2017, but the recommendations were not fully implemented until March 2022.

In addition the firm did not have in place written procedures and controls to prevent participation in the illegal, unregistered distribution of low-priced securities.

The firm has agreed to the imposition of an undertaking requiring it to certify in writing the remediation of the issues identified.

FINRA Regulatory Notice 09-05
FINRA Rule 2010
FINRA Rule 3110
Securities Act 1933, section 5

Former products representative barred for allegedly refusing to provide information and documents

FINRA Rule 2010
FINRA Rule 8210

Ceros Financial Services censured and fined for alleged communications supervision failures

The firm prohibited using personal email for business-related communications, but its primary system for ensuring compliance with this was to create a list of the personal email addresess of employees and “send automated warning emails when incoming emails to the firm’s system were sent from emails on that list”. Only 16 email addresses of the firm’s 88 associated individuals were included in the list. If an outgoing email was sent from a firm address to a personal email address, no automated warning was sent. This entire process remained undocumented.

Although automated warnings were sent to individuals, including some repeat offenders, the firm did not treat the communications that triggered the alert as red flags or review them unless “those emails happened to meet other firm supervisory email review criteria”.

As a result of these shortcomings the firm did not preserve or retain a number of business-related emails between January 2018 through June 2021.

The firm did not have in place policies and procedures to safeguard customer information. The firm did not have a process in place “to prevent employees from sending customer information to unsecure locations outside of the firm’s system”. The firm did not review over 10,000 emails sent to or from employee personal addresses. At least some of those emails included sensitive customer information including customer account numbers, names, addresses along with trade information.

In addition the firm did not develop or implement a programme to detect, prevent and mitigate identity theft. It relied only on its privacy policy, which lacked any practical detail on how to respond to any identity theft red flags.

The firm has agreed to an undertaking requiring it to certify in writing the remediation of the issues identified.

The case is also covered in more depth here.

Exchange Act section 17
Exchange Act Rule 17a-4
FINRA Rule 2010
FINRA Rule 3110
FINRA Rule 4511
Regulation S-P
Regulation S-ID

Morgan Stanley censured and fined for alleged municipal securities transaction close-out and control problems

The firm failed to close out some of its inter-dealer fails-to-receive and relied almost exclusively on repeated buy-in attempts until a position was covered even in instances when those attempts were not successful during the stipulated time limit.

As a result of these problems the firm “failed to take the required prompt steps to obtain possession or control of 247 municipal securities” that it failed to receive for more than 30 days. The average duration of the firm’s fails-to-receive was approximately 177 days.

The firm’s systems and procedures were not reasonably designed to ensure compliance with the obligations to close out fails-to-receive and promptly obtain control of short positions in municipal securities. This despite being asked by FINRA in 2015 to “alleviate its existing possession or control deficits” and being told that no further extensions would be granted to it in connection with its obligations connected to fails-to-receive.

FINRA Rule 2010
Exchange Act section 15
Exchange Act Rule 15c3-3
MSRB Rule G-12
MSRB Rule G-27
MSRB Regulatory Notice 2016-21
FINRA Regulatory Notice 15-27

Former securities principal suspended and fined for allegedly participating in a private securities offering without prior notice or approval

The offering was connected to a business the principal had co-founded. Although this business was disclosed and approved as an outside business activity by the firm, the principal did not provide his employer with prior written notice of a private offering of ownership units that raised $10.21m from 18 investors including a private equity fund. Two of the investors were also the principal’s customers at the firm.

FINRA Rule 2010
FINRA Rule 3280

Unless otherwise noted all respondents accepted and consented to FINRA’s findings without admitting or denying them.