Wedbush Securities Inc.

January 31, 2024

The Case

The firm failed to establish and maintain a supervisory system. It failed to establish, maintain, and enforce written procedures reasonably designed to comply with the firm’s obligation to monitor transmittals of customer funds to third parties.

As a result, the firm received and approved four fraudulent wire transfer requests from a hacker without taking reasonable steps to confirm whether the requests were genuine, such as contacting an authorized representative of the correspondent firm by telephone.

The hacker, who had gained access to an email account belonging to a registered representative at one of the firm’s correspondent firms, requested that the firm send four wires totaling more than $6.6 million from a joint brokerage account held by two customers to two third parties.

The firm failed to reasonably investigate red flags that the wire requests were fraudulent, including large and increasing amounts in a short period of time, plus the wires that were sent to third-party recipients who lacked any connection to the customers and were located in foreign countries.

Why Does This Matter?

FINRA’s disciplinary action outlines enhanced expectations for its member firms regarding detecting and preventing impermissible trading practices, including manipulative trading. This action also highlights the agency’s ongoing focus on compliance systems and workflows to supervise potential layering and spoofing by the firm’s proprietary traders and all firm customers.

InnReg's Experience

As part of its compliance outsourcing services, InnReg offers a proprietary Suspicious Activity Monitoring product that includes end-to-end coverage for prompt detection, scoring, alerting, workflow processing, and reporting.

Learn More About This Topic

For additional details, read how InnReg’s broker-dealer compliance services can help your fintech build best practices to meet evolving regulatory requirements. InnReg’s framework includes an end-to-end guide for reviewing and testing a broker-dealer supervisory system, conducting business reviews, and testing AML programs.

Subscribe for Compliance Insights

Subscribe for Compliance Insights

Subscribe for Compliance Insights

In mid-February, the FTC announced a proposed settlement to resolve allegations that security software company Avast unfairly sold consumers’ granular and re-identifiable browsing information. This was after Avast informed consumers that its software would protect their privacy and that any disclosure of their browsing information would only be in aggregate and anonymous form.

On March 13, 2024, the European Union’s parliament formally approved the EU AI Act, making it the world’s first major set of regulatory ground rules to govern generative artificial intelligence (AI) technology.

From January 2018 to present, MMA failed to establish, maintain, and enforce a supervisory system, including written supervisory procedures (WSPs), reasonably designed to achieve compliance with rules governing outside business activities (OBAs). During this period, the firm failed to evaluate and document its evaluation of OBAs disclosed by its registered representatives as required by FINRA Rule 3270.

LinkedIn Innreg
X InnReg
Quora Innreg
Blog Innreg

© 2024 InnReg LLC

1101 Brickell Avenue
South Tower, 8th Floor
Miami, FL 33131

LinkedIn Innreg
X InnReg
Quora Innreg
Blog Innreg

© 2024 InnReg LLC

1101 Brickell Avenue
South Tower, 8th Floor
Miami, FL 33131