Fidelity Brokerage Services Settles with FINRA Over Mismanagement of Client Accounts

In a significant settlement, Fidelity Brokerage Services LLC (Fidelity) has agreed to pay a $600,000 fine and accept a censure in response to regulatory violations uncovered by the Financial Industry Regulatory Authority (FINRA). This settlement comes after an eight-year lapse in the company’s ability to effectively supervise transactions and the safeguarding of sensitive financial data for international clients.

Fidelity, a financial giant offering self-directed brokerage services, has been a FINRA member since 1979. With over 850 branch offices and 31,000 registered representatives across the globe, Fidelity is a staple in the world of online trading. Despite its size and reputation, the company found itself at the center of a regulatory investigation after several lapses in its supervisory systems and failure to detect fraudulent activities that went undetected for years.

The story begins in December 2012, when a Fidelity employee gained unauthorized access to sensitive data related to international Stock Plan Services (SPS) accounts. Over the next eight years, this individual used their access to siphon off approximately $750,000 from the accounts of 37 international plan participants. This misconduct was only discovered after a plan participant raised concerns about suspicious transactions, prompting an internal investigation.

Fidelity’s failure to put the proper systems in place left a series of significant cracks in its processes. Here’s where things went wrong:

• Lack of Adequate Supervision: FINRA Rule 3110 requires firms to have robust systems in place to monitor the activities of their associated persons. Fidelity’s supervisory framework failed to adequately supervise and track access to SPS account data. This gave the associated person free rein to access, alter, and misuse sensitive account information without triggering any alarms. Their actions included changing account details and redirecting funds to accounts they controlled.
• No Safeguard for Money Movements: Equally concerning, Fidelity did not have effective monitoring systems in place for outgoing transactions from international SPS accounts. Between 2012 and 2020, the associated person was able to execute 83 unauthorized checks and 183 wire transfers totaling over $750,000, which went completely undetected by the firm’s surveillance systems.
• Inadequate Supervisory Procedures: Even though Fidelity had written supervisory procedures in place, these were not up to the task of overseeing the type of activity taking place. The company failed to ensure that changes to customer account data were logged correctly or that unauthorized outgoing transactions were flagged.

The Fallout & Response

Once the fraudulent activity was uncovered, Fidelity acted quickly. The associated person was terminated, and Fidelity reported the misconduct to FINRA. The company also made full restitution to the affected customers and enhanced its internal systems to prevent similar violations in the future.

But the damage had already been done. FINRA found that Fidelity’s supervisory failures led to violations of multiple rules, including FINRA’s Rule 3110, NASD’s Rule 3010, and FINRA’s Rule 2010. These rules emphasize the responsibility of firms to maintain high standards of conduct and protect their clients from financial harm.

In addition to the censure, Fidelity has agreed to pay the $600,000 fine as part of the settlement. This penalty underscores the importance of maintaining rigorous supervisory procedures and ensuring that financial firms remain accountable for their actions, no matter their size.

While Fidelity has made strides to improve its oversight and prevent future breaches, this settlement serves as a reminder for other firms in the financial services industry that your supervisory systems are only as strong as your ability to enforce them.

As the financial landscape evolves, so too must the systems that keep track of our money. The failure of firms like Fidelity to address critical vulnerabilities in data access and transaction monitoring can have far-reaching consequences—not just for the firms themselves, but for their customers, too.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.