According to FINRA, John Michael Derbin Jr. was fined $2,500 and suspended for 10 business days for impersonating a customer on a telephone call to a financial services company. FINRA considered that Derbin's member firm had already sanctioned him with a $5,000 fine, 30-day suspension, forfeiture of commissions, and required training.
Derbin's customer wanted to transfer her retirement plan from one fund provider to another. Derbin attempted a three-way telephone call with the existing fund provider, the customer, and himself for the sole purpose of determining the type of retirement account the customer had. However, the customer did not answer the attempted three-way call.
On the ensuing phone call between Derbin and the fund provider, Derbin identified himself as the customer. He provided the fund provider with the customer's date of birth, social security number, maiden name, and account number to convince the fund provider that he was the customer. Derbin then asked the fund provider what type of retirement plan the customer owned. The fund provider did not provide this information and instead requested a call back number, which Derbin declined to provide. The fund provider refused to provide the information and alerted Derbin's firm.
When the firm confronted Derbin, he twice falsely stated that he believed the customer was on the line when the call was made to the fund provider. This false statement compounds the violation by demonstrating Derbin lied to his firm about his conduct.
Customer impersonation is a serious form of fraud that violates customer privacy and creates significant risks. By obtaining access to customer account information through impersonation, representatives could make unauthorized changes to accounts, withdraw funds, or obtain sensitive information for improper purposes. Even though Derbin's stated purpose was simply to determine the account type to facilitate a legitimate transfer, the method he used was improper and created potential for abuse.
The use of the customer's social security number, date of birth, maiden name, and account number during the impersonation is particularly concerning because these are the exact types of information used to verify identity and gain access to accounts. If Derbin was willing to impersonate a customer for a seemingly innocent purpose, it raises questions about whether he would do so for other purposes.
For investors, this case illustrates the importance of protecting personal information and being aware that representatives should never impersonate customers, even for seemingly legitimate reasons. If a representative needs account information, they should obtain proper authorization or have the customer make the call themselves. The suspension was in effect from June 21, 2022, through July 5, 2022.
