According to FINRA, Wedbush Securities Inc. was fined $350,000 for failing to establish and maintain a supervisory system reasonably designed to monitor transmittals of customer funds to third parties.

The firm received and approved four fraudulent wire transfer requests from a hacker totaling more than $6.6 million without taking reasonable steps to confirm whether the requests were genuine. The hacker had gained access to an email account belonging to a registered representative at one of the firm's correspondent firms and requested wires from a joint brokerage account to third parties in foreign countries.

The firm failed to reasonably investigate multiple red flags indicating the requests were fraudulent, including: the wires were for large and increasing amounts in a short period of time, they were being sent to third-party recipients in foreign countries who lacked any connection to the customers, and the requests came via email. Rather than contacting an authorized representative of the correspondent firm by telephone to verify the requests, the firm only sent questions to the hacker via the compromised email account.

After the correspondent firm notified Wedbush of the fraud, both firms reimbursed the customers for their losses. The firm subsequently revised its written procedures to require personnel to call a recognized person at a correspondent firm using a known telephone number prior to approving wires over a certain amount.

This case illustrates the critical importance of strong controls around wire transfers and fund movements. Email compromise schemes are increasingly common, and firms must implement robust verification procedures, especially when requests involve large amounts, foreign recipients, or third parties. The red flags in this case were obvious, yet the firm approved over $6.6 million in fraudulent wires. Investors should be aware of these risks and expect their brokerage firms to have stringent controls to verify wire transfer requests before sending funds.