In the pump and dump scheme, criminals artificially inflate prices through coordinated trading and/or deceptive promotional activity. Once the prices are sufficiently “pumped,” the fraudsters sell off their positions at a profit, often leaving the account owners and unwitting investors facing substantial losses when the stock price collapses. The ease of access to customer securities accounts through apps (and lax security by investment firms) have only made these schemes easier to execute.

In response to these threats, the Financial Industry Regulatory Authority (FINRA) has issued comprehensive guidance to broker-dealers, most notably four years ago in Regulatory Notice 21-18, to help prevent and mitigate securities account takeover attempts. FINRA highlights the importance of robust authentication procedures, continuous monitoring for indicators of unauthorized account activity, and swift escalation and remediation protocols in the event of a suspected compromise. Broker-dealers are urged to evaluate and, where needed, enhance their existing controls in light of evolving attack techniques, particularly as more firms adopt fully online service models and rely on automated account opening processes.

Specific practices recommended by FINRA include multi-factor authentication for customer logins, use of out-of-band verification for sensitive transactions, real-time monitoring for unusual activity patterns, and regular education and training for both staff and customers about current fraud risks and social engineering tactics. Broker-dealers are also encouraged to have clear written escalation procedures for suspicious account events, collaborate closely between compliance, AML, and customer service functions, and leverage reporting from industry peers to stay ahead of emerging threats. Additionally, timely communication with customers regarding suspicious activity can help contain losses and reinforce a culture of vigilance.

U.S. SEC Regulation S-ID (17 CFR § 248.201) similarly requires investment firms to “develop and implement a written Identity Theft Prevention Program (Program) that is designed to detect, prevent, and mitigate identity theft…”

As securities account takeover incidents and related pump and dump schemes continue to grow in scale and sophistication, it is essential for broker-dealers to implement comprehensive, adaptive controls aligned with FINRA’s guidance, including those in Regulatory Notice 21-18. Proactive measures such as layered authentication, prompt fraud detection, and internal training are not only key to protecting client assets but also crucial for safeguarding the integrity and reputation of the securities industry as a whole.

If your securities firm allowed criminals to access your account without authorization causing losses or unauthorized withdrawals or wires, please contact the Securities Fraud Lawyers at Greco & Greco for a free consultation with one of our attorneys about your claims and possible recourse against your brokerage firm. We also recommend reading our blog post regarding our successful recovery in FINRA arbitration of losses, interest, and attorney’s fees for our client against Interactive Brokers in an unauthorized access and withdrawal case.

A. Alleged Violations of Whistleblower Protections

The core issue in this matter revolves around the Respondents’ alleged violations of whistleblower protections under Exchange Act Rule 21F-17(a). According to the SEC, during the period from May 2021 to February 2024 (the “Relevant Period”), the Respondents asked eleven clients to sign confidentiality agreements linked to compensatory payments for losses in their investment accounts. These agreements included provisions that obstructed the clients from reporting potential securities law violations to the SEC or other regulatory authorities. The confidentiality agreements contained clauses that not only restricted clients from disclosing information about the disputes or payments but also imposed conditions that clients would only be able to report violations if initiated by the regulators. This effectively impeded clients from voluntarily communicating with the SEC about potential violations.

B. Regulatory framework.

The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 introduced Section 21F into the Exchange Act, which aimed to bolster whistleblower protections by offering financial incentives and confidentiality protections. Rule 21F-17, effective from August 12, 2011, specifically prohibits any actions that obstruct individuals from reporting potential securities law violations directly to the SEC, including enforcing confidentiality agreements that restrict such reporting.

C. Details of the Agreements and Alleged Violations

The Respondents utilized two main templates for their confidentiality agreements: the “Agreement” and the “Agreement and Release”. According to the SEC, both templates contained provisions that violated Rule 21F-17(a). Key problematic clauses included:

One paragraph restricted clients from discussing the terms of the agreement or the underlying dispute, even in response to inquiries from regulators, unless those inquiries were unsolicited and did not result from any action by the client.
Another paragraph required clients to affirm that they had not previously reported the dispute to any regulatory authority and pledged to refrain from doing so in the future. It also contained provisions providing only a limited carve-out for responding to unsolicited inquiries, thereby creating a reasonable impression that clients were discouraged from voluntarily reporting potential violations to regulators.
The confidentiality agreements created significant barriers for clients who might otherwise report securities law violations. The restrictive clauses not only limited the clients’ ability to report violations voluntarily but also imposed a misleading impression that reporting to the SEC was only permissible if initiated by the SEC itself.

D. Penalties Imposed

The SEC has imposed the following sanctions on the Respondents:

NPA Asset Management, LLC: A civil monetary penalty of $160,000.
Nationwide Planning Associates, Inc.: A civil monetary penalty of $70,000.
Blue Point Strategic Wealth Management, LLC: A civil monetary penalty of $10,000.
The SEC’s order further requires the Respondents to cease and desist from future violations of Rule 21F-17(a) and the Respondents to be censured.

E. Conclusion

The sanctions reflect the SEC’s emphasis on enforcing whistleblower protections ensuring that entities do not obstruct the reporting of securities law violations, and punishing securities firms for whistleblower violations. If you are aware of significant violations of securities laws or industry rules by a FINRA Broker-Dealer firm or a Registered Investment Advisor, please contact Scott Greco for a free securities fraud attorney consultation about the issues and any potential case or whistleblower action.

Gleason’s career spanned several decades, commencing in 1985 when he first registered with FINRA. However, recent disclosures by former employers have brought his practices under scrutiny by FINRA. According to his FINRA Brokercheck report, his association with Cantella & Co., Inc., ended with him being “discharged” due to “Concerns regarding the origin of notations added to firm-requested Active Account and Concentration client letters.”

The AWC focused on Gleason’s actions between July 2020 and June 2021, during which he allegedly breached the Best Interest Obligation under Rule 15l-1(a)(1) of the Securities Exchange Act. This rule mandates that brokers prioritize clients’ interests over their own when recommending investments. According to the AWC: “Gleason recommended to a retail customer (Customer A) a series of transactions that were excessive in light of the customer’s investment profile. In so doing, Gleason placed his interests ahead of the interests of the customer.” The AWC further stated that this pattern of behavior resulted in significant costs for Customer A, including substantial commissions despite modest account balances.

The AWC sanctioned Mr. Gleason with a three month suspension of his license and a $5,000.00 fine.

Greco & Greco has extensive experience representing customers in churning claims against their financial advisors and firms. Churning occurs when the advisor engages in excessive trading for the purpose of generating commissions or fees, without regard for the suitability of the trading for the customer. If you believe you may have been the victim of churning, please contact Scott Greco for a free securities fraud attorney consultation about your case.