In the pump and dump scheme, criminals artificially inflate prices through coordinated trading and/or deceptive promotional activity. Once the prices are sufficiently “pumped,” the fraudsters sell off their positions at a profit, often leaving the account owners and unwitting investors facing substantial losses when the stock price collapses. The ease of access to customer securities accounts through apps (and lax security by investment firms) have only made these schemes easier to execute.

In response to these threats, the Financial Industry Regulatory Authority (FINRA) has issued comprehensive guidance to broker-dealers, most notably four years ago in Regulatory Notice 21-18, to help prevent and mitigate securities account takeover attempts. FINRA highlights the importance of robust authentication procedures, continuous monitoring for indicators of unauthorized account activity, and swift escalation and remediation protocols in the event of a suspected compromise. Broker-dealers are urged to evaluate and, where needed, enhance their existing controls in light of evolving attack techniques, particularly as more firms adopt fully online service models and rely on automated account opening processes.

Specific practices recommended by FINRA include multi-factor authentication for customer logins, use of out-of-band verification for sensitive transactions, real-time monitoring for unusual activity patterns, and regular education and training for both staff and customers about current fraud risks and social engineering tactics. Broker-dealers are also encouraged to have clear written escalation procedures for suspicious account events, collaborate closely between compliance, AML, and customer service functions, and leverage reporting from industry peers to stay ahead of emerging threats. Additionally, timely communication with customers regarding suspicious activity can help contain losses and reinforce a culture of vigilance.

U.S. SEC Regulation S-ID (17 CFR § 248.201) similarly requires investment firms to “develop and implement a written Identity Theft Prevention Program (Program) that is designed to detect, prevent, and mitigate identity theft…”

As securities account takeover incidents and related pump and dump schemes continue to grow in scale and sophistication, it is essential for broker-dealers to implement comprehensive, adaptive controls aligned with FINRA’s guidance, including those in Regulatory Notice 21-18. Proactive measures such as layered authentication, prompt fraud detection, and internal training are not only key to protecting client assets but also crucial for safeguarding the integrity and reputation of the securities industry as a whole.

If your securities firm allowed criminals to access your account without authorization causing losses or unauthorized withdrawals or wires, please contact the Securities Fraud Lawyers at Greco & Greco for a free consultation with one of our attorneys about your claims and possible recourse against your brokerage firm. We also recommend reading our blog post regarding our successful recovery in FINRA arbitration of losses, interest, and attorney’s fees for our client against Interactive Brokers in an unauthorized access and withdrawal case.

FINRA securities brokerage firms such as Interactive Brokers have various duties under FINRA Rules and federal law to safeguard customer assets and guard against money laundering.

The U.S. Bank Secrecy Act (BSA) is set out in 31 U.S.C. Sec. 5311 – 5330. Securities Broker-Dealers such as IB are defined as a “financial institution” under the BSA. 31 U.S.C. Sec. 5312(a)(2).  “Money Laundering” is defined in 31 U.S.C. Sec. 5340 as “the movement of illicit cash or cash equivalent proceeds into, out of, or through the United States, or into, out of, or through United States financial institutions…”
The fraudulent theft of customer monies through unauthorized withdrawals/transfers by ACH or wire meets the definition of “money laundering” because it involves the movement of illicit cash through and out of United States financial institutions.
The Bank Secrecy Act requires financial institutions such as IB to develop and institute internal policies, procedures, and controls to “guard against” money laundering. Specifically, 31 U.S.C. Sec. 5318(h) requires:

“(h) Anti-Money Laundering Programs.—
(1) In general.—In order to guard against money laundering through financial institutions, each financial institution shall establish anti-money laundering programs, including, at a minimum—
(A) the development of internal policies, procedures, and controls;
(B) the designation of a compliance officer;
(C) an ongoing employee training program; and
(D) an independent audit function to test programs.”

FINRA Rules require IB and other member securities firms to comply with the BSA and associated regulations, and implement appropriate policies and procedures. Specifically, FINRA Rule 3310 states: “Each member shall develop and implement a written anti-money laundering program reasonably designed to achieve and monitor the member’s compliance with the requirements of the Bank Secrecy Act (31 U.S.C. 5311, et seq.), and the implementing regulations promulgated thereunder by the Department of the Treasury.” FINRA Notice to Members 02-21 also advised broker-dealers “to look for signs of suspicious activity that suggest money laundering” – or, “red flags” – and if they detect “red flags,” to “perform additional due diligence.”

Interactive Brokers was censured and fined $15,000,000.00 by FINRA in 2020 in a letter of Acceptance, Waiver, and Consent (AWC) for “deficient” Anti-Money Laundering procedures and procedures/supervision relating to money transfers. IB’s documented failures therein included the same situation as the arbitration above – “[IB] did not reasonably surveil for AML purposes outgoing wire transfers identified as “first-party” transfers (i.e., transfers where the recipient was the customer itself), because the Firm accepted customers’ designations that they were first-party wire transfers, even when the Firm learned that some purportedly “first-party” wires were, in fact, third-party wires.”

Greco & Greco has been representing harmed investors against their securities brokerage firms for over twenty-five years. If your investment firm has transferred monies from your account to criminals or scammers without your knowledge or consent, please contact Virginia Securities Fraud Lawyer Scott Greco for a free consultation about your potential case.