Stoltmann Law Offices has previously alerted consumers that their brokerage firms can be held responsible for theft in their brokerage, bank, or cryptocurrency accounts as a result of hacking. We have been successful in recovering these losses from brokerage firms for our clients. That is because the regulations are very clear on the supervision and compliance procedures that these firms must execute to protect their clients and their hard-earned savings.
FINRA Rule 3110 requires brokerage firms to establish and maintain a supervisory system to achieve compliance with applicable securities laws and regulations. Included in this supervisory system is the requirement to safeguard customer funds and securities and to inspect the “transmittals of funds (e.g., wires or checks, etc.) or securities from customers to third party accounts; from customer accounts to outside entities (e.g. banks, investment companies, etc.)…” (FINRA Rule 3110(c)(2)(A)).
Firms are further required to comply with the Gramm-Leach-Bliley Act Safeguards Rule (Regulation S-P) and the Identity Theft Red Flags Rule (Regulation S-ID). Pursuant to Regulation S-ID, this includes having an Identity Theft Prevention Program with procedures to identify, detect, and respond to red flags of identity theft. 17 CFR §248.201(d).
Appendix A to Regulation S-ID provides examples of red flags, how to detect red flags and how to prevent and mitigate identity theft. Included in the examples of red flags is the “unusual use of, or other suspicious activity related to a covered account”. Appendix A, Section II (c)(4). Regulation S-ID further advises that red flags can be detected by authenticating customer requests and monitoring transactions. Appendix A, Section III (b)(4). Identity theft can be mitigated or prevented by:
(a) Monitoring a covered account for evidence of identity theft;
(b) Contacting the customer;
(c) Changing any passwords, security codes, or other security devices that permit access to a covered account;
(d) Reopening a covered account with a new account number;
(e) Not opening a new covered account;
(f) Closing an existing covered account;
(g) Not attempting to collect on a covered account or not selling a covered account to a debt collector;
(h) Notifying law enforcement; or
(i) Determining that no response is warranted under the particular circumstances.
Appendix A, Section IV.
Simply put, if there is account activity that is out of the ordinary in a customer account, and the brokerage firm ignores that activity, or fails to contact the client, the brokerage firm can be liable. For example, if a client habitually calls her broker to assist with the liquidation of securities and transfer of assets, but on a random occasion there is a liquidation and transfer initiated through the customer’s online access of her account, this would be a “red flag” of fraudulent activity, and the brokerage firm should immediately put a hold on the transaction and contact the customer. Another example is if a customer does not traditionally make withdrawals from his account, or executes only small liquidations or withdrawals, then suddenly an entire position is liquidated and transferred, this would be another “red flag”, and his brokerage firm needs to immediately investigate before releasing the funds in order to comply with safeguarding rules.
Stoltmann Law Offices has been successful in recovering money for customers from brokerage firms when a third-party hacks into their account, resulting in the liquidation of securities, and the theft of their money. Moreover, in the event that the third-party engages in SIM Card “Swapping” or e-mail hacking in order to access your account, your e-mail or cell phone service providers could be another pocket to pursue. If your brokerage account has been hacked and caused you damages, please immediately contact our office at 312-332-4200 for a free consultation. We handle all cases on a contingency fee basis, so we don’t get paid until you do!