Wednesday, October 21, 2009

Employee Fraud

UK FSA recently fined London-based investment bank and stockbroker Seymour Pierce Limited (SPL) £154,000 for failing to establish effective controls to guard against employee fraud. As a result of SPL's failings, an employee was able to steal approximately £150,000 completely undetected from the firm's internal and private client accounts in 36 separate transactions over a three year period.

A number of the illicit transactions involved making unauthorised changes to static data (such as the client's name, address, bank account and payment instructions) on existing client accounts or taking advantage of dormant accounts. In one instance the employee transferred a personal trading loss into one of SPL's internal accounts. The employee was dismissed prior to the discovery of the misdemeanours which only came to light when his replacement noticed serious accounting discrepancies.


At the start of the relevant period (from December 2001 to February 2007), SPL's private client business consisted of only a small number of legacy private clients who had remained with the firm after the closure of the private client department in 1997. In May 2005, SPL rebuilt its private client business operations following the transfer to SPL of a private client team from a related company.

Settlements

Throughout the relevant period, trades executed by SPL on behalf of its institutional clients and private clients were settled by a third party firm pursuant to a settlements, clearing and custody arrangement. This involved a tripartite contractual relationship between SPL, the third party firm and each client. Under this arrangement, SPL retained responsibility for all aspects of the client relationship and Settlements department (Settlements) continued to play an important role in the administration of accounts set up on the third party firm's settlement system (System B), which SPL was licensed to use.

Settlements was a small team which consisted of Mr A and one or two other members of staff. Settlements staff had access rights to System B which enabled them to manually enter details of executed trades, and change static data on client accounts in accordance with clients' instructions.

Relevant Accounts

Monies and assets belonging to SPL's institutional and private clients were held in bank accounts in the name of the third party firm, and responsibility for reconciling all accounts held by SPL's institutional and private clients rested with the third party firm. The holdings and related trades were administered by SPL via client accounts set up on System B.

SPL also operated a number of its own 'internal' accounts set up on System B, including: an 'Errors Account' used for booking trades when there had been a dealing error; a 'Warehouse Account' used for administrative convenience to aggregate trades where an institutional client gave the firm an order which needed to be executed in tranches; a 'Corporate Account' used for allocating new stock holdings to client accounts; and a 'Placing Account' used for allocating stock relating to a corporate finance placing to a party that was not an existing client of the firm. SPL also had use of a 'Trading Account' established and maintained by the third party firm for all correspondent broker firms that used System B. The Trading Account was used for posting trades that various SPL institutional clients executed with the firm on a 'riskless principal' basis.

The Frauds

Between May 2003 and April 2006, Mr A stole a total of £149,165 by way of thirty-six separate transactions. Around half of this amount was from SPL and around half from SPL’s legacy private clients.

Three transactions involved Mr A stealing a total of £73,884 from SPL's legacy private clients between December 2004 and February 2005. The three legacy private client accounts involved were all dormant:

  1. One account held the proceeds of securities that had been sold in November 1998. The proceeds remained on the account accruing interest at six-monthly intervals. In December 2004, Mr A manipulated payment instructions on the account so that the total balance of £4,426 was automatically paid out to his personal bank account by the third party firm.
  2. A second account held a balance that had been accruing interest at six-monthly intervals since March 1998. In December 2004, Mr A manipulated payment instructions on the account so that the total balance on the account of £16,787 was automatically paid out to his personal bank account.
  3. A third account held securities since November 1999. In 2004, Mr A changed details on System B to transfer the securities initially to a dormant institutional client account that he had converted in October 2002 for his own use and then to his personal dealing account. Staff personal dealing accounts were set up to pay away cleared funds automatically. Therefore, when the securities were redeemed in February 2005, the proceeds of £52,670 were automatically paid to Mr A's personal bank account.

Thirty-three transactions involved Mr A stealing a total of £75,281 from SPL between May 2003 and April 2006:

  1. Twenty-four transactions related to 'riskless principal' trading profits that the firm had earned. Trading on a riskless principal basis involved SPL buying stock from (or selling to) a client in the firm’s own name (as opposed to acting as an agent) at one price and simultaneously selling the stock to (or buying from) another client at a different price. SPL traded on this basis when clients insisted that they did not want to pay agency broking commission and that instead SPL should make its profit from the difference between the buying and selling price. These trades should have been booked onto the Trading Account. However, instead Mr A booked the trades onto the dormant institutional client account. Mr A had manipulated payment instructions on this dormant account in October 2002 so that the monies were automatically paid out by the third party firm via cheques sent to his home address. Mr A stole a total of £39,127 from the firm in this way between May 2003 and March 2005. After this date Mr A was deterred from diverting any further riskless principal trading profits for his own benefit due to the implementation by SPL of a computerised front office order management system.
  2. Seven transactions related to interest that was due to the firm. Institutional clients normally settled their transactions on a delivery-versus-payment basis. This meant that balances would not normally be left on their accounts and no interest would accrue. However, where interest did accrue on these accounts, SPL's terms of business made it clear that it would be due and payable to SPL. Mr A was able to commit six of the seven frauds by manipulating payment instructions on client accounts where interest had accrued. This resulted in the monies being automatically paid either directly to his personal bank account or by cheque sent to his home address. The other fraud involved the diversion of interest that had accrued on SPL's internal Placing Account to Mr A’s personal bank account. Mr A stole a total of £22,257 from the firm in this way between October 2004 and September 2005.
  3. One transaction involved Mr A transferring, into the firm's Warehouse Account, a loss that he had incurred on his personal dealing account. SPL employees were permitted to be SPL clients and to maintain accounts set up on System B through which they could buy and sell securities, in accordance with the firm’s personal dealing procedures. Mr A sold stock in his own name in March 2005, incurring a loss of £2,883 on a corresponding purchase trade that he had instructed the firm's front office to effect but which he had not settled. He then transferred both trades (and the resulting loss) from his personal dealing account into the firm's internal Warehouse Account by misleading an employee at the third party firm and misusing his access rights to System B.
  4. One transaction related to dealing commission that SPL had earned on the sale of an institutional client's shares. Mr A was able to commit this fraud by incorrectly booking the dealing commission to the client's account and manipulating payment instructions so that the monies were automatically paid to his personal bank account. Mr A stole a sum of £11,015 from the firm in this way in April 2006.

Static Data Monitoring

Static data is information held on a client account which does not often change, such as the client's name and address and the client's payment instructions. SPL's Settlements team was responsible for making changes to static data on accounts set up on System B in accordance with client instructions. There was therefore a material risk that static data might be improperly altered by Settlements staff and it was necessary for SPL to mitigate this risk.

Static data on client accounts could be set up to facilitate payment in one of two ways: 'Pay away funds' – accounts set up to pay out cleared funds arising on the account automatically either as they arose or at pre-set intervals; or 'Retain funds' – accounts set up to retain any cleared funds arising on the account indefinitely.

For accounts set up on System B to retain funds, SPL sought to control payments out by requiring payment instructions to be authorised by a member of the firm’s Finance department (Finance). However, this control by Finance did not apply where an account was set up to pay away funds automatically. A dishonest member of staff in Settlements might therefore circumvent this control by improperly changing the status of the account from 'retain funds' to 'pay away funds' and changing the payee’s details to those of an account that he controlled. It was therefore important that SPL monitored changes to payment instruction static data on client accounts.

A daily exception report was generated which detailed all changes to static data made on accounts set up on System B. This report was accessible to members of SPL's Compliance department (Compliance) and Settlements for monitoring purposes. However, prior to February 2004 it was only accessed by Mr A at SPL. After February 2004, Compliance also accessed the report to carry out sample checks of the client's categorisation on the system and to ensure that all new accounts had received Compliance sign-off. After SPL's new private client department opened in May 2005, these reviews were extended to include sample checks against details contained in the application forms of new clients. However, during the Relevant Period Compliance's reviews of the daily exception reports did not focus on changes made to static data on existing accounts. As a result, if Settlements staff manipulated static data on older client accounts, it was unlikely that this activity would be discovered by Compliance.

Thirty-three of the frauds committed by Mr A between May 2003 and April 2006 involved unauthorised changes to static data made by Mr A on twelve client accounts. In this way, SPL's failure to adequately monitor static data changes facilitated the theft of £92,107.

Dormant Account Monitoring and Control

A dormant account is an account on which there has been no trading activity for a period of at least two years or that is otherwise known to be inactive. Dormant client accounts carry an increased risk of fraud because they are not likely to be monitored by the clients who hold them. The risk of misuse applied to all dormant accounts, whether they were institutional client accounts or private client accounts.

SPL did not adequately control dormant client accounts to prevent them being misused. The majority of the legacy private client accounts that remained open during the Relevant Period were dormant. This was therefore a particularly high risk category of accounts that required SPL's attention. Significant efforts were made by SPL to contact legacy private clients and return any balances on their accounts following the closure of the old SPL private client department in 1997. However, SPL was unable to close thirty-eight legacy private client accounts, some of which continued to hold client money or assets. SPL was unable to locate and obtain instructions from those legacy private clients, and accordingly those legacy accounts remained. Despite the fraud risks posed by these legacy accounts, SPL allowed them to be left open on System B without putting in place a process for monitoring any activity on them.

Twenty-six of the frauds committed by Mr A between May 2003 and March 2005, involved the misuse of a total of four dormant institutional client and/or legacy private client accounts. In this way, SPL's failure to adequately monitor and control dormant accounts facilitated the theft of £108,891.

Reconciliation of Internal Accounts

It was necessary for SPL to monitor its internal accounts in order to identify any errors in the booking of entries onto System B by Settlements staff and to identify any manipulative practices involving these accounts. However, there was no process in place at SPL to adequately govern this area.

As part of his responsibilities, SPL expected Mr A to regularly reconcile the firm’s internal accounts. However, for at least fifteen months he did not reconcile these accounts at all. He was not challenged by SPL over the fact that he had not been reconciling these accounts until around October 2005. The fact that the reconciliations had not been completed for a substantial period of time then made it difficult and time-consuming for him to complete them. This gave Mr A an apparently plausible excuse to delay further, which SPL accepted.

Two of the frauds committed by Mr A involved the misuse of SPL internal accounts, namely the Placing Account (theft of £1,505 interest in October 2004) and the Warehouse Account (transfer of a £2,883 personal dealing loss in March 2005).

Twenty-four of the frauds (theft of riskless principal trading profits of £39,127 between May 2003 and March 2005) involved monies that should have been booked to the Trading Account. This was not one of SPL's internal accounts, but SPL should have taken steps to ensure that the booking of entries that should have been posted to this account by Settlements was being monitored. SPL introduced an electronic order management system in 2005. However, before this system was introduced, SPL should have mitigated fraud risk in this area, for example, by independently reconciling trades executed by its front office against those booked by Settlements.

If SPL had taken proper steps to ensure that such reconciliations were completed during the Relevant Period, it is likely that Mr A would have been deterred from committing some of the frauds. Effective and independent monitoring of internal account reconciliations would have also led to his fraudulent activity being detected earlier.

Discovery of Issues

In July 2006, SPL dismissed Mr A. The replacement that SPL recruited in August 2006 was asked to reconcile the firm's internal accounts as a priority. In January 2007, when reconciling the Warehouse Account, Mr A's replacement discovered one of the frauds. Further investigations by SPL in the following months uncovered the remaining frauds.

1 comment:

  1. Anonymous7:19 PM

    Good day !.
    You may , perhaps curious to know how one can collect a huge starting capital .
    There is no initial capital needed You may start to receive yields with as small sum of money as 20-100 dollars.

    AimTrust is what you need
    AimTrust incorporates an offshore structure with advanced asset management technologies in production and delivery of pipes for oil and gas.

    Its head office is in Panama with offices everywhere: In USA, Canada, Cyprus.
    Do you want to become a happy investor?
    That`s your chance That`s what you wish in the long run!

    I feel good, I started to take up income with the help of this company,
    and I invite you to do the same. If it gets down to choose a proper companion utilizes your money in a right way - that`s AimTrust!.
    I take now up to 2G every day, and what I started with was a funny sum of 500 bucks!
    It`s easy to start , just click this link http://avoqeron.builtfree.org/enijesa.html
    and go! Let`s take our chance together to become rich

    ReplyDelete