Securities Lawyers Blog
According to records kept by The Financial Industry Regulatory Authority (FINRA) financial Broker Ron Itin (Itin), previously associated with Garden State Securities, INC., has at least 2 disclosable events. These events include one customer complaint, one regulatory event, alleging that Itin recommended unsuitable investments in different investment products including debt securities among other allegations and complaints.
FINRA BrokerCheck shows a final customer complaint on July 12, 2024.
Without admitting or denying the findings, Itin consented to the sanctions and to the entry of findings that he failed to establish and implement a supervisory system reasonably designed to detect and prevent fraudulent fund transmittals and identify theft. The findings stated that Itin was his member firm’s designated person responsible for establishing, maintaining, and enforcing its supervisory systems. Itin failed to reasonably design his firm’s supervisory system, including WSPs, to achieve compliance with the firm’s regulatory obligations, and failed to reasonably supervise these two areas. The firm’s WSPs were generic and were not tailored to the firm’s business. The firm began receiving trading instructions and withdrawal requests from a customer’s email address, sent by hackers who had gained unauthorized access to it. The firm received multiple requests to liquidate securities in the customer’s joint account, and to transfer nearly the account’s entire value to outside bank accounts. Itin was aware of these email communications and instructions and knew that the registered representative servicing the account had not spoken with the customer to confirm the authenticity of those instructions. Itin also knew that the representative was concerned about a possible email hack. Despite this, Itin reviewed and approved multiple Request Forms submitted by the hackers, without ever speaking to or communicating with the customer, or requiring contact with the customer through any method other than the hacked email account, even when presented with numerous red flags including the refusal to contact the firm via telephone to verify the requested transactions, and their insistence that accept order and wire instructions by email only. As a consequence of ltin’s approval of multiple request forms and failure to identify, investigate and address the red flags detailed above, the hackers were able to transfer nearly the full value of the account to outside bank accounts that they controlled, causing the majority of funds in the account to be stolen. The findings also stated that Itin caused his firm to violate SEC Regulation S-ID. Itin failed to develop a program that satisfied the requirements of Regulation S-ID. The firm’s WSPs referenced identity theft but did not contain guidance to identify or detect it. Instead, the WSPs stated that the firm’s IT department would prohibit unauthorized access to the firm’s systems in the event of a customer complaint of identity theft, when, in fact, the firm did not have an IT department.
