Hearing Panel of the Central Regional Council:
- Joan Smart, Chair
- Paige Wadden, Industry Representative
Alan Melamud, Enforcement Counsel for the Mutual Fund Dealers Association of Canada
Steven Canto, Counsel for the Respondent
Paul Halloran, Respondent, in person
- Proceedings were commenced by the Mutual Fund Dealers Association (the “MFDA”) against Paul Michael Halloran (the “Respondent”) by Notice of Hearing, dated January 14, 2019. At the First Appearance on February 26, 2019, the hearing of the matter on the merits was scheduled for April 29, 2019. On April 25, 2019 the MFDA announced that, as a result of a settlement agreement entered into between staff of the MFDA (“Staff”) and the Respondent, a settlement hearing would be held on April 29, 2019.
- At the settlement hearing on April 29, 2019, the Hearing Panel considered the settlement agreement, dated April 26, 2019, (the “Settlement Agreement”) and, at the conclusion of the hearing, decided to accept it. These are our reasons for that decision.
II. AGREED FACTS
- Since August 1, 2003, the Respondent has been registered in Ontario as a mutual fund salesperson (now known as a dealing representative) with Quadrus Investments Services Ltd. (“Quadrus”) a Member of the MFDA.
- In August 2015, client EY became a client of Quadrus and opened a non-registered account to receive the proceeds from her mother’s life insurance policy. Client EY was a retired high school English teacher.
- At all material times, the Respondent was the mutual fund salesperson responsible for servicing client EY’s accounts at Quadrus.
- In January 2016, client EY transferred her Registered Retirement Savings Plan (“RRSP”) account and Tax-Free Savings Account (“TFSA”) from another Member to Quadrus.
- In January 2016, client EY executed a Limited Authorization Form (“LAF”), which permitted the Respondent to execute client EY’s specific trading instructions without obtaining client EY’s signature.
Quadrus’ Policies and Procedures Regarding Client Requests By Email
- At all material times, Quadrus’ policies and procedures stated, among other things:
- email hacking is a growing problem and clients can be victimized
- email transaction requests you receive from clients need to be verified with the client
- be suspicious of email requests and follow-up with the client over the telephone.
- On March 7, 2013, Quadrus posted a message on its internal website for Approved Persons that stated:
- Be extra cautious if you receive client requests by email.
- Email hacking is a growing problem and clients can be victimized. We’re aware of fraudulent emails sent to financial security advisors that appear to be from legitimate clients. Emailed transaction requests you receive from clients need to be verified with them. There are steps you should take to help protect yourself and clients from fraudulent communications.
- What you should do
- Be suspicious of email requests and follow up with the client over the phone. Be sure to document the call in your files. Things to watch for in emails include:
- Requests marked urgent or for an emergency
- Requests for account balances when no account information is given
- Indications that the client is out of the country and only able to communicate via email
- Requests to withdraw funds and direct an electronic funds transfer to a third-party described as a business partner or relative.
- On February 22, 2016, Quadrus circulated an email to all Approved Persons, which advised how fraudulent redemption requests had been made by third parties who had hacked two clients’ email accounts. The email stated:
- To protect yourselves and your clients ensure that you take steps to verify that transaction requests are legitimate:
- Keep email correspondence with clients to a minimum and never accept transaction instruction via email.
- Remember, once money has been sent the chances of getting it back are slim to none. If you receive a transaction request via email call the client to confirm the instructions. Request an in person meeting if you have concerns that the person you are talking to is not the client.
- Watch for requests that ask for redemption proceeds to be directed to a different address or bank account from prior transactions.
- If not meeting with a client in person, compare the signature on any transaction form you receive to ones on forms that you know are accurate to look for possible forgeries. You should also still verbally confirm the instructions with the client.
- Notify Quadrus of any suspicious requests or activity so that Head Office can investigate further and take additional precautions such as flagging a client’s account(s).
- To protect yourselves and your clients ensure that you take steps to verify that transaction requests are legitimate:
The Respondent Processed Redemptions Requested by Email Without Verifying the Client’s Identity
- Unbeknown to the Respondent, a fraudster hacked client EY’s email account. Client EY had previously used the email account to communicate with the Respondent.
- Using the hacked email account, the fraudster contacted the Respondent to obtain client EY’s investment portfolio information, discuss a redemption request including having the funds transferred to the United Kingdom and to a “business associate”, and provide information about a bank account where the redemption monies would need to be transferred.
- On October 4, 2016, the fraudster sent by email a void cheque, on which the fraudster had printed client EY’s name and address, purportedly for client EY’s bank account. The void cheque identified a bank account at a Toronto-Dominion Bank branch in Toronto, Ontario. Client EY’s home address was in Kingston, Ontario.
- Between October 11 and November 4, 2016, the Respondent processed redemptions totaling $171,270.80 from client EY’s accounts at Quadrus based upon email requests received from the fraudster. The Respondent used client EY’s LAF to process the redemptions.
- The first two redemptions of $43,500 and $50,000 in October, 2016 were made from client EY’s non-registered account. The redemptions on November 4, 2016 were made from client EY’s non-registered account (13,560.03), her TFSA ($10,986.97) and her RRSP ($53.223.80) to total $60,000 after DSC fees and taxes.
- The Respondent used the void cheque received from the fraudster to arrange for the redemption proceeds to be deposited into the fraudster’s new bank account.
- The emails from the fraudster contained a significant number of grammatical and typographical errors.
- The Respondent failed to verify that client EY had submitted the email requests relating to the bank account or the redemptions in the client’s accounts.
- The Respondent failed to comply with Quadrus’ policies and procedures that required all email instructions received from clients be confirmed by telephone prior to processing any transactions.
The Respondent Submitted an Inaccurate Account Form to Quadrus
- The Respondent processed a redemption on October 11, 2016 in the amount of $43,500, relying upon the LAF to submit the redemption request. For such transactions, the Respondent was required to complete a Record of Verbal Transaction Instructions (“RVTI”) form.
- The Respondent arranged for an RVTI to be submitted to Quadrus. The RVTI, which was prepared by the Respondent’s Marketing Assistant for whom he was responsible, and executed by the Respondent, stated that the Respondent had obtained redemption instructions from client EY by email and That was inaccurate, as the Respondent had only communicated with the fraudster (posing as client EY) by email.
The Respondent Engaged in Discretionary Trading
- At all material times, Quadrus’ policies and procedures strictly prohibited its Approved Persons from engaging in discretionary trading.
- On November 4, 2016, when the Respondent processed redemptions from client EY’s accounts at Quadrus, he used his discretion to determine: from which accounts to redeem monies; what funds to redeem within each account; and the amounts of the redemptions.
- In addition, the Respondent chose to redeem funds from the RRSP account without advising the client of the tax implications.
The Respondent Discovers the Fraud
- On November 21, 2016, the fraudster emailed the Respondent requesting a redemption of $30,000. The Respondent replied advising that the redemption would result in certain fees and tax withholdings, and requested confirmation that the client nonetheless wished to proceed with the redemption.
- The fraudster sent a new email to the Respondent directing that he should proceed with the redemption. The Respondent sent a further follow-up email asking for a direct response to his warning email for his records.
- The fraudster failed to respond, prompting the Respondent to contact client EY by telephone. In that call, client EY advised that she had not made any redemption requests.
- In March 2017, Quadrus compensated client EY fully for the losses resulting from the fraudulent redemptions.
Actions Taken by Quadrus
- Quadrus issued a disciplinary letter to the Respondent and placed him under close supervision for a period of at least six months. Quadrus identified no issues with respect to the Respondent’s trades while he was under close supervision.
Position of the Respondent
- The Respondent stated that he now regularly reviews the Quadrus Code of Business Conduct and Ethics for Investment Representatives. The Respondent also completed the investment/securities continuing educational course titled The Agent Broker as a Professional, offered by Pro-Seminars, and enrolled himself in the Mutual Fund Dealer Compliance Course offered by the IFSE.
- The Respondent indicated that:
- while he had access to the message posted on Quadrus’ internal website, referred to at paragraph 9 above, he was unaware of the posting; and
- while the email circulated by Quadrus on February 22, 2016, referred to at paragraph 10 above, was sent to him, he was unaware of it.
- The Respondent stated that he was confused by the RVTI forms, which contained a checkbox for instructions received by email, but acknowledged that this did not relieve him of his obligation under the policies and procedures manual to verify instructions received by email.
- With respect to the issue of discretionary trading, the Respondent stated that he selected for redemption mutual fund units that would minimize redemption fees incurred by the client.
- The Respondent stated he had no fraudulent or malicious intent and was unaware he was dealing with a fraudster, when performing the trades referred to above.
- At the hearing the Respondent confirmed that he now only deals with client trade instructions by telephone or in person.
III. ADMITTED CONTRAVENTIONS
- The Respondent admitted that:
- between October 11, 2016 and November 4, 2016, he processed redemptions totalling $171,270.80 from a client’s accounts, based on email instructions from a fraudster who had gained unlawful access to the client’s email account, without taking steps to verify that he was communicating with the client, contrary to Quadrus’ policies and procedures and MFDA Rules 2.1.1, 1.1.2, and 2.5.1;
- on October 11, 2016, he executed and submitted to Quadrus, in order to process a redemption, a RVTI form that contained inaccurate information, contrary to MFDA Rule 2.1.1; and
- on November 4, 2016, he engaged in discretionary trading in a client’s accounts, contrary to Quadrus’ policies and procedures and MFDA Rules 2.3.1(b), 1.1.2, 2.5.1 and 2.1.1.
IV. PROPOSED SETTLEMENT
- The Respondent agreed to the following sanction:
- the Respondent shall pay a fine of $15,000 in certified funds upon acceptance of the Settlement Agreement;
- the Respondent shall pay costs in the amount of $5,000 in certified funds upon acceptance of the Settlement Agreement; and
- the Respondent shall in the future comply with MFDA Rules 2.1.1, 2.3.1(b), 2.5.1 and 1.1.2.
- Section 24.4.3 of MFDA By-law No. 1 provides that a hearing panel may only accept or reject a settlement in its entirety and it is generally accepted that hearing panels will not lightly interfere in a settlement agreement reached between Staff and a respondent. See, for example, Ho (Re), 2018 LNCMFDA 21 at paras. 24-26.
- In determining whether to accept the Settlement Agreement, the Hearing Panel considered primarily whether it was proportionate and fell within a reasonable range of appropriateness having regard to the Respondent’s conduct, the MFDA Sanction Guidelines and previous cases, and whether it would serve as a specific and general deterrent.
Breach of MFDA Rules
- The Respondent’s failure to comply with Quadrus’ policies and procedures in respect of email transaction requests was serious misconduct. He should have also ensured that he read and complied with all compliance-related communications from his firm. Compliance by an Approved Person with his or her Member firm’s policies and procedures is critical to the successful functioning of the self-regulatory system.
- The Respondent’s misconduct in this regard was aggravated by several factors, including the following:
- his failure to detect a number of rather obvious red flags which ought to have raised his suspicion and caused him to take steps to avoid the fraud including: numerous grammatical and typographical errors in emails purportedly from client EY, a retired high school English teacher; a request from the fraudster for a summary of accounts without providing account information; requests from the fraudster to send money overseas and to a “business associate”; and the void cheque provided by the fraudster for an account in Toronto when client EY lived in Kingston;
- client EY suffered a significant loss of $171,270.80 as a result of the Respondent’s misconduct, although she was reimbursed by Quadrus; and
- the misconduct occurred over a period of approximately six weeks in response to a series of emails from the fraudster and involved redemptions on three occasions.
- We found that the Respondent’s actions in processing redemptions in response to email requests without verifying the client’s identity were contrary to his firm’s policies and procedures and constituted a breach of MFDA Rules 2.1.1 and 1.1.2 (as it relates to 2.5.1). In relation to Rule 1.1.2, previous cases, such as Frank (Re), 2015 LNCMFDA 75 at paras. 56-58 have established that the failure by an Approved Person to comply with the Member’s policies constitutes a violation of the Rule.
- The submission by the Respondent of an inaccurate form to Quadrus on October 11, 2016 in order to process a redemption also constituted serious misconduct and was contrary to MFDA Rule 2.1.1. When an Approved Person submits an inaccurate form, it undermines the ability of the Member firm to supervise the Approved Person and protect the interests of clients.
- Further, we found that the Respondent engaged in discretionary trading on November 4, 2016 when he used his discretion to determine: from which account to redeem monies; which funds to redeem within each account; and the amounts of the redemptions from the accounts. This constituted serious misconduct, in breach of Quadrus’ policies and procedures and MFDA Rules 2.3.1(b), 1.1.2 (as it relates to 2.5.1) and 2.1.1, notwithstanding his stated intention to minimize redemption fees.
- The proposed sanction was within the range of other decisions by MFDA hearing panels in somewhat similar circumstances, although we were of the view that it was toward the lower end of the range of appropriateness, in light of the Respondent’s multiple contraventions set out above. Such other cases included Coward (Re), 2018 LNCMFDA 146, Chiu (Re), 2017 LNCMFDA 216 and Scott (Re), 2017 LNCMFDA 74.
- However, the Hearing Panel took into consideration certain mitigating factors in deciding to accept the Settlement Agreement, including the following:
- perhaps most importantly, the Respondent has taken steps to ensure he does not repeat the misconduct, including by regularly reviewing his firm’s Code of Business Conduct and Ethics, committing to only take trade instructions from clients in person or by phone and taking additional training courses;
- there was no evidence that the Respondent derived any financial benefit from processing the redemptions other than usual commissions and fees to which he would have been entitled had the requests come from client EY and not the fraudster;
- the Respondent recognized the seriousness of, and accepted responsibility for, his misconduct and, by entering into the Settlement Agreement with MFDA Staff, saved the MFDA the time and expense of a full hearing;
- Quadrus took certain actions against the Respondent in respect of his misconduct; and
- the Respondent has not previously been the subject of a MFDA disciplinary proceeding.
- We were of the view that a fine of $15,000 is significant and will send a message to the Respondent and others in the mutual fund industry about the seriousness of the misconduct in issue.
- We concluded that the agreed sanction, including costs, was proportionate and fell within a reasonable range of appropriateness having regard to the Respondent’s misconduct, MFDA guidance and precedents, and would serve as a specific and general deterrent. We decided in all the circumstances it was appropriate to accept the Settlement Agreement and we did so.
Joan SmartJoan SmartChair
Paige WaddenPaige WaddenIndustry Representative