FINRA fines Citigroup for inadequate background checks - lessons for firms

NEW YORK(Thomson Reuters Regulatory Intelligence) - The Financial Industry Regulatory Authority on Monday fined Citigroup Global Markets{here} for hiring three convicted criminals over a seven-year period after failing to run adequate background checks on more than 10,000 employees.

Raindrops are pictured on a signboard of Citibank at its branch in Tokyo, February 23, 2009. Citigroup is in talks that could result in the U.S. government increasing its stake in what was the country's most valuable bank, a source said, and the Wall Street Journal said taxpayers could own as much as 40 percent of the ailing lender's common stock. REUTERS/Kim Kyung-Hoon (JAPAN)

The industry self-regulator said it fined the New York-based bank $1.25 million for not registering or properly fingerprinting 10,400 people in its broker-dealer division between January 2010 and May 2017.

The findings and penalty do not represent the first time a large bank has been on the hook for giving jobs to persons with criminal backgrounds.

And the enforcement action showcases how firms remain vulnerable to similar sanctions unless their policies and procedures adequately address the risk.


FINRA did not identify the convicted employees or the nature of their crimes, but it said the bank had failed to conduct “timely or adequate” background checks for roughly 10,400 employees.

At least 520 of the employees were not finger-printed. None of the 10,400 employees at issue were registered, meaning they were not brokers.

“FINRA member firms must live up to their responsibility as a gatekeeper protecting investors from bad actors,” said Susan Schroeder, executive vice president of the agency’s enforcement division. “It is important that firms appropriately screen all employees for past criminal or regulatory events that can disqualify individuals from associating with member firms, even in a non-registered capacity.”

Citi self-reported the alleged infractions to FINRA, and Danielle Romero-Apsilos, a Citi spokeswoman said in a statement that the firm is pleased to have the matter resolved. The bank consented to FINRA’s resolution of the case, but it neither admitted nor denied the alleged lapses.

FINRA requires most employees at the broker-dealer firms it regulates to be fingerprinted and screened for past criminal history, regardless of whether the employee is to be registered with FINRA to be involved in investment decisions.

FINRA member broker-dealers are mandated to conduct background investigations of applicants for registration with the member firm, including verifying the accuracy and completeness of information reported to the Central Registration Depository (CRD) using the Form U4 (Uniform Application for Securities Industry Registration or Transfer).

This information is publicly available through the FINRA BrokerCheck system to help investors make informed choices about the individuals and firms with which they conduct business.

In January 2015, the Securities and Exchange Commission (SEC) approved FINRA’s proposal to strengthen the quality of the individual background vetting process used by FINRA-member institutions. Rule 3110 went into effect on July 1, 2015.

Under Rule 3110{here}, member firms must do the following:

--Conduct background verifications for new hires and transfers from other firms. This includes certifying that the firm has spoken with the applicant’s former employer(s) for the past three years.

--Maintain documented procedures for collecting information and conducting background checks.

--Validate that Form U4 information provided by the candidate is complete and accurate. These procedures should specify the process for completing the necessary public record research and provide that those checks will include, at minimum, a national search of available public records and filings like criminal records, bankruptcy filings, civil litigation, court judgments, liens and business records.

--Review an applicant’s most recent Form U5, which provides information regarding the reason for the termination of a registration with a member firm, for any potential claims regarding misconduct.

--Ascertain by investigation the good character, business reputation, qualifications, and experience of each broker applicant.

--Within 30 days of filing Form U4, a "reasonably available public records" search for information contained in U4 must be conducted. According to Regulatory Notice 15-05{here}, when conducting this type of investigation, "firms also may wish to consider private background checks, credit reports and reference letters."

Member firms are not required to conduct the background checks themselves; they can employ third-party vendors with the necessary regulatory compliance expertise if they so choose.

In addition to the initial background check, FINRA will also conduct periodic reviews of public records to validate information available to investors, regulators and firms.


In November 2017, FINRA fined J.P. Morgan Securities for incomplete background checks on 95 percent of its non-registered associate employees from January 2009 through May 2017. The failures violated regulatory imperatives and prevented the firm from determining whether these persons would have been otherwise disqualified from working at the firm.

The firm failed to adequately conduct fingerprint screening on 8,670 non-registered employees for more than eight years, according to FINRA.

Although granting the firm cooperation credit for having self-reported these lapses, the regulator scolded the firm for failing to fingerprint 2,036 non-registered “associated persons” in a timely manner, “preventing it from determining whether those persons might be disqualified from working at the firm.”

While J.P. Morgan fingerprinted the remaining 6,634 non-registered employees, it failed to screen them for all felony convictions or disciplinary actions brought by financial regulators, as required.

Instead, J.P. Morgan limited its screening to criminal convictions specified in federal banking laws and an internally-created list that included crimes such as kidnapping, rape, murder, manslaughter and sexual assault, according to the settlement.

As a result, at least four employees who should have been disqualified due to criminal convictions were allowed to remain associated with the firm for extended periods -- in one case 10 years. Another remained associated for eight years and was subsequently rehired for an additional six months, the agency said.

The list of disqualifying events includes any felony conviction within the past 10 years, certain specified felony or misdemeanor convictions, violations of various securities law, and injunctions entered to enjoin a person from performing a securities-related function.

In 2017, FINRA highlighted a focus on high-risk and recidivist brokers in its annual exam priorities letter{here}.

FINRA noted in the letter and at its annual conferences over the past few years that the agency is devoting particular attention to firms’ hiring and monitoring of high-risk and recidivist brokers, including whether firms establish appropriate supervisory and compliance controls for such persons.

In 2016, FINRA charged two executives at UBS Financial Services{here} over unauthorized trading of $190 million worth of Venezuelan bonds and falsifying records. The two men had been hired by UBS only days after being dismissed by Morgan Stanley for carrying out improper securities transactions.

That year, the SEC launched an exam initiative focused on compliance oversight and controls of registered investment advisers that employ individuals with a history of disciplinary events, including individuals that have been disciplined or barred from a broker-dealer.

In a risk alert issued in July, the SEC listed common compliance deficiencies based largely on a study of 50 firms with $50 billion in assets and 220,000 clients that was designed to review the supervision of firms that have advisers with disciplinary records.

One of the top deficiencies taken from the alert was that firms often rely solely on individual advisers’ self-reported disciplinary records, which often were incomplete or “did not fully or clearly describe” past records.

Some firms had erroneous and outdated information in Forms U4 and other required filings on hiring, disciplinary history, and licensing.

Neither the SEC nor FINRA ban firms from hiring someone with a disciplinary history -- but the regulators require that member firms ensure that such persons are supervised correctly and that necessary policies and procedures are in place.

Failure to do so is likely to result in, at a minimum, examiners citing the firm for deficiencies.


Firms can take several steps to address weaknesses in their background-checking processes. Among them is adopting written policies and procedures governing the hiring of supervised persons, especially those that have reported disciplinary events to the adviser.

Firms should seek to document what procedures they have used to learn about a prospective broker and to note the findings and any reasons for delays.

The broker-dealer should have internal policies outlining the steps required and individuals responsible for this type of investigation. There should be periodic reviews to ensure the effectiveness of these processes as they function in practice.

Service providers exist that will create disclosure monitoring reports so broker-dealers can obtain reports on applicants, but those services should be vetted for their effectiveness, troubleshooting procedures, and adaptability to business needs.

When checking credit histories of a prospective broker, it is also important to be aware of Fair Credit Reporting Act (FCRA) requirements.

Under the FCRA, it is necessary to get permission from the subject of a prospective credit report. If a hiring decision is made based on a candidate’s financial history, the FCRA requires notices to the applicant, both before and after the adverse hiring decision is made. Failure to do so can trigger monetary penalties.

The FCRA process enables applicants to challenge decisions made on credit histories and establish whether information in them is erroneous.

In examining information concerning a broker, any red flag should be documented and followed up promptly. Turning a blind eye to such information can lead to severe consequences.

Departments in a firm must coordinate their efforts regarding background checks and their documentation. Human resources and compliance departments, for example, should agree on allocating task responsibilities, sharing of information and record maintenance.

Additionally, FINRA states that the search of “reasonably available public records” must be “national” in scope, but firms doing business internationally must appreciate that there may be circumstances in which a search in foreign jurisdictions is warranted.

In terms of affirmations, firms must be able to point to and prove the use of policies that address the issue of current employees and their annual affirmations about the accuracy of the information on their U-4 forms.

Businesses should strongly consider not merely relying on these attestations and independently verify on an annual basis the currency and accuracy of such data.

But actively verifying brokers’ annual attestations can help a firm look more diligent about compliance. The exercise, even if done randomly, would also prepare the firm for the possibility of FINRA making such verification a requirement at some point.

The protection of investors that regulatory bodies and the investing public demands means that a brokerage firm must devote sufficient resources to its compliance program; the heavy lifting that background checks can entail is yet another reminder.

(By Julie DiMauro, Regulatory Intelligence, New York)

*To read more by the Thomson Reuters Regulatory Intelligence team click here:

This article was produced by Thomson Reuters Regulatory Intelligence - - and initially posted on July 30. Regulatory Intelligence provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Regulatory Intelligence compliance news on Twitter: @thomsonreuters