ORX News digests of the month: Q1 2019

Every month the ORX News team publishes a featured digest from the ORX News service. It's a detailed look at one of the operational risk losses reported in the media that month, and is handpicked by the team as one of the most interesting stories.

Read on for all the featured summaries from Q1 2019.

March: Wells Fargo pays USD 17.4 million to investors through SEC share class initiative

On 11 March, the Securities and Exchange Commission announced that 79 investment advisors had agreed to return $125 million to clients, most of which were retail investors, through the regulator’s 2018 Share Class Selection Disclosure Initiative. Wells Fargo reached the largest settlement, totalling $17.4 million.

According to the initiative, the SEC’s Division of Enforcement agreed not to recommend fines for firms that self-reported federal securities law violations relating to mutual fund share class selection and that promptly compensated harmed clients.

The SEC found that the 79 firms had placed clients in certain mutual fund share classes when lower-cost share classes of the same fund were available, without adequately disclosing this. The firms also failed to disclose conflicts of interest related to the sale of these share classes, such as fees received by themselves in their capacities as brokers or by their broker-dealer affiliates and registered representatives.

ORX News subscribers can read the full story on the ORX News website.

February: Bank of Valletta suspends services after hackers falsify transactions to steal EUR 13 million

On 13 February 2019, Bank of Valletta announced on its website that it had suffered a cyberattack involving the fraudulent transfer of EUR 13 million, and had temporarily suspended its operations, including branches. Services resumed during the night of 13 February 2019, and the fraudulent transactions are in the process of being reversed.

According to prime minister of Malta, Joseph Muscat, at the start of business on 13 February 2019, Bank of Valletta noticed discrepancies in the reconciliation of 11 payments to the value of around EUR 13 million from its foreign payment accounts, MaltaToday reports.

ORX News subscribers can read the full story on the ORX News website.

January: Hackers access SEC EDGAR database to steal files and execute insider trades

On 15 January 2019, the DoJ and SEC announced charges related to a 2016 hacking of the SEC’s Electronic Data Gathering, Analysis, and Retrieval system (EDGAR) in which hackers accessed test filings uploaded by corporations containing confidential information. Hackers and traders who accessed the system allegedly made at least $4.1m in profits through insider trades based on this information.

Hackers and traders allegedly conspired to gain unauthorised access to the EDGAR system between February 2016 and March 2017. To gain access, the hackers exploited a software vulnerability, and used targeted cyberattacks including directory traversal attacks, phishing attacks, and infecting computers with malware. The hackers then copied corporate filings to servers they controlled, and the confidential information they contained was used to trade before at least 157 earnings releases between May 2016 and October 2016.

The DoJ formally indicted two Ukrainians on charges of securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud and computer fraud. The SEC also filed a civil complaint charging one of the Ukrainian men, six traders in California, Ukraine, and Russia, and two entities. Some of those involved had previously been charged by the SEC for a hack of newswire services in 2015.

ORX News subscribers can read the full story on the ORX News website