EvilCorporations.com • AWC No. 2021070253901 | FINRA vs. Fidelity Brokerage Services LLC • 11 min read

How Did Fidelity Miss Eight Years of Fraud in Its Own System?

One of America’s largest brokerages gave an employee free rein over thousands of retirement accounts for eight years. Thirty-seven international workers had their life savings silently drained. Fidelity paid a $600,000 fine and called it a day.

The Non-Financial Ledger: What a Balance Sheet Cannot Measure

Picture being an international worker. You are employed by a company large enough to offer equity compensation, which means your employer gave you stock, or the right to buy stock, as part of your pay. You trusted a financial institution with a household name to hold and manage that benefit. You are not in the United States. You may not speak English as a first language. You are navigating a foreign financial system and you are doing everything right.

One morning, you notice something is off. Or maybe you don’t notice at all, and your money is just gone by the time you look. You call Fidelity. And somewhere in that phone call, you learn that a person sitting at a desk inside one of the world’s most recognized financial companies had quietly renamed your account after himself, redirected your money to a P.O. Box in his home state, and been doing it for years.

The phrase “full restitution” appears in the FINRA document. It is meant to reassure. But restitution cannot give back the months of anxiety before anyone believed you. It cannot give back the time you spent trying to explain, in a second language, to a customer service representative, that something was wrong with your account. It cannot give back the trust that a financial system is supposed to earn and then destroyed.

Thirty-seven people. These were not wealthy investors with diversified portfolios who could absorb a hit. These were employees whose stock plan accounts represented real, earned compensation, often held for years toward a specific goal. Each one of those 37 accounts was treated as a personal ATM by someone with a company login. And the company’s systems, written rules aside, made it easy.

There is also a particular cruelty in the mechanics. The employee did not just take money. He took identity. He changed the victim’s name to his own, or to the name of a fake account he controlled. For the duration of the theft, the account officially belonged to him. The victim, in Fidelity’s system, had been erased and replaced. That is not just fraud. That is erasure of a person’s documented existence inside an institution that was trusted with their future.

Fidelity has 31,000 registered representatives and approximately 850 branch offices. It has been a FINRA member since 1979. It had already been penalized once, in 2015, for the same category of failure. The 37 workers who lost money between 2015 and 2020 were defrauded after Fidelity had already been told, officially and with a financial penalty attached, that its fund-transmittal oversight was broken. That context belongs in the ledger too.

Legal Receipts: What the Documents Actually Say

Every quote below is pulled verbatim from FINRA AWC No. 2021070253901. Nothing is paraphrased or embellished.

“From December 2012 to October 2020, the firm’s supervisory system, including its written supervisory procedures, was not reasonably designed to supervise associated persons’ access to SPS account data or the transmittal of funds from international SPS accounts. As a result, the firm failed to detect that, for nearly eight years, an associated person responsible for supporting the maintenance of SPS account data converted approximately $750,000 from 37 international plan participants.”

“The firm did not monitor for or prevent associated persons from accessing or changing data without tracking it through the workflow management tool. As a result, the associated person was able to evade detection by accessing and changing SPS account data without logging the changes in the workflow management tool for almost eight years.”

“In 37 international SPS accounts, the associated person was able to use his data access to change the plan participant’s name to his own name or the name of a domestic SPS account he created and controlled and then link the international SPS account to (1) banking instructions for checks in his own name sent to a P.O. Box address located in his home state that he controlled or (2) wire instructions for the domestic SPS account he created and controlled.”

“When the associated person changed the international SPS account data and linked those accounts to the domestic SPS account, the plan participant listed as the owner appeared to be employed by multiple companies in various industries. The firm did not identify or investigate why the owner of the domestic SPS account appeared to be associated with multiple plan sponsors.”

“The associated person impersonated the plan participants through Fidelity’s online SPS plan participant portal using the data he improperly accessed to liquidate some or all of their holdings. The associated person then withdrew the funds either by issuing checks from the international SPS accounts payable to himself, which were mailed to the domestic P.O. Box he controlled, or by wiring money from the international SPS accounts to the domestic SPS account he created and controlled…”

“The firm discovered the associated person’s conversion after an international SPS plan participant contacted the firm with questions regarding transfers out of his account.”

Societal Impact Mapping

Financial theft targeting international workers does not produce a visible public health crisis, but the downstream effects of sudden, unannounced loss of savings are documented across behavioral health literature. This case produced conditions where those effects were entirely preventable.

• The 37 affected workers were international plan participants, meaning many were navigating a foreign financial system with limited English-language support and limited access to U.S.-based consumer protection channels. The combination of financial shock and systemic inaccessibility is a documented driver of acute stress, anxiety disorders, and financial trauma.
• Because Fidelity did not detect the fraud through its own systems, victims had no forewarning. Financial loss without warning is associated with higher psychological impact than anticipated or gradual financial decline, particularly among workers who had no reasonable basis to suspect a problem with a major institutional broker.
• The period of exposure spans eight years. Any victim who checked their account and saw a normal balance during that window was in fact looking at a compromised account. The discovery that your financial record had been falsified for an unknown period of time, including your own name having been replaced, is a specific category of financial identity harm with documented psychological consequences that extend beyond the recovered dollar amount.

This case reveals how financial institutions apply different levels of protection to different classes of customer, specifically dividing domestic and international account holders in their surveillance architecture.

• Fidelity’s fraud surveillance system covered domestic accounts. International SPS accounts were categorically excluded from that same system and from every other surveillance program during the entire eight-year fraud window. The protection gap was architectural, not incidental.
• International workers in equity compensation plans are often employed at multinational companies in professional roles, but they hold significantly less institutional power relative to U.S.-based plan participants when interacting with U.S.-based financial infrastructure. They are less likely to know who to call, what regulators exist, and what their rights are.
• The $750,000 stolen from 37 accounts represents earned compensation, often in the form of employer-granted equity, not discretionary investment capital. For many plan participants, stock plan accounts represent a meaningful portion of their net worth. The theft did not take from people with excess; it took from people whose employer had chosen to compensate them partly in stock.
• The fine Fidelity paid ($600,000) is slightly less than the amount stolen ($750,000). A company with approximately 31,000 registered representatives and 850 branch offices absorbed a fine that did not even cover the direct damages to its own customers. The structural incentive to fix problems proactively is absent when the penalty for being caught is smaller than the harm caused.
• This is Fidelity’s second documented enforcement action for the same category of failure. The 2015 fine did not prevent five more years of identical conduct. Without regulatory escalation beyond monetary fines, the economic incentive to close systemic gaps is weak.

The “Cost of a Life” Metric

What Now? Concrete Steps for People Who Are Paying Attention

Fidelity’s Chief Compliance Officer, Gail Rachel Merken, signed the AWC on January 8, 2025. FINRA Principal Counsel Katherine Florio accepted it on behalf of FINRA’s Department of Enforcement on January 3, 2025. The case is now part of Fidelity’s permanent disciplinary record. Corporate Counsel for Fidelity was provided by Ariel Gursky and Ben A. Indek of Morgan, Lewis & Bockius LLP.

Regulatory Watchlist

• FINRA (Financial Industry Regulatory Authority): The body that investigated and sanctioned Fidelity. You can search Fidelity’s full disciplinary history at FINRA BrokerCheck (finra.org/brokercheck). AWC No. 2021070253901 is now public record.
• SEC (Securities and Exchange Commission): The federal regulator with oversight of brokerage firms. FINRA operates under SEC authority. If FINRA fines are too small to drive change, the SEC has broader statutory power to escalate.
• CFPB (Consumer Financial Protection Bureau): Covers consumer financial products and services. If you believe you have been the victim of financial institution misconduct, a CFPB complaint creates a public record that regulators track for pattern investigation.
• DOJ (Department of Justice): The FINRA document notes the employee was “criminally sentenced.” The criminal prosecution of the individual is separate from Fidelity’s corporate accountability and is a DOJ-level matter.

If You Have a Stock Plan Account with Any Major Broker

• Pull your account statement today and cross-reference your registered name, mailing address, and bank instructions against what you actually submitted when you opened the account. Discrepancies are the exact red flag that went undetected here.
• If you are an international plan participant, specifically ask your plan administrator whether outgoing money movements from your account are included in the broker’s active surveillance program. Ask for confirmation in writing.
• File a FINRA complaint at finra.org if you suspect any unauthorized changes to your account, especially if the broker fails to investigate promptly. Your complaint goes into a regulatory database that shapes future enforcement priorities.
• Connect with worker advocacy organizations in your sector, particularly if your company sponsors equity compensation plans for international employees. Groups focused on migrant worker financial rights and international labor rights can help you understand your options in cases where U.S. regulatory access is limited.
• Share this article with anyone you know who participates in a stock plan or equity compensation program through a major brokerage. The gap between the written policy and the enforced reality documented here is not unique to Fidelity.