The US Securities and Exchange Commission has instituted cease-and-desist proceedings against Morgan Stanley because of its failure to design and follow reasonable policies and procedures to prevent staff from misusing and misappropriating funds in clients' accounts.

Morgan Stanley has consented to the cease-and-desist order, lodged in the SEC's own private court. It has submitted an offer of settlement which the SEC is accepting.

From at least 2009 to the present, Morgan Stanley permitted its investment advisor representatives and registered representatives, to which it referred as financial advisors, to initiate third-party disbursements from clients' accounts of outgoing  wire transfers and journals of up to $100,000 per day per account in accordance with each advisor's attestation on an internal electronic form, saying that the advisor had received a verbal request from the client by telephone or in person and providing certain details about the request. Its reviews of such practices, according to the SEC, were inadequate. Morgan Stanley does not 'admit' to the SEC's findings, but does admit the subject matter of the order.

Sooner or later, the inevitable was bound to happen. Between December 2015 and November 2016, one of the financial advisors by the name of Barry Connell initiated more than $7 million in unauthorised transactions out of the accounts of four of his advisory clients by making false attestations on approximately 90 internal electronic forms to initiate third-party transfers between certain accounts that belonged to clients and third-party wires from clients' accounts for his benefit, as well as by his unauthorised use of approximately 20 cheques drawn on clients' accounts. Through these unauthorised transactions, Connell misappropriated more than $5 million to fund the high life. Morgan Stanley detected nothing for nearly a year, and then only when irate customers started to ask questions. The SEC takes this as a sign that Morgan Stanley failed to supervise Connell. The SEC prosecuted Connell in February.

The SEC says that Morgan Stanley flouted Rule 206(4)-7 of the Advisors Act, known as the compliance rule, which requires advisors to adopt and implement policies and procedures reasonably designed to prevent violations by the firm and its supervised persons, such as Connell.

The order mentions a case study in which a old, wealthy married couple, their adult daughter, and a trust for which the daughter serves as co-trustee, opened investment advisory accounts at Morgan Stanley for which Connell acted as the designated financial advisor and had discretion over investment decisions in such accounts. The clients signed written investment advisory agreements with Morgan Stanldyconcerning such accounts under which Morgan Stanley and Connell would provide investment advice and manage their investments in exchange for an advisory fee.  As their investment adviser, Morgan Stanley (or, more properly, Morgan Stanley Smith Barney which is an indirect wholly-owned subsidiary of Morgan Stanley) and Connell owed these clients an affirmative fiduciary duty of utmost good faith and MSSB was required under the compliance rule to, among other things, have policies and procedures reasonably designed to safeguard their assets from conversion or other inappropriate use by Connell.  
 
After December 2015, Connell began misappropriating funds in secret from the advisory accounts of the daughter and trust by initiating numerous unauthorised third-party wires and cheques to individuals and entities to cover his personal expenses and fund his lavish lifestyle. He also made a series of unauthorised cash journals from the couple’s advisory accounts to augment the existing funds in the daughter’s and trust’s accounts, which he then misappropriated. He told an assistant, referred to as a Client Service Associate, that the clients had provided verbal instructions to transfer funds and provided him with the details needed to initiate the transfers. The assistant then submitted the requests in Morgan Stanley’s systems.  In total, Connell misused clients’ funds by initiating approximately 110 unauthorised transactions totaling $7 million, and misappropriated more than $5 million through these transactions for his own benefit. Morgan Stanley has already repaid four advisory clients in full, with interest.  

Morgan Stanley’s policies, procedures and systems had threadbare mechanisms to detect or prevent a financial advisor from making third-party disbursements from a client’s account of up to $100,000 per day per account fraudulently through falsified verbal request forms. The bank did not prescribe any means of authenticating the fact that a client had asked for a third-party wire or 'journal' (a cash or securities movement between accounts at Morgan Stanley).

The bank's policies, procedures, and systems did generate certain types of exception reports for review by supervisors, but none of these reports were designed in a manner that could reasonably detect misuse or misappropriation of client's assets by the bank's advisors when they falsely attested on verbal request forms to having received verbal instruction from clients for third-party disbursements of up to $100,000 per day per account.  

In six months, the SEC (through its order) expects the Head of Risk for Wealth Management at Morgan Stanley Smith Barney to certify that new policies are fully operational.