All told, the five reps stole about $1.6 million—most between 2008 and 2013—before Ameriprise discovered the crimes. All were immediately fired upon discovery of the crimes.

During the relevant period, Ameriprise had an intricate compliance and supervisory system in place that included automated surveillance tools to detect when firm representatives might be engaging in fraud.

But technical glitches in the firm's programs allowed the criminals to slip through the cracks.

One of those tools, the Fraud Early Detection System, was designed to flag situations where reps change clients' addresses to an address associated with a rep, an action Ameriprise's internal controls considered to be “suspicious and indicative of a possible attempt to improperly gain control of the client's accounts and misappropriate funds,” according to the SEC's order.

“Ameriprise considered attempts to replace a client's address with an address controlled by a representative to be suspicious and indicative of a possible attempt to improperly gain control of the client's account and misappropriate funds,” the order says.

But the FEDS program failed to flag fraudulent address changes when the criminals' forgeries did not completely synch up with reps' addresses in the database. For instance, an address change request with the abbreviation “Ave.” may not have been detected if the database listed the corresponding rep address under “Avenue.”

Ameriprise found the glitch in the FEDS program by December of 2013.

Another oversight tool failed to flag fraudulent wire transfers, due to what the SEC described as a “limitation” in the technology's design.

In agreeing to the settlement, Ameriprise neither admitted nor denied the SEC's findings.

“We are pleased to bring this matter to a resolution,” said John Brine, senior vice president of corporate communications for Ameriprise, in a statement to BenefitsPRO.

“The actions of these five individuals – which happened years ago – were in clear violation of our policies and resulted in their immediate separation from the firm. We fully reimbursed clients who were impacted after the activity was discovered. We continually review and enhance our compliance program to better detect this type of prohibited activity,” added Brine.

The SEC provides detailed information of the crimes—including the names of the criminals—and the failures in the Ameriprise's oversight controls.

“The SEC's order found that Ameriprise has implemented a new system to safeguard clients' money and that Ameriprise reimbursed all impacted clients for the losses they incurred due to the misconduct of the five representatives,” the agency said in a press release.

Barbara J. Stark and Susan Walker

Stark, a franchise operator in Minnesota, and her daughter, Walker, a rep who helped administer the retail book of business, engaged in approximately 600 fraudulent transactions between 2008 and 2013, misappropriating $1 million in client funds.

The two forged client signatures on Ameriprise forms, including requests to change the address of clients and disburse funds via check and wire transfers. Money was sent to Stark and Walker's addresses, which had been disclosed to Ameriprise, but technical errors in the oversight system failed to recognize the unauthorized address changes. Compliance supervisors also failed to detect the forged signatures.

Ameriprise fired both in March of 2013 after an inquiry from state regulators. FINRA indefinitely barred both the following July. In 2014, Walker pled guilty to mail fraud and tax evasion and was sentenced to 88 months in prison and fined $1 million.

Jeffrey Scott Davis

Davis, an Ameriprise rep since 2000, stole $200,000 from five clients by wiring money from client accounts to a bank associated with one of his outside businesses.

“Even though it should have been apparent that Davis was attempting to wire money from a client account to an external party under his control, Ameriprise approved the transfer,” the SEC's order says.

Ameriprise fired Davis in July of 2013 after a client complained of unusual account activity. Previously, he was fined by the firm for unauthorized transactions and placed on heightened supervision.

Davis pled guilty to wire fraud in 2014 and was sentenced to 54 months in prison.

Justin Weseloh

Employed by an Ohio Ameriprise franchise, Weseloh stole $676,000 in funds from client accounts between 2011 and 2013, approximately $373,000 of which was misappropriated from Ameriprise accounts.

Weseloh wired funds from client accounts to an external account he controlled.

“Ameriprise lacked a reasonable system to detect wire disbursements from a client account to an account known by Ameriprise to be associated with or controlled by the representative,” the SEC said in its order.

Jennifer Johnson

Employed by a Minnesota franchise operator between 2009 and 2016, Johnson stole $21,000 in client funds in 2014 through unauthorized check disbursements.

Of the five reps, Johnson's fraud was detected by Ameriprise after the firm implemented changes to its oversight controls in 2013.

Her fraud was discovered in 2016 by a then newly implemented money movement system. Johnson was fired in February of 2016, and pled guilty in November of that year to “misconduct arising out of her activities.” She was sentenced to five days in prison and five years probation.