Lost, Stolen, or Counterfeit Securities

The lost / stolen / counterfeit securities rule is the SEC's certificate surveillance rule:

• Before electronic settlement, certificate fraud was a significant problem: thieves would steal certificates, then resell them through unsuspecting firms or to retail buyers
• The SIC database, run as the SEC's designee, lets the industry query in real time whether a certificate has been reported lost, stolen, or counterfeit before accepting it
• The rule sits at the operational layer of the financial-responsibility framework: it does not regulate net capital or customer protection directly, but it prevents the firm from accepting tainted certificates that would create downstream problems

Reporting Institutions and Reporting Triggers

A "reporting institution" under the rule includes:

• Broker-dealers
• Banks
• Transfer agents
• Other entities specified in the rule

A reporting institution must report to the SIC any securities certificate that is:

• Lost (cannot be located after diligent search)
• Stolen (taken without authorization)
• Missing (e.g., shipped but not received, or in transit and not arrived)
• Counterfeit (forged or fabricated)

Form X-17F-1A

Reports are filed on Form X-17F-1A. The form captures:

• Type of security
• Issuer
• Certificate number
• Denomination / face amount
• Circumstances of the loss / theft / discovery

Concurrent reports are filed:

• With the transfer agent for the affected security (so the transfer agent can flag the certificate in its records)
• With the FBI, if criminal activity is suspected

Timing

Lost, stolen, missing, or counterfeit reports are filed promptly upon discovery, typically within one business day. The exact timing varies based on the rule's specific timing provisions for different scenarios, but the operational expectation is rapid notification so the SIC database is current.

Exam Tip: Gotchas

• Reports go to the SIC, the transfer agent, AND (if criminal) the FBI. Filing only with the SIC misses the transfer-agent component; filing only with the FBI misses the database update. The rule expects all relevant filings.
• The reporting institutions include BDs, banks, AND transfer agents. A transfer agent that discovers a lost certificate has the same reporting obligation as the BD. The exam may probe whether transfer agents are "reporters" under this rule; they are.

The $10,000 Inquiry Threshold

Reporting institutions must inquire of the SIC database before accepting any certificate valued at more than $10,000.

How the Inquiry Works

The institution queries the SIC database to verify the certificate is not flagged as lost, stolen, missing, or counterfeit. The query is done in real time before accepting the certificate, typically as part of the firm's certificate-acceptance procedures.

If the query returns:

• No match: the certificate appears clean; the firm may accept it (subject to other due diligence)
• Match: the certificate is flagged; the firm must NOT accept it and must follow up appropriately (involve law enforcement, return to source, etc.)

What Counts as "Accepting" a Certificate

The inquiry obligation applies whenever a reporting institution receives a certificate, including:

• A customer depositing a certificate to fund a new account
• A firm receiving a certificate as part of a securities transfer
• A firm receiving a certificate as collateral or pledge

Independent Liability for Failure to Inquire

A firm that accepts a certificate over $10,000 without the SIC inquiry has independent lost-securities-rule liability if the certificate turns out to be stolen. This is true even if the firm did not actually know the certificate was tainted. The rule's design is to make the inquiry a mandatory operational step; failing to inquire is itself the violation.

Real-world example: A customer brings a $25,000 bearer bond to deposit at a BD. The firm's clerk skips the SIC inquiry because the customer is a long-time client. The certificate turns out to be one stolen from an estate three months earlier. The firm has two violations: (1) accepting a stolen certificate (which exposes it to liability to the rightful owner) and (2) lost-securities-rule violation for failing to make the SIC inquiry before accepting a certificate over $10,000. The rule liability is independent of the underlying loss.

Exam Tip: Gotchas

• The $10,000 inquiry threshold triggers an SIC database lookup before the firm accepts the certificate. A firm that accepts a certificate without the lookup and the certificate turns out to be stolen has independent rule liability on top of any underlying loss. The exam tests this number directly: the threshold is $10,000.

The Securities Information Center (SIC)

The Securities Information Center is the SEC's designee for the Lost and Stolen Securities Program. The SIC:

• Maintains the central database of reported lost / stolen / counterfeit certificates
• Receives reports from reporting institutions on Form X-17F-1A
• Responds to inquiries from reporting institutions in real time
• Distributes data to law enforcement and industry participants as appropriate

SIC Database Operation

The SIC operates as a continuously-updated central registry. When a reporting institution files a Form X-17F-1A, the certificate's details are added to the database. When another reporting institution queries the database before accepting a certificate, the database returns a match if any reporter has flagged that certificate.

The system depends on rapid reporting by the loss-discoverer and rapid querying by the certificate-receiver. A certificate stolen yesterday and not yet reported is not in the database and would not be flagged by an inquiry today. Once it is reported, every subsequent inquiry catches it.

Exam Tip: Gotchas

• The SIC is the SEC's DESIGNEE for the Lost and Stolen Securities Program; it is not part of the SEC itself. The exam may probe whether lost-securities reports go directly to the SEC; they do not. They go to the SIC, which the SEC has designated to operate the program.