Pay Pop Inc.
In 1998, Alnoor Jiwan, a manager in CIBC Mellon's Vancouver office, was approached by Pay Pop Inc. and asked whether CIBC Mellon could issue Pay Pop Inc. shares without the required disclaimer which stated that the securities were not registered with the SEC.[16][17][18] This was a pump-and-dump scheme by Pay Pop and the brokerage.[18]
Jiwan knew that the securities were not registered, but agreed to act as the transfer agent to issue the stock certificates in return for 820,000 Pay Pop shares.[18] The SEC subsequently cited CIBC Mellon for acting as an unregistered broker and transfer agent, and for offering to sell unregistered securities. Jiwan was subsequently terminated for cause from CIBC Mellon, following the company's discovery of the transactions, and simultaneously ceasing all dealings with Pay Pop Inc.[19]
CMTC agreed to pay a civil monetary penalty of US$5 million and disgorgement of $889,773 and prejudgment interest of $140,270.[20][21] CMTC was also permanently enjoined from prescribed violations of Securities Act Section 5, Exchange Act Section 10(b) and Rule 10b-5, Exchange Act Section 15(a), Exchange Act Section 17A(c)(1), and from aiding and abetting future violations of Exchange Act Section 10(b) or Rule 10b-5.[21]
Payment was made on March 4, 2005. CMTC also consented, without admitting or denying the SEC complaint's allegations, to the entry of an SEC administrative order based on the final judgment on March 2, 2005. Pursuant to the order, CMTC was censured and agreed to an undertaking to engage an independent consultant to review its relevant businesses and procedures.[22]
Privacy breach
In 2004, a long-term employee of CIBC Mellon was terminated, after it had been discovered that they had been disclosing institutional holdings in certain companies to unidentified parties in return for gifts. It was reported that the employee had received hockey and baseball tickets as well as up to $100 in cash for tips on big investors who owned specific stocks.
The disclosures were discovered when a temporary worker received a request for data through an email. The subsequent investigation, which included reviewing phone and email records, discovered that the employee had been disclosing information for years.[23]