The Securities Information Center operates a database for the SEC containing lost, stolen, missing, and counterfeit securities certificates. When a paper cert is deposited, it's supposed to be checked against this database. Not sure at which level -- broker, clearing house, or DTC.
AFAIK, BCIT's TA didn't initially notify the SIC w/ cert numbers because they weren't known. So, the database check would have shown no problems. Then, there would have been a time lag as the certs moved from customer to broker to clearing house to DTC over to the TA for re-registration.
-----
"We simply attempt to be fearful when others are greedy and to be greedy only when others are fearful."
-- Warren Buffett