Verification key to halting cyber scams

The threat of cyberattacks is very real in the financial advisory industry, but not all advisers are getting the message.
OCT 16, 2016
The threat of cyberattacks is very real in the financial advice business and has been for some time now. But not all advisers are getting the message. Two weeks ago, a former broker for Wells Fargo Advisers Financial Network was fined $5,000 and suspended for 30 days by the Financial Industry Regulatory Authority Inc. for transferring $350,000 to someone she thought was a client. Turns out it was an imposter posing as her client via a series of email exchanges. The case was noteworthy for the amount of money involved. Most cases of wire-transfer fraud involving bogus emails are for much smaller amounts. In a survey a few years ago, the Securities and Exchange Commission found that 74% of cases involved amounts less than $5,000.

NO VERBAL CONFIRMATION

In the Wells Fargo case, Finra determined that the adviser failed to verbally confirm the email instructions to verify the client's identity, which she was required to do under Wells Fargo's protocol. If she had, the money likely never would have been sent. Actually, the Finra fine and suspension are the least of this adviser's worries. Wells Fargo fired the broker over the incident, and she is not currently registered with another broker-dealer. No one can blame Wells Fargo. It had a policy in place that the adviser ignored. Adding insult to injury, the adviser misled the firm by indicating in an internal system that she had verbally confirmed the client's identity when she hadn't. Wells Fargo was forced to reimburse the client the $350,000. (Related read: Financial advisers severely underestimating cyberthreats: experts) More than half the brokerages surveyed by the SEC acknowledged they had been targeted by imposters using stolen email addresses in wire-transfer scams. Among the brokerages that lost money in these scams, 25% said it was the result of employees not following client verification procedures. Adviser and InvestmentNews contributor Sheryl Rowling last week described what happened recently at her firm when an email arrived seeking a wire transfer. “The email had the client's business address and appropriate footer. It also referenced personal information that the client would know. In this case, we called the client for confirmation and discovered it was a scam,” she wrote. Ms. Rowling's firm could easily have ended up getting scammed as Wells Fargo did. The difference was that her firm followed its established procedures to verbally verify requests for wire transfers, while the broker at Wells Fargo did not. (Related read: Heading off hack attacks) Ms. Rowling also noted that the bogus email requesting the wire transfer was from a foreign account. “This should automatically ring a warning bell,” she wrote. Most brokerages and advisory firms are hesitant to discuss in detail the procedures they follow to verify that requests they receive for wire transfers are actually coming from customers and not fraudsters. But almost all seem to involve a verbal verification of some sort. That's fine as long as employees are following the procedures. It seems in more than a few cases they are not, despite the consequences they must know they face for not following them.

A LOT AT STAKE

Perhaps in the future, firms will come up with better ways to verify wire transfers that do not depend on brokers. After all, a lot is at stake: not only the amounts that firms such as Wells Fargo have to reimburse clients who lose money, but customer confidence and the reputation of the firm going forward. Until then, firms should remind their advisers in no uncertain terms that if they violate these verification procedures, they will almost certainly lose their jobs.

Latest News

As Trump Accounts prep for July 4 launch, Franklin Templeton plans $1,000 match
As Trump Accounts prep for July 4 launch, Franklin Templeton plans $1,000 match

“We are helping families take an important first step toward building a financial foundation for the next generation,” said Franklin Templeton CEO Jenny Johnson

Savant Wealth Management enters Maine with latest acquisition
Savant Wealth Management enters Maine with latest acquisition

Richard Brothers Financial Advisors joins the fee-only RIA, adding its first Maine office and $240 million in client assets

Clearstead adds $5.3B Philadelphia wealth team from myCIO
Clearstead adds $5.3B Philadelphia wealth team from myCIO

Cleveland RIA grows to $68 billion in assets as Philadelphia team, deepening its high-net-worth and retirement-plan practice.

Advisors still have questions on Trump Accounts ahead of July 4 launch
Advisors still have questions on Trump Accounts ahead of July 4 launch

Financial planning leaders say unresolved rules on fees, Roth conversions and financial aid complicate comparisons with 529 plans.

Trust at Scale: How AI Personalization Rewires Business for Growth
Trust at Scale: How AI Personalization Rewires Business for Growth

AI can personalize at scale, but without trust, it falls flat.

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income

SPONSORED Why direct indexing stopped being optional

Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.