We're sending this update to you because a few of our
clients have been subject to a simple yet highly sophisticated
scam, with one client losing in excess of $600,000. As we share the
story with more people, one-on-one, in compliance committees, at
compliance forums, via our regulatory update subscription service
and elsewhere, we are hearing more variations of the same scam.
People are often unwilling to talk about it, because being caught
is, well, embarrassing.
Here's how it works, as described in our October regulatory
update (for subscribers to our T-REX service):
We have recently been involved with advising clients caught
by a scam targeting financial advisers and their clients. Scammers
are hacking into client email accounts, posing as those clients and
emailing financial advisers to request large withdrawals from the
client's portfolio and payment into a third party bank account.
The scam is sophisticated with the scammers reading through a
client's emails and referring to previous conversations between
the financial adviser and the client, as well as impersonating the
client's conversational style. Tip: Ensure you confirm any
withdrawal requests with your clients in person or by telephone,
particularly if you receive an email requesting payment into a
third party bank account. Ensure these procedures are followed,
especially when a client travels overseas.
Following that release, and after conducting more research,
we've seen more iterations of the scam:
An overseas advisory firm, as reported in the
Wall Street Journal, was caught by the same tricks, and due to
the impression of urgency, the adviser "skipped" the
internal telephone verification protocol.
Simple telephone verification is not a fix-all to avoid the
scam. A financial planning dealer group colleague said that one
scammer pre-empted telephone verification; and called in,
successfully impersonating the spouse of her planner's client,
and knew enough about the client to carry on a conversation and
effectively remove the need for further telephone verification
before a third party transfer.
One client required the masquerading scammer to complete a
third party account opening form, so that money could be moved from
the client's platform-managed bank account, to the third party
account. The form was emailed to the client's email address,
fraudulently signed, returned, and the account was opened and money
Scammers are looking at the scope of advice and goals described
in advice documents and telling the advisers things like "in
line with my goals, I'd like to support my daughter buy her
next house." Tight payment deadlines are then imposed,
creating a sense of urgency, coinciding with excuses about
"global roaming not working" so as to avoid telephone
We're often told about the scams because our clients want to
do the right thing and, if necessary, notify ASIC of a breach of
the financial services laws. As you know, both ASIC and AUSTRAC
have breach or notification reporting mechanisms. If you and your
client are subject to fraud, this does not automatically mean you
have breached your Australian Financial Services Licence (AFSL)
obligations. However, the steps leading up to the breach need to be
carefully assessed to ensure that normal disclosure and conduct
rules have been complied with. Also, it does not automatically mean
you must report a suspicious matter report with AUSTRAC. Despite
this, in a number of instances you may decide to notify regulators
so that they have market intelligence on current scams, and can
provide further guidance to industry to help avoid them in the
Of course, your disgruntled client is also likely to come to you
seeking compensation on the grounds that you acted negligently or
in breach of contract by not detecting and preventing the
So, what should you do now?
Ensure that your procedures regarding dealing and suspicious
matter reporting are up to scratch.
Ensure that staff are trained on the red flags associated with
the scam: a request for a new third party money transfer (always),
being on holidays (sometimes), urgency (sometimes). Google the
terms "wire transfer fraud" if you'd like plenty more
case studies of this scam.
Ensure that all third party transfer requests are orally
confirmed in a way that is unique to the client. For example, set
up a code word or test question when you first deal with the client
(which is never to be referred to in an email!).
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
ASIC chairman confirmed that ASIC will continue its tough stance against suspected insider trading.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).