Wire transfer fraud is rampant. FINRA member firms and their employees must be diligent in the detection of scams and the prevention of client losses. In addition, adherence to the member firm's wire transfer policies and procedures is important for the avoidance of losses and potential regulatory sanctions.
Financial losses are staggering
Between June 2016 and July 2019 there were over 166,000 incidents
of wire transfer fraud resulting in $26 billion of losses
internationally and in the United States.1 "Between
May 2018 and July 2019, there was a 100 percent increase in
identified global exposed losses."2 Most of the
losses were the result of Business Email Compromise/Email Account
Compromise (BEC/EAC). BEC "is a sophisticated scam that
targets both businesses and individuals who perform legitimate
transfer-of-funds requests." Id. A frequent scenario
involves the hacking of the recipient's email account or
"spoofing" the email address to make it appear that the
email is coming from the client when instead it is from a similar
but fake account controlled by the hacker. Cybercriminals know that
"social norms" make individuals uncomfortable challenging
a trusted client's identity or instructions. Too often, when
wire instructions are provided, they are followed without being
challenged, and the money is moved out of the client's account
for transfer overseas. If quick action is taken and the fraudulent
transfer is reported to the FBI via the Internet Crime Complaint
Center, IC33, the FBI Recovery Asset Team
"RAT" can take steps to freeze the transfers and try to
recover the money. The longer the delay, the lower the likelihood
of recovery. The RAT Team handled "1,061 incidents between its
launch [in 2018] and the end of the year, covering an 11-month
period. Those incidents caused losses of more than $257 million. Of
that, the RAT achieved a laudable 75 percent recovery rate, or more
than $192 million."4
The loss of a client's assets is disruptive and even devastating. In addition, the financial advisor and the broker-dealer are likely to suffer a financial loss and reputational damage. Making matters worse, there is real potential for regulatory action.
FINRA sanctions may be enforced
Everyone makes mistakes and plenty of people have been duped by
cybercriminals. All firms have policies and procedures designed to
verify the legitimacy of wire transfer requests. Firms typically
prohibit taking wire transfer instructions via email without, at a
minimum, an accompanying verbal verification by the client. This
use of a "two-factor" or "two-channel"
verification is an important safeguard to weed out fake
instructions sent by an imposter. Failing to follow the firm's
policies and procedures for the verification of wire transfers
opens the firm and the individual up to regulatory sanctions. In
fact, FINRA has sanctioned several brokers for failing to follow
firm policies and procedures and trying to cover up the
failures:
- December 2016 - $5,000 fine, 60-day suspension for creation of false books and records Multiple wire transfers totaling $108,000 were processed based on email instructions received from an imposter posing as an authorized party for the customer's account. The imposter gained access by hacking into the email account of the authorized party for the account. On each transfer form, the broker attested that each wire transfer request was verbally confirmed with the authorized party of the customer, even though none had been confirmed.
- February 2017 - Four individuals, 10-day suspensions A series of wire transfers totaling $147,000 were processed based upon emails received from an imposter who had hacked the customer's account. The broker falsely attested that the customer's intent to transfer the funds had been confirmed. After processing multiple transfers, the team reported the suspicious activity to the compliance department.
- September 2017 – 60-day suspension A series of wire transfers totaling $134,000 were processed based upon email instructions from an imposter. The broker convinced firm supervisors to grant an exemption to allow funds to be wired overseas to a third party, based upon claims that the wire transfers were confirmed with the customer. However, the broker never communicated with the customer. The broker was also cited for failing to speak to the client before exercising discretion to liquidate investments to fund the series of wires.
- December 2019 - $7,500 fine, 45-day suspension A series of wire transfers totaling $511,870 were processed based upon emails sent by a hacker who accessed a client's email account. The broker falsely advised an assistant that verbal confirmation had been received from the client and he instructed her to process the wire transfers. FINRA found that the broker caused the sales assistant to enter inaccurate information into the broker-dealer's records in violation of FINRA Rules 2010 and 4511.
Take-Away Tips:
How to avoid becoming a victim of wire transfer fraud
- First and foremost, follow all policies and procedures established to confirm the validity of wire transfer requests.
- Use separate communication channels to verify wire instructions i.e., verbally confirm wire instructions.
-
Use a previously verified telephone number. Do not use a
telephone number provided within the email instructions.
What to do if you become a victim of wire transfer fraud
- Contact your compliance department if you suspect wire instructions are bogus. If funds have been transferred to a fraudulent account, it is important to act quickly. Immediately contact the corresponding financial institution where the fraudulent transfer was sent. Seek to put a freeze on the account.
- Contact your local FBI office, if the wire is recent. The FBI RAT team, working with the United States Department of Treasury Financial Crimes Enforcement Network, might be able to help return or freeze the funds.
- File a complaint at www.IC3.gov.
Footnotes
1 Business Email Compromise The $26 Billion Scam. September 10, 2019, Federal Bureau of Investigation Alert No. I-091019-PSA https://www.ic3.gov/media/2019/190910.aspx
2 Id. Exposed dollar loss includes actual and attempted loss in United States dollars
4 FBI's RAT: Blocking Fraudulent Wire Transfers, April 23, 2019, Jeremy Kirk, Info Security.com, https://www.bankinfosecurity.com/blogs/fbis-rat-blocking-fraudulent-wire-transfers-p-2740
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.