FINRA described four common scams used to target firms during the COVID-19 pandemic and outlined measures that may be taken to alleviate related risks. FINRA noted that the information provided in its Regulatory Notice "pre-dates the COVID-19 pandemic but may be useful to firms since FINRA has observed that these threats persist in the current environment."

In the Notice, FINRA warned firms and associated persons to be mindful of:

  • fraudulent account openings and money transfers;
  • imposter scams;
  • IT help desk scams; and
  • business email compromise schemes.

To address risks of fraudulent account openings and fraudulent money transfers, FINRA said firms should consider the following practices:

  • implementing customer identification programs to verify the identity of customers using both "documentary and non-documentary" methods, including, respectively, unexpired government-issued photo IDs and consumer reporting agency verification;
  • monitoring for fraud during account openings by establishing limits on the approval of numerous accounts created by the same customer, reviewing account application fields (e.g., address, bank routing numbers and account numbers, etc.), and utilizing technology that detects "automated scripted attacks" in the account application process (e.g., unusually rapid completion of applications for accounts);
  • verifying the identity of an account opener by checking that, among other things, the identity on a source account for fund transfers is the same as the one on a customer's broker-dealer account;
  • evaluating whether existing accounts have credit extension-related losses or were soon to be placed into collections, write-off categories or restriction;
  • collaborating with clearing firms in handling automated clearing house ("ACH") transactions by defining the process of conveying ACH request-related instructions and identifying staff responsible for transmitting instructions to a clearing firm; and
  • confirming that ACH fraud is covered under a firm's suspicious activity report procedures, in addition to reporting such fraud to FinCEN.

To address the risks of fraudsters impersonating firms and associated persons, FINRA said firms should consider: (i) providing staff with training, fraud alerts and response protocols; (ii) alerting customer-facing staff to the use of increased remote work by fraudsters engaging in "social engineering schemes"; and (iii) implementing other practices identified in FINRA's Information Notice 4/29/19.

To address the risks of fraudsters posing as IT representatives of a firm for the purpose of collecting information to infiltrate firms and potentially steal funds, FINRA said firms should consider (i) confirming information requests with their IT Help Desks directly and (ii) reporting any suspicious activity so other staff members can be made aware of potential threats.

To address the risks of fraudsters posing as firm leadership through email or text messages for the purpose of requesting fund transfers, FINRA said firms should consider (i) monitoring for potential red flags, including requests made at an atypical time of day or using unusual language or greetings, and (ii) confirming requests through other means, including by telephone.

Originally published May 06, 2020.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought