Someday soon an advisor will have to declare bankruptcy because he cannot cover the losses incurred in a fraudulent third-party wire transfer or money laundering scheme. I don’t know who and I don’t know where, but I’m absolutely certain that all advisors must manage risk to prevent fraud from killing their business.
Advisors often mistakenly believe that their broker-dealer or custodian is responsible for preventing fraud. While such firms play a role, providing surveillance and tripwires that stymie illegal transactions, the ultimate responsibility lies with advisors, particularly those serving in a fiduciary capacity.
Independent advisors who have been given discretion over client assets, and who have power of attorney to move money on behalf of their clients, are especially susceptible to predators. Advisors associated with a broker-dealer have some capital protection, though perhaps not enough if their BD is a small, lightly capitalized business. RIA firms have no capital requirements so any losses would be debited to their management fee account or paid out of the advisor’s own pocket. Could your firm endure such a hit?
You may be wondering why an advisor would be on the hook for a crime committed against their client by someone else. The answer is simple: Advisors must verify whether the request to wire funds is legitimate, they must send the instructions to the broker-dealer or custodian to execute the wires and they must KYC—know your customer.
Ironically, advisors often get aggravated when a broker-dealer or custodian delays a wire request. “The client said he needs the money, so just send it to him!” In some cases, the aggressive advisor claims to have confirmed the request with his client—but upon investigation, the custodian finds out that he did not. The advisor then says that he did not want to bother his client or he was too busy. The only thing less defensible than carelessness is dishonesty.
Usually advisors wish to avoid looking unresponsive or unsympathetic when a wire transfer takes more than a few hours, so they put pressure on the keeper of the assets to act quickly. Adding to the dynamic, advisors can get touchy when the custodian elects to contact the end client directly to re-verify a request. This resistance to checks creates a risky scenario.
Every day, sophisticated criminals from Detroit to Dubrovnik are capturing personal information on your clients including email addresses, financial data, copies of previous correspondence and copies of signatures and account numbers. These thieves want your clients’ money—and they know how to get it.
Fraud often begins with an innocuous “client” request asking about the available cash in an account. In some clever cases, the balance inquiry is added to a previous string of emails, making it seem like ongoing correspondence between the client and advisor. In a typical “e-heist,” the fraudster sends an email to the advisor requesting money be transferred to a third party. It often says that the client is out of contact, typically something like “I’m at a funeral,” “I’m traveling where there’s no cell or Internet service” or “I’ll be in meetings all day and need to get this done in order to complete an important transaction.”
Eager to demonstrate good service even when reacting from the golf course or the beach, the advisor or his staff responds by sending the letter of authorization (LOA). The advisor or staff member does not realize that while the email address used by the perpetrator appears legitimate, a criminal has hacked into the account. Absent any protocols by the advisor, stealing the assets can be as easy as lifting a wallet from an open handbag.
Watch the trick: The fraudster returns the signed forms to the advisor, who in turn forwards them to the custodian or broker-dealer for processing. With an authorization on file, the custodian conducts some safety checks to see if there are any anomalies or inconsistencies, then wires the money to a third party as instructed. Those funds are immediately rewired to a bank in Malaysia or Hong Kong whose offices are already closed for the night so nobody can stop the fast-moving money from going out again. Those funds are removed quickly from the foreign account by a debit card and … poof! The money disappears.
These master manipulators use different forms of layering to cover their tracks. As another example, they troll dating websites to recruit unsuspecting accomplices. Their unfortunate victims, commonly referred to as “mules,” reveal their bank account information. The fraudster creates a story about why he can’t take a direct wire and asks his new “romantic interest” to accept the deposit of $50,000 to her account, for example. He then directs the unwitting accomplice to Western Union to send $45,000 to him and keep $5,000 “for when we meet.” When contacted by law enforcement, the accomplice will be oblivious to what just happened, honestly explaining that she effected the transfer at the request of her “boyfriend.”
Four things can help to stop frauds like these.
Keep an eye out for clues that you are about to be hustled. When a request for a third-party wire transfer is inconsistent with a client’s past activity, for example, you need to confirm that the client is in the loop. Examine the content of all requests for spelling and grammatical errors or formal, awkward language. Fraudulent requests often contain an explanation of how the funds will be used, such as tuition payments when the client doesn’t have school-aged children. One recent request asked for funds to purchase commercial baking equipment, which stirred the advisor’s curiosity to inquire directly with the client.
Fraudsters often send instructions to change the client phone number. This way, when the advisor or his staff later call to confirm a request, they do not realize they are actually talking to the thief and not the client. Avoid responding directly to new email correspondence. Hackers often make a subtle change in a client’s email address and set up a new account that the advisor unknowingly replies to. They may remove a period between first and last names, for example, or eliminate a letter in a long surname so it looks correct in a cursory review. They say they are unavailable at their home or office and direct the advisor to call an unfamiliar number. Unfortunately, these tactics can work.
The advisor or her staff should always call the client at the phone number on file to confirm a request before sending out any forms. In the event that forms go out and are signed and returned, the advisor or staff member should compare the signature to other legitimate documents and look for any inconsistencies in the request. As the job of confirmation often falls to administrative people, train them to understand that they must make the phone call. Ignoring the protocols is not excusable. In another example, a fraudster sent an email saying he couldn’t talk because he had laryngitis. Believing that was reasonable, the advisor’s assistant did not call to confirm the request, and the client’s funds were gone in an instant.
Everyone working in financial services must be vigilant. Clients themselves can do more to protect their data and information from conniving predators. Providing education programs and lessons on encryption may be an added value offering for advisors, helping to ensure that clients not only get a return on their money, but a return of their money. That said, it’s rare that the investor is not made whole by the advisor, custodian or broker-dealer. The question is, do you have the financial wherewithal to withstand such a loss? Or will the next bell toll for thee?
Visit the Preventing Wire Fraud landing page for more ThinkAdvisor on protecting your firm.