More On Legal & Compliancefrom The Advisor's Professional Library
- The Custody Rule and its Ramifications When an RIA takes custody of a clients funds or securities, risk to that individual increases dramatically. Rule 206(4)-2 under the Investment Advisers Act (better known as the Custody Rule), was passed to protect clients from unscrupulous investors.
- How to Avoid Sabotaging Your Compliance Exam There is much more to compliance examination survival than knowing all of the rules. It helps to understand why the rules were put in placeand to recognize that examiners are not the enemy.
Speaking in January about the top issues advisors face in SEC exams, Tom Giachetti, a securities attorney with Stark & Stark and Investment Advisor columnist, warned of the growing incidence of email fraud being perpetrated on advisors.
We interviewed Giachetti in mid-July to see how widespread the problem is and to get his advice on how advisors can protect clients and themselves from wire transfer fraud.
To begin, the problem is real, it is dangerous and it is too often overlooked, Giachetti said. He isn’t troubled so much about client unhappiness with market performance, but rather “what scares me the most is cyberfraud and cyberattacks,” he said before relating that just two weeks prior, an advisor client of his had a $500,000 wire fraud occur.
But aren’t the regulators and law enforcement officials aware of the problem and moving to stop or limit its effects? “There’s not a whole lot they can do about it,” he said. “If you talk to the FBI, they know it’s happening, but they can’t stop the criminals who are probably in another country” without much regulation. “The problem the advisor has is that they want to provide great service” in making sure a wire transfer happens quickly, but without the proper safeguards, “they might hear the next day or two” that the transfer was fraudulent.
So what are the proper safeguards? “Custodians have become aggressive” in identifying and preventing such frauds, but on the advisor’s end, Giachetti said he’s told all his clients to change their policies and procedures to include a policy that “no one should act on any written request for money, anywhere,” with perhaps one exception: when funds are transferred from the custodial account to the client’s bank account. Advisors “owe a fiduciary duty to the client in that respect.”
Giachetti’s recommended policies and procedures manual includes a section on wire fraud and encrypting communications with a client. “Advisors are not required to encrypt but should consider doing so with any client information,” which is especially true with “anything related to taxes,” he said.
Channeling Ronald Reagan in his talks with the Soviet Union in the 1980s, Giachetti said the advisor’s motto should be to “trust but verify” verbally when a client wire transfer request arrives. Don’t think that you’ll be protected by your errors and omissions coverage, he said, since “many E&O policies are limiting coverage” on wire transfer fraud. Yes, your E&O policy “will generally cover it, but some are excluding or limiting the coverage or implementing a higher deductible.”
It’s not just the advisory firm’s principals who should be worried about wire fraud. Giachetti said it is “incumbent on senior management to meet with every staff member” to explain the severity of the threat and make sure that a “trust but verify” process is followed with every wire transfer request. In fact, junior members of the firm may well be the point person for such requests, but they should “tell senior management” about the request and follow the process.
There’s another reason to have a specific written process and to confirm requests verbally: your own liability. “If there is fraud,” Giachetti explained, “we want to be able to show that we did what was reasonable under the circumstances.” While custodians and broker-dealers are likely to have procedures in place that identify and prevent wire transfer fraud, smaller advisors might not have the proper checks and balances.
Finally, since the fraudsters are “pretty astute,” don’t think that every fraudulent wire transfer request will be for amounts in the hundreds of thousands of dollars. Instead, he may only request smaller amounts of $10,000 or so, which may not raise red flags with staff members.