Fraud continues to be a major challenge that broker-dealers face during the COVID-19 pandemic, with the “biggest potential problem” being phishing attacks, according to Bill Wollman, an executive vice president at the Financial Industry Regulatory Authority and head of its office of Financial and Operational Risk Policy.
Issues that “have to be thought about” are the fact that many BDs are working remotely now and may not have strong passwords and may not have downloaded the latest security upgrades for their computers, he said during a recent “Virtual Fireside Chat” that was part of the Securities Industry and Financial Markets Association’s webinar series. All BDs and advisory firms should be monitoring these security issues, he told viewers.
In a recent phishing scam, somebody was using his name and FINRA in an email that included an attachment, he recalled, warning that BDs should be wary of emails containing domain names that are slightly off and misspellings. The staffs of BD firms need to be aware that there are people trying to do them harm during the pandemic, he said, noting FINRA had set up a fraud task force.
Wollman advised that BDs reach out to FINRA, the Securities and Exchange Commission or the Federal Bureau of Investigation if they have concerns about potential fraud and scams.
In Regulatory Notice 20-12, issued earlier this month, FINRA warned of “a widespread, ongoing phishing campaign that involves fraudulent emails” that claim to be from FINRA officers, including Wollman and Josh Drobnyk. The emails have a source domain name “@broker-finra.org” and request immediate attention to an attachment relating to a broker-dealer firm. The domain of broker-finra.org is not connected to FINRA and firms should delete all emails originating from this domain name, FINRA stated.
In an Investor Insights post on its website Monday, FINRA pointed out that it issued Regulatory Notice 20-13, reminding firms to “beware of fraud” during the pandemic. The Insights post highlighted “four common scams to look out for: (1) fraudulent account openings and money transfers; (2) firm imposter scams; (3) IT Help Desk scams; and (4) business email compromise schemes” — and firms can take action to mitigate related risks.
Other challenges created by the pandemic have included how to deal with FINRA testing, Wollman pointed during the webinar. FINRA exams were put on pause for two weeks, then resumed, “but they are all virtual exams” now, he noted.
FINRA went on to disclose Sunday that it decided to further delay scheduling for online test-taking for exams that were slated to begin on May 24. FINRA and the North American Securities Administrators Association had said BDs and their registered reps could start scheduling their online test-taking appointment for exams Monday. The online testing is to be administered remotely by Prometric. The online testing delivery service, which will allow candidates to use their camera-equipped computer to take qualification exams, has been in a pilot phase with certain BDs since late April. FINRA said Sunday that it needs more time to pilot the service.
FINRA’s staff has been working remotely since March. Asked what FINRA plans to do internally when more of the U.S. economy starts opening up, Wollman said: “I don’t believe we’re going to rush back” to firm’s offices to conduct reviews on site, despite what other companies do. But there may be an occasional situation where it will be better to do a review in person, he said.
FINRA intends to honor restrictions imposed by firms and building operators, he said, conceding: “I don’t know what the new world order will look like.” For the time being, FINRA will probably be using Zoom video conferencing, he noted.
Asked if FINRA would be in favor of the permanent ability to conduct remote inspections of branch offices if certain criteria are met, he said: “We are open to that dialogue…. I put this in the category of one of the things that we need to talk about longer term.”