Wire transfer fraud is rampant. FINRA member firms and their employees must be diligent in the detection of scams and the prevention of client losses. In addition, adherence to the member firm’s wire transfer policies and procedures is important for the avoidance of losses and potential regulatory sanctions.
Financial losses are staggering
Between June 2016 and July 2019 there were over 166,000 incidents of wire transfer fraud resulting in $26 billion of losses internationally and in the United States.[1] “Between May 2018 and July 2019, there was a 100 percent increase in identified global exposed losses.”[2] Most of the losses were the result of Business Email Compromise/Email Account Compromise (BEC/EAC). BEC “is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests.” Id. A frequent scenario involves the hacking of the recipient’s email account or “spoofing” the email address to make it appear that the email is coming from the client when instead it is from a similar but fake account controlled by the hacker. Cybercriminals know that “social norms” make individuals uncomfortable challenging a trusted client’s identity or instructions. Too often, when wire instructions are provided, they are followed without being challenged, and the money is moved out of the client’s account for transfer overseas. If quick action is taken and the fraudulent transfer is reported to the FBI via the Internet Crime Complaint Center, IC3[3], the FBI Recovery Asset Team “RAT” can take steps to freeze the transfers and try to recover the money. The longer the delay, the lower the likelihood of recovery. The RAT Team handled “1,061 incidents between its launch [in 2018] and the end of the year, covering an 11-month period. Those incidents caused losses of more than $257 million. Of that, the RAT achieved a laudable 75 percent recovery rate, or more than $192 million.” [4]
The loss of a client’s assets is disruptive and even devastating. In addition, the financial advisor and the broker-dealer are likely to suffer a financial loss and reputational damage. Making matters worse, there is real potential for regulatory action.
FINRA sanctions may be enforced
Everyone makes mistakes and plenty of people have been duped by cybercriminals. All firms have policies and procedures designed to verify the legitimacy of wire transfer requests. Firms typically prohibit taking wire transfer instructions via email without, at a minimum, an accompanying verbal verification by the client. This use of a “two-factor” or “two-channel” verification is an important safeguard to weed out fake instructions sent by an imposter. Failing to follow the firm’s policies and procedures for the verification of wire transfers opens the firm and the individual up to regulatory sanctions. In fact, FINRA has sanctioned several brokers for failing to follow firm policies and procedures and trying to cover up the failures:
| • | December 2016 - $5,000 fine, 60-day suspension for creation of false books and records |
| Multiple wire transfers totaling $108,000 were processed based on email instructions received from an imposter posing as an authorized party for the customer’s account. The imposter gained access by hacking into the email account of the authorized party for the account. On each transfer form, the broker attested that each wire transfer request was verbally confirmed with the authorized party of the customer, even though none had been confirmed. | |
| • | February 2017 - Four individuals, 10-day suspensions |
| A series of wire transfers totaling $147,000 were processed based upon emails received from an imposter who had hacked the customer’s account. The broker falsely attested that the customer’s intent to transfer the funds had been confirmed. After processing multiple transfers, the team reported the suspicious activity to the compliance department. | |
| • | September 2017 – 60-day suspension |
| A series of wire transfers totaling $134,000 were processed based upon email instructions from an imposter. The broker convinced firm supervisors to grant an exemption to allow funds to be wired overseas to a third party, based upon claims that the wire transfers were confirmed with the customer. However, the broker never communicated with the customer. The broker was also cited for failing to speak to the client before exercising discretion to liquidate investments to fund the series of wires. | |
| • | December 2019 - $7,500 fine, 45-day suspension |
| A series of wire transfers totaling $511,870 were processed based upon emails sent by a hacker who accessed a client’s email account. The broker falsely advised an assistant that verbal confirmation had been received from the client and he instructed her to process the wire transfers. FINRA found that the broker caused the sales assistant to enter inaccurate information into the broker-dealer’s records in violation of FINRA Rules 2010 and 4511. |
Take-Away Tips:
How to avoid becoming a victim of wire transfer fraud
| • | First and foremost, follow all policies and procedures established to confirm the validity of wire transfer requests. |
| • | Use separate communication channels to verify wire instructions i.e., verbally confirm wire instructions. |
| • | Use a previously verified telephone number. Do not use a telephone number provided within the email instructions. |
What to do if you become a victim of wire transfer fraud
| • | Contact your compliance department if you suspect wire instructions are bogus. |
| • | If funds have been transferred to a fraudulent account, it is important to act quickly. Immediately contact the corresponding financial institution where the fraudulent transfer was sent. Seek to put a freeze on the account. |
| • | Contact your local FBI office, if the wire is recent. The FBI RAT team, working with the United States Department of Treasury Financial Crimes Enforcement Network, might be able to help return or freeze the funds. |
| • | File a complaint at www.IC3.gov. |
[1] Business Email Compromise The $26 Billion Scam. September 10, 2019, Federal Bureau of Investigation Alert No. I-091019-PSA https://www.ic3.gov/media/2019/190910.aspx
[2] Id. Exposed dollar loss includes actual and attempted loss in United States dollars
[3] https://www.ic3.gov
[4] FBI’s RAT: Blocking Fraudulent Wire Transfers, April 23, 2019, Jeremy Kirk, Info Security.com, https://www.bankinfosecurity.com/blogs/fbis-rat-blocking-fraudulent-wire-transfers-p-2740
Tags: Data Privacy and Cybersecurity
PartnerEd brings a first-hand knowledge of business-based experience to craft legal strategies that advance his client’s business.
Ed Barkel is the lead partner in the firm’s Securities Litigation and Broker-Dealers Litigation Practice Group. He defends broker-dealers and individual ...
About This Blog
Lewis Roca is immersed in your industry and invested in your success. We share insights and trends that can affect your business.
Search
Topics
Archives
- September 2024
- August 2024
- May 2024
- March 2024
- February 2024
- September 2023
- April 2023
- March 2023
- February 2023
- December 2022
- November 2022
- October 2022
- September 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- February 2021
- January 2021
- December 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- November 2018
- April 2018
- February 2018
- January 2018
- December 2017
- November 2017
- September 2017
- August 2017
- June 2017
- May 2017
- April 2017
- March 2017
- November 2016
- October 2016
- September 2016
- August 2016
- April 2016
- January 2016
Authors
- Alfredo T. Alonso
- Amy E. Altshuler
- Edwin A. Barkel
- Trevor G. Bartel
- Nick Bauman
- G. Warren Bleeker
- Brooks Brennan
- Ogonna M. Brown
- Chad S. Caby
- John Carson
- Rob Charles
- Joshua T. Chu
- Howard E. Cole
- Katherine Costella
- Thomas J. Daly
- Pat Derdenger
- Thomas J. Dougherty
- Susan M. Freeman
- Yalda Godusi Arellano
- John C. Gray, CIPP/US
- Art Hasan
- Frances J. Haynes
- Dietrich C. Hoefner
- Jennifer K. Hostetler
- David A. Jackson
- Andrew Jacobsohn
- Kyle W. Kellar
- Kris J. Kostolansky
- Gregory S. Lampert
- Shaun P. Lee
- Glenn J. Light
- Laura A. Lo Bianco
- Karen Jurichko Lowell
- James M. Lyons
- H. William Mahaffey
- Constantine Marantidis
- A.J. Martinez
- Patrick Emerson McCormick, CIPP/US
- Michael J. McCue
- Lindsay L. McKae
- Linda M. Mitchell
- Gary J. Nelson
- Rachel A. Nicholas
- Laura Pasqualone
- Michael D. Plachy
- David A. Plumley
- Kurt S. Prange
- Katie M. (Derrig) Rios
- Robert F. Roos
- Karl F. Rutledge
- Daniel A. Salgado
- Mary Ellen Simonson
- Susan Strebel Sperber
- Jan A. Steinhour
- Ryan M. Swank
- Dustin R. Szakalski
- Chris A. Underwood
- Jennifer A. Van Kirk
- Hilary D. Wells
- Drew Wilson, CIPP/US
- Karen L. Witt
- Meng Zhong
Recent Posts
- The Importance of Retaining a Grandfathered Gaming Location in Nevada
- Welcome our 2024 Michael D. Nosler Scholarship Intern
- Going Viral: Navigating Promotional Sweepstakes Legality in the Social Media Era
- Arizona Voters Modify Creditors' Remedies with Passage of Proposition 209
- Nevada Gaming Control Board Issues Gaming Technology Approval Guidelines
- Amendments to Nevada Gaming Regulation 5
- Nevada Gaming Control Board Workshop on Public Regulation
- New Wave of Arizona Privacy Litigation Regarding Tracking Pixels
- Legal Issues, Problems, and Unanswered Questions Regarding a State’s Ability and Potential Departure from the Depository Institution Deregulation and Monetary Control Act of 1980 (“DIDMCA”)
- New Trademark Scam