FINRA Again Reminds Firms to Beware of Fraud during COVID-19 Pandemic
As we previously discussed, FINRA issued guidance to member firms and their associated persons in April 2020 to remain “vigilant in their surveillance against cyber threats and take steps to reduce the risk of cyber events.” On May 5, 2020, FINRA issued Regulatory Notice 20-13 (“Reg. Notice 20-13”), reminding firms and their associated persons that the COVID-19 pandemic affects nearly every aspect of the economy, the financial markets and our personal lives. As a result, the pandemic creates numerous opportunities for fraud or scams to which firms and their registered representatives may unknowingly become exposed, and they need “to be aware of and take appropriate measures to address the increased risks and challenges created by the COVID-19 pandemic”. Reg. Notice 20-13 focuses on four common scams targeting firms and their associated persons:
- Fraudulent Account Openings and Money Transfers
Scams or fraudsters may focus on firms offering online account opening and may specifically focus on firms that recently began to offer online account opening services. Fraudsters will attempt to take advantage of the pandemic and use stolen or fraudulent identities to establish accounts to divert congressional stimulus funds, PPP loans or even unemployment payments. Fraudsters may often use synthetic identification - legitimate Social Security numbers (SSNs) with false names, addresses and dates of birth – to open an account. By using a synthetic identity, the fraud may go undetected for a longer period of time. The scam may involve opening the account with a stolen or synthetic identity, funding the account from a stolen or fraudulent bank account, and then withdrawing the funds from the newly established account as soon as it is funded. The withdrawal of funds may take several forms, including: making ATM withdrawals or purchases on debit cards for the brokerage account; linking the brokerage account to a third-party bank account or an account at another financial institution that provides pre-paid debit card products and services; or simply transferring the funds out of the account.
In addition to strict compliance with FINRA Rules 2090 (Know Your Customer) and 4512 (Customer Account Information), as well as with the Bank Secrecy Act and the regulations addressed in FINRA Rule 3310 (Anti-Money Laundering Compliance Program), FINRA also suggests the following to address risks relating to fraudulent account openings and money transfers:
- Customer Identification Program - firms should verify account openings using both documentary and non-documentary methods. Documentary methods include unexpired government-issued identification with a photograph (passport or driver’s license) and non-documentary methods include independently verifying the customer’s identity with information from a consumer reporting agency, public database or other source; checking references with financial institutions; or obtaining a financial statement from the customer.
- Monitoring for Fraud During Account Opening – firms should limit automated approval of multiple accounts by a single customer; review account application fields (i.e., bank routing numbers, telephone number, address and email) for repetition or commonalities among multiple applications; and use of technology to detect automated and rapid completion of online account applications.
- Bank Account Verification and Restrictions on Fund Transfers – firms should review the IP address of transfer requests made online or through a mobile device to determine if the location of the request is consistent with locations from which the firm has previously received legitimate communications; verify that the identity on the source account for fund transfers matches the customer’s identity at the broker-dealer; and confirm that the identity of the destination bank account for cash transfers matches the identity at the broker-dealer.
- Ongoing Monitoring of Accounts – firms should continue to evaluate existing accounts for fraud risks where the accounts were inactive, unfunded or to be restricted or closed; and accounts that had losses related to credit extensions and were to be placed in collections or write off categories.
- Collaborating with Clearing Firms – firms should clearly define and understand how instructions related to ACH requests should be conveyed; and have open communications with the responsible personnel at the introducing firm who were authorized to transmit instructions to the clearing firm.
- Suspicious Activity Report (SAR) Filing Requirements – firms should confirm that any ACH fraud was covered by their SAR procedures and report them to the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN).
- Firm Imposter Scams
The use of remote offices and telework arrangements increases opportunities for individuals to impersonate firms and associated persons in communicating with customers. This could be through the creation of a website or some other fraudulent online presence, in an attempt to obtain a customers’ personal or account information. FINRA suggests a variety of methods to address risks related to imposter scams, including:
- providing staff with training or fraud alerts describing firm imposter scams and the steps associated persons can take to protect the firm and its customers; and
- alerting customer-facing staff that fraudsters may use the increase in remote work to engage in social engineering schemes against associated persons and advise them to vet incoming calls purporting to be from known customer numbers—for example by arranging a video call or asking customers questions to which only the customers and their registered representative would know the answer.
- IT Help Desk Scams
Remote offices and telework arrangements increase the opportunity for fraud involving firms’ IT Help Desks. These may include fake, unsolicited calls to or from the IT Help Desk requesting passwords and/or log-in information for purposes of a “reset”, or to discuss home preparedness (how to log-in, etc.). The scam then uses this ill-gotten information to access the firm’s network in a variety of ways, including the theft of funds from client accounts.
Associated persons should take extra precautions when receiving unsolicited calls or emails that appear to come from their firm’s IT Help Desk, especially if the caller or email asks the associated person to click a link, enter a web address or download software to their computer. In this scenario, associated persons should call the IT Help Desk on its official number to confirm the veracity of the original communication. In addition, employees should immediately report any suspicious activity to the firm.
- Business Email Compromise Schemes
Remote offices and telework arrangements also allow individuals to pose, via email or text message, as firm leadership. In doing so, they may request, for example, fund transfers for payment of accounts payable invoices. Another example is “the gift card procurement scam”, where someone posing as a manager or executive emails a subordinate with a request to provide them funds so that they may secretly purchase gift cards as a surprise award for staff.
FINRA suggests that firms alert their staff to monitor for potential red flags, such as:
- monitoring for potential red flags of scams, such as requests arriving at an unusual time of day, using atypical language or greetings, requesting a transfer to a new account, requiring privacy or secrecy for the transactions or displaying unusual urgency; and
- confirming the request via telephone prior to acting on any requests, especially those sent via email channels.
FINRA has also observed that some firms address such risks by including an “external” banner to highlight emails received from outside the firm. Finally, FINRA reminds firms that while there may not be a regulatory requirement to report every incident described in Reg. Notice 20-13, FINRA urges firms to protect customers and other firms by immediately reporting scams and any other potential fraud. The full text of Reg. Notice 20-13 can be found here .