Wire Transfer Fraud: Financial Losses and Regulatory Sanctions
January 07, 2020

Wire transfer fraud is rampant. FINRA member firms and their employees must be diligent in the detection of scams and the prevention of client losses. In addition, adherence to the member firm’s wire transfer policies and procedures is important for the avoidance of losses and potential regulatory sanctions.

Financial losses are staggering
Between June 2016 and July 2019 there were over 166,000 incidents of wire transfer fraud resulting in $26 billion of losses internationally and in the United States.[1] “Between May 2018 and July 2019, there was a 100 percent increase in identified global exposed losses.”[2] Most of the losses were the result of Business Email Compromise/Email Account Compromise (BEC/EAC). BEC “is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests.” Id. A frequent scenario involves the hacking of the recipient’s email account or “spoofing” the email address to make it appear that the email is coming from the client when instead it is from a similar but fake account controlled by the hacker. Cybercriminals know that “social norms” make individuals uncomfortable challenging a trusted client’s identity or instructions. Too often, when wire instructions are provided, they are followed without being challenged, and the money is moved out of the client’s account for transfer overseas. If quick action is taken and the fraudulent transfer is reported to the FBI via the Internet Crime Complaint Center, IC3[3], the FBI Recovery Asset Team “RAT” can take steps to freeze the transfers and try to recover the money. The longer the delay, the lower the likelihood of recovery. The RAT Team handled “1,061 incidents between its launch [in 2018] and the end of the year, covering an 11-month period. Those incidents caused losses of more than $257 million. Of that, the RAT achieved a laudable 75 percent recovery rate, or more than $192 million.” [4]

The loss of a client’s assets is disruptive and even devastating. In addition, the financial advisor and the broker-dealer are likely to suffer a financial loss and reputational damage. Making matters worse, there is real potential for regulatory action.

FINRA sanctions may be enforced
Everyone makes mistakes and plenty of people have been duped by cybercriminals. All firms have policies and procedures designed to verify the legitimacy of wire transfer requests. Firms typically prohibit taking wire transfer instructions via email without, at a minimum, an accompanying verbal verification by the client. This use of a “two-factor” or “two-channel” verification is an important safeguard to weed out fake instructions sent by an imposter. Failing to follow the firm’s policies and procedures for the verification of wire transfers opens the firm and the individual up to regulatory sanctions. In fact, FINRA has sanctioned several brokers for failing to follow firm policies and procedures and trying to cover up the failures:
 

    •     December 2016 - $5,000 fine, 60-day suspension for creation of false books and records 
    Multiple wire transfers totaling $108,000 were processed based on email instructions received from an imposter posing as an authorized party for the customer’s account. The imposter gained access by hacking into the email account of the authorized party for the account. On each transfer form, the broker attested that each wire transfer request was verbally confirmed with the authorized party of the customer, even though none had been confirmed.
 
    •     February 2017 - Four individuals, 10-day suspensions
A series of wire transfers totaling $147,000 were processed based upon emails received from an imposter who had hacked the customer’s account. The broker falsely attested that the customer’s intent to transfer the funds had been confirmed. After processing multiple transfers, the team reported the suspicious activity to the compliance department.
 
    •     September 2017 – 60-day suspension
A series of wire transfers totaling $134,000 were processed based upon email instructions from an imposter. The broker convinced firm supervisors to grant an exemption to allow funds to be wired overseas to a third party, based upon claims that the wire transfers were confirmed with the customer. However, the broker never communicated with the customer. The broker was also cited for failing to speak to the client before exercising discretion to liquidate investments to fund the series of wires.
 
    •     December 2019 - $7,500 fine, 45-day suspension
A series of wire transfers totaling $511,870 were processed based upon emails sent by a hacker who accessed a client’s email account. The broker falsely advised an assistant that verbal confirmation had been received from the client and he instructed her to process the wire transfers. FINRA found that the broker caused the sales assistant to enter inaccurate information into the broker-dealer’s records in violation of FINRA Rules 2010 and 4511.


Take-Away Tips:

How to avoid becoming a victim of wire transfer fraud

    •    
 
First and foremost, follow all policies and procedures established to confirm the validity of wire transfer requests.
 
    •    
 
Use separate communication channels to verify wire instructions i.e., verbally confirm wire instructions.
 
    •    
 
Use a previously verified telephone number. Do not use a telephone number provided within the email instructions.
 

 
What to do if you become a victim of wire transfer fraud

    •    
 
Contact your compliance department if you suspect wire instructions are bogus.
 
    •    

 
If funds have been transferred to a fraudulent account, it is important to act quickly. Immediately contact the corresponding financial institution where the fraudulent transfer was sent. Seek to put a freeze on the account.
 
    •    

 
Contact your local FBI office, if the wire is recent. The FBI RAT team, working with the United States Department of Treasury Financial Crimes Enforcement Network, might be able to help return or freeze the funds.
 
    •    
 
File a complaint at www.IC3.gov.
 

[1] Business Email Compromise The $26 Billion Scam. September 10, 2019, Federal Bureau of Investigation Alert No. I-091019-PSA https://www.ic3.gov/media/2019/190910.aspx

[2] Id. Exposed dollar loss includes actual and attempted loss in United States dollars

[3] https://www.ic3.gov

[4] FBI’s RAT: Blocking Fraudulent Wire Transfers, April 23, 2019, Jeremy Kirk, Info Security.com, https://www.bankinfosecurity.com/blogs/fbis-rat-blocking-fraudulent-wire-transfers-p-2740

Authors

Related Services