Masthead has seen an increase in cybercrime and/or fraudulent activities which affect financial advisors. We take a look at the two types of situations which can impact both a financial advisor and his/her clients.
Cyber security and liability
Cyber liability occurs if someone hacks into an advisor’s data or the advisor’s staff gives out personal or confidential information which is then used to commit fraud, resulting in the client suffering a financial loss. To mitigate this risk, all systems and services of a financial advisor should have measures, such as “firewalls”, to protect it against hacking.
From an internal perspective – an FSP should also have processes to guard against staff providing client information to any party without the express consent from that client. Staff must be trained on the importance of protecting personal and confidential information and the steps that must be followed in order to establish whether or not information can be released to an enquiring party. Staff must therefore be careful when they are requested to provide information about a client, or even confirming that a specific person is a client of that advisor.
If the data of an FSP is hacked and subsequently a withdrawal request is received, the control to prevent any fraudulent activity is for the advisor to first call the client directly in order to confirm and verify the withdrawal request.
If hacked data is used to commit fraud outside of the practice and the client suffers a financial loss, then ‘cyber liability cover’ becomes applicable. However, this may also be subject to an FSP ensuring that appropriate controls are in place to make sure that the FSP knows who it is dealing with before executing a transaction request. It is therefore advisable to ensure that your professional indemnity cover includes cyber liability protection.
There has been an increase in the number of incidents where the emails of clients are ‘taken-over’ or intercepted and the fraudster misrepresents himself as the client. The advisor is then requested by the ‘client’ to withdraw funds and deposit these into a ‘new bank account’ without the fraudster actually hacking into the data of the FSP. An FSP, in striving to execute promptly on a client’s instructions, then acts on the fraudulent withdrawal request. This can result in a financial loss to the client, if processed undetected, and potentially cause financial and reputational damage to the FSP. It is, therefore, extremely important that an advisor first verify whether he is dealing with the person or client that he thinks he is, before continuing with the instruction as this verification would have prevented the fraudulent transaction from occurring. Fraud committed in this manner differs from cyber liability, as the data of the advisor is not compromised.
There is an increase in this type of fraud where advisors are deceived into thinking that they are dealing with the client. It is therefore of utmost importance that the FSP implement a strict control that clients are called and their request verified personally before acting on any instruction. This control must be implemented by the FSP and all its staff, with a zero-tolerance approach, as it will ensure the early detection of a false or fraudulent instruction and prevent this from being carried out by the advisor.
We urge FSPs to take some time to review their Operations Manual and ensure that the necessary steps and controls have been put in place to address this risk. Train your staff to make sure that they understand the risks and the reasons why certain steps must be followed. By doing this an FSP will also ensure greater compliance with the requirement in the General Code of Conduct to apply the necessary resources to manage the risk that clients may suffer loss. In order to manage this risk, we also recommend that you read your Professional Indemnity Cover policy or contact your PI provider to ensure that you have the right cover in place and that you comply with the terms and conditions.
Contact your Masthead Regional Office if you need assistance with reviewing or implementing your Operations Manual or if you require more information on the Masthead PI scheme which is underwritten by Camargue and administered by Snyman & van der Vyver.