Cybercrime is a serious matter of concern, not just for financial advisors but also for clients. By being aware of cybercriminals’ techniques and how they operate, and by taking reasonable precautions, you can remain alert and avert potential financial losses.
In terms of section 11 of the FAIS General Code of Conduct: “A provider must at all times have and effectively employ the resources, procedures and appropriate technological systems that can reasonably be expected to eliminate as far as reasonably possible, the risk that clients, product suppliers and other providers or representatives will suffer financial loss through theft, fraud, other dishonest acts, poor administration, negligence, professional misconduct or culpable omissions.”
Examples of cybercrime
In a recent case involving cybercrime, Broker G was completing an investment for a client and his email was hacked. The hackers changed the banking details on the insurer’s email and Broker G was none the wiser when he forwarded the email to the client.
The client transferred hundreds of thousands of Rands into what should have been the insurer’s account. He forwarded proof of payment to Broker G who, in turn, forwarded this to the insurer, only for them to realise the money had not been placed with the insurer. This resulted in a forensic investigation, which reconstructed what had transpired.
Broker G’s virus protection had expired. He was still able to open his emails, but did not realise that the system would not scan or perform any risk mitigation tasks. In short, when your virus protection subscription expires, your system is no longer secure or as protected as it should be. This allowed the hacker to get into the computer, open the email and replace information with his own bank details.
To avoid this scenario in your business, it’s essential to have valid virus protection on all your computers. If you are unsure about how well your systems are protected, it is best to enlist an IT professional .
Disinvestment request
In a second case, Broker D received a disinvestment request from a client via email. He then processed the disinvestment and the client was paid. A month later the client contacted Broker D with queries. It was then discovered the client had not been the person to initiate the disinvestment; the client’s email account had been hijacked. This led to a professional indemnity (PI) cover claim.
To avoid future fraudulent transactions, the FSP introduced a verification system. When a disinvestment request is received, the advisor contacts the client telephonically prior to processing, to confirm that he or she initiated and requested the transaction.
According to the South African Banking Risk Information Centre (SABRIC), South Africa has the third-highest number of cybercrime victims worldwide, with the country losing an estimated R2.2 billion a year to cyberattacks. Online banking scams resulted in the biggest loss, which amounted to R89 million.
Steps to take
Do you know if your PI covers you for cybercrime? Can your staff detect cybercrime transactions? It is advisable to review your PI cover and ensure your staff complete the Cybercrime online course on the Masthead Learning Centre.
Cybercrime can occur when you least expect it. To avoid becoming a victim of cybercrime, take the necessary steps and protect yourself, your business, staff and clients from potential cyberattacks.