Criminal activity is constantly evolving. Fraud emanating from a compromised email account is fairly well known and most firms have implemented authentication procedures to address fraudulent third-party wire transfers. However, another threat has recently gained traction in the financial industry, fraudulent instructions to link a custodial account with a bank checking account.
Linking brokerage accounts with checking accounts is a common practice and custodians require forms to be completed by the account holder in order to link the accounts for electronic transfers. Importantly, the fraud surrounding this activity can have some or all of the following elements:
- The custodian’s form is completed to appear as though like-titled accounts are being linked, however, this is not being verified by the bank or the custodian. So, in reality they are not like-titled.
- A dummy voided check is attached to the custodian authorization form to give the illusion the checking account is like-titled.
- A hand-written sticky note is affixed thanking the adviser for “taking care of this.”
- The fraudulent form is mailed or faxed to the RIA for processing.
- An email is sent from the client’s compromised email account requesting an electronic transfer to the linked bank account.
While firms apply heightened scrutiny to third-party transfers, many do not subject like-titled transfers to the same level of scrutiny. When this fraud is detected, it can be very difficult to retrieve the funds.
To be prepared, firms should review their procedures for like-titled transfers to determine if additional controls should be implemented, including but not limited to ensuring that a verification process is in place to confirm accounts are in fact like titled and legitimate. For information on how Core Compliance & Legal Services, Inc. can assist in this area, or if you have any questions, please contact us at (619) 278-0020.