We have seen this happen too many times in the last 5 years and hate to see good intensions hurt the firm and the client. This is a valuable lesson in safeguarding your client’s assets, even if it may inconvenience them. The Securities and Exchange Commission has fined a large Massachusetts advisor, GW & Wade, $250,000 for improper custody controls after a hacker used a client’s e-mail to have more than a quarter million transferred to a foreign bank.
GW & Wade had many clients sign blank letters of authorization so that when it needed to transfer funds it could do so without obtaining the client’s signature. In some other cases, GW & Wade cut out signatures from previously executed letters of authorization and pasted them on new ones, the SEC said.
The practice enabled an individual to commit fraud against one of their clients. The individual hacked into a client’s email account in June 2012 and sent e-mails to GW & Wade instructing them to wire funds to a foreign bank. The individual said he needed the funds that day, but was unable to call in for verification due to being in a meeting, at a funeral, etc.
Since GW & Wade had pre-signed letters of authorization and did not have procedures to confirm the identity of the transfer requests, the funds were wired without the client’s knowledge or authorization.
The fraud wasn’t discovered until three separate wires totaling $290,000 had been sent to a foreign bank. Even though GW & Wade compensated the client for all the losses, they were still negligent and the SEC fined them and required them to hire an outside consultant to review all their compliance policies.
We understand the desire to help the client out and not inconvenience them, however, in today’s world, you have to verify that you are actually doing what the client asked not what the hacker wants.
To read the full story, please click here.
If you have any questions about this article or want to make certain your compliance policies and procedures will stand up to an audit, please call Red Oak Compliance today. We are here to help.
About Red Oak Compliance Solutions
Red Oak Compliance Solutions is a leading provider of intelligent compliance software, offering a range of AI-powered solutions designed to help firms of all sizes successfully navigate the increasingly complex regulatory landscape. Our suite of 17(a)-4/WORM compliant features offer risk minimization, cost reduction, and process optimization capabilities with features that are designed to evolve with our client’s needs. Our flagship advertising review software enables firms to deliver compliant content to the market with confidence, faster. Our Disclosure Management and Intelligence solution simplifies the management of disclosures, while our Registration Management solution automates and streamlines the licensing and registration process, further enhancing your internal processes.