We have seen this happen too many times in the last 5 years and hate to see good intensions hurt the firm and the client. This is a valuable lesson in safeguarding your client’s assets, even if it may inconvenience them. The Securities and Exchange Commission has fined a large Massachusetts advisor, GW & Wade, $250,000 for improper custody controls after a hacker used a client’s e-mail to have more than a quarter million transferred to a foreign bank.
GW & Wade had many clients sign blank letters of authorization so that when it needed to transfer funds it could do so without obtaining the client’s signature. In some other cases, GW & Wade cut out signatures from previously executed letters of authorization and pasted them on new ones, the SEC said.
The practice enabled an individual to commit fraud against one of their clients. The individual hacked into a client’s email account in June 2012 and sent e-mails to GW & Wade instructing them to wire funds to a foreign bank. The individual said he needed the funds that day, but was unable to call in for verification due to being in a meeting, at a funeral, etc.
Since GW & Wade had pre-signed letters of authorization and did not have procedures to confirm the identity of the transfer requests, the funds were wired without the client’s knowledge or authorization.
The fraud wasn’t discovered until three separate wires totaling $290,000 had been sent to a foreign bank. Even though GW & Wade compensated the client for all the losses, they were still negligent and the SEC fined them and required them to hire an outside consultant to review all their compliance policies.
We understand the desire to help the client out and not inconvenience them, however, in today’s world, you have to verify that you are actually doing what the client asked not what the hacker wants.
To read the full story, please click here.
If you have any questions about this article or want to make certain your compliance policies and procedures will stand up to an audit, please call Red Oak Compliance today. We are here to help.