ComplianceAlert


ComplianceAlert
	account takeover via e-mail fraud on the rise. customers, not firms, targeted. A recent surge in e-mail fraud has resulted in a new kind of financial theft - one that targets the customer instead of the financial firm. Typically in this type of scheme, a hacker breaks into e-mail accounts held at a specific email host. Targets are selected based on types of e-mails and an individual that sends e-mails to financial institutions is a prime target, especially if those e-mails contain instructions regarding their accounts. The thief then copies the words, phrases and terminology, including instructions from the authentic e-mail, to create a false e-mail instructing the financial institution to wire funds to a third party account, typically overseas. Any firm that accepts client wire/transfer instructions via email is susceptible to this type of fraud. Under the Bank Secrecy Act and USA PATRIOT Act, broker-dealers and mutual fund firms are required to verify the identity of both the transmitter and receiver of any transfer over $3,000. Most AML programs address this requirement under the Joint and Travel Rule. However, it may be difficult to verify the receiver when the receiver is a third party. Firms should review their AML programs for requirements regarding transfers and particularly third party transfers, where firms should ensure that the receiving party is known to its customer. For example, if you have a customer whose son or daughter is attending college abroad and often needs cash, a standing Letter of Authorization (LOA) specific to the son or daughter, with the customer approved account name, number, and bank information may be used to verify requests received for that customer. In the age of cyber-crime, conducting thorough customer identification and verification has become even more crucial for firms to protect both their customers and their own reputation. View FINRA Regulatory Notice on Customer Account Protection View FinCEN Advisory on BSA Recordkeeping Rules FrontLine Compliance, LLC is a regulatory compliance consulting firm of former high-level regulatory insiders offering customized services to investment advisers, broker-dealers, hedge funds, private equity firms, investment companies, and insurance company affiliates. Staffed by former SEC and FINRA regulators, and chief compliance officers, FrontLine Compliance provides the kind of industry knowledge, experience and expertise on regulatory issues only available from well-seasoned insiders. For more information about the firm, please visit www.frontlinecompliance.com. FrontLine Compliance, LLC phone: 888-518-8070 email: info@frontlinecompliance.com www.frontlinecompliance.com Forward to a Friend ShareThis