Someday soon an advisor will have to declare bankruptcy because he cannot cover the losses incurred in a fraudulent third-party wire transfer or money laundering scheme. I don't know who and I don't know where, but I'm absolutely certain that all advisors must manage risk to prevent fraud from killing their business.
Advisors often mistakenly believe that their broker-dealer or custodian is responsible for preventing fraud. While such firms play a role, providing surveillance and tripwires that stymie illegal transactions, the ultimate responsibility lies with advisors, particularly those serving in a fiduciary capacity.
Independent advisors who have been given discretion over client assets, and who have power of attorney to move money on behalf of their clients, are especially susceptible to predators. Advisors associated with a broker-dealer have some capital protection, though perhaps not enough if their BD is a small, lightly capitalized business. RIA firms have no capital requirements so any losses would be debited to their management fee account or paid out of the advisor's own pocket. Could your firm endure such a hit?
You may be wondering why an advisor would be on the hook for a crime committed against their client by someone else. The answer is simple: Advisors must verify whether the request to wire funds is legitimate, they must send the instructions to the broker-dealer or custodian to execute the wires and they must KYC—know your customer.
Ironically, advisors often get aggravated when a broker-dealer or custodian delays a wire request. "The client said he needs the money, so just send it to him!" In some cases, the aggressive advisor claims to have confirmed the request with his client—but upon investigation, the custodian finds out that he did not. The advisor then says that he did not want to bother his client or he was too busy. The only thing less defensible than carelessness is dishonesty.
Usually advisors wish to avoid looking unresponsive or unsympathetic when a wire transfer takes more than a few hours, so they put pressure on the keeper of the assets to act quickly. Adding to the dynamic, advisors can get touchy when the custodian elects to contact the end client directly to re-verify a request. This resistance to checks creates a risky scenario.
The Setting
Every day, sophisticated criminals from Detroit to Dubrovnik are capturing personal information on your clients including email addresses, financial data, copies of previous correspondence and copies of signatures and account numbers. These thieves want your clients' money—and they know how to get it.
Fraud often begins with an innocuous "client" request asking about the available cash in an account. In some clever cases, the balance inquiry is added to a previous string of emails, making it seem like ongoing correspondence between the client and advisor. In a typical "e-heist," the fraudster sends an email to the advisor requesting money be transferred to a third party. It often says that the client is out of contact, typically something like "I'm at a funeral," "I'm traveling where there's no cell or Internet service" or "I'll be in meetings all day and need to get this done in order to complete an important transaction."
Eager to demonstrate good service even when reacting from the golf course or the beach, the advisor or his staff responds by sending the letter of authorization (LOA). The advisor or staff member does not realize that while the email address used by the perpetrator appears legitimate, a criminal has hacked into the account. Absent any protocols by the advisor, stealing the assets can be as easy as lifting a wallet from an open handbag.