FINRA Reminds Broker-Dealers of their Obligations to Safeguard Customer
Key Takeaways:
- According to FINRA, the number of reported instances involving broker-dealer fraudulent account takeovers (ATO) and related theft is on the rise.
- As set forth in recently released FINRA Regulatory Notice 21-18 (“Notice 21-18″), FINRA reminds member firms of their continued obligation to safeguard customer information and to build controls designed to mitigate against fraud.
- While not creating new legal or regulatory rules, interpretations or requirements, Notice 21-18 offers some helpful insight into some of the best practices that member firms are utilizing as of late in an effort to mitigate against the rising risks.
- At the conclusion of this alert, we offer some additional best practices for member firms to consider in their compliance programs based on our own experiences with fraudulent investigations and regulatory matters.
Mobile and Online Banking Creates New Challenges in the Control Environment
Ready or not, the financial services industry is rapidly changing through innovations in technology. Accordingly, it is challenging for all broker-dealers, regardless of size or business model, to keep up with customer expectations, while at the same time protecting investors from fraud. As the industry has evolved away from the traditional telephone communications exchanged by financial advisors and their respective clients into a transactional environment driven more by online and mobile applications, there are countless ways for fraudsters to take advantage of the rapid changes in technology.
Below are several common examples of how fraudsters attempt to misappropriate and utilize customer information:
- Dark Web – Fraudsters anonymously purchase personal identifying information about brokerage customers online, including account numbers and passwords.
- Hacking – The practice of gaining unauthorized access to an investor or firm’s computer systems.
- Phishing – The practice of sending e-mails or similar communications from what appears to be reputable companies or sources asking for personal information such as social security numbers, driver’s license numbers, credit card numbers, account numbers, passwords or similar information.
- Spoofing – Similar to phishing, the practice of disguising the origin of a communication in order to lure an individual into sending personal information.
- Romance Scams – Often directed at senior divorcees or widows, the practice of appealing to one’s affection and trust to manipulate and steal.
- Baiting – Involves the use of a false promises for the purpose of manipulating someone into releasing information or funds.
- Ransomware or Scareware – Involves a victim being faced with false alarms and fictitious threats whereby the fraudster seeks confidential information, account numbers, or even funds, often requiring a degree of urgency on the part of the victim.
- Malware – Involves installing software or a program on a victim’s computer designed to steal information.
Member Firms’ Continued Regulatory Obligations
Despite the many challenges created by the rise in fraudulent activity, FINRA reminds its membership in Notice 21-18 that there are numerous fundamental industry rules that require member firms to gather, retain and safeguard customer information. For the sake of brevity, we refrain from elaborating on the substance of each regulatory obligation and will merely mention the rules by name. A more robust description of these rules can be found within Regulatory Notice 21-18. In designing compliance programs to safeguard customer information, FINRA urges its membership to consider each of the following rules and regulations: FINRA Rule 2090 (Know Your Customer); SEC Regulation S-P, Rule 30; SEC Regulation S-ID; Customer Identification Program (CIP); FINRA Rule 4512 (Customer Account Information); FINRA Rule 3310 (Anti-Money Laundering Compliance Program); FINRA Rule 3110 (Supervision); Bank Secrecy Act; and…
Read More: FINRA Reminds Broker-Dealers of their Obligations to Safeguard Customer