Welcome to the latest edition of our Financial Crime Awareness Bulletin. This bulletin considers recent developments and trends in the area of Financial Crime and is intended to bring them to your attention. We aim to raise awareness of key topics affecting the industry, highlight important issues, changes to legislation and re-emphasize the need to remain vigilant to the potential of being exposed to or indeed subject to financial crime..
As a measure of scale, cyber-crime is now bigger than the illegal drugs industry according to the FBI. There is really no escaping the risk and potential for both harm to your business and your clients’ data. As such, it is crucial to guard against the general threat and apply appropriate controls within your firm’s technology arrangements.
What was once a basic threat of system hacking or attempted fraud has escalated into a sophisticated and technologically advanced industry, including nationally sponsored corruption and data theft, targeted business disruption, ‘hacktivism’, individual idealism or poor service revenge acts and corporate blackmail. This is on top of the existing threats of data theft, malicious software and basic hacking.
The stakes are high and the potential financial gains are encouraging increased levels of cyber-crime activity from ever more structured and capable teams. Whilst diligence and prevention controls need to be heightened in response, care must be taken not to undermine those controls by making key information available through social media. Much of the firm specific information is sourced through LinkedIn, allowing social engineering to be used to establish a firm’s staffing structure and internal roles, perhaps even detailed information about an individual that will help personalize bogus spear phishing approaches. Care must be taken not to arm the criminals with key inside information that will assist with their objectives. Ultimately, they seek weaknesses in controls or people to access systems so firms need to plan how to protect their own and their client’s interests.
To help with the planning process (which must be objective and thorough), the following link to the National Cyber Security Centre’s 10 Steps to Cyber Security is seen as a good ‘at-a-glance’ place to start or for referencing an existing plan’s sufficiency. Take the time to check as the potential consequences can be severe.
An FCA View – A More Effective Approach Needed
We should not forget that financial crime is a regulatory issue and part of the FCA’s core objectives. Therefore there is a keen interest and certain expectations that ALL firms are actively combatting the risk of financial crime.
In a recent speech, the message was clear in respect of expecting effectiveness rather than just having processes in place. This is balanced with proportionality based on each firm’s activity and exposure but the effectiveness of controls is an overriding consideration, especially if a breach or other failure occurs.
The FCA continue to stress the importance of outcomes rather than process and encourage change where outcomes suggest a lack of overall effectiveness or exposure in focused areas.
Whilst innovation was also encouraged, the main point seems to be keeping financial crime at the top end of the agenda and reminding regulated firms of their obligations to implement controls to reduce risk of financial crime. The latter point should not be overlooked.
The FCA will continue to apply a risk-based supervision model, which essentially means that they will primarily concentrate on the banks and other large institutions. However, risk based also means they will focus on those firms with failings and confirmed breaches. This will result in a double problem of having both the FCA and the ICO assessing security arrangements on a post-breach basis, potentially with both looking to use any situation as an example to others.
With fines rising sharply and regulatory focus clearly emphasising responsibilities, there is an incentive to not come up short with the safeguards in place.
Fraudsters are constantly re-inventing themselves and their angles to take advantage of almost every situation / service / transaction. There is no shortage of frauds that are current and seek to capitalise on vulnerability, uncertainty and complacency.
There are topical frauds that are opportunistic in nature, such as letting fake accommodation to students to collect deposits or issuing false TV licence refund notices in order to obtain banking details.
Alternatively there are quite sinister phishing campaigns that seek to trade off of public trust, including frauds that have started through criminals posing as London police to offer money from the compensation fund. The fact that such communications purport to be from the National Fraud Intelligence Bureau or the Fraud Intelligence Unit is an unpleasant irony that is further designed to gain trust. Another example is where criminals have sent out fake British Gas bills that are linked to malware. The customer is simply locked out of their computer and directed to an online payment page to pay a ransom.
However, it is the social media frauds that are on the rise and are becoming a staple of the cyber-criminal. Aside from the abundance of personal information that can be viewed legitimately, social media sites offer the opportunity to interact with unknown persons and build up an element of trust that can be used to perpetrate a crime directly or help establish a weakness in controls.
Recent frauds involving social media have included criminals setting up fake profiles of investment traders. The profiles themselves are professionally constructed, complete with trade history, photos of material possessions and testimonials. They aim to target the younger investor with low initial contributions, which are obviously not invested anywhere and victims are blocked on the social media site. No money has ever been recovered from such schemes and often victims are tricked twice when asked for a ‘release fee’ to receive the profits made.
Facebook is also a common site for frauds, with profiles being hacked and friends of the victim being contacted to receive payments through PayPal for various reasons. They then communicate via WhatsApp and convince the friend to act as a middle party and transfer money on to a specified bank account. A chargeback is then added to leave the PayPal user out of pocket when the money is transferred on.
In addition, police have uncovered malware that mimics WhatsApp and Facebook, overlaying the legitimate software with a fake interface which is designed to encourage victims to reveal financial details. The first phase of the scam tricked 130,000 victims, so the scale of the fraud is significant and only encourages more criminal activity.
Perhaps one of the closest linked fraud to our industry is the infamous boiler room, which continue to operate from London’s most respected districts. Raids have taken place at over 100 offices in Canary Wharf and the City but disruption teams can only slow the activity for a period of time rather than stop it. In fact figures suggest a growing problem, with a 10% rise in fraud reports to 3186 cases for the 2015/16 financial year.
Whether the medium is social media, e-mail or cold calling, it is clear that all types of fraud can be successful. Raising awareness and educating clients remain the most effective ways of combatting criminal activity. Helping consumers recognise the risks and promoting anti-fraud websites can help prevent your clients from becoming the next victim in what has become a ruthless and systematic criminal industry.
In a bid to raise awareness, the FCA run a website called ScamSmart. This is a centralised hub for notifying scam activity and other warnings.
With scammers earning a collective £1.2 billion each year, the cost to the industry and to consumer confidence is high. As such, there is an obvious need to promote the existence of known scams and to generally help guard against new ones.
The key is both public and adviser education so that awareness is increased, diligence is heightened and the risk is publicised. Securely protecting financial details, challenging ‘salespersons’ claims, questioning documentation, disengaging with cold calls (telephone or doorstep) and performing background checks on firms / individuals are fundamental ways to help protect against scams. Getting the message out to clients to make sure they have a basic guard up is a simple but effective way of stopping the majority of scams or frauds.
Whilst many people know not to trust individuals that they do not know, vulnerable customers can often be exposed to scams through highly convincing introductions that can imitate legitimate organisations, pressurise and ultimately confuse.
Vulnerable clients can be targeted multiple times and feel like they have no way to validate scenarios. Making your clients feel like they can use you to cross-check or just talk to with regards to financial matters or other ventures can help to protect against them being taken advantage of.
Scams are big business and we should act collectively to fight back and help protect consumers.
If you would like to know more about further financial planning services we offer please e mail or call us to discuss.
London 020 7871 5387 Brighton 01273 457100 Horsham 01403 333666