On April 10, 2013, the U.S. Securities and Exchange Commission (“SEC”) jointly with the Commodity Futures Trading Commission issued final rules and guidelines to require certain regulated entities to establish programs to address risks of identity theft. The compliance date, November 20, 2013, for the SEC’s Regulation S-ID: Identity Theft Red Flags Rule is quickly approaching and investment advisers meeting the definition under the new rules of a “financial institution” or a “creditor” that offer or maintain one or more “covered accounts” will need to make sure that they meeting the new regulatory requirements by the compliance date. (Click here to view our previous article on Regulation S-ID or click here to purchase our previously recorded webinar on this topic.) Many investment advisers may determine that Regulation S-ID does not apply to them, but this does not mean that these investment advisers do not need to have any policies and procedures relating to identity theft and protecting the clients’ assets.
Even if the investment adviser is not required to comply with Regulation S-ID, each investment adviser should review its policies and procedures to make sure that it has appropriate policies and procedures in place to prevent wire or third-party check fraud. Since the investment adviser will have the closest relationship with the client and is usually the first point of contact for a client, much of the burden to prevent these situations can fall on the investment adviser. Wire fraud attempts are becoming more frequent. Thieves will send requests that look like they are coming from the clients email address but there is a slight difference (e.g. changing a lower case “l” to the number “1” or the capital letter “I”). Usually, the change is minor and is not something that is easily detected. In some instances, if the client’s email account has been hacked, the request may even come from the client’s email address. Investment advisers may not receive third party wire requests frequently, which may leave advisers thinking they are immune to these types of scams, but these investment advisers may be more at risk because they may not handle these requests frequently and, therefore, may not have strong policies and procedures in place or know how to prevent these types of scams. Just one fraudulent wire order transactions can cost the adviser money; result in a regulatory investigation; cause the investment adviser to lose a large client; or damage an investment adviser’s reputation.
Investment advisers need to make sure that they have policies and procedures in place to:
- Educate employees about the potential for these types of fraud and how these types of scams work;
- Identify warning signs of fraud; and
- Protect clients from becoming victims of these types of fraudulent scams.
Investment advisers must develop the policies and procedures to protect client information and the clients’ assets. Developing policies and procedures is the first step but investment advisers the need to educate employees regarding those policies and procedures and ensure that they are being implemented and followed. For more information on what your investment adviser can do to protect your clients and their assets from identity theft and third-party wire or check fraud, click here to purchase and register to attend our webinar, “Identity Theft & Third-Party Wire Check Fraud,” that will be presented on October 17, 2013 at 12:00pm CDT.
If your investment adviser would like RIA Compliance Consultants to assist you with developing policies and procedures to address identity theft or third-part wire and check fraud, contact your consultant if you are an existing client or click here to schedule a time to speak with one of our consultants.
Posted by Bryan Hill
Labels: Identity Theft, SEC, Written Policies and Procedures