Financial Planners – Fraud Risk Management
Case – In brief:
A Financial Planner was requested by email (apparently from a client) to facilitate the withdrawal of funds from that clients’ investment account. Unknown to the Financial Planner, an unknown person had accessed the clients Hotmail account and had emailed the Financial Planner requesting the withdrawals. A loss occurred when the withdrawn funds were accessed by the fraudster. It is suggested that the Financial Planner failed to conduct appropriate checks prior to submitting relevant forms to action the withdrawals so as to ensure that the withdrawal was in fact authorised by the client to prevent the fraud.
the Financial Planner failed to conduct appropriate checks prior to submitting relevant forms to action the withdrawals so as to ensure that the withdrawal was in fact authorised by the client to prevent the fraud.
We are not aware that this is a common occurrence – but in the age of unauthorised computer access and cyber crime we would be keen to get a sense of what risk management processes your clients have in place to eliminate this occurring – and to ensure the processes are not by-passed.
We seek your assistance
Accordingly, it would assist us if you could canvass your Financial Planning clients in respect of their risk management around requests for funds withdrawals.
For the future
For the future, in respect of Financial Planning risks which we are asked to write (renewals and new business):
- we will require more information on what risk management processes Financial Planners have in place in respect of such requests for funds withdrawal and when this risk management process was introduced. (Ideally we will be looking for at least dual identity authentication – including an outgoing phone call to the client from the Financial Planner (to the phone number held on the Financial Planner’s client record) to confirm firstly, that the withdrawal request originated from the client; secondly the amount to be withdrawn; and thirdly the identity details of the party to whom the payment is to be made.)
- Depending on the proposers response to this risk management question we may impose additional conditions or exclusions on any such risks we write.