Protecting your firm from financial fraud

Financial fraud is a crime of dishonesty and generally involves the taking of money or other financial assets through deception. It is becoming increasingly common and comes in various forms, including identity fraud and account takeover fraud (where a criminal abuses personal data to hijack an existing account or product).

Advisory firms can be particularly susceptible to being targeted by criminals. The nature of their business and the frequent reliance on email communications between advisers and their clients can increase the risk of fraud. It’s important that firms take sufficient steps to reduce the risk and protect client accounts, to prevent firms themselves being potentially liable for any resulting losses. Firms can help prevent this type of fraud through taking some simple preventative measures.

1. Always verify a client’s identity – check who they say they are (even if you think you recognise their voice) 
2. Don’t act solely upon an email instruction – fraudsters are known to impersonate clients using email. They might gain control of their genuine email account through hacking or create one which is very similar to the client’s real one
3. Carefully review client communications – criminals often make mistakes or are unable to fully replicate the genuine client’s behaviour. Pay close attention to the content within a client email (and review the whole email chain) for differences in language, spelling or other errors that don’t seem right
4. Validate updated bank account and other personal details - confirm any changes to bank details or personal information using established contact details. Don’t rely solely on email communications of such changes or use a new telephone number contained in an email to validate any such change
5. Don’t reveal sensitive information within pre-populated forms – sending pre-populated withdrawal forms and other documentation could place sensitive data in the wrong hands and lead to data breaches or fraud events
6. Keep anti-virus and firewall software up to date and back up your data – criminals exploit vulnerabilities where anti-virus and firewall software are out of date - don’t make it easy for them by keeping your devices updated
7. Use robust passwords for all your systems and devices – maintaining strong password/passphrases will help protect accounts and devices. For more information view our guide to password management here
8. Report suspicious activity – if you suspect fraudulent activity on any account, you should alert all associated parties immediately. The sooner you act, the more likely it is that the clients’ investments can be safeguarded
9. Be aware of the latest security threats – forewarned is forearmed so it’s important to regularly check the latest information published by a range of security and fraud protection organisations. View our useful contacts page for more information
10. Make someone responsible for fraud prevention within your business – processes and procedures need to be continually reviewed to ensure they are fit for purpose and that staff are aware of their responsibilities for protecting clients and the firm from fraud.

Find out more about boosting cybersecurity in your workplace. Feel free to share this – and all the other cyber security information on our site – with colleagues, contractors and suppliers.

You can also visit out Keeping your business safe hub where you will find all of our useful content.