Skip Header

Protecting your firm from financial fraud

Tips and advice for your company

What is financial fraud?

Financial fraud is a crime of dishonesty and generally involves the taking of money or other financial assets through deception. It is becoming increasingly common and comes in various forms, including identity fraud and account takeover fraud (where a criminal abuses personal data to hijack an existing account or product).

Why is financial fraud an important issue for Advisory Firms?

Advisory firms can be particularly susceptible to being targeted by criminals. The nature of their business and the frequent reliance on email communications between advisers and their clients can increase the risk of fraud. It’s important that firms take sufficient steps to reduce the risk and protect client accounts, to prevent firms themselves being potentially liable for any resulting losses. Firms can help prevent this type of fraud through taking some simple preventative measures.

Ten simple ways to protect clients and your business from fraud

  1. Always verify a client’s identity – check who they say they are (even if you think you recognise their voice) 
  2. Don’t act solely upon an email instruction – fraudsters are known to impersonate clients using email. They might gain control of their genuine email account through hacking or create one which is very similar to the client’s real one
  3. Carefully review client communications – criminals often make mistakes or are unable to fully replicate the genuine client’s behaviour. Pay close attention to the content within a client email (and review the whole email chain) for differences in language, spelling or other errors that don’t seem right
  4. Validate updated bank account and other personal details - confirm any changes to bank details or personal information using established contact details. Don’t rely solely on email communications of such changes or use a new telephone number contained in an email to validate any such change
  5. Don’t reveal sensitive information within pre-populated forms – sending pre-populated withdrawal forms and other documentation could place sensitive data in the wrong hands and lead to data breaches or fraud events
  6. Keep anti-virus and firewall software up to date and back up your data – criminals exploit vulnerabilities where anti-virus and firewall software are out of date - don’t make it easy for them by keeping your devices updated
  7. Use robust passwords for all your systems and devices – maintaining strong password/passphrases will help protect accounts and devices. For more information view our guide to password management here
  8. Report suspicious activity – if you suspect fraudulent activity on any account, you should alert all associated parties immediately. The sooner you act, the more likely it is that the clients’ investments can be safeguarded
  9. Be aware of the latest security threats – forewarned is forearmed so it’s important to regularly check the latest information published by a range of security and fraud protection organisations. View our useful contacts page for more information
  10. Make someone responsible for fraud prevention within your business – processes and procedures need to be continually reviewed to ensure they are fit for purpose and that staff are aware of their responsibilities for protecting clients and the firm from fraud.

Signs that a client request or instruction may not be genuine

  • 1. New bank details are provided with a request to send funds to this account
  • 2. A withdrawal request is not in keeping with the client’s goals or objectives
  • 3. A withdrawal from the product or wrapper type is an unexpected investment behaviour
  • 4. Funds are requested in a hurry or within an unrealistic timeframe
  • 5. A client requests a form pre-populated with sensitive data
  • 6. There is a reluctance to communicate other than by email
  • 7. The client’s email or letter is unusually short or blunt
  • 8. The email or letter contains language, or a style not usually used by the client
  • 9. The communication contains spelling mistakes and other grammatical errors
  • 10. The client ignores questions clarifying or verifying a request
  • 11. The stated time of the email suggests the sender is not in the UK
  • 12. Supporting documentation contains suspicious entries or just doesn’t look right

Find out more about boosting cybersecurity in your workplace. Feel free to share this – and all the other cyber security information on our site – with colleagues, contractors and suppliers.

Other useful information on keeping your business

Email hacking

The risk to advice firms

Top six ways to spot a phishing attack

What is phishing and how can you spot it?

Do your passwords pass the password test?

In a world where cyber crime is an increasingly serious issue, safeguarding the systems and devices your business uses – such as computers, laptops and smartphones – is of the utmost importance.

You can also visit out Keeping your business safe hub where you will find all of our useful content.

New to Fidelity Adviser Solutions?

Find out what we offer to help you build profitable and sustainable financial businesses.