Fraud continues to be a major challenge that broker-dealers face during the COVID-19 pandemic, with the “biggest potential problem” being phishing attacks, according to Bill Wollman, an executive vice president at the Financial Industry Regulatory Authority and head of its office of Financial and Operational Risk Policy.
Issues that “have to be thought about” are the fact that many people are working remotely now and may not have strong passwords and may not have downloaded the latest security upgrades for their computers, he said during a recent “Virtual Fireside Chat” that was part of the Securities Industry and Financial Markets Association’s webinar series. All financial organizations should be monitoring these security issues, he told viewers.
In a recent phishing scam, somebody was using his name and FINRA in an email that included an attachment, he recalled, warning that FIs should be wary of emails containing domain names that are slightly off and misspellings. The staffs of financial organizations need to be aware that there are people trying to do them harm during the pandemic, he said, noting FINRA had set up a fraud task force.
Wollman advised that financial executives reach out to FINRA, the Securities and Exchange Commission or the Federal Bureau of Investigation if they have concerns about potential fraud and scams.
In Regulatory Notice 20-12, issued earlier this month, FINRA warned of “a widespread, ongoing phishing campaign that involves fraudulent emails” that claim to be from FINRA officers, including Wollman and Josh Drobnyk. The emails have a source domain name “@broker-finra.org” and request immediate attention to an attachment. The domain of broker-finra.org is not connected to FINRA and firms should delete all emails originating from this domain name, FINRA stated.
In an Investor Insights post on its website Monday, FINRA pointed out that it issued Regulatory Notice 20-13, reminding FIs to “beware of fraud” during the pandemic. The Insights post highlighted “four common scams to look out for: (1) fraudulent account openings and money transfers; (2) FI imposter scams; (3) IT Help Desk scams; and (4) business email compromise schemes” — and financial organizations can take action to mitigate related risks.
Other challenges created by the pandemic have included how to deal with FINRA testing, Wollman pointed during the webinar. FINRA exams were put on pause for two weeks, then resumed, “but they are all virtual exams” now, he noted.
FINRA’s staff has been working remotely since March. Asked what FINRA plans to do internally when more of the U.S. economy starts opening up, Wollman said: “I don’t believe we’re going to rush back” to offices to conduct reviews on site, despite what other organizataions do. But there may be an occasional situation where it will be better to do a review in person, he said.
FINRA intends to honor restrictions imposed by FIs, he said, conceding: “I don’t know what the new world order will look like.” For the time being, FINRA will probably be using Zoom video conferencing, he noted.
Asked if FINRA would be in favor of the permanent ability to conduct remote inspections of branch offices if certain criteria are met, he said: “We are open to that dialogue…. I put this in the category of one of the things that we need to talk about longer term.”