Uptick in RIA Wire Fraud Cases: Traditional Safeguards May Be Failing

This is a “BEWARE OF…” article —not to scare, but simply to ensure your practice is on full alert. Regardless of firm size or how you interact with clients, this issue remains at the forefront of claims filed across the investment community.  As one of the national leaders insuring RIAs, our office has filed over 10 significant wire fraud claims in the last 12 months.

Asset managers continue to focus on cyber liability; one threat is now driving both the highest frequency and severity of claims: money movement fraud (also known as social engineering and/or wire fraud).

What Is Happening?

The concerning trend is not just the rise in fraud attempts, but that these events are becoming more sophisticated, including larger sums of money, and occurring even when advisors follow what have been considered best practices.

Below are a few real examples illustrating how these losses are unfolding:

Case 1: Email Compromise & Altered Wire Instructions

An Advisor’s email account was compromised while the Advisor was receiving legitimate communications from a client instructing the Advisor to wire $500,000.  Unbeknownst to both parties, the email was intercepted, allowing the bad actor to alter the instructions.

The advisor followed standard protocol and called the client to verify the account numbers, but the client later admitted they assumed the information read back to them was accurate and confirmed the instructions without closely reviewing them.

An investigation later revealed that the attacker had intercepted and modified the account information in transit before the advisor read it.

Case 2: Advisor System Compromise & Personal Asset Loss

An Advisor identified a breach involving both advisory and personal custodial accounts.  A threat actor successfully compromised the advisor’s computer systems, installing keystroke-logging and remote-access software, giving them the ability to obtain the necessary credentials to easily access personal investment accounts.

Shortly after the advisor had liquidated approximately $80,000 for an RMD, a fraudulent wire request was executed.  The attacker also forged DocuSign documentation to facilitate the transfer.

While attempts to access client accounts were stopped in time, the advisor’s personal funds were not recovered.  Notably, the advisor’s business insurance declined coverage for the loss of personal assets.

Case 3: AI Impersonation & Potential Multi-Layer Verification Failure

A client first initiated a rollover of 401 (k) assets into an IRA. Later, an AI-generated impersonator of the client requested an early distribution from their IRA to fund a real estate purchase.

The advisor’s team followed internal procedures in which three employees confirmed the request and spoke directly with what they believed to be the client.  Updated banking details were provided, and custodial DocuSign verification was completed via the client portal.  It was then processed through the custodian at the advisor’s discretion.

Six months later, the client received a 1099 and denied ever authorizing the $300,000 distribution.  It is believed that the fraudster compromised the client’s email, phone, and custodial access, enabling them to convincingly impersonate the client across multiple channels. This matter remains under investigation.

A Shift in the Risk Landscape

Per the diagram shown above, RIAs have historically operated in a low-frequency, high-severity risk environment, which justified transferring severe exposure, such as fiduciary risk, through professional liability insurance (aka E&O Insurance).

Is that dynamic changing?  Money movement fraud is now growing in both frequency and severity, and, more impressively, it is bypassing controls that firms have relied upon as best practices: callback verification, multi-person approval processes, DocuSign & custodial confirmations, etc.

Advisors are largely doing what they are trained to do and still experiencing losses.  It has some begging the question: If the standard “best practices” are insufficient, what should an effective control framework for RIAs look like to mitigate this?  While it is impossible to provide a comprehensive answer, our next RiskTip will offer practical ideas and insights.

By Bryant Wood – Golsan Scruggs

Golsan Scruggs is an insurance brokerage firm operating throughout the United States specializing in investment advisor E&O errors & omissions insurance (aka professional liability insurance) for RIA registered investment advisors. As one of the largest insurers of RIA firms in the U.S., we have a dedicated staff that understands the risks of the financial services industry and delivers superior results.  We make the underwriting process painless.

At Golsan Scruggs, we believe it is incumbent upon us to earn the right to be appointed as your insurance and risk-management agent. Our RIASURE process exists to serve that purpose.

Our RIASURE Review will analyze your fiduciary exposures, provide rate details and comparisons, and provide a contract comparison. No application required.

To obtain your complimentary RIASURE Review, please provide the following information or contact us at (800)273-5883. Fields marked with * are required.