Cybersecurity

As a Registered Investment Adviser firm, you are tasked with the awesome responsibility of protecting your firm's and your client's information. Most theft of client account information is done outside of your RIA firm. For example, when there is a breach of a web site with client information, then this list is sold on the dark web. Scammers try and trick you with emails and even phone calls to wire out money from your client's accounts. You and your employees have to keep your guard up at all times.

If you are going to be a startup RIA firm, then you had better take precautions and institute strict safeguards on your computers, tablets and mobile phones. Face ID, two factor authentication and other methods should be used to protect your firm. One of the easiest ways for scammers to obtain money is via email. A scammer can hack into a client's email and send your firm a request for funds to be wired out or moved to a third party. As a firm policy, I would strongly encourage you to NEVER DO WIRES for any client. Wires are irreversible and cannot be undone. I do not care if a client has called you, even if it is someone that you know, and said they are closing on a house and need funds wired out. You need to tell that client that you DO NOT do wires and you can only provide them a check that they can deposit into their account. Of course, this is if they have given you a withdrawal power of attorney to move money from their RIA account to their local bank titled exactly the same. I would even discourage clients from requesting third-party checks from your RIA firm. Think about this fact. If you issue a third-party check on the client's behalf, then you are involved in the transaction if it goes wrong. Conversely, if you simply have the custodian issue a check to the client for deposit into their own bank account, then you have eliminated this risk.

I do not care if you are inconveniencing your client. Even if it means that they will have to change their closing date. You just need to make this your firm policy and make clients aware that you need WEEKS ahead of time when there is a situation like closing on a house.

See the Email page, under the "Firm Specific" dropdown on this web site for more Cybersecurity information related to phishing and email scams.