The cyber challenge for financial advisers

Financial advisers may be under-estimating the threat of money-laundering, fraud and cyber-hacking – and the important role they play in protecting the industry from organised crime.

That’s the assessment of a first of its kind report released by the Australian Transaction Reports and Analysis Centre (Austrac) in late 2016. According to the report1, from 1 April 2014 to 31 March 2016, 273 Suspicious Matter Reports (SMRs) were made by just 67 entities. What’s more, nearly half of those reports come from just five entities.

Rob Urwin, Head of Investigations, Governance Services at IOOF, says he is surprised by the low number of SMRs received by Austrac.

“For a $4.6 billion industry used by one in five Australians, just 67 entities reporting shows many advisers may not fully understand their suspicious matter reporting obligations or recognise the warning signs for suspicious activities.”

Common misconceptions

Despite the obligations on financial advisers under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act 2006), many advisers may have misconceptions about what is required in reporting.

One such misconception is that there needs to be conclusive evidence of impropriety before an SMR is submitted. “If you have a suspicion on reasonable grounds, that’s all you need for an SMR,” Rob says.

There is also the widespread belief that reporting will damage or destroy the client relationship. That’s not necessarily the case, Rob continues.

“Advisers don’t need to stop business with the client. And if necessary, there are measures to protect the identity of both the client and the adviser.”

The growing threat of cyber-fraud

Many of the scams seen by advisers are more ‘traditional’, such as forged signatures. 55 per cent of SMRs reported, however, involved a third party unknown to the client, adviser or product provider. This highlights the growing scale – and sophistication – of the threat posed by cyber-hackers.

“Using online services to manage accounts and communicate with clients improves efficiency and convenience, however with this comes extra risks,” Rob says.

“And advisers are an obvious target, as they facilitate the transfer of money between clients and the financial products offered by the large financial institutions.”

What are some of the potential threats and red flags?

There a number of indicators used to detect instances of cyber-enabled fraud, including:

  • customer’s email has different tone/language to customer’s usual communications
  • customer’s email has poor grammar, spelling mistakes or uncommon terminology
  • customer usually contacts the financial planner by telephone, then suddenly makes contact by email
  • customer changes bank details soon after changing other details such as contact address
    or phone number
  • customer emails express urgency – for example, claiming the customer is travelling overseas,
    attending a funeral, or purchasing a property
  • requests for the financial planner to complete application forms on the customer’s behalf, then to send back to customer for signing, and
  • email requests to send funds overseas.

Source: Australia’s Financial Planning Sector: Money Laundering and Terrorism Financing Risk Assessment (Austrac – 2016)

Protect yourself and your clients

“It helps to be aware of the latest ways cyber-hackers trick you into supplying personal information, such as phishing emails,” Rob says. “Usually appearing to come from a well-known company such as the banks or Australia Post, they may look legitimate.”

“Remember that most companies would never ask for your private information via email. And if you are unsure, type the address of the company directly into your browser.”

And what is one step you should take to address any suspicious circumstances?

“Talk to your clients whenever you receive a request to change bank account details,” Rob says. “Either on the phone – or better, in person, is a good way to make sure your clients’ interests are protected.”

The extra diligence has more than the obvious benefits of fraud prevention and financial loss. Austrac said that the clients of entities who reported, were often grateful and responded positively when informed.

“When you check on a transaction on behalf of a client, it demonstrates that the adviser is looking after their interests. This often bodes well for the longer-term relationship,” Rob concludes.


1 Australia’s Financial Planning Sector: Money Laundering and Terrorism Financing Risk Assessment.

The information contained in this newsletter is provided on behalf of the IOOF group of companies and is intended for financial adviser use only. It is given in good faith and has been prepared based on information that is believed to be accurate and reliable at the time of publication. Any examples are for illustration purposes only and are based on the continuance of present laws and our interpretation of them at the time.