Brokerage firms are facing a mounting surge of FINRA arbitration claims and lawsuits for client identity theft and hacking related issues. Brokerage firms and registered investment advisory firms are on notice that hackers and unauthorized third parties are attempting to, and actually being successful, in fraudulently withdrawing funds from investor accounts. In many instances, the brokerage firms can be successfully sued by investors who have had their accounts hacked, their identify stolen or who have had unauthorized sums stolen from their accounts. Our investment fraud law firm has handled these sorts of FINRA arbitration claims in the past and will likely see more of these arbitration claims and lawsuits in the future.
Brokerage firms and RIAs are officially on notice by regulators that they must guard against and supervise to prevent these sorts of ID hacks. Failure to do so can make the firms financially responsible to the investors who were impacted. Unfortunately, these cyber hacks and ID thefts are all too common at brokerage firms. Recently, a Morgan Stanley advisor stole account data from as many as 350,000 clients with some of that information later placed for sale online.
According to a February report issued by the U.S. Securities and Exchange Commission, most of the firms examined by the SEC disclosed they were the subject of a cyber-related incident — 88% of broker-dealers and 74% of RIAs reported they experienced cyber attacks directly or through one or more of their vendors. The majority of the cyber-related incidents involved malware and fraudulent e-mails. Brokerage firms can no longer bury their heads in the sand when it comes to these issues.
An incredible 54% of broker-dealers and 43% of advisors received fraudulent e-mails seeking to transfer client funds, and 26% of those broker-dealers reported losses related to fraudulent e-mails of more than $5,000. The SEC said no single loss topped $75,000, though one advisor had a loss of more than $75,000 stemming from a bogus e-mail. A reported 25% of the broker-dealers that had losses tied to fraudulent e-mails said the incidents resulted from employees not following the firms’ identity authentication protocols.
In February of 2015, FINRA released an alert warning of various hacking scams. According to the release: “Unfortunately, cyber threats to the information and computer systems of brokerage firms are increasing, and with these threats comes the risk of potential harm to investors. Dangers include email hack attacks, improper transfer or theft of customer assets, and misuse or even theft of customer data.”
A report last year from Privide, a cybersecurity firm in Walnut Creek, Calif., said cyber thieves are increasingly targeting high-net-worth families and their professional advisors, including wealth managers. Among the disclosures in the report: 30 million new types of computer viruses and malware were discovered in 2013; one-third of the world’s computers are infected with malware; 740 million personal records were exposed in data breaches in 2013; and nearly $5 billion was stolen from U.S. bank accounts in 2012 by hackers using malware. In addition, European banks last July reported the discovery of new malware that could bypass the two-factor authentication used to protect customer bank accounts.
Whether it’s a full service brokerage firm (Merrill Lynch, Morgan Stanley, LPL Linsco, UBS, Ameriprise), a regional firm (Royal Alliance, HD Vest, Stifel Nicolaus, Raymond James), or a registered investment advisory firm, the company MUST have a supervisory infrastructure in place to guard client assets, funds and identities. Failure to do so subjects the firm to legal liability and damages that can be recovered via a FIRNA arbitration claim or a lawsuit. If you’d like a free review by an attorney as to whether these damages can be recovered on a contingency fee basis, please call our securities law firm in Chicago, Illinois at 312.332.4200.