The Financial Industry Regulatory Authority (FINRA) fined and temporarily suspended a financial advisor working for UBS after he was tricked into transferring $511,870 from a client’s account in a CEO fraud scam, according to FinancialAdvisorIQ. A hacker used social engineering to access the client’s account and asked the advisor, William Darby, to move the money into accounts at third-party banks. Darby allegedly violated UBS’s protocol by making the transfers without first calling the client on the phone and verbally confirming the requests.
Darby was also allegedly tricked into selling the client’s securities, worth $525,826, to fund the transfers. UBS fired Darby and reimbursed the client, and FINRA fined Darby $7,500 for breaching protocol. The reason for his termination was “violated firm disbursements policy by failing to call client to confirm disbursement requests yet instructed support staff to process the disbursements.”
Darby also received a forty-five-day suspension from FINRA, but was allowed to keep his registration as a financial advisor. He’s since landed a job at another firm, and he’ll presumably be more cautious in the future.
It’s worth noting that Darby had worked in the financial services industry for twenty years, ten of which he spent at UBS, so a lack of experience is unlikely to have been the problem. Anyone can fall for a scam, so organizations need to have policies in place to reduce the chances of a scam succeeding. Of course, as this case demonstrates, security policies are only effective if they’re adhered to. It’s also unwise to think that experienced personnel can’t themselves fall prey to a scammer. We can learn a lot through experience, but sometimes experience can be the mother of illusion, too.
Proper training and education are needed to ensure employees know the importance of following their organization’s security protocols. A healthy sense of suspicion and a solid knowledge of social engineering tactics can complement strong security policies. New-school security awareness training can keep your employees from being tricked by social engineering and prevent them from falling into complacency by teaching them how scammers operate.
FinancialAdvisorIQ has the story: https://financialadvisoriq.com/c/2600713/299823/fined_after_allegedly_conned_hacker_disburse_client_funds