BW Cyber Services has become aware of recent attempts to commit fraudulent ACATS transfers based on identity theft of valid brokerage accounts.  Consequently, we recommend that Broker Dealers and Asset Managers alike pay attention to reviewing and confirming ACATS activities in which accounts are transferred.  While details are still emerging, we recommend voice confirmation calls be made for all departing ACATS transfers within the window of confirmation of the transfer.  While not specifically addressing this issue, the OCIE issued a Risk Alert on August 12, 2020  which specifically identified the need for “Protection of Investor Assets”.  Per this need, they recommended the following:

  • Implementing additional steps to validate the identity of the investor and the authenticity of disbursement instructions, including whether the person is authorized to make the request and bank account names and numbers are accurate; and
  • Recommending that each investor has a trusted contact person in place, particularly for seniors and other vulnerable investors

The Automated Customer Account Transfer Service (ACATS) is a system that facilitates the transfer of eligible assets from one brokerage account to another at a different member brokerage firm. The National Securities Clearing Corporation (NSCC) developed the ACATS system, replacing the previous manual asset transfer system with this fully automated and standardized one.

While we do not yet know exactly how the perpetrator obtained the confidential information needed to effect the attempted transfer, we are aware that it was well orchestrated and could have succeeded if confirmation had not been performed by the receiving organization. Moreover, due to the detailed knowledge of the sender’s identify information, it appears that identify theft was key to this attempted fraud. As a result of this attempt, we expect to see more attempts being made in the near future – mostly likely with additional sophistication.

The attempted fraud appears to be based on identity theft and possibly credential compromise in order to link brokerage account information to open brokerage accounts in the name of their victim for the purposes of transferring their assets to the new brokerage account. Through this approach the criminals appear to be attempting to circumvent the double authentication process usually in place when a client would access their brokerage account for the purposes of reviewing account summaries or making trades, etc.

As a consequence, BW Cyber Services recommends that Broker Dealers (and others involved with the ACATS transfer process) ensure sufficient or perhaps additional back office controls are in place to validate that these transactions are legitimate. Relatedly, if you are a victim of identify theft or suspect your personal information has somehow been compromised, BW Cyber Services also recommends you ensure both your business and personal e-mail accounts are fully secured and confirm you e-mail has not been compromised.

Of note, BW Cyber Services is also aware of criminals directing successful identity theft and cyber frauds against commercial financial aggregators  (Mint.com, EveryDollar.com, YNAB.com, etc.).

If you are concerned with protection of your identify information, BW Cyber Services can assist you: call at 646-779-7789 or e-mail at info@bwcyberservices.com.