A reader writes: "So I was talking to my friend today and she mentioned that she literally had 50K stolen from her bank account. She had a GIC, cashed it, and was about to make a downpayment for her condo. When she checked her account from the time she cashed it to the time she checked (about 2 days), the money went missing. The bank froze all her accounts and did an investigation where it was revealed that a bank employee actually used my friends drivers license to steal her identity and her money.
Of course, it was all refunded to her. After a police investigation and the bank investigation. But it did bring a topic to mind - Identity theft.
Maybe you can write about the controls that are in place to ensure that investments are not 'stolen'. Also, you can tie that into the insurance that is available in the event of losses, the role of the ombudsman etc."
I always wonder about the folks that perpetrate these crimes, as in : how is it that you think that you're not going to get caught?
Anyway, it is a great question, because given all the new regulation around anti-money laundering and "proceeds of crime" issues as well as the "know your client" rule, we are asked to give up a great deal of personal data and information just to prove we are who we say we are, as well as our personal finances, objectives, risk tolerance, etc.
And then all of that information, while protected under privacy laws, is in someone else's hands, usually in a computer data base which as we read about regularly can be hacked into and stolen.
The investment industry has rules and regulations to protect client data (as we all are aware) it is not only in a computer data base, but in most large institutions there is also the physical data (mounds of paper-work filled out and signed) that also represents a risk.
Individual firms will also have there own internal security systems (and firewalls) that they have to maintain and upgrade to stay ahead of the "genius" criminal element.
In my time at Raymond James, I can say that there was a very heavy emphasis on cyber security and while other institutions were experiencing difficulties, to the best of my knowledge, Raymond James never did have a breach and were very efficient in identifying potential problems and notifying employees of their courses of action.
This is one of the reasons that we use Raymond James Correspondent Services for our High Rock client account custody (back-office).
With apologies (in advance) to Canada Post, the regular mail can get "lost", so we always use a courier that can be tracked (to protect that data as it physically flies about the country).
In my time as a branch manager, there were a few instances that I was made aware of, where client emails were "hacked" and the criminal element used the email to ask to have money sent to a (different than the usual) bank account. If I recall correctly, the "fake" client was on a vacation and that was the excuse for a different bank account for the money to be sent to.
Needless to say, any money sent would have to be verified by a follow-up phone call, but we had to make sure that we were paying attention.
The Canadian Securities Administrators (CSA) has a number of suggestions for "protecting yourself" against fraudulent activity https://www.securities-administrators.ca/investortools.aspx?id=736
However, if you do not get satisfaction from the institution or the advisor, you can also go to the Ombudsman for Banking Services and Investments (OBSI) https://www.obsi.ca/en/home
for any dispute resolution.
You also want to ensure that the institution (like Raymond James) where your accounts are held is a member of the Canadian Investor Protection Fund (CIPF), so that if they do become insolvent, your accounts are covered for up to $1,000,000.
More here: http://www.cipf.ca/
If you would like to receive this blog directly to your inbox...
Scott Tomenson,CIM Managing Partner, Chief Investment Strategist