Skip to main content


At, By or Through: Fraud in the Broker-Dealer Industry

April 20, 2021

The brokerage industry has an important role to play when it comes to detecting, preventing and reporting fraud. It's not just a regulatory concern, but an important reputational concern for individual firms and the industry as a whole.

On this episode, we hear from Greg Ruppert, head of FINRA's National Cause and Financial Crimes Detection Programs, about recent trends in the fraud space and how firms can work to protect themselves and their customers.

Resources mentioned in this episode:

FTC Scam Alerts

FBI Fraud Resources

IC3 Annual Reports

Episode 60: Introducing Greg Ruppert and the NCFC

Episode 71: Overlapping Risks, Part I: AML and Cybersecurity

Episode 73: Overlapping Risks, Part II: AML and Elder Financial Exploitation

Listen and subscribe to our podcast on Apple PodcastsGoogle PlaySpotify or wherever you listen to your podcasts. Below is a transcript of the episode. Transcripts are generated using a combination of speech recognition software and human editors and may contain errors. Please check the corresponding audio before quoting in print. 


00:00 – 00:25

Kaitlyn Kiernan: The brokerage industry has an important role to play when it comes to detecting, preventing and reporting fraud. It's not just a regulatory concern, but an important reputational concern for individual firms and the industry as a whole.

On this episode, we hear from the head of FINRA's National Cause and Financial Crimes Detection Programs to discuss recent trends in the fraud space and how firms can work to protect themselves and their customers.

00:25 – 00:35

Intro Music

00:35 – 00:51

Kaitlyn Kiernan: Welcome to FINRA Unscripted, I'm your host, Kaitlyn Kiernan. I'm pleased to welcome back to the show Greg Ruppert, executive vice president and head of Member Supervision's National Cause and Financial Crimes Detection Programs, or NCFC. Greg, welcome back to the show.

00:51 – 00:52

Greg Ruppert: Great. Thank you for having me back.

00:53 - 01:24

Kaitlyn Kiernan: So, for those who missed it, we first met Greg on Episode 60, shortly after he joined FINRA and formed the NCFC. So, I encourage you to check that out if you haven't already.

But today, Greg is joining us to talk more about fraud, but not the type of fraud that might come to mind when you first start thinking about fraud in the brokerage industry, such as sales practice violations or other bad broker behavior, but just fraud more broadly. So, Greg, just to kick things off, how do you think about fraud?

01:25 - 01:46

Greg Ruppert: Fraud has many different facets and at the base level, thinking about activity that can occur at, by or through one of our member firms, and it’s part of a larger ecosystem within the financial services industry. So really looking at it with a much broader aperture than perhaps we've done in the past.

01:46 - 02:01

Kaitlyn Kiernan: That at, by or through is very common when we're talking about AML. So, it makes sense that it applies to other types of fraud as well. Now, why is it important for FINRA and its member firms to think about fraud more broadly in this way?

02:02 - 04:23

Greg Ruppert: Well, I would approach it in two different ways, Kaitlyn, the first being, obviously fraud does affect the firm's bottom line. It is an operational loss that can impact their revenues, but it also impacts their relationships with their clients. Foundationally, when I think about expectations of clients or customers, that foundational expectation is they bring their money to a firm and the firm is going to be able to maintain it. They're not going to lose control of it, lose custody of it. And that's exactly what is happening in a lot of the fraud scenarios and situations that we're seeing.

And in some cases, it's through no fault of the firm, but it could be client behaviors that are leading to that fraud. So just looking at it from a reputational risk standpoint, as well as an operational expense, why criminals are going after broker dealers these days is the old adage that I love to keep bringing up from my FBI days is "why do people rob banks"? Because that's where the money is. If you are in a business that custodies and or facilitates money or money movement, you're going to be attractive to criminal enterprises.

And then if we step back, the current space that we're in is a perfect storm where globalization and the increase of technology and data, as well as the rise of the Internet globally, have come together to really facilitate criminals and fraudsters from operating against firms and against their clients at a much larger scale than ever before. So, the ability to reach out across thousands of miles, a number of time zones intersecting or crossing through language barriers to be able to attack firms and accounts and clients ultimately is ever present for us.

So thinking about it on that side is important and then combining with it the increase of products and services that firms are offering that really take us one step further out than previously of a brokerage account just being used to buy and sell securities. The interfaces allow for a lot more these days. And so, understanding your firm's products and services, but also the connectivity to third party services that are being offered that are only these days a click away for your clients to use.

04:24 - 04:38

Kaitlyn Kiernan: It sounds like it's not just the environment that has changed that we're operating in, but it's also the brokerage firms and the account types that they offer have changed. What are some of the changes that make brokerage firms more at risk?

04:39 - 07:07

Greg Ruppert: I think we're seeing less of the traditional account type that someone would deposit via a check or a wire transfer and then just use that account for trading. So, when you start looking at a number of broker dealers, they're offering the check deposits, but also allowing you to write checks off of your account. So, they offer a checking account type feature. We've seen firms offering bill pay. We've seen firms offering the app based or the automated remote deposit capture. So, the ability to deposit checks, taking a photograph with your smartphone and then the level of interbank transfer, so ACH transfers to use more common parlance in the financial services industry. So, the ability to connect your brokerage account to a number of banking and other online payment services so, not to single any out, but PayPal, Venmo, Chime is a new one, Square.

You could even look at it from a cryptocurrency wallet standpoint. Coinbase is a very large firm that facilitates cryptocurrency transactions but has ACH links that would facilitate moving money to or from a brokerage account.

So you start to get into that space from a compliance, AML, fraud perspective, it is really looking at what are their protocols, their being those third party services, and what services they offer to clients who are also your clients, and how easy the interoperability of working in both of those areas and moving funds to or from those areas. So, it really takes you out of just being able to rely on the fact that we are a brokerage firm. And as long as we're monitoring our securities purchases and looking for the red flags that's required under the BSA or AML requirements we're covered and we're doing everything regulatory required of us. You have to think one step further and thinking about knowing your client and what your clients are doing in those other areas.

So that's one side from a regulatory requirement standpoint. But then on the other side, as I mentioned earlier, would be brand risk and protecting your clients from fraud risk that might be occurring in those environments. So, we're still at that foundational approach of really understanding your clients and customers and what they're doing, not only at your institution, but how those funds are coming to or leaving your institution.

07:08 - 07:17

Kaitlyn Kiernan: And why is this fraud in the words you use at or through a firm? Why is that a focus for NCFC and for FINRA?

07:18 - 08:49

Greg Ruppert: Well, to some degree we're going to follow the threat. And we have seen over the last year with the pandemic a significant increase in fraud related to these areas.

But I'd also say fraudsters will go to the point of least resistance. They are definitely opportunists, so they end up where they have the most amount of success. So, we can oftentimes benefit within the broker dealer industry of what's happening at larger banks and what fraud risks and trends they're seeing, but also even new entrants. So, some of the payment services or the pre-paid credit card areas and seeing where fraud is occurring there and then triangulating where it could impact the broker dealer space. Also, from that regard, its once firms develop controls, they develop surveillance, they start identifying where fraud is occurring and stopping that fraud from happening.

Those mitigation steps will cause the fraudsters to move to points of lesser resistance. And oftentimes that will take them outside of our member firms and directly attack or target the clients of the firm. So, risks oftentimes will, even though they manifest within our membership, will ultimately end up outside of the membership, but still impacting the by or through. They're going to be successful in getting the funds that they're going after. But by impacting investors, it's part of FINRA's focus of protecting investors and protecting the market. We want to make sure that we're educating our membership on all fronts.

08:50 - 09:12

Kaitlyn Kiernan: It sounds like a lot of the opportunities that fraudsters are looking for, for entry points, are these things that firms are offering as a matter of convenience for their clients. And what are some of the most important things that firms can be doing to protect themselves and their customers while also still trying to offer these convenient features?

09:12 - 10:28

Greg Ruppert: Obviously really looking at the client's behaviors as an opportunity to develop patterns of activity that are within an expected range. So, credit card companies have done this for years, and I'm sure most of the listeners have had a situation where their credit card has been declined at some point, despite having perfectly good credit and available balances. But you are operating in an anomalous behavior outside of your normal pattern. So maybe you're on vacation, maybe you're in a foreign country. Maybe it was a large transaction that you normally don't make.

So, looking at ways where you could develop, leveraging technology, mechanisms to look for transactional behaviors that don't fit with your customer. That doesn't have to be just the financial transactions, but also can be leveraging how they communicate with your firm. So if you provide online access to your firm, really tracking the back end from a cybersecurity perspective, looking at the same anomalies that would occur if as the client, you always log in from a city IP address that's attached to your account profile, that would make sense. But all of a sudden, if you're logging in from a foreign country or odd hours at night, there's a number of things you really can look for.

10:28 - 10:33

Kaitlyn Kiernan: Or like a client who usually calls suddenly only emailing or chatting.

10:33 - 13:14

Greg Ruppert: Exactly. That's another great point. Clients that don't have an online profile automatically setting up an online profile and then trying to do an immediate wire transfer thereafter. So even if you have clients who you think are at risk because they are in a situation where they don't leverage a lot of the tools that you offer that pose more risk, the mere fact that you allow them to select these tools when they want to select them, you have to be concerned with are you actually talking to your client or is your client the one actually setting up these services?

I've heard some firms say that just because you have a full suite of products and services to offer, it doesn't necessarily mean you need to turn them all on at once. And from today's day and age, what is the client's desire and needs and what are they seeking versus merely just opening them all up at the time of account open?

Which leads me to talk about a more recent trend over the past couple of years and something that we've highlighted in a number of our previous regulatory notices. And we actually have a new regulatory notice related to new account fraud. So, these are situations where new accounts are being set up at firms and they are essentially fraudulent accounts and they're fraudulent in potentially one of three ways.

One way would be the information used to set up the account and the account application is not accurate. It's identity theft. So, it's not the person it's claiming to be, but that person is, in fact, a real person.

The second one that has been relatively popular over the past one to two years is what's called a synthetic identity. So, it's parts of real information that are patched together to pass the AML checks that you're required to do under the Patriot Act. And the criminals have figured out how to manipulate the systems so that it's not true identity theft, but it is a hybrid approach to where it will pass the checks, but you're not talking to a real person in terms of the information that you have.

And then the last type that we've seen even more recently is going to be true name fraud. But what we're seeing is the person that's setting up the account and funding the account, although a real person, they are what the industry calls money mules. So they are people that are being instructed to set up accounts and figure out how to get funding into those accounts and then pay those fundings back to a larger organized scheme outside of the US usually. But once law enforcement catches up to these individuals, they have found that they are unwitting or even partially witting in terms of what they're doing. But the fraud is although much larger, the investigation stops with these individuals who are being instructed by an organized ring.

13:15 - 13:20

Kaitlyn Kiernan: And are there any other current fraud typologies you think firms should be aware of?

13:20 - 14:45

Greg Ruppert: The credit card companies and some financial institutions that provide instant credit or instant funds have seen the losses around accounts being opened, those funds being transferred out. And ultimately, once the checks are cleared, we have the fraud. So the firm is literally ending up holding the bag and some of the later trends specifically around what we're seeing with the market activity related to social media advice being given in terms of trading has been opening a new account, funding it with an ACH from another institution, and then trading in these securities that are the focus of the latest social media campaigns.

And then we'll see what's called an ACH pullback. So, a fraud complaint being made to the source institution that the ACH request from the broker dealer was fraudulent and that money is pulled back. So, what will happen is member firms have to close out the securities positions. They risk taking a loss there. And ultimately, that account funding is nonexistent, and it goes back to the other institution. You can attempt to make a claim at the other institution, but sometimes they're seeing that that initial deposit at that institution is also fraudulent. So almost stringing together in a modern day check kiting scheme, if you will, to generate the ability to make trades.

14:45 - 14:52

Kaitlyn Kiernan: So that sounds like it's a time when firms should be filing a SAR for that kind of activity?

14:52 - 15:44

Greg Ruppert: Yeah, we find in those situations filing a SAR, even though in some instances the amounts might be below the current thresholds, depending on what your firm allows for the trading. But if you can tie the activity together, it would be probably more impactful, even though in some instances it's an attempt. We've seen some firms can normally refer that account to collection and they don't consider it necessarily a fraud loss that would, in their minds, trigger the SAR filing.

But making sure that you revisit that approach, making sure that the AML or compliance teams are receiving those referrals from the operations teams in these situations, because it's something that we're seeing more concerted efforts in terms of rings or organized activity, that you could piece together a number of accounts into a single action that would be beneficial for us and for law enforcement to have.

15:45 - 15:54

Kaitlyn Kiernan: And what can firms, particularly small and medium sized firms, be doing to stay up to date on some of these new fraud typologies?

15:55 - 24:07

Greg Ruppert: Well, step one, listening to this podcast, I think is a great start, and I'd also recommend some of the other podcasts that you've done related to AML and the intersection of AML and cybersecurity, but also AML and elder abuse. We're named, as you noted, at the top of the episode, the National Cause and Financial Crimes Detection Programs, leveraging that term of art as financial crimes, which really encompasses money movement related to illicit activity.

And in money movement, I would go even one step further and say its funds that include securities. So, educating the firm, the front line that sees the activities that they are interacting with on a daily basis to see does this look suspicious? Oftentimes I've been surprised that we've done as an industry a great job of defining what money laundering is, but really just expanding the understanding of the concepts of what we're looking for is more from a financial crimes perspective and its movement of funds and included in that securities related to violations of our rules or securities rules or other attempts to move money.

Most crimes, not all crimes, but most crimes have a profit motive. And once the criminals are successful in getting the funds, they need to move those funds. And we're seeing more and more opportunities to move funds in the at by or through broker dealer accounts. And from that perspective, just making sure that awareness within the firm is important and paying attention to the regulatory notices that FINRA's providing.

And we've really over the past few years tried to enhance the information that we're able to share, the threats, the trends that we're identifying across the industry specific to securities, but then also how other connections, so banks, credit unions, fintech payment processors, where those frauds and that criminal activity could be used at a later time in the brokerage space. So almost predicting where we might see the threat coming.

And from that standpoint, then giving specific action steps of things you could be thinking about and taking. So as you step back, when you hear cybersecurity, I think the potential for cyber-enabled fraud and money movement, when you hear AML understand that's part of a larger regime that would include fraud activity, but also some money movement and not allow yourself to limit your thinking in those areas. So, I'd say that's really where you could start with your education.

But the next step I would like to bring forward today is, as I mentioned earlier, criminals are opportunistic and they're moving down to points of the least resistance. And you will see as you're doing a better job for your firm, your clients will probably become more targeted in the criminal attempts. So, from that standpoint, how do you educate your clients? And you have a great touchpoint when they come talk to you.

And oftentimes I will hear from the smaller firms to say that they're at a disadvantage because they don't have all of the sophisticated technology and vendor tools that larger firms have. But what they do have is that connectivity with their clients. They know their clients; I find at a much deeper level. They have longer relationships with their clients and then they have a higher degree of trust with their clients than some larger big banks that never interact with their client base.

So that's actually providing a defense mechanism that one you have an opportunity to keep abreast of the latest fraud typologies that are happening either through what we post here at FINRA, but the has a great website when it comes to fraud and cyber within the FBI., which is the Internet Fraud Complaint Center, publishes an annual report that should be required reading for anybody that is a fraud investigator at a firm. They look at it not only by fraud and fraud types and fraud trends, but by region, by age. They really break down the metrics. So, you could look at it from the perspective of your client base, where it is, how old it is and what potential risks that you have there. provides a lot of fraud typologies and red flags, so there's lots of opportunities to educate yourself.

But I would say once you educate yourself, is educating your firm, your firm's first line that interacts with clients, and then how do you really get out to the clients so that you are their eyes and ears looking for it? So, the classic adage that I love to say is a client comes in and says, "I need to trade Bitcoin and I need to buy it right now". The riskiest reaction to that is to say, well, "let me set you up with Coinbase account and here is a nearby Bitcoin ATM where you can deposit cash and turn it into Bitcoin and make that transaction right away".

That's not the approach I would take back to know your client. Why do you need to trade Bitcoin so fast? And hopefully that dialogue and that trust starts a story, of: I just received an urgent note from could be everything from the fraudsters are right now targeting foreign diasporas in the United States and saying that there are visa and/or passport issues, there are actions being taken in their host country that's impacting them. And they need to move money to stop this right now or they're going to lose their passport, their visa, or one of their family members is in jail.

Getting that story out of them can easily turn you to going back to the FBI's website or going to the FTC website and pulling down a intelligence report that notifies be on the lookout for these scams so you can educate your client there.

There is the Facebook grandparent scam, as they're often called, is leveraging the senior's use of social media, finding out who their grandchildren are, where they're attending school, and then timing it for summer or spring break and saying, "Grandma, this is Timmy. I'm down to Mexico on spring break. Do not tell mom and dad they would be so mad at me right now in a quarantine that I went down on spring break. But I got in a fight and I'm in jail and I need money immediately."

And we have seen more people falling for that because fraud is usually successful in two different ways, increasing the level of trust between the fraudster and the victim. So, think romance scams. Or on the other side, decreasing the level of due diligence by striking fear, urgency or panic into the victim. And so that Facebook scam is that fear, urgency or panic. What grandma wouldn't want to help out their grandchild immediately and get them out of jail? And so quick action money is taken out of brokerage accounts, bank accounts turned into Bitcoin or Western Union, MoneyGrams, one of the other quick payment providers, only to find out that Timmy is not on vacation, he's not on spring break and he's not in jail.

So, there are a number of these scams that are popping up. And again, timing is everything back into the holiday season, what we would call the gift card frauds happen and that leverages another typology. That's the business email compromise. And it is creating an email account that looks like you are part of the business. So maybe it's your firm's CEO, CFO and an email comes in to say, "hey, please do me a favor and buy a bunch of gift cards. I want to surprise the staff,” or “I want to do an award at the next party that we're having," any number of excuses.

But again, shrouded in secrecy, keep it a secret and the individual will go out and buy gift cards, put it either on the corporate account or their personal account, and then full circle. Kaitlyn, they will leverage one of these money mules who are either unwitting or willing to come pick up the gift cards and then transport them back to the criminal ring. So, this is a multibillion-dollar enterprise. The FBI has done a lot of reporting around the business email compromise. Sometimes we chuckle who falls for it. It wouldn't be a billion-dollar enterprise if people weren't falling for it. So, if that vigilance of knowing what's going on and reporting these frauds internally and externally are so key.

24:08 - 24:27

Kaitlyn Kiernan: And it's interesting you're mentioning there's that common element of saying keep this a secret, which also might make the target of the fraud feel special. Oh, I was chosen to buy these gift cards. I was chosen to be in on this. Timmy trusted me to come help out, not his parents. And that might make grandma feel good about herself.

24:28 - 27:08

Greg Ruppert: Yes. And social media is at the forefront of this, as all walks of individuals are posting more information about what they're doing, who they are, what their likes, dislikes are. So, from the Facebook side, grandma or grandpa has information about who their grandchildren are, where they're going to school. So, the ability to use their name, talk about their school, their school break, the company officials that tweet or post where they are, where they're traveling, it really adds to the story.

If we think about how we're different than we were five years ago or ten years ago, everything from LinkedIn to Facebook to Instagram and the other social media platforms, we're really providing a lot more information that can be viewed online, globally, and people can impersonate us much easier than they've ever been able to in the past, not attacking the victims at all. But who doesn't want to respond to an urgent CEO email? From that standpoint, you react relatively quickly because that's what we've been trained to do our entire lives and stepping back and thinking about what am I doing?

And I've talked to a number of people, I'll say very successful, very intelligent. There is nothing that has to do with lack of experience or lack of exposure. Quite the contrary. Basically, it's so sophisticated that the only thing I think that's successful is the awareness and reminders of the red flags and the risks and current trends that are constantly at the forefront.

I would advocate that a fraud training and/or AML training for firm and/or financial crimes awareness for a firm shouldn't happen just once a year. And it shouldn't necessarily just be the annual training that happens. But how do you bring case stories to light? How do you reward the successes of stopping something? It's one of those things where I think a lot of times you don't want fraud attempts to be at the forefront. But we moved into the fact that this is a new normal. It's not if fraud attacks are going to occur, but when they occur. And so rewarding the individuals in your firm that identify it, stop it, refer it, and celebrating those successes as exactly what firms should be doing to protect the firm, to protect clients, to protect investors, protect the industry. From that standpoint, that keeps it at the forefront of everybody's mind.

And it's so important to be there because the criminals and the fraudsters are only limited to their creativity and their creativity is impressive. So, these attacks are not going to be slowing down and vigilance becomes part of everybody's responsibility.

27:08 - 27:33

Kaitlyn Kiernan: Well, we will link to the FBI, FTC and those other websites you mentioned so that firms can check them out. So, it's not just the firms that are working hard to stay up to date on the latest fraud techniques and trends. One of your original goals when you started NCFC last year was to make it easier for your team and FINRA to see the bigger trends in this financial crime space. What have you done to accomplish that?

27:33 - 29:03

Greg Ruppert: So, one of the first things we did within NCFC last year was to create a financial intelligence unit. That thought around having a financial intelligence unit was how do we better position ourselves within NCFC to look at all of the intelligence that we have access to within FINRA, but then also leverage external sources, as we've talked about during this podcast. What trends are happening within the industry? What reporting from the FBI, the Secret Service, the FTC in terms of fraud and other trends? And how do we connect the dots and tie that all together?

What would be the primary purpose for us is to speed up our response time so that we're being more proactive than reactive as we start to identify particular trends or risks that are coming at us and our member firms. That will allow our ability to speed up the timing where we can produce regulatory notices, the ability to identify potential trends that are occurring in the at, by or through space of our membership and reach out to them for identifying particularly criminal groups or criminal trends that are targeting their institutions and then be able to leverage that within what we do of conducting investigations on our side and making referrals, whether it's to the SEC, state securities divisions or to law enforcement related to particular crime trends that we're seeing that's outside of FINRA's jurisdiction.

29:04 - 29:28

Kaitlyn Kiernan: So just to wrap things up, at the beginning of this podcast, we talked about how a lot of the changes to how fraud is impacting the brokerage industry has had to do with changes over the past decade related to how brokerage accounts work and the features that they offer. If you were to take out your crystal ball and have a look, do you see any additional changes looming ahead for us over the next 10 years?

29:29 - 30:54

Greg Ruppert: As hard as it is to predict the future and in some regard in this aspect, predict criminal activity, I would definitely be focused on technology. Technology from two areas of focus in the traditional banking ecosphere of how money moves and how fast money can move.

So, we're seeing a number of services that will speed up the ability to transfer money into and out of member firms and through other institutions. That is going to be a key area of criminal behavior to be able to move the money offshore and out of the United States as fast as possible.

And the next area is probably the non-traditional banking areas, such as the prepaid credit cards, prepaid debit cards, that provide layers of anonymity. So not as much speed, but the ability to hide behind multiple structures of cards or accounts and the ease of which you can open those accounts.

And then lastly, non-traditional currency or like currency. So with this, I'm thinking more about the increase of use of cryptocurrencies, which provide not only a level of anonymity, but the ability to speed up transactions and being able to move offshore, being set up offshore and technology's ability to facilitate the interface between the non-traditional and traditional money movement areas.

30:56 - 31:24

Kaitlyn Kiernan: Well, that's it for this episode of FINRA Unscripted. Greg, thanks so much for joining us once again. Listeners, be sure to check out the show notes for links to the resources Greg mentioned here today and some of those other podcast episodes that we also discussed. If you don't already make sure you subscribe to FINRA Unscripted wherever you listen to podcasts. You can email us with ideas for future episodes at [email protected]. Until next time.

31:24 – 31:30

Outro Music

31:30 - 31:52

Disclaimer: Please note FINRA podcasts are the sole property of FINRA and the information provided is for informational and educational purposes only. The content of the podcast does not constitute any rule amendment or interpretation to such rules. Compliance with any recommended conduct presented does not mean that a firm or person has complied with the full extent of their obligations under FINRA rules, the rules of any other SRO or securities laws. This podcast is provided as is. FINRA and its affiliates are not responsible for any human or mechanical errors or omissions. Parties may not reproduce these podcasts in any form without the express written consent of FINRA. 

31:52 – 32:03

Music Fades Out

Find us: X / Facebook / LinkedIn / E-mail

Subscribe to our show on Apple Podcasts, Google Play and by RSS.