Disrupting the Cycle of Financial Fraud Through Collaboration and Innovation

As prepared for delivery

Today's conversation on disrupting the cycle of financial fraud is important and timely-and we are grateful to have been able to convene such a distinguished group of regulators, policymakers, academics, law enforcement agencies, advocacy groups and financial firms here today. You all play a vital role in protecting investors, advocating for victims and working to stop fraud before it occurs.

Disrupting the cycle of financial fraud is a continuing challenge for all of us, but it is a challenge that we must embrace together in order to succeed.

Victims of fraud lost more than $10 billion in 2023, according to the Federal Trade Commission.¹ Almost half of those losses were the result of investment fraud. And we can be certain that even this number is underreported. Victims often may be hesitant to report fraud because they feel ashamed-a pattern consistent with FINRA Foundation research on how the impact of financial fraud extends far beyond the direct financial damages.²

Victims can suffer both mentally and emotionally, and they may even give up on participating in our markets altogether. The Foundation's research also shows these outcomes are exacerbated by a society that often blames the victim-whether consciously or not.³

Unfortunately, we know fraudsters-many of whom are not registered with any agency and operate outside of ongoing regulatory oversight-will relentlessly try to coopt any relationship and any resource to further their malicious schemes. Technology, despite its incredible benefits, also makes it cheaper and easier for bad actors to target victims. Criminals are working together via the Dark Web. They share expertise to create fake email addresses, assume identities, impersonate regulators, law enforcement and financial services firms to obtain sensitive personal and financial information.

They reach across national borders and outside the jurisdiction of local law enforcement. They exploit the convenience of online accounts and mobile apps through hacking, phishing and other scams. They manipulate payment mechanisms to facilitate their schemes and make it harder to trace their activities. And now they are using artificial intelligence to become even faster and more effective at perpetrating their crimes.

We also see cases in which our member firms and their individual financial professionals are themselves victims of third-party fraud, typically through some form of imposter scheme.

A related challenge we face is that investors are increasingly turning to the internet and to social media-and the unregistered actors on those platforms-for investment advice. FINRA Foundation research has found that almost half of Gen Z investors learn about investing and finances primarily through social media and internet searches, and their top online financial resource is YouTube.⁴

This trend is concerning. While there are many unregistered finfluencers or other persons providing useful information to retail investors, sometimes the advice in this space is wrong, inaccurate or questionable-whether from a lack of knowledge, training or bad intent-and the potential for fraud is manifest.

Regulating speech in this context, even inaccurate or misleading speech, presents challenging issues in light of legitimate free-speech concerns. While we can and do have prophylactic rules regarding registered securities professionals, these do not govern the many unregistered actors outside of our or other regulators' jurisdiction who are becoming an increasing source of advice and information.

Fighting Fraud Must Be a Team Endeavor

To address these concerns, we need to collaborate, or we risk falling behind. Fighting fraud is a team endeavor. Each of us must contribute our respective resources and capabilities, but ultimately, we can only succeed if we work together.

In our interconnected financial world, no one agency or organization has comprehensive insight into all potential fraud activity, so we need to share knowledge and expertise to understand and address the sophisticated threats we face.

Today, I would like to offer a few examples of how FINRA collaborates with other stakeholders in this space and a few areas where we might work more closely together to disrupt the cycle of fraud.

In recent years, FINRA has been keenly focused on encouraging collaboration and cooperation in combating fraud. As we celebrate our 85th year as a self-regulatory organization, FINRA sits at a unique intersection between government, our member firms and investors. One of our defining characteristics is our ability to engage with the brokerage industry to draw on their expertise and knowledge and use this to enrich our regulatory program. We do this, in part, by sharing actionable intelligence as quickly as possible with our member firms, as well as with investors and our regulatory and law enforcement colleagues.

For example, in recent years we have ramped up our efforts to provide real-time alerts to member firms about emerging or ongoing fraud and cyber threats.⁵ By sharing this information quickly, we empower firms to promptly protect their customers and themselves-hopefully before any damage is done.

We provide this information to firms in many ways, including on social media and on our website. But sometimes we share this information directly to firms without putting anything on our public channels, because we have seen situations where fraudsters adapt their tactics in response to our alerts. In recent years, we have issued about a dozen cyber-focused alerts annually, plus additional general threat alerts to warn firms and the public about ongoing risks.

Firms often thank us for providing information like this that helps them avoid a fraud. While we always appreciate the thanks, we encourage those firms to take it a step further and commit to proactively telling us when they see a problem, so that information can benefit everyone. We know that delays in sharing critical information can be costly in the world of fast-paced frauds we see today. To borrow a familiar saying, we really need firms that see something to say something.

With respect to our rulebook, we have collaborated extensively with other regulators and the industry to update our standards to permit firms to respond proactively to potential fraud against seniors and other vulnerable investors if they reasonably believe financial exploitation may be occurring.⁶

Separately, our risk monitoring teams assigned to every member firm conduct ongoing assessments of developing risks, help us identify and respond to firms that might have greater vulnerabilities and serve as a resource to firms as they look to address emerging threats.

We host conferences and webinars for our member firms on the latest fraud trends impacting the industry. We connect them with local FBI offices through regional threat briefings to ensure they have the right law enforcement contact information on hand should they need it. And we conduct joint industry training sessions with state regulators, the Securities and Exchange Commission (SEC), FBI and others to help us better collaborate and share best practices around emerging regulatory risks.

In addition to examinations and training, our enforcement actions are a key tool in fighting fraud and misconduct among our member firms and individuals. In 2023, FINRA recovered $88.4 million in fines, including disgorgement awards of $2.9 million. Enforcement actions last year also resulted in $7.5 million in restitution to harmed investors, the expulsion of five firms, the suspension of 257 brokers, and 178 brokers being barred from FINRA membership.

Given that FINRA only has jurisdiction over its member firms and then only with respect to certain violations of securities laws or FINRA rules, we also actively coordinate with law enforcement, exchanges⁷ and other regulators to address suspected criminal activity outside our jurisdiction.

In 2023, FINRA made more than 2,000 fraud referrals to our fellow regulators and criminal authorities-and this year we are on pace to make about 3,000. We also have ramped up our ability to collaborate through Memoranda of Understanding with other regulators, such as the Commodity Futures Trading Commission (CFTC), SEC, Federal Reserve Board, Federal Deposit Insurance Corporation (FDIC) and National Futures Association (NFA), so that we can efficiently address concerns that fall within our respective regulatory mandates.

At the end of the day, our goal is to work with everyone who has a stake in protecting investors-from regulators and firms to researchers and victim advocates-to provide venues and processes for sharing intelligence regarding frauds and promoting effective practices for combating them.

Enhancing Fraud Fighting Tools

In that spirit of working together, I want to highlight a few areas where we might further coordinate our efforts to proactively disrupt financial fraud. Each build on the notion that while regulators and firms must lead this effort day in and day out, we can also empower all stakeholders-including investors-to play a greater role by facilitating their access to relevant information and insights that we collectively develop in the course of our regulatory work.

FINRA has long sought to provide investors and other interested parties with relevant disclosures regarding financial professionals. For more than three decades, we have developed a great deal of experience in maintaining public databases that provide this crucial information, including through BrokerCheck®.

As many of you may know, BrokerCheck® is a website that tells you instantly whether a person or firm is registered to sell securities, as required by law. It also gives a snapshot of a broker's employment history, regulatory actions and other background information. The information in BrokerCheck® is derived from a database operated by FINRA that maintains the federal and state registration records of broker-dealer firms and their associated professionals.

FINRA also is the developer and operator, under contract with the SEC, of a similar resource for information on investment advisers. The Investment Adviser Public Disclosure website, or IAPD, is based on a database of federal and state investment adviser registration information. In fact, we have worked to link BrokerCheck® and IAPD, so investors do not need to know the difference between a broker and an investment adviser to benefit from the information in both systems.

Other financial agencies and related organizations also have public databases or websites with information regarding firms or individuals they regulate or with whom consumers may interact, including information regarding enforcement actions with respect to registered and unregistered persons. But other than BrokerCheck® and IAPD, linkages generally do not exist between these databases. As a result, investors and consumers who try to perform their own due diligence on someone pitching them on a financial product or service face daunting challenges.

They first need to identify and check the right website for the relevant product or service they are interested in. Even then, they might only get an incomplete picture. Someone with a problematic history in one industry might move to another, so checking only one database might create the false impression that the person has a clean history. It may be necessary to check several relevant websites to get the full picture. The average person is unlikely to be aware of all the existing databases, to understand what they cover and what they do not and to check each that may be relevant.

And the fact remains that there are "bad actors" who are not licensed or registered to conduct business in any part of the financial services industry, and it can be difficult to find legal actions or criminal charges against these individuals. A person purporting to be a financial professional who fails to register as the law requires is a significant red flag, which underscores the importance of being readily able to tell whether someone is appropriately registered-and whether they have a history of misconduct.

There have been calls in the past for establishing some form of unified, public data-in place of or in addition to the current disaggregated system of separate websites maintained by different federal and state agencies and related organizations-to make it easier for investors to research providers of products or services across the financial industry landscape.⁸ This is a worthy goal that would serve investors well. However, creating a single database of this type presents significant challenges, including building on and coordinating across existing reporting regimes established by different organizations using different standards and terminology to regulate different individuals, entities, services or products.

In the meantime, a useful interim step might be to leverage technology to create a single portal where one can readily search for relevant public information across existing databases, without having to separately check or even know about each such database. This would build on the approach that FINRA implemented with respect to BrokerCheck® and IAPD, where an investor entering a name in one database will automatically receive relevant search results from both databases regarding that same name.

I have asked FINRA staff to reach out to other database operators to explore whether we can create this type of one-stop shop for investor research, without needing to reengineer or integrate existing databases. A new unified database still might be a good approach, and we can support efforts to work towards that goal, but that will take time. In the meantime, it makes sense to explore facilitating easier access to the information that is already available today, if you just know where to look for it.

Another way in which we might further enhance our work together to disrupt financial fraud is by redoubling our efforts to speak with one voice when doing so might better serve the public. There often are important reasons for organizations to issue their own warnings regarding fraud. But if we put ourselves in the shoes of the average consumer, fragmented communications from different organizations in some instances may unintentionally dilute, narrow and weaken the message that needs to get through.

Fortunately, there are some excellent examples of agencies and other entities working effectively together to communicate jointly to their constituencies regarding fraud tactics. Just this week, for example, FINRA, the SEC, the CFTC and North American Securities Administrators Association (NASAA) issued an alert to warn investors about relationship investment scams.⁹ These are scenarios in which bad actors hide their true identities, reach out to unsuspecting targets (often online or through text messages), gain their trust over time and then defraud them through fake investments.

And just yesterday, the American Bankers Association (ABA) Foundation worked with the FBI, three other federal law enforcement agencies, the SEC, the CFTC and FINRA to release a one-page infographic that financial institutions can use to warn their customers about certain crypto investment scams that are also referred to as "pig butchering schemes."¹⁰

Coordinated agency communications may be particularly valuable when, as in these cases, we are able to identify common fraud tactics that can be perpetrated by different bad actors across various products, services and platforms, that have similar red flags and that may be mitigated through similar preventative measures.

Indeed, joint communications about particular fraud tactics and the steps investors and others can take to safeguard themselves from them, may be as important as the disclosures we work to provide regarding particular firms or individuals, especially considering that fraud perpetrators can mask or change their identities to employ the same tactic over and over again. In addition, one perpetrator can only do so much damage, but fraud strategies can be used by many perpetrators against many victims, across jurisdictional boundaries and in both regulated and unregulated spaces. And because it is easier to quickly identify a fraud trend to watch out for than a person to watch out for, prompt and coordinated communications about fraud tactics can enable a broad range of investors and industry participants to safeguard themselves more proactively against fraud.

I have asked our team at FINRA to consider how we can play our part to enhance our work with other agencies and organizations and amplify the impact of our combined communications to further address common fraud tactics. We might even consider whether this is another instance in which investors would benefit from a single, centralized resource that aggregates regulators' and other stakeholders' collective experiences and expertise regarding different types of fraud.

Conclusion

Fighting fraud is difficult, but it is vitally important work. Your participation in this conversation today shows your support for the teamwork and coordination necessary to be successful in our collective efforts. For that, I want to express my appreciation to all of you on behalf of FINRA and the FINRA Foundation, and I look forward to our future collaboration.

Thank you.

1Think You Know What the Top Scam of 2023 Was? Take a Guess, FTC Consumer Advice (June 7, 2024), https://consumer.ftc.gov/consumer-alerts/2024/02/think-you-know-what-top-scam-2023-was-take-guess.

2Non-Traditional Costs of Financial Fraud, FINRA Investor Education Foundation (March 2015) https://www.finrafoundation.org/sites/finrafoundation/files/non-traditional-costs-financial-fraud_0_0.pdf.

3Blame and Shame in the Context of Financial Fraud: A Movement to Change Our Societal Response to a Rampant and Growing Crime, FINRA Investor Education Foundation, AARP Fraud Watch Network and Heart + Mind Strategies (June 2022), https://www.finrafoundation.org/sites/finrafoundation/files/Blame-and-Shame-in-the-Context-of-Financial-Fraud.pdf.

4Gen Z and Investing: Social Media, Crypto, FOMO and Family, FINRA Investor Education Foundation and CFA Institute (May 2023), https://www.finrafoundation.org/sites/finrafoundation/files/Gen-Z-and-Investing.pdf, (Only 30 percent of Gen Z investors say financial professionals are a source of investing information, which is almost 25 percent less than the number of Millennials who work with professionals).

5 See, for example, Threat Intelligence Product: Protecting Vulnerable Adult and Senior Investors, FINRA (May 2024), https://www.finra.org/rules-guidance/key-topics/senior-investors/tip-protecting-vulnerable-adult-senior-investors; Guidance by Topic: Cybersecurity, FINRA, https://www.finra.org/rules-guidance/guidance/by-topic?term=3686.

6 For example, our rules permit a member firm to place a temporary hold on a securities transaction or disbursement of funds or securities from an account when the firm reasonably believes that financial exploitation may be occurring. They also now require member firms to make reasonable efforts to obtain contact information for a trusted contact person to communicate with regarding a customer's account if a firm has concerns.

7 See, for example, Regulatory Notice 22-25: Heightened Threat of Fraud, FINRA, NASDAQ and NYSE (November 2022), https://www.finra.org/rules-guidance/notices/22-25

8 CFTC Commissioner Christy Goldsmith Romero proposed a National Financial Fraud Registry to provide one-stop shopping for investors to check if the companies or individuals they are considering investing in or with have been convicted or fined for fraud (see, Modernizing Investor Protection for the Digital Age, Commissioner Christy Goldsmith Romero (September 11, 2023), CFTC, https://www.cftc.gov/PressRoom/SpeechesTestimony/oparomero11. In addition, last year Senators Kennedy of Louisiana and Lummis of Wyoming introduced the Tracking Bad Actors Act, which would require federal regulators to create a combined public database of people who have committed financial crimes or have civil liability for financial misdeeds.

9Investment Alert: Relationship Investment Scams, CFTC, FINRA, NASAA and SEC (September 2024), https://www.finra.org/investors/insights/relationship-investment-scams. See also, for example, Artificial Intelligence (AI) and Investment Fraud, FINRA, NASAA and SEC (January 2024), https://www.finra.org/investors/insights/artificial-intelligence-and-investment-fraud; Investor Bulletin - Investor Resilience, Crypto Assets and Sustainable Finance: World Investor Week 2023, CFTC, FINRA, NFA, SEC and SIPC (September 2023), https://www.finra.org/investors/insights/world-investor-week-2023; What Is a Blockchain, and Why Should I Care?, Better Business Bureau Institute and FINRA (May 2023), https://www.finra.org/investors/insights/what-blockchain

10Crypto Investment Scams: What You Should Know, American Bankers Association Foundation with CFTC, Department of Justice, Department of Treasury, FINRA, Homeland Security Investigations, IRS, SEC and Secret Service (September 2024), https://www.aba.com/news-research/analysis-guides/crypto-investment-scams

Public link

Please use the above public link if you want to share this noodl on another website.