PARTNER CONTENT
By Michael Brice
President, BW Cyber, LLC
Almost two years ago the Securities and Exchange Commission (SEC) announced its plans for enhanced cybersecurity regulation of registered investment advisers (RIAs) and funds. Since that time the SEC has released similar rules for publicly traded companies (I’ve already written about this here). When the new cyber rules for RIAs and funds become final, I suspect the SEC will be quite swift in making public examples of managers who fall victim to cybercrime. In a worst-case scenario, I fully expect we’ll see a classic double-whammy in which ‘the beatings will continue until morale improves’.
If regulations are the ‘stick’, we need some ‘carrots’ from our regulators. I’d like to see some parity with the newly emerging cyber regulations which also provide critically needed support to help victims recover from a cyber-attack.
I’m not talking about the creation or expansion of a cyber government organization – we already have CISA (Cybersecurity & Infrastructure Security Agency). I’m referring to the predominant cyber financial threat affecting RIAs, private equity firms and PE portfolio companies nationwide: wire fraud.
Wire fraud is far more widespread than most people realize. Why? because it’s a big fat red flag to your investors. Ergo – nobody talks about it publicly. So let me explain briefly what a wire fraud looks like and what you can expect:
- You find out you were tricked into sending a wire (usually in the hundreds of thousands of dollars but often in the millions of dollars). The realization is sickening.
- You don’t know who to call or what to do, but most people start with their bank. Good luck.
- You may be lucky and have a bank fraud unit that helps you to get your money back; or you might not. There’s no legal requirement for them to help you because, guess what – it wasn’t their fault.
- So maybe you call the Sherriff, or Secret Service, or Treasury, or the FBI. (Spoiler alert, the proper step to take once you realize you are a victim of wire fraud – after you notify your bank – is to submit a fraud report to the FBI via the http://www.ic3.gov/ website).
- Now guess what – nobody updates you on the status of your loss. Nobody. This goes on for months. You just hope that the bank is doing what they can and that your IC3 report is being investigated by the FBI.
- Now for the kicker – there’s no single government agency federally funded or mandated to report to Congress with the primary goal to defend and protect Americans against wire fraud.
- As best I can tell, the FBI does what they do because they care – not because Congress has made it a regulatory requirement. And you know who else cares – Treasury, the Secret Service, and your local Sherriff. And yes, I suspect even your bank…
- But without an agency with a federally funded legal mandate, and a stated mission to be the ultimate agency to oversee and respond to wire fraud, answer your calls, provide a wire fraud ticket, ensure your bank is actively working to get your money back, keep you updated on your case, and to ultimately take responsibility for reporting to Congress, you’re left hoping that somebody at the bank or at the FBI or somewhere else will elevate your case above the other 3.2 million (and growing) cyber fraud cases totaling over $27.6B in losses that have been reported to the FBI since 2018.
So how does this end if you are the victim of a wire fraud? Sadly, unless you identify the fraud quickly (generally within three business days), the odds of getting all your money back are not in your favor. And if you’re an RIA or fund, based on the new regulations, it’s possibly going to result in an SEC regulatory enforcement action against you and your organization: A big fat red flag event.
While the proposed 2024 SEC cyber regulations are long overdue when compared to the rules put out by FINRA and the NFA years ago, we also desperately need Congress to provide a single federal organization with a legal mandate to ‘own’ wire fraud and to help businesses and citizens deal with the aftermath.
Michael Brice, Founder, BW Cyber, LLC – Michael is the Founder and President of BW Cyber, LLC, a veteran owned/veteran friendly cybersecurity consulting firm that provides SEC cyber compliance and related cybersecurity technology solutions to the wealth and asset manager verticals. In addition to his military experience as a US Marine Corps officer, Michael has over 35 years experience providing technology, security, and related cybersecurity consulting solutions in the financial services industry. Michael is also the Executive Liaison between BW Cyber, LLC and the FBI for all forensic investigations related to wire fraud investigated by his firm. In this role, he often collaborates with the FBI to provide community outreach to help wealth and asset managers better understand the nature of cybersecurity and the devastating impacts that criminals around the world are causing with their ongoing wire fraud attacks. Michael is a graduate of Clemson university where he obtained a BS in Computer Information Systems.
