FINRA Highlights Rising External Fraud Risks and AML Compliance Expectations

By Jonathan Hall, Esq.

External fraud continues to present significant risks for broker-dealers and their customers. Increasingly, fraud schemes are sophisticated, fast-moving, and closely tied to cyber-enabled activity. For regulated firms, these developments raise not only operational and reputational concerns, but also heightened compliance and enforcement risk under the Bank Secrecy Act (BSA) and FINRA’s anti-money laundering rules. 

FINRA has made clear that firms are expected to maintain robust, risk-based compliance programs capable of detecting, investigating, and reporting suspicious activity arising from external fraud schemes. 

AML Obligations Under FINRA Rule 3310

FINRA Rule 3310 requires member firms to develop and implement a written anti-money laundering (AML) program that is approved by senior management and reasonably designed to achieve compliance with the BSA and its implementing regulations. 

Among other requirements, Rule 3310 sets minimum standards for a firm’s AML program, including policies and procedures to detect and report suspicious transactions, independent testing, designation of responsible personnel, ongoing training, and risk-based customer due diligence.

Failures in these areas, particularly where red flags are overlooked or not escalated, may expose firms to regulatory scrutiny. 

Evolving Risk: External Fraud Schemes

FINRA has observed a continued evolution in external fraud threats impacting investors, markets, and member firms. These schemes often involve cyber-enabled tactics and social engineering designed to induce customers to move funds outside traditional safeguards. 

Recent examples highlighted by regulators include: 

  • Fraudulent account transfer requests; 
  • Account takeovers and new account fraud; 
  • Schemes designed to pressure customers to liquidate assets and send funds to fraudsters; and 
  • Investment scams promoted through social media, messaging platforms, or spoofed communications. 

According to the FBI’s Internet Crime Complaint Center, fraud remains the most commonly reported source of financial losses nationwide, a trend that has drawn increased regulatory attention. 

Examples of Emerging Fraud Trends

FINRA has also identified emerging fraud schemes that firms should be aware of, including: 

  • Disaster-related scams, which exploit public emergencies to solicit fraudulent transfers;
  • Investment club scams, often involving manipulated social media advertising and thinly traded securities; 
  • Gold bar courier scams, in which victims are persuaded to liquidate security and purchase precious metals; 
  • Crypto confidence frauds, involving fake trading platforms and fraudulent apps; and 
  • Mail theft-related check fraud, which can result in unauthorized withdrawals and altered instruments. 

These schemes frequently intersect with AML obligations when customer funds are moved in unusual or suspicious ways. 

Regulatory Expectations and Effective Practices

FINRA has emphasized that firms should incorporate external fraud risks into their broader, risk-based compliance frameworks. Effective practices regulators have highlighted include: 

  • Leveraging supervision and AML controls to identify red flags related to customer fund movements; 
  • Enhancing coordination between AML, fraud prevention, and cybersecurity teams; 
  • Providing targeting training to associated persons and educational materials to customers; 
  • Providing targeted training to associated persons and educational materials to customers; 
  • Utilizing trusted contact person information and temporary holds where financial exploitation is suspected; and 
  • Developing response plans for situations where customers may have been victimized, including appropriate reporting and escalation. 

Regulators have also stressed the importance of timely suspicious activity reporting and engagement with law enforcement where appropriate. 

Conclusion

External fraud is no longer a peripheral compliance issue. For broker-dealers and financial advisors, it is closely tied to AML obligations, supervisory responsibilities, and cybersecurity risk management. FINRA’s recent guidance signals an expectation that firms proactively identify emerging fraud schemes and integrate those risks into their AML and supervision programs.

Firms that fail to adapt their compliance frameworks to address evolving fraud risks may face increased regulatory scrutiny and enforcement exposure, which can affect not only the firms themselves but also their registered financial advisors.

If you have questions about FINRA’s AML expectations, external fraud risks, or how these issues intersect with cybersecurity and supervision, please contact a securities attorney at inquiry@galbraithlawfirm.com or 212.203.1249.