ASIC provides guidance to firms on protection against share sale fraud

The Australian Securities and Investments Commission (ASIC) today publishes guidance for Australian financial service (AFS) licensees about how they can handle the risks to their clients and business of share sale fraud. The regulator has identified a rise in the instance of share sale fraud, primarily in connection with issuer-sponsored holdings.

Share sale fraud refers to the fraudulent activity of a person who is not who they claim to be, selling shares that do not belong to them.

The regulator has observed that one-off share sales are particularly vulnerable to share sale fraud, with many share sale frauds involving the sale of large parcels of issuer-sponsored holdings. ASIC advises AFS licensees to consider implementing additional controls when handling one-off share sales. For instance, companies may record and compare the geographic location of the full IP address (including port number) used to submit an application to open a trading account with the address of the prospective client and/or identity document certifier. The AFS licensees may also record the device type and internet browser used to open a trading account and keep this information on the client’s file. Then they can compare this information with the device type and internet browser used for high-risk transactions/interactions (e.g. one-off sales or changing account details) and conduct further due diligence in case of inconsistencies.

Additionally, ASIC encourages AFS licensees to monitor the adequacy of their client onboarding and customer due diligence practices. AFS licensees should regularly review or spot check new accounts – these checks should preferably be conducted by someone not involved in the day-to-day client onboarding process.

The Australian regulator notes the risks associated with fraudulent access to existing customer accounts. However, these risks may be mitigated with effective ongoing customer due diligence (OCDD) measures. OCDD should be embedded into an AFS licensee’s AML/CTF program, and AFS licensees should conduct further due diligence when customers request changes to personal information (such as postal/email addresses and bank accounts).

Further, ASIC considers that there is a heightened risk of share sale fraud where market participants offer white labelling services to other intermediaries, as market participants often do not have direct visibility of their intermediary clients’ customer due diligence practices. While the obligation to verify a customer’s identity rests with the entity providing the designated service, the regulator encourages market participants to regularly (at least every 12 months) review the adequacy of their intermediary clients’ customer due diligence practices.

AFS licensees suspecting that a person (or their agent) is not who they claim to be must provide a suspicious matter report (SMR) to the Australian Transaction Reports and Analysis Centre (AUSTRAC) within three business days after forming the suspicion, and within 24 hours if the suspicion relates to terrorism financing.