Payments: Even in today’s world of high security, big bank blunders beggar belief
Beware! Investec was supposed to return client funds to CME Group, but attempted to send them to me instead, with absolutely no data security whatsoever.
Internet cyber security, all-encompassing compliance procedures, highly technologically advanced customer and supply chain management software and astute cross-referencing are all part and parcel of today’s banking industry.
Payments of invoices to suppliers, withdrawals from trading accounts and the safe custodianship of client money are hugely instrumental areas within our electronic trading and online financial services industry worldwide to the point of regulators making strict rulings on how client assets should be held, and who should hold them and supervise them.
However, what if a major bank decided to send the funds that were supposed to be credited to a major executing venue – CME Group for example – to a private individual, whilst at the same time sending an email and divulging all kinds of confidential information willy-nilly over the telephone?
And what if that private individual was, perchance, to be me.
Surely not.
This week, I received an email from the London-based accounts department of South African financial giant Investec.
Investec is an international banking and wealth management group founded in Sandton, the wealthy financial district of Johannesburg, in 1974 and is listed on both the Johannesburg Stock Exchange and the London Stock Exchange.
The email, complete with a spelling mistake in the signature area, misdefining the Accounts Payable department, appeared completely implausible when it arrived, as it pertained to an invoice which does not exist, and was sufficiently sparsely detailed to make me think, along with the spelling mistake, that this was an attempt to defraud.
Thus, I made a call to the Accounts Payable department of Investec on the telephone contact number listed on the email, which was answered by a lady who did not state where I had reached, but just with a straight forward “hello” as though I had contacted a domestic telephone line.
I then had to establish with whom I was speaking, and then make the enquiry as to what this email pertained. The reply was “Oh, you’re not CME Group?”.
I could have at that point said yes it is, and then taken provided details and received the funds. Or, I could have provided bank details and had them used for nefarious purposes.
Yes, in this particular instance, it was a small amount, only £500, however that is £500 of a client’s trade settlement, therefore exposing tremendous data security breach, as I had become privy to details, and also the potential for me to quite easily make off with client money. What if it was $1 million, and it had been someone more easily tempted and less honest than me on the receiving end?
Investec, led by incumbent CEO Fani Titi – and yes, you did read that correctly – has operating revenues of £689 million in 2019, and is a sizeable wealth management company that operates across all asset classes and trades with all major derivatives venues, including in this case CME Group.
We may well have the most sophisticated technology, the highest form of regulatory supervision, specially designed accounting and payments solutions which use algorithms to ensure validity via merchant services providers and bank payment systems as well as dedicated highly advanced software companies which specialize in providing secure payment solutions for financial services companies and electronic trading entities.
However, without the human eye on the ball, these are quite simply fallible.
Ergo, it is advisable for all electronic trading and derivatives exchange companies which use custodian banks to make sure that this type of glaring error does not occur.
Mind how you go….
