The Commission has noticed that in recent years there has been an increasing number of occurrences of fraud being committed against customers of Guernsey licensees where the customer is based in southern Africa. Post, and possibly emails, from licensees are being intercepted and details then being used by fraudsters. It has also been noted that fraudsters have increasingly directed the licensees to make payments to bank accounts in the Far-East and China in particular.
The Commission has liaised with the Guernsey Police and drawn on experience from the industry in order to come up with the following steps, which licensees should consider adopting as part of their risk management practices in order to help prevent frauds occurring against their customers:
- Licensees should not use envelopes which can be easily identified as coming from a financial services business eg. having the licensee's name printed on them.
- Any callers requesting procedures on how to change details held on file should first be asked if they are a customer. The licensee should then follow its usual security checks, be it call back or security questions, until it is satisfied that the caller is genuine.
- When an instruction is received to change details held on file for a high risk customer or one based in southern Africa, licensees should call back on existing contact details to check whether the request is genuine.
- All transaction requests for customers with an address in southern Africa should have the signature verified against that held on the licensee's existing records.
- All bank details on redemption instructions should be checked against the existing details held on file. Any discrepancies should be verified by a call back to the customer using the existing details.
- Any requests for payments to accounts based in China, the Far-East or any other non-Appendix C jurisdiction (as listed in the Handbook for Financial Services Businesses on Countering Financial Crime and Terrorist Financing), where the customer has had no previous connection with that part of the world, should be given close attention and verified by a call back to the customer on existing contact details.
- Licensees should notify customers likely to be affected by these measures that transactions and confirmation of changes to details might be subject to slight delays due to enhancements in security.
These steps are intended to be suggestions for consideration by licensees as appropriate to their client base and are not an exhaustive set of anti-fraud measures. Although they have been drawn up with customers based in southern Africa in mind, there is merit in considering the suggestions in respect of all customers.