No one is immune to the results of the Equifax hack. That means there are certain actions every person should take. However, your Wealth Management Clients should take extra measures to protect investments, income, and credit.
Wealth managers have a responsibility to instruct their clients in how to respond to the Equifax hack, as well as any future hacks. Most of the information that is available is geared toward the average consumer, not investors. Wealth management clients must take specific actions that may be unique to them. These actions are essential for people who have carefully built net worth and do not want to suffer major losses.
Let's look at what a wealth manager should advise.
The 5 Things Wealth Clients, in Particular, Should Do
1. Forgo automation.
Clients who have their investment accounts set up for automatic withdrawals and deposits may want to reconsider. These actions tie checking account numbers to investment account numbers, so a thief only needs access to one type of account to raid the other account.
Wealth clients may want to switch to manual withdrawals and deposits, using physical checks or at least one-time electronic transactions, such as a wire transfer. If this is too inconvenient, you may offer to do these transactions for your clients, using your business account. In the event you already do this for your clients, check to make sure your own information has not been stolen.
If either of these solutions is not attractive, at the very least, wealth clients can open new accounts with new numbers and flag the old accounts for notification in the even someone attempts a transaction. This can not only prevent theft, but also it can lead to a speedy identification of the would-be thief.
2. Require approval for any transactions.
Your clients can reserve the right to be notified before any transactions occur on investment accounts. This will allow them to review all deposits and withdrawals in advance. Any spurious activity can easily be identified and stopped.
The reason this should include deposits is that some thieves establish a connection with the account by making small deposits before they make a large withdrawal.
3. Sign up for a credit monitoring or identity theft protection service.
When significant amounts of money are at stake, the cost of a professional monitoring service can be worth the expense. These services track all three of the major credit reporting agencies, as well as following the use of your clients' Social Security numbers across the internet. Instruct your clients to find a service that offers identity theft insurance, so your clients will be protected in the event the something slips past the monitoring service.
Potential victims should be prepared to act quickly when a monitoring service sends a notification of a breach. The accounts involved should be frozen until the problem is identified.
4. Check to see if anyone in the investment chain was hacked.
Wealth clients have a diverse group of people and organizations they invest with. It is important to find out if anyone that is associated with a client's investments has been hacked. If they have, this can compromise account numbers, social security numbers, and even driver's license numbers, as well as a home address or private information such as net worth.
Open new accounts for your clients if any investment vehicle has been compromised, and close the old accounts. This can prevent prying eyes from accessing money and financial records.
5. Apply for a taxpayer ID.
Social Security numbers cannot be changed, so there is little hope of eliminating those numbers as means to access accounts. However, wealth clients can create a sole proprietorship that serves as a company that handles all of their investments. Then the client can apply for a taxpayer ID. This takes minutes online. The new number becomes the means of access for accounts and eliminates the need to give out a social security number.
It is not necessary to incorporate because this will incur corporate taxes. An LLC is a consideration, but it is not vital because all the client needs is that taxpayer ID. After obtaining the new number, either open all new accounts or ask to have the means of access changed from the Social Security number to the taxpayer ID.
In the case of trusts, the trust may already have an ID that is used. The trustee can ask that a Social Security number be required in addition to the trust ID for any access to a trust account.
The above five actions will show that you are going the extra mile to protect high-net-worth clients. These actions are specifically for investors and are not often discussed in popular articles about how to respond to the Equifax hack.
To be thorough, you should remind your wealth management clients of measures to take that are common for all consumers and taxpayers. Don't assume they know these tactics just because they are available across the internet.
Common Procedures Everyone Should Follow
The common actions in response to the breach at Equifax also apply to wealth management clients, so let's review the measures everyone should take.
Check credit reports.
Look for any credit check requests. These are common when someone tries to open a new credit card or loan in your name. Your clients should be aware that credit reports are delayed, so a theft of information now would not show up for a month or two.
Use this site to get reports.
Establish a fraud alert on credit accounts.
By calling just one credit agency, your clients can put a fraud alert on all three credit reporting companies. Each agency is required to notify the other two. This will provide an alert in case anyone applies for credit in your clients' names.
Check Account Statements
Clients should look over bank account and credit card statements to check for unauthorized activity.
Hire a credit monitoring/identity theft protection company
A monitoring service can keep tabs on credit reporting and public records. Some companies will even check utility bills, payday loan applications, social media and cable accounts.
Your clients can freeze their credit by contacting the credit reporting agencies. This means no one can check credit without the account owner's permission. It also means if your clients want to apply for credit, they will have to have the freeze lifted.
This can alert your client if anyone attempts to check the credit rating. That may be an indication that a thief is at work.
After Your Client's Information Has Been Stolen
The above recommendations are preventative, but your clients can take swift action after they discover identity theft. This can prevent extensive damage and shorten the amount of time it takes to re-establish a good credit rating. Recommend these actions to anyone who is aware that information has been stolen.
Limit Credit Card Fraud
Credit card companies routinely monitor activity to find fraud, and they do not make the cardholder responsible for any losses due to theft of a credit card number. If the card issuer misses a fraudulent transaction, your clients should notify the credit card company immediately. The amount of the fraudulent charge will be returned to the account.
The Fair Credit Billing Act limits liability for unauthorized credit card purchases to $50. As stated above, most credit card companies lower this to no liability whatsoever.
Warn your clients not to close credit card accounts, because this can affect a credit rating. Simply asking for a new card with a new number will suffice.
Be Aware of Fraudulent Tax Returns
There is a tax return scam hackers use. They use the victim's Social Security number to file an early return asking for a refund. Then when your clients file, they may discover that a return has already been submitted.
The difficulty here is that there may be a lapse between fraudulent filing and the discovery of it because it only becomes apparent when your client files.
Once discovered, the remedy for this fraud is straightforward.
- File form 14039 with the IRS. This will include the Social Security number, and the tax year that has been compromised. Your clients will need to supply the last return filed before the identity theft.
- Instruct your clients to mail form 14039 with a copy of the pertinent Social Security card, as well as a copy of a driver's license, passport, military ID or any other government-issued identification.
Documents should be mailed to:
Internal Revenue Service
P.O. Box 9039
Andover, MA 01810-0939
The IRS may send "Letter 5071C" asking for verification of the victim's identity. The letter will provide instructions for calling the IRS to provide phone verification or online verification. By the way, the IRS does not call anyone and ask them to verify their identity. This is an additional scam designed to defraud taxpayers by getting their information. Your client must make the call, not the IRS.
Start Law Enforcement Action
Victims of identity theft must file a police report. Your compromised clients should get a copy of this report.
Next, it is vital to create an Identity Theft Report with the FTC. This can be done online or by calling 1-877-ID THEFT (877-438-4338); TDD: 1-866-653-4261. The notification (along with the police report) can be mailed to the FTC at 600 Pennsylvania Ave., Washington DC 20580.
The Identity Theft report is good to use when contacting creditors. It provides official documentation of the crime. The police report should also be referenced when calling creditors.
Notify Other Government Agencies
Even if no theft is detected, a person who realizes a Social Security number has been stolen should call the Social Security Administration at 800-269-0271, and the Internal Revenue Service (800-829-0433).
Alert the Post Office
Some identity thieves put in a change of address for their victims so they can receive sensitive information by mail. This can include investment statements, bank statements, health information, and bills. All of these can be hijacked, causing the victim to lose money and access to accounts. Victims should contact the Postal Inspection Service, the law enforcement division of the post office.
The Bottom Line
Preventing identity theft is not a one-time process. Your wealth management clients should periodically take steps to protect identity. Remember, a credit report is a lagging indicator. A clean report today does not mean a thief hasn't tried to steal money. It only means the action has not been detected yet.
Most importantly, you have a responsibility to prepare your wealth management clients for any illegal activity that could affect their investments, retirement, net worth, and growth plans. Make sure that all of your clients do the five essential tasks at the beginning of this article. Prevention is your best friend. The Equifax hack may be the harbinger of even worse identity crimes to come, so periodically reviewing the important tasks for wealth management clients is prudent.
It is also a good idea to discuss what your clients should do after an identity theft event. Do this before such an event occurs, and you can reassure your clients that there are measures that will mitigate the problem. All is not lost when a theft occurs. Knowing what to do in advance will help ensure swift action and increase the odds of stopping the damage.
Finally, you should periodically review your own security measures. Do you routinely place orders on behalf of your clients over a cell phone? This information can be intercepted. Do you have virus and malware protection on your computer? Do you have backup files stored away from your computer in case it gets stolen or hacked? Are there areas where you should be using encryption?
Wealth management is a profession built on trust. While you can't guarantee that some agency, business, or service won't make a security mistake, you can make sure you are not the one making the mistake, and that you have measures in place to handle a crisis.
More articles related to: Client Management