It is awful that some people are still being scammed out of their hard earned pension pots, despite all the warnings. Individuals and institutions can only continue to highlight the problem and adjust their systems and processes to protect the vulnerable.
Advisers also need to be careful when arranging withdrawals for their clients. It is all too easy for someone to have their email account hijacked.
We decided some time ago that, if a client emailed us to request a withdrawal, we would not process it until we had spoken to that client. When we do so, we can usually recognise their voices but we also use the tactic of asking questions we know only the client can answer.
“How was your trip to Yellowstone? What birds did you see? How is your daughter’s university course going?” The kind of questions that will get them talking and prove that we are speaking to the right person. The personal relationship the adviser has with their client is a great tool in protecting against fraud and scams.
That said, some organisations are taking things a bit too far. Take the exchange between one provider and one of my administration colleagues last week. She had applied for a withdrawal online for the client in question.
The provider asked her: “Have you received verbal confirmation from the client that they want a withdrawal?” My colleague explained that our financial planner had carried out a review meeting with the client at which the subject had been discussed. She had then written a recommendation letter and sent the client the forms to sign. The client returned the form duly signed and completed. The planner had also obtained a copy bank statement from the client; a regular part of the process for withdrawals these days.
Was that good enough? Apparently not. The provider explained how the client could have had her post hijacked after the meeting, with a scammer intercepting the documentation.
They wanted yet another call to check the client had indeed signed and returned the forms.
At what point do you stop? If we were to make that further call, would it then require something else afterwards? At what point do clients start to get fed up with multiple contacts for what should be a simple transaction?
I do not in anyway want to downplay the need for security but the particular institution in question is the same one whose system randomly changes the client’s date of birth when you apply for a plan online. It is aware of the problem, apparently.
Institutions need to start trusting their intermediaries the same way that clients trust us. By all means have security checks and be diligent. But if it is going to reach the point where a meeting with the client, a letter of confirmation and a completed application form supported by a copy bank statement is not sufficient, then I suspect it is just going to get harder for everyone.
I sent the provider an email on the subject and apparently messages by carrier pigeon, smoke signals, Morse code and those flags Nelson used at Trafalgar are all unacceptable. Pity really.
Nick Bamford is executive director at Informed Choice