The Pensions Ombudsman has ordered a scheme administrator to compensate a member after the administrator was tricked into paying £20,000 from the member's fund to a fraudster who had infiltrated the member's e-mail. The case shows that a series of warning signs that could individually have had innocent explanations may, when looked at together, raise an obvious red flag that someone is trying to commit fraud. In this article we consider what lessons scheme trustees and administrators can learn from the case.
Ombudsman orders administrator to compensate member where payment made to fraudster's bank account
The Pensions Ombudsman has ordered a scheme administrator to compensate a member after a fraudster tricked the administrator into paying a £20,000 benefit payment into the fraudster's bank account (Mr N CAS-38681-W2H9).
Background
The member, Mr N e-mailed the scheme administrator of his self-invested personal pension scheme (SIPP) on 9 April 2019 requesting the withdrawal of £20,000. The e-mail included a completed Income Instruction Form requesting that the funds should be paid into the bank account which the administrator already had on record for the member. At some point after 11 April, a fraudster infiltrated Mr N's e-mail account.
On 23 April, the fraudster, purporting to be Mr N, e-mailed the administrator saying:
"Unfortunately there is a little problem with my bank account and i [sic] will not be able to receive any payment with the account until further notice
"In respect of that, i will like to change my nominated bank account (for the incoming payment) to my alternative bank account.
Kindly advise on how to go about it or can i send the bank details to you?"
On the same day the administrator replied enclosing a form to be completed and signed to change the bank account details. It also asked for an original bank statement or a certified copy (in either case dated within one month).
On 24 April there were e-mail exchanges between the fraudster and administrator asking whether payments could be paid to an international bank account or a third party's bank account. The administrator confirmed neither option was possible.
On 25 April the fraudster asked whether the online statement would work without being certified or whether the payment could be cancelled. The administrator replied that only a certified bank statement would be accepted and that it was unable to cancel the April payment as it was already within the banking run for that month. Later that same day, the fraudster e-mailed what purported to be a certified bank statement signed and dated by an accountant.
The genuine Mr N safely received the payment of £20,000 on 29 April. However, the administrator subsequently amended the bank details and paid a further £20,000 into the fraudster's bank account.
It took some time for the administrator to discover that a fraudster had been impersonating Mr N. Mr N initially queried the additional £20,000 payment via his financial adviser, and there followed a period during which the administrator was in correspondence with the financial adviser, but also still receiving e-mails from the fraudster purporting to be Mr N.
The Ombudsman's decision
The Ombudsman ordered the administrator to compensate Mr N in full for the £20,000 paid from his fund to the fraudster and to pay Mr N £1,000 for the distress and inconvenience caused. He considered that the administrator had failed to act with the skill and care of a reasonably competent administrator
The Ombudsman highlighted the following factors as matters which should have put the administrator on notice of the need to make further checks. Whilst each of the factors individually might not have been determinative, taken together the Ombudsman considered that they should have put the administrator on further enquiry:
- it was clear on the face of the "certified bank statement" provided by the fraudster that the certified copy wording had been physically scanned at low resolution and then most likely copied and pasted as a separate image on to the copy statement. It was apparent on the face of the document that it had not been physically printed then subsequently scanned, as would have been necessary for an accountant to genuinely certify the document;
- Mr N's address was in Northumberland, the branch address of the bank provided by the fraudster was in Wood Green in London and the address of the accountant who purportedly certified the copy statement was in Birmingham;
- the request to pay money to an international bank account, rapidly followed by a request to pay into a third party's bank account when the initial request was refused;
- it was inherently unlikely that there would be an unexplained "little problem" with a UK bank account which would render it unable to accept deposits;
- the purported message from Mr N had said that his bank account would not be able to receive any payments until further notice, but the payment genuinely requested by Mr N had been successfully paid into the account after the relevant message was received; and
- the e-mail had been written in "obviously flawed" English.
With regard to the fact that the copy bank statement had purportedly been certified by an accountant, the administrator said that it had verified that the accountant was a genuine accountant based at the address given in the certified copy wording. However, the Ombudsman pointed out that this was publicly available information, so the fraudster would have been able to obtain it in the same way. The Ombudsman said that, given the suspicions raised by the other factors, the administrator should have telephoned the accountant, using the accountancy firm's main switchboard number rather than relying on the telephone number appearing next to the certification, to verify that the certification was genuine.
Our thoughts
This determination highlights how easily pension fraud can occur. Key learning points from the determination are:
- factors which might not necessarily be suspicious in isolation (eg a member bank account at a bank branch nowhere near the member's home address) may when taken together with other factors (eg an initial request to pay to an overseas bank account, followed in quick succession by a request to pay to a third party) be an indication of a possible fraud;
- where a purported copy document is received, it is important to consider whether there is anything to call its legitimacy into question;
- if the legitimacy of a certified copy is in doubt, it is sensible to contact the professional who purportedly certified it, looking up the firm's main switchboard number rather than relying on a telephone number that appears on the face of the document;
- the details of professionals can easily be obtained online, so checking that the details of the person certifying match up with a genuine professional adviser does not provide much comfort that the certification is genuine;
- relying exclusively on e-mail communications for instructions to change bank account details is high risk. In this case, a telephone call, text or letter to the member to verify the instructions would likely have uncovered the issue much sooner.
Trustees may wish to discuss with their scheme administrators what measures they have in place to prevent fraud occurring in circumstances where a fraudster has been able to infiltrate a member's e-mail account.
Related Insights
Key Contacts
Related Specialisms
Related Locations
Get up to date with our latest news on LinkedIn
Follow nowTo the Point
Subscribe for legal insights, industry updates, events and webinars to your inbox
Sign up now