Financial fraud continues to evolve in complexity and scope, particularly in digital environments. CFP® certificants and QAFP® certificants (collectively referenced as “FP Canada Certificants”) play a key role in detecting and preventing financial fraud by staying vigilant, exercising sound judgement and adhering to the guidance and requirements set out in the FP Canada Standards Council Standards of Professional Responsibility. The Conduct Review Panel (“CRP”) is issuing this guidance to highlight some key indicators of fraud and red flags that may help spot and prevent common errors when dealing with fraudulent instructions, and the applicable Standards of Professional Responsibility that guide professional conduct in these situations.

The CRP is an independent panel of the FP Canada Standards Council™ (the “Standards Council”) and is composed of CFP professionals and public members. The CRP’s purpose is to support the fulfilment of the Standards Council’s professional-oversight mandate by reviewing staff reports and determining the appropriate disposition of complaints, in the public interest.

Detecting Fraudulent Instructions

Certificants must remain alert to signs of financial fraud, which may include:

  • Unusual client behaviour: Sudden changes in communication style, urgency, or tone may indicate impersonation. 
  • Suspicious email or message formats: Poor grammar, generic greetings, or unfamiliar sender addresses. 
  • Requests for unusual transactions and information changes: Unanticipated or unexpected requests to update or amend contact or banking information; instructions related to transfers to unknown third parties, offshore accounts, or cryptocurrency wallets without clear rationale. 
  • Pressure tactics: Urgent instructions to bypass standard procedures or ignore verification steps including, for example, verbal or in-person client confirmation. 
  • Inconsistent documentation: Mismatched names, altered PDF documents, or unsigned forms. 

Certificants should consider taking the following steps to mitigate the risk of unintentionally facilitating financial fraud: 

  • Educate clients on common scams: Informing clients of current and past financial fraud scams can help clients protect their information and avoid being the victim of financial fraud. 
  • Multi-Factor Authentication (“MFA”): Implement MFA verification requiring a client to produce an SMS code, an emailed code and/or use an authenticator application. 
  • Slow down: If the client interaction feels suspicious, or it involves sensitive information or high amounts of funds, Certificants should take a moment to consider the situation in full and ensure they are operating on legitimate instructions directly from the client. 
  • If unsure, consult an expert: Certificants are encouraged to consult financial fraud and technology experts to review emails and other documentation and processes to ensure the legitimacy of a request. 

As well, Certificants should be cognizant of how fraudsters may leverage Artificial Intelligence (AI) to facilitate fraudulent requests and transactions. With advancements in AI, it can be difficult to detect what is legitimate and what is not. For further information in this regard, please see the Staff Rule Interpretation Bulletin relating to the use of generative AI by Certificants. 

Certificants should verify instructions through secure channels and confirm client identity before executing any transaction, as discussed further below. 

As well, Certificants should be cognizant of how fraudsters may leverage Artificial Intelligence (AI) to facilitate fraudulent requests and transactions. With advancements in AI, it can be difficult to detect what is legitimate and what is not. For further information in this regard, please see the Staff Rule Interpretation Bulletin relating to the use of generative AI by Certificants. 

Certificants should verify instructions through secure channels and confirm client identity before executing any transaction, as discussed further below. 

 

 

Verifying Client Instructions

When receiving or acting on client instructions, Certificants should turn their minds to the possibility that the instructions they have received are from a potential fraudster and may not be from their client. Certificants should be alive to this possibility and aware of the red flags set out above. In all instances, Certificants should take steps to confirm instructions with the client(s) directly. Rather than relying solely on email instructions, Certificants should confirm directly with clients the instructions received, either via telephone, videoconferencing software or ideally, in person.  

The following chart provides an overview of best practices when verifying client email instructions:

DoDo Not
Call the client’s phone number on file or conduct a quick virtual meeting where you can see the client’s face (e.g., MS Teams, FaceTime, Google Duo) 
Do not call a new number provided within the same email as the transaction request 
Request signed instructions if you are unable to confirm the instructions verbally  Do not confirm the transaction by sending an email to the client 
Take appropriate measures to identify the client and any authorized individual providing instructions  Do not rely on leaving a voicemail – you must speak to the client directly 
Be aware of uncharacteristic and urgent requests, inconsistent language and spelling mistakes 
Do not circumvent your firm’s internal controls to “help” the client 
Educate clients on common scams and confirm trade instructions must be verbally confirmed or be received in writing with their signature Do not ignore everything you know about the client because there is an alleged “emergency” 

Risks of Acting on Fraudulent Instructions

Certificants who act on fraudulent instructions—whether due to oversight or failure to verify—may expose clients to financial harm and may expose themselves to disciplinary action. Common errors include: 

  • Ignoring red flags: Proceeding with transactions despite inconsistencies or suspicious behaviour. 
  • Inadequate documentation: Failing to obtain adequate client documentation (and verifying the legitimacy of said documentation). 
  • Inadequate document retention: Failing to retain records of communications and approvals that document the reasons for a transaction. 
  • Overreliance on digital tools: Trusting email or messaging platforms without secure verification protocols. 

Certificants must exercise caution and document all steps taken to validate instructions. 

FP Canada Standards Council Discipline Cases 

In a 2020 case considered by an FP Canada Hearing Panel, a Certificant processed a $500,000 redemption on the basis of email instructions without taking appropriate steps to verify instructions with the client directly. The instructions did not, in fact, come from the client and were ultimately identified as fraudulent. The Hearing Panel found that Certificant was an experienced and senior financial planner who had the requisite experience to understand his professional obligations. He also had more than one opportunity to recognize the warning signs of fraud (such as transferring a large amount of funds to a third-party account not previously provided by the client), and to subsequently obtain client authorization directly. The Hearing Panel found, amongst other things, that the Certificant demonstrated a failure to act with diligence, failure to place the client’s interests first, and a failure to exercise reasonable prudent professional judgement. Amongst other penalties, the Certificant’s CFP certification was suspended for six (6) months. 

In another case considered by an FP Canada Hearing Panel in 2019, a Certificant processed two (2) redemptions based on email instructions alone, contrary to the policies and procedures of the Certificant’s employer. The Certificant falsely represented to their employer that they had spoken with the client over the telephone to confirm the client’s instructions, when they had not done so. Unbeknownst to the Certificant at the time, the emails containing the redemption requests were from a third-party that had gained unlawful access to their client’s email account. The Hearing Panel found that a Certificant failed to act with integrity, diligence and professionalism by processing redemptions based solely on email instructions without verbally confirming the instructions with the client. The Hearing Panel also found that the Certificant failed to put the client’s interests first and failed to act with integrity by making misrepresentations and knowingly provided a false statement to their employer. Amongst other penalties, the Certificant’s CFP certification was suspended for six (6) months. 

In another matter, the CRP issued a Letter of Guidance and Advice to a Certificant who processed a fraudulent redemption request without first vocally confirming the request with their client, as required by their firm’s policies. The redemption request directed the funds to be deposited into a new bank account, which was not previously on file. The Certificant also failed to confirm the new banking information verbally with their client. In deciding to close the matter with a letter of Guidance and Advice, the CRP relied on the following mitigating factors: it was an isolated incident; the fraud was difficult to detect; the Certificant did not benefit financially from the incident; the client was made whole and did not blame the Certificant for the fraudulent transaction; the Certificant was remorseful and apologetic for their conduct; and the Certificant implemented measures to avoid similar incidents. In the Letter of Guidance and Advice, the CRP reminded the Certificant of their obligations as a CFP professional, which include the duty of loyalty to the client, acting objectively, acting diligently, maintaining professionalism, providing reasonable and prudent supervision over subordinates, and exercising reasonable and professional judgement.  


Money Laundering

Proceeds from financial fraud and/or other financial crimes are often concealed through money laundering. Financial planners can play a significant role in supporting Canada’s Anti-Money Laundering (“AML”) initiatives. AML refers to the set of legal, regulatory, and procedural measures designed to detect, prevent, and deter the laundering of proceeds from crime and the financing of terrorist activities. For example, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, S.C. 2000, c. 17 (“PCMLTFA”) was enacted to detect and deter money laundering and terrorist financing in Canada.  

In a 2019 case considered by an FP Canada Hearing Panel, a Certificant attempted to circumvent large cash transaction reporting requirements (i.e. cash transactions over $10,000) by depositing $15,000 cash received from a client, into her personal bank account, in two (2) separate $7,500 deposits. As the client did not have time to speak to the branch manager to confirm the source of the funds, the Certificant canceled the transaction and said she would return the funds to the client; instead, she deposited the funds into her own account and then wired the funds to the client. In addition, the Certificant misled her branch manager by stating she had returned the funds to the client, when in fact she had not. The Hearing Panel found, among other things, that the Certificant failed to act with integrity, comingled client funds with her own personal funds, and failed to promptly return funds the client was entitled to. Circumventing the Large Cash Transaction Reporting requirements avoids reporting requirements set out by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) to comply with the PCMLTFA.  

By understanding AML regulations and/or legislation in place regarding AML, financial planners can be better equipped to identify issues pertaining to financial fraud—whether it is identity theft, unauthorized account access, or illicit fund transfers. Ultimately, AML awareness fosters a culture of compliance and ethical responsibility, protecting both the client and the integrity of the financial system and may help in the prevention of financial fraud.  


 


Applicable Standards of Professional Responsibility


Certificants should bear in mind the following relevant Standards: 

Duty of Loyalty to the Client 

  • Certificants are required to act in the client’s interest by placing the client’s interests first, which requires Certificants to act with the care, skill and diligence of a prudent professional.

Diligence 

  • Certificants are required to act diligently when providing advice and/or services to clients, but it also requires taking due care in their practice as well as in their handling of their clients’ affairs. 

Financial Planning Services 

  • Certificants are required to always exercise reasonable and prudent professional judgement. 

Client Information and Property 

  • Certificants shall take prudent steps to protect the security of information and property, whether physically or electronically. 

The CRP hopes that this Guidance will help Certificants in understanding how to detect and avoid facilitating financial fraud. 

NOTE: The above Standards of Professional Responsibility are current as of March 2026.The most current version is available on the Standards of Professional Responsibility page of the FP Canada website.


 

Need help?

FP Canada provides information and guidance to QAFP professionals and CFP professionals at all stages of their careers.

Contact us