Online harm1 can take many forms, encompassing, for example, the inappropriate online promotion of risky investments, misleading statements made in advertisements or social media content, and fraudulent and illegal online activity or other investment scams, including those involving digital assets.
While the misconduct patterns might be familiar, the ease of such online misconduct and the borderless nature of the online environment present new and growing challenges as novel forms of crypto-asset or technology-based fraud are increasing. The growing sophistication in the application of artificial intelligence (AI) to all facets of society has the dual potential of magnifying the scale and impact of harmful online activities and providing new and powerful ways for regulators to detect, deter and disrupt such activities.
This Statement is intended to serve as:
a warning to retail investors about the serious perils of online harm;
a call to action to regulators to respond holistically and innovatively to online harm, including by working with players in the broader online harm ecosystem; and
An invitation to other relevant stakeholders, including legislators, law enforcement agencies, search engine operators, social media platforms and other intermediaries and facilitators2 to support global efforts to reduce online harm.
Warning to Investors
The International Organization of Securities Commissions (IOSCO) is today publishing a warning on the risk of online harm to retail investors from investment scams and frauds. Jean-Paul Servais, Chairman of IOSCO said, “Buying investment products and services online can bring significant benefits for retail investors such as convenience and reduced costs. However, the easy availability of investment products and services online brings an increased risk of fraud. Retail investors are at risk of falling victim to ‘bad actors’, who take advantage of them through online scams, which can lead to significant losses of money. We will continue our work to combat online fraud through rigorous enforcement efforts and by informing retail investors so they are vigilant to the risks and can take precautions to avoid frauds and scams. We urge retail investors to only use reliable sources of information; to not invest too much money in one single product; and to never invest more money than you can afford to lose.”
IOSCO is recognized as the global standard setter for the securities sector and welcomes the growing online retail investor participation and subsequent increase in volume of retail trading online facilitated by technology. Such activity greatly contributes to financial inclusion and development of capital markets. However, there has been a parallel rise of ‘bad actors’ using sophisticated but fraudulent tactics to build trust and exploit vulnerabilities and opportunities. Therefore, we would like to warn retail investors of the serious risks of, and potential for, widespread investor losses caused by illegal acts and schemes conducted by fraudulent companies online which have global reach.
We have particularly identified the following critical threats and want to draw the attention of the retail investor community:
Online harm reaches countless investors around the globe, including those who are most vulnerable (such as the elderly or those who lack financial education);
The rapid expansion of online harm continues at an unprecedented pace, likely aided by the ease by which such harm is conducted;
Regulators continue to receive numerous complaints about the online promotion and distribution of illegal products and services, and the widespread losses that retail investors are suffering around the world;
Online harm poses distinct challenges to enforcement. It is widespread, borderless and it is difficult to physically locate perpetrators. The use of payment mechanisms via new technologies3 can make it extraordinarily difficult to prevent, detect and prosecute violations of financial services laws; and
Those who perpetrate online harm are increasingly sophisticated, evasive and are layering their activity through multiple jurisdictions to hide the identity of underlying actors.
A joint and collaborative approach at the global level is urgently needed to raise the awareness of the investing public to these threats.
Online harm is not tied to particular products or services. It may be perpetrated through offerings of complex and leveraged products, some of which might be akin to gambling products4, or other popular products, such as crypto currencies. Such products may not always be suitable for retail investors. Any product can be dangerous for retail investors when offered by bad actors who may scam inexperienced investors into trading more frequently than they would like to or take risks outside their comfort zone and beyond their financial capacity.
In an environment where retail investors may incur substantial losses, in certain cases their life savings, combatting online fraud and harm has become one of the biggest priorities for IOSCO who want to promote enforcement in order to protect retail investors. Therefore, we urge the retail investor community to be vigilant and to always perform due diligence when engaging in online activities in financial markets. We also invite retail investors to review the online resources available on the IOSCO website to better understand the relevant risks and to become familiar with “red flags” of potentially harmful online solicitations and activities, such as ‘risk free’ investment opportunities or offers that sound too good to be true.
Call to Action to Regulators
As part of IOSCO’s continuing efforts to promote investor protection and ensure fair, efficient and transparent markets, IOSCO issues a call to action to regulators to respond holistically and innovatively to online harm, including by working with players in the broader online harm ecosystem.
IOSCO calls upon regulators to respond vigorously to online harm, including by:
Onboarding innovative prevention and enforcement activities, such as domestic and international disruption, to rapidly and decisively curb online misconduct5;
Taking a purposive approach to rendering the fullest assistance as is legally permissible in each jurisdiction to fellow MMOU and EMMoU signatories, including in matters involving new products, and adopting a bold and robust approach to assisting other regulators proactively and in response to specific requests;6
Pressing for changes to regulators’ jurisdictional perimeters and powers to ensure they continue to provide an appropriately high degree of investor protection within the increasingly complex online environment;7
Ensuring that robust and effective investor online harm awareness and education preventative initiatives, such as the World Investor Week, are consistently undertaken and remain fit for purpose to address new and emerging online harm typologies;8 and
Deploying sufficient resources, including funding, staff and technology, to undertake effective enforcement and cross-border cooperation programmes to protect investors from this rapidly expanding danger and to minimize consequent impact.
IOSCO strongly encourages all regulators to respond vigorously, collectively and collaboratively to this growing threat, and to ensure that they continue to onboard effective powers and resources to deploy a robust and just response to online harm.
Invitation to Other Relevant Stakeholders
IOSCO also calls upon all relevant stakeholders in the broader online ecosystem to join forces and work closely with regulators and law enforcement agencies in the fight against online harm. This is a crucial step towards supporting IOSCO's global endeavours to safeguard retail investors from fraudulent and other malicious online activities. It is vital for all parties to come together and proactively collaborate to identify and tackle these issues at their root. This will enhance the protection of investors in the digital age, leading to confidence in the financial markets, which is key to thriving economies.
Online harm in this Statement means financial fraud perpetrated on the Internet, primarily targeting retail investors in the securities and derivatives markets, orchestrated using deceptive acts and / or misleading or fraudulent content, including user-generated content, where the author is unauthorised, or makes false or misleading claims or impressions, to induce the purchase of financial products and / or services. This may take the form of advertisements, videos, impersonator websites, social media posts, as well as comments or reviews.
Including online advertising facilitators, hosting services, internet service providers, and domain registrars.
Such as blockchain, which is a distributed database or ledger shared among a computer network's nodes. They are best known for their crucial role in cryptocurrency systems for maintaining a secure and decentralized record of transactions, but they are not limited to cryptocurrency uses.
Common examples include binary options and contracts for difference.
Regulators in many jurisdictions have proactively taken preventative steps to engage in domestic and international disruption, including by issuing public warnings about or promptly blocking access to fraudulent websites, working with other authorities, criminal law enforcement and other partners, promoting investor education and collaborating with Internet intermediaries. Significant reforms are underway in a number of jurisdictions to engineer a safer and more accountable online environment for investors, including in the area of digital assets. Recently, a number of IOSCO regulators launched an initiative to make intermediaries aware of the crucial importance of this issue and the stake they have in actively participating to limit online harm.
IOSCO members are responding proactively to harmful online activity through case-specific, cross-border cooperation within the framework of the IOSCO Multilateral Memorandum of Understanding and the IOSCO Enhanced Multilateral Memorandum of Understanding (MMoUs). In addition, IOSCO takes the view that members are required to discharge their obligations under the MMoUs, including through rendering the fullest assistance permissible under the MMoUs in response to requests for assistance in securities and derivatives investigations involving new products and services or firms that provide new products and services.
Committee 4 (C4) and the Screening Group (SG) are engaged in broader policy work in this space. For example, C4 in conjunction with Committee 3, have developed a toolkit of policy measures: the Report on Retail Distribution and Digitalisation and the Report of the Retail Market Conduct Task Force published by IOSCO. IOSCO, itself, is proactively taking steps to combat online harm. For example, as noted above, the recent Report of the Retail Market Conduct Task Force identifies best practices by IOSCO members, which include the use of advanced technologies, such as AI and web-scraping applications to proactively identify scams. Similarly, IOSCO’s recent reports on Retail OTC Leveraged Products and Retail Distribution and Digitalisation analyze nascent trends and developments in “online marketing and distribution to retail investors (including cross-border aspects)” and detail policy, enforcement and investor education measures with guidance for IOSCO members. Additionally, the IOSCO Board’s Fintech Task Force published, in May 2023, a Consultation Report proposing 18 policy recommendations to address market integrity and investor protection issues in digital asset markets with the aim to finalize them by Q4 2023.
Members are also engaged in investor education initiatives. Each year IOSCO promotes World Investor Week (www.worldinvestorweek.org), an awareness campaign for retail investors held during the first week of October which delivers key messages on online engagement and related fraud prevention.