In a recent investor alert, NASAA warned that scammers are increasingly disguising fraud as “seasonal opportunities,” using themes like Halloween promotions, limited-time offers, and urgent “treats” to manipulate investors.

These are not crude scams. They are polished, psychologically sophisticated schemes designed to exploit trust, urgency, and familiarity often impersonating advisers, regulators, or well-known financial institutions.

For RIAs, NASAA’s “Tricks Not Treats” warning is not just a client protection issue. It is a supervision and documentation issue.
State regulators are increasingly evaluating whether firms have taken reasonable steps to educate clients, control communications, and document responses to fraud attempts.

In 2026, firms that treat scam prevention as “client responsibility” alone will face elevated exam risk.

The Evolving Scam Landscape According to NASAA

NASAA’s alert reflects a broader shift in how fraud is executed and how regulators expect firms to respond.

Seasonal Deception Tactics

Scammers increasingly exploit holidays and time-bound events to create urgency, including:

• “Limited-time” crypto or alternative investments

   

• Fake prize or giveaway notifications

   

• Claims of guaranteed or risk-free returns tied to seasonal events

   

These schemes are commonly delivered through:

• Email

   

• Social media

   

• Text messages

   

• Phone calls using spoofed numbers or voice cloning

   

The sophistication of presentation makes these scams harder for clients to detect without guidance.

Common Red Flags Highlighted by Regulators

NASAA continues to emphasize warning signs that RIAs should actively educate clients about:

• Unsolicited investment offers

   

• High-pressure or “act now” language

   

• Requests for payment via gift cards, cryptocurrency, or wires

   

• Impersonation of advisers, firm staff, or regulators

   

Failure to address these risks proactively can be viewed as a supervision gap.

Why Timing Matters Now

As of late 2025, state regulators are:

• Increasing exams focused on client communications

   

• Reviewing fraud-prevention controls

   

• Aligning more closely with SEC priorities around investor protection

   

Scam response is no longer reactive, it is a core compliance expectation.

Why RIAs Face Heightened Risk and Liability

RIAs are not expected to prevent every scam. They are expected to demonstrate reasonable supervision.

Key risk areas include:

Client Education Failures

Firms that do not warn clients about emerging scam tactics may receive:

• Deficiency letters

   

• Required remediation

   

• Enforcement scrutiny following investor harm

   

Documentation Gaps

If client alerts, warnings, or conversations are not documented:

• Firms cannot prove they acted responsibly

   

• Audit trails fail under examination

   

Vendor and Channel Exposure

Unmonitored communication channels and vendor platforms increase third-party risk, especially when contracts lack fraud notification requirements.

In exams, regulators look for evidence of effort, structure, and follow-through.

Five Practical Steps RIAs Should Take Immediately

Fraud prevention must be operational, not theoretical.

1. Launch Client Education Campaigns

Deploy templated alerts warning clients about:

• Seasonal scam tactics

   

• Impersonation attempts

   

• Urgent fund requests

   

Track:

• Delivery

   

• Read receipts

   

• Follow-up actions

   

Examiners expect proof, not intent.

2. Implement Verification Workflows

Require multi-channel verification for:

• Fund transfers

   

• Account changes

   

• Urgent or unusual requests

   

Automate:

• Callback requirements

   

• Supervisor approvals

   

• Escalation tracking

   

3. Strengthen Employee Training and Attestations

Train staff on:

• Fraud recognition

   

• Phishing and impersonation tactics

   

• Internal escalation procedures

   

Log:

• Training completion

   

• Attestations

   

• Exceptions

   

4. Control Client Communication Channels

Centralize client communications in secure, monitored platforms.

Where possible:

• Restrict or disable unsolicited social media DMs

   

• Monitor email and messaging systems

   

• Maintain records of client interactions

   

Uncontrolled channels create unmanageable risk.

5. Log and Review All Scam-Related Incidents

Document:

• Client reports

   

• Internal responses

   

• Escalation steps

   

• Resolutions

   

Maintain these records for exam defense.

Common Compliance Pitfalls and How to Avoid Them

Many firms fall short in predictable ways:

• Relying on generic fraud policies without updates

   

• Failing to document client warnings or staff training

   

• Ignoring vendor contracts that lack fraud notification clauses

   

These gaps often surface during state exams after harm has already occurred.

Smartria: Turning NASAA Alerts into Operational Compliance

Smartria helps RIAs move from awareness to execution by operationalizing NASAA guidance.

Firms use Smartria to:

• Automate employee attestations for fraud awareness and Code of Ethics training

   

• Centralize client alert campaigns and verification workflows

   

• Review and approve client communications before distribution

   

• Track vendor oversight and incident notifications

   

• Maintain audit-ready repositories aligned to SEC and NASAA exams

   

The focus is not alerts, it’s defensible supervision.

Conclusion

NASAA’s “Tricks Not Treats” warning is a clear signal:
fraud prevention is now a documented compliance obligation, not just a client courtesy.

RIAs that educate clients, control communications, and maintain audit-ready records will be best positioned for 2026 exams.

Smartria helps firms convert regulatory warnings into repeatable, defensible compliance operations.