Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On October 13, the Financial Crimes Enforcement Network (FinCEN) issued an advisory for financial institutions to assist in detecting and preventing Covid-19-related unemployment insurance (UI) fraud. The advisory highlights specific ways illicit actors are exploiting the pandemic to engage in UI fraud, including, among other things, employees receiving UI payments while still being paid reduced, unreported wages from their employer, and the submission of UI claims using stolen or fake identification information. The advisory includes a specific list of red flag indicators for financial institutions to be aware of, such as (i) UI payments from a different state from the one in which the customer resides; (ii) multiple state UI payments within the same disbursement period; (iii) UI payments in a different name from the account holder; (iv) the withdrawal of UI funds in lump sums by cashier’s check or prepaid debit card; (v) multiple accounts receiving UI payments being associated with the same free, web-based email account; and (vi) a newly opened account that starts to receive numerous UI deposits. Financial institutions are encouraged to perform additional inquiries and investigations where appropriate, consistent with a risk-based approach for compliance with the Bank Secrecy Act. Lastly, should financial institutions need to report any UI fraud in a suspicious activity report, FinCEN encourages the institution to reference the advisory.
On September 10, in remarks at the Paycheck Protection Program (PPP) Criminal Fraud Enforcement Action press conference, Acting Assistant Attorney General Brian Rabbitt provided an overview of recent PPP enforcement actions and noted that “[m]any financial institutions have been strong partners” in assisting the DOJ with “detecting and investigating potentially fraudulent activity in connection with the PPP.” In addition to partnerships with private institutions, Rabbitt emphasized the agency’s data analytics capabilities as a key component in their ability to bring PPP fraud cases quickly—within six months, the DOJ has charged 57 defendants in at least 19 federal judicial districts. Moreover, Rabbitt discussed commonalities among the cases, including the “defendants’ use of their stolen PPP funds for entirely illegitimate purposes” having nothing to do with the intended relief. In total, according to the DOJ, the current charges against the 57 defendants “involve attempts to steal over $175 million from the PPP” and over $70 million in “actual losses to the federal government.”
On August 26, a joint alert was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Treasury Department, the FBI, and U.S. Cyber Command warning that since February 2020, North Korean hackers have resumed targeting banks worldwide through the use of fraudulent international money transfers and ATM cash-outs. The alert provides an “overview of North Korea’s extensive, global cyber-enabled bank robbery scheme, a short profile of the group responsible for this activity, in-depth technical analysis, and detection and mitigation recommendations to counter this ongoing threat to the Financial Services sector.” The North Korean hackers, the alert notes, were responsible for stealing $81 million from a Bangladeshi bank in 2016, and have engaged in fraudulent ATM cash-outs affecting upwards of 30 countries in a single incident. According to the alert, the hackers’ “international robbery scheme” poses “severe operational risk” for individual banks beyond reputational harm and financial losses. A robbery directed at one bank may implicate multiple banks “in both the theft and the flow of illicit funds back to North Korea,” the alert warns. The hackers “initially targeted switch applications at individual banks with FASTCash malware but, more recently, have targeted at least two regional interbank payment processors,” the alert states, cautioning that this suggests the hackers “are exploring upstream opportunities in the payments ecosystem.”
On July 13, the FTC released an interactive military dashboard (updated quarterly) that explores data received from active duty servicemembers, veterans, and all military (including military families and reservists) on issues they may experience in the marketplace. Government imposter was the top reported scam type for active duty military personnel, followed by unwanted telemarketing calls, business imposters, online shopping and counterfeit check scams. Other top report categories included identity theft, credit bureaus, third party debt collection, credit cards, mortgage lending, and creditor debt collection. Additionally, reports from the Consumer Sentinel Network showed that from 2015 through the first two quarters of 2020, the median fraud loss for veterans and retirees was $750. The FTC noted that it uses these reports as part of its law enforcement investigations and shares the reports with law enforcement users around the country.
On July 7, the Financial Crimes Enforcement Network (FinCEN) issued an advisory alerting financial institutions to potential indicators of Covid-19 imposter scams and money mule schemes (where actors impersonate federal government agencies, international organizations, and charities). The advisory outlines numerous red flag indicators and examples of these types of schemes in order to assist financial institutions in detecting, preventing, and reporting suspicious transactions. FinCEN emphasizes that “no single financial red flag indicator is necessarily indicative of illicit or suspicious activity,” and encourages financial institutions to consider additional contextual information, such as a customer’s historical financial activity and whether a customer exhibits multiple indicators, before making a determination that a transaction is suspicious or otherwise indicative of a potentially fraudulent Covid-19-related activity. FinCEN further advises financial institutions—in line with their risk-based approach to Bank Secrecy Act compliance—to perform additional inquiries and conduct investigations as necessary.
On June 18, the Federal Reserve Board (Fed) released a set of tools and materials to provide a consistent way for organizations to classify and better understand fraudulent activity occurring across the payments industry. The FraudClassifier model was developed by the Fraud Definitions Work Group (comprised of Fed and payment industry fraud experts), and will allow organizations to classify fraud independently of payment type, payment channel, or other payment characteristics by presenting a series of questions, beginning with who initiated the payment to differentiate payments initiated by authorized or unauthorized parties. This will “help ensure greater internal consistency in fraud classification across an organization. . .and allow for improved information and fraud tracking.” Each of the classifications is supported by definitions that allow the FraudClassifier model to be consistently applied across the industry.
On May 27, the California Department of Business Oversight (CDBO) filed an order to ban an Encino-based company from the Property Assessed Clean Energy (PACE) industry for allegedly engaging in fraudulent behavior. According to the press release, the CDBO received 30 complaints from 2018 to 2019 alleging the company solicited homeowners by advertising a “free government program,” but used the homeowners’ personal financial information to submit contracts to PACE program administrators with forged electronic signatures. Additionally, complaints alleged various other fraudulent and illegal actions including, (i) the creation of false email accounts to have the PACE financing documents routed to the agents instead of the homeowners; and (ii) the impersonation of homeowners’ voices on state law required completion calls. The CDBO also asserts that the company sold products at three to five times the usual industry rate and used “high-pressure” sales tactics directed at the elderly and non-primary English speakers. In addition to the Desist and Refrain Order, which demands the company discontinue illegal practices and stop soliciting PACE contract, the CDBO notes that a similar but separate order will also be filed against the company president, who is a PACE solicitor agent.
On May 5, FINRA issued Regulatory Notice 20-13, reminding firms to be aware of the heightened threat of frauds and scams during the Covid-19 pandemic. The notice sets forth practices that firms may wish to implement to address risks relating to fraudulent account openings and money transfers, including a customer identification program, steps to monitor for fraud during account opening, bank account verification and restrictions on funds transfers, ongoing monitoring of accounts, collaboration with clearing firms, and compliance with Suspicious Activity Report filing requirements. The notice also sets forth methods that firms may employ to address risks relating to firm imposter scams and IT help desk scams.
On April 17, the U.S. Court of Appeals for the Sixth Circuit affirmed a district court’s access-device fraud and aggravated identity theft convictions, finding that there was sufficient evidence to support the court’s factual findings on both charges. According to the opinion, the defendant applied for a debit card for his great-grandfather’s bank account without authorization and used the card to pay for his own expenses. The defendant was also seen multiple times on bank security cameras withdrawing money from an ATM using this card. The district court also heard testimony that the defendant opened accounts and applied for loans under his own name but used his great-grandfather’s social security number. The district convicted the defendant on one count of access-device fraud and two counts of aggravated identity theft. The defendant appealed, arguing that the district court failed to make adequate findings of fact and that the government failed to present sufficient evidence to support the charges for which he was convicted.
On appeal, the 6th Circuit reviewed the factual findings underlying the convictions, and first concluded that, with respect to the count of access-device fraud, the government proved each element: that the defendant (i) knowingly used an access device assigned to another individual; (ii) possessed an intent to defraud; (iii) obtained a thing or things with an aggregate value of $1,000 or more within a year using the access device; and (iv) affected interstate or foreign commerce in using the access device. The appellate court explained that there was ample circumstantial evidence to support lack of authorization from the proper owners of the accounts at issue, and that the card was issued in Kentucky and the bank issuing the card was headquartered in Minnesota. The appellate court next considered whether evidence supported the district court’s finding that the defendant committed aggravated identity theft under the bank-fraud statute by opening a checking account and applying for a loan using his great-grandfather’s social security number. The appellate court held that the defendant’s use of his great-grandfather’s social security number properly supported the district court’s finding that the defendant knowingly used, without lawful authority, another person’s means of identification and that the defendant committed a predicate felony under the bank-fraud statute.
On April 16, the CFTC filed a complaint in the U.S. District Court for the Middle District of Florida against a commodity trading adviser and the companies he controlled (collectively, “defendants”) for allegedly soliciting customers and prospective customers to buy now-delisted and worthless digital tokens. The CFTC alleged that the defendants violated the Commodity Exchange Act by making untrue and materially misleading representations about their digital tokens’ function and the performance of a proprietary foreign exchange trading algorithm that the defendants claimed would deliver high rates of return. According to the CFTC, while the defendants knew that none of the customers could lawfully use the algorithm until the defendants’ risk disclosures were approved by the National Futures Association, they still sold the tokens and raised more than $1.6 million based on the premise that the algorithm was ready to be released on the open market. The CFTC claimed, however, that the disclosures were never approved, customers never gained access to the algorithm, and the tokens were eventually delisted by all the digital asset exchanges. The CFTC seeks to enjoin the defendants’ allegedly unlawful acts and practices and to compel compliance with the Commodity Exchange Act and regulations. In addition, the CFTC seeks restitution, civil money penalties, trading and registration bans, and other statutory, injunctive, or equitable relief as deemed necessary and appropriate.
- Hank Asbill to discuss "The federal fraud sentencing guidelines: It's time to stop the madness" at a New York Criminal Bar Association webinar
- Buckley Webcast: From there to here – Anticipating comparative redlining claims
- Daniel P Stipano to moderate "Digital identity: The next gen of CIP" at the American Bankers Association/American Bar Association Financial Crimes Enforcement Conference
- Buckley Webcast: New sheriff in town – AML and sanctions under the new administration
- Tim Lange to discuss "Impact of Covid-19 on your business" at the California Mortgage Bankers Association Legal Issues & Regulatory Compliance Conference