Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • DOJ’s Covid-19 Fraud Enforcement reports ongoing civil fraud and consumer protection actions

    Financial Crimes

    On April 9, the DOJ released a report on Covid-19 fraud, organizing various federal enforcement agencies and inspectors general, as well as state strike forces, in their collective pursuits against civil fraud on financial remedies under Covid-19. The Department’s COVID-19 Fraud Enforcement Task Force (CFETF) reported over 400 settlements and judgments and seized over $1.4 billion in fraudulently obtained CARES Act funds.

    The report noted that the Civil Fraud Section continues to investigate fraudulent claims under the False Claims Act (FCA) and FIRREA, including with respect to grant recipients, PPE procurement, and payment advances. As two notable examples, a Florida management company paid $9 million for knowingly violating the FCA to obtain PPP loan forgiveness, and a New Jersey public relations firm paid $2.24 million for similar violations where it was found ineligible for the loan since it was registered under the Foreign Agent Registration Act. The DOJ also acted against purveyors of faulty PPE, individuals who tampered with Covid-19 vaccines, and those who sold fraudulent covid products online––filing under the COVID-19 Consumer Protection Act. The DOJ touted its $1 million judgment against a company that marketed vitamins that allegedly protected against Covid-19. Further, the National Unemployment Insurance Fraud Tax Force found hundreds of pandemic fraud leads and has seized over $3.3 billion in suspected pandemic fraud.

    Financial Crimes Fraud DOJ Covid-19 Taskforce CARES Act

  • Nacha’s new rules intends to reduce business fraud that uses credit-push payments


    On March 18, Nacha announced rule amendments intended to reduce the incidence of frauds that leverage credit-push payments, such as vendor impersonation and business email compromise (BEC). While, importantly, the rules will not shift liability for ACH payments as between the parties, they will establish obligations on originating financial institutions (ODFIs) and receiving depository financial institutions (RDFIs) to monitor the sending and receipt of payments for potential fraud, and they will empower the same to flag potentially fraudulent payments for action. Specifically, the rule amendments will allow “the originating financial institution (ODFI) to request the return of the payment for any reason, the RDFI to delay funds availability (within the limits of Regulation CC) to examine the payment more closely, and the RDFI to return a suspicious transaction on its own initiative without waiting for a request or a customer claim.” 

    As part of the amendment announcement, NACHA cited the FBI’s Internet Crime Complaint Center’s 2023 annual report, noting that BEC, vendor impersonation, and payroll impersonation are examples of fraudulent activities “that result in payments being ‘pushed’ from a payer’s account to the account of a fraudster,” and that there were 21,489 BEC complaints totaling $2.9 billion in reported losses in 2023, making BEC the second-costliest cybercrime category.

    The first set of rule amendments are effective October 1, which, among other things, allow an RDFI to use return code R17 for potential fraud, including for “false pretenses,” and an ODFI to request a return from an RDFI for any reason, including fraud. The first set of amendments also provided RDFIs “with an additional exemption from the funds availability requirements to include credit entries that the RDFI suspects are originated under false pretenses,” subject to Regulation CC. Finally, the RDFI will be required to promptly return any unauthorized consumer debit by the 6th banking day after it reviewed a consumer’s signed Written Statement of Unauthorized Debit. 

    The first set of rule amendments will be followed by subsequent (phase 1 and phase 2) amendments. The phase 1 amendments, effective March 20, 2026, will, among other things, require ODFIs, and non-consumer originators, third party providers, and third party senders with an annual ACH origination volume of six million or more to implement or enhance appropriate risk-based process and procedures to identify fraudulent transfers. Under phase 1, NACHA will also require RDFIs with ACH receipt volumes of 10 million or more to establish risk-based processes and procedures to identify fraudulent activity. The second phase, effective June 19, 2026, will require fraud risk monitoring for the remaining non-consumer originators, third party providers, and third-party senders.

    Fintech NACHA ACH Fraud

  • New York Attorney General sues over 25 lenders for predatory lending operation

    State Issues

    On March 5, New York Attorney General Letitia James released a verified petition against 27 lenders accusing them of a “large-scale, predatory lending” operation in which they allegedly misrepresented themselves in order to issue small businesses short-term loans at “sky-high interest rates” in violation of New York Executive Law §63(12). According to the petition, the 27 lenders (Respondents) have issued “illegal, usurious” and fraudulent loans in the form of Merchant Cash Advances (MCAs), which imposed triple-digit interest rates as high as 820 percent. The NYAG noted such rates are beyond both the maximum civil usury interest rate (16 percent) and the maximum criminal usury interest rate (25 percent). The petition also alleged the Respondents misrepresented their transactions in court, making the court an “unwitting part of their illegal scheme.”

    The petition asked the court to permanently enjoin Respondents from committing any further fraudulent or illegal practices, cease all MCA collection payments, and void and rescind all MCAs. The NYAG also will seek and order that the Respondents disgorge all profits and award civil penalties of $5,000 for each fraudulent MCA transaction and $2,000 in costs from each Respondent. 

    State Issues State Attorney General New York Fraud Lending Predatory Lending

  • FTC proposes two actions to combat AI impersonation fraud

    Agency Rule-Making & Guidance

    On February 15, the FTC announced its supplemental notice of proposed rulemaking relating to the protection of consumers from impersonation fraud, especially from any impersonations of government entities. The first action from the FTC was a final rule that prohibited the impersonation of government, business, and their officials or agents in interstate commerce. The second action was a notice seeking public comment on a supplemental proposed rulemaking that would revise the first action and add a prohibition on, and penalties for, the impersonation of individuals for entities who provide goods and services (with the knowledge or reason to know that those goods or services will be used in impersonations) that are unlawful. In tandem, these actions sought to prohibit the impersonation of government and business officials.

    The FTC notes that these two actions come from “surging complaints” on impersonation fraud, specifically from artificial intelligence-generated deep fakes. The final rule will expand the remedies and provide monetary relief, whereas the FTC stated this rule will provide a “shorter, faster and more efficient path” for injured consumers to recover money. The rule would enable the FTC to seek monetary relief from scammers that use government seals or business logos, spoof government and business emails, and impersonate a government official or falsely imply a business affiliation.

    Agency Rule-Making & Guidance FTC Artificial Intelligence Fraud NPR

  • Senate Banking Committee hearing on P2P payment scams calls for updates to EFTA definitions

    On February 1, the U.S. Senate Committee on Banking, Housing, and Urban Affairs held a hearing on “Examining Scams and Fraud in the Banking System and Their Impact on Consumers,” and invited three panelists to testify, including an attorney from a consumer law center and two vice presidents from banking associations. Chairman Sherrod Brown (D-OH) led the hearing by noting that peer-to-peer (P2) apps are a rising target among scammers, alongside a rise in check fraud. The Chairman noted a 2023 alert from FinCEN warning (as covered by InfoBytes here) of a surge in check fraud after a “drastic” rise in scams, and concluded with a statement that the P2P companies need “rules to make them” do better. Next, Ranking Member Senator Tim Scott (R-SC) called for the companies to spend more money developing security technologies to protect consumers from fraud. Sen. Scott then called for better education in financial literacy to learn about scams and methods. 

    At the hearing, Mr. John Breyault noted that reported losses from P2P payment platforms nearly doubled from $87 million in 2020 to $163 million in 2022. Mr. Breyault asked Congress to play a larger role in preventing fraud on P2P platforms and urged the passage of the Protecting Consumers from Payment Scams Act (which would expand EFTA’s definition of unauthorized electronic fund transfer to cover fraudulently induced payments). Ms. Carla Sanchez-Adams, in her testimony, asserted the entire burden of payment fraud should not fall on the customers and advocated for an updated Electronic Funds Transfer Act that protects consumers from fraudulently-induced transactions. She testified that receiving institutions should have more responsibility, and called for anti-fraud policies that protect consumers from having their accounts frozen, among others. Mr. Paul Benda testified to similar points: he called for an increase in consumer education and the closure of regulatory loopholes to stop impersonation scams. He testified in favor of improved information sharing and enhanced collaboration with law enforcement and regulators.  

    Bank Regulatory Peer-to-Peer Fraud Senate Banking Committee EFTA U.S. Senate Federal Issues

  • Securities regulators issue guidance and an RFC on AI trading scams

    Financial Crimes

    On January 25, FINRA and the CFTC released advisory guidance on artificial intelligence (AI) fraud, with the latter putting out a formal request for comment. FINRA released an advisory titled “Artificial Intelligence (AI) and Investment Fraud” to make investors aware of the growing popularity of scammers committing investment fraud using AI and other emerging technologies, posting the popular scam tactics, and then offering protective steps. The CFTC released a customer advisory called “AI Won’t Turn Trading Bots into Money Machines,” which focused on trading platforms that claim AI-created algorithms can guarantee huge returns.

    Specifically in FINRA’s notice, the regulator stated that registration is a good indicator of sound investment advice, and offers the tool as a means to check; however, even registered firms and professionals can offer claims that sound too good to be true, so “be wary.” FINRA also warned about investing in companies involved in AI, often using catchy buzzwords or making claims to “guarantee huge gains.” Some companies may engage in pump-and-dump schemes where promoters “pump” up a stock price by spreading false information, then “dump” their own shares before the stock’s value drops. FINRA’s guidance additionally discussed the use of celebrity endorsements to promote an investment using social media; FINRA states that social media has become “more saturated with financial content than ever before” leading to the rise of “finfluencers.” Finally, FINRA mentioned how AI-enabled technology allows scammers to create “deepfake” videos and audio recordings to spread false information. Scammers have been using AI to impersonate a victim’s family members, a CEO announcing false news to manipulate a stock’s price, or how it can create realistic marketing materials.

    The CFTC’s advisory highlighted how scammers use AI to create algorithmic trading platforms using “bots” that automatically buy and sell. In one case cited by the CFTC, a scammer defrauded customers into selling him nearly 30,000 bitcoins, worth over $1.7 billion at the time. The CFTC posted a Request for Comment on the Use of Artificial Intelligence in CFTC-Regulated Markets. The Request listed eight questions addressing current and potential uses of AI by regulated entities, and several more addressing concerns regarding the use of AI in regulated markets and entities for the public to respond to.

    Financial Crimes FINRA Artificial Intelligence CFTC Securities Exchange Commission Fraud Securities

  • FinCEN report on identity fraud in 2021 outlines statistics and processes

    Financial Crimes

    On January 9, FinCEN published a report titled “Identity-Related Suspicious Activity: 2021 Threats and Trends” which focuses on patterns in reported Bank Secrecy Act (BSA) data linked to suspicious activity from 2021. The report is part of a broader set of financial trend analyses conducted by FinCEN under section 6206 of the Anti-Money Laundering Act of 2020. During 2021, about 1.6 million of all BSA reports (or 42 percent) on suspicious activity were related to identity, equaling $212 billion in suspicious activity.

    Key findings in the report included: (i) 69 percent of identity-related BSA reports indicate attackers have impersonated others; (ii) depository institutions have filed the most BSA reports at 54 percent, with the next highest being money services businesses at 21 percent; (iii) general fraud was the most reported typology with 1.2 million BSA reports totaling $149 billion in suspicious amounts, with the next two being false records and identity theft, respectively; and (iv) there were a significant number of identity-related exploitations based on BSA report volumes and dollar values. FinCEN reported three identity-related exploitations, including how attackers (a) impersonate others; (b) dodge or exploit verification processes; and (c) use compromised credentials. A model on page six of the report provides further clarity on how attackers undermine identity processes, such as through bust out schemes (attackers open credit card accounts then max out the cards), check fraud, credit and debit card fraud, and Covid-19 fraud.

    Financial Crimes FinCEN Bank Secrecy Act Anti-Money Laundering Act of 2020 Identity Theft Fraud Credit Cards

  • FTC settles with lead generator for deceiving consumers

    Agency Rule-Making & Guidance

    On January 2, the FTC filed a complaint against a California-based lead generator (the “Company”), alleging that the Company operated as a “consent farm” that deceived consumers into providing their consent to be contacted for telemarketing purposes, then selling those consents to telemarketers, sellers, or intermediaries. Relying on the Company’s purported consent from consumers, those parties then inundated consumers with telemarketing calls. These calls included robocalls and calls made to telephone numbers on the National Do Not Call Registry. Since 2019, the defendants are alleged to have operated over 50 websites focused on lead generation.

    The FTC charged the Company with violating the FTC Act for misrepresenting the collection of consumers’ personal information, and for violating the Telemarketing Sales Rule for assisting and facilitating telemarketers in breaking the Rule.

    On the same day the complaint was filed, the FTC announced a proposed settlement in which the Company was ordered to pay $7 million for its alleged use of deception and dark patterns to trick consumers into providing personal information. Additionally, the proposed stipulated order banned the Company from initiating or helping anyone make telemarketing robocalls, calling phone numbers on the National Do Not Call Registry, and selling consumer information connected with lead generation. The stipulated order must first be approved by the court before it comes into effect. The Company neither admits nor denies any of the allegations

    Agency Rule-Making & Guidance FTC FTC Act Consent Order Fraud Telemarketing Telemarketing Sales Rule

  • INTERPOL seizes $300 million in international financial crime operation

    Financial Crimes

    On December 19, INTERPOL announced the conclusion of a transcontinental police operation against online financial crime called HAECHI IV. The operation ended with around 3,500 arrests and seizures of $300 million USD worth of assets across 34 countries. Of the $300 million, about two-thirds of was hard currency and one-third was virtual assets. HAECHI IV targeted seven types of cyber scams, including voice phishing, romance scams, online sextortion, investment fraud, and money laundering associated with illegal online gambling, among others. Through INTERPOL’s stop-payment mechanism to block criminal proceeds, authorities blocked 82,112 “suspicious” bank accounts. Next on INTERPOL’s radar is a new scam in Korea that involves the sale of non-fungible tokens (NFTs) that are a “rug pull,” a crypto scam where developers abandon a project and investors lose their money. Interestingly, the UK team of the operation reported on how scammers used artificial intelligence to create synthetic content, which criminals primarily used for impersonation scams.

    Financial Crimes Fraud UK Of Interest to Non-US Persons

  • CFPB distributes nearly $6 million in relief payment to veterans harmed by bad-faith lenders

    Agency Rule-Making & Guidance

    On January 2, the CFPB reported it had sent nearly $6 million to consumers harmed by illegal lending practices that specifically targeted veterans. Between 2019 and 2020, the CFPB filed four suits against several loan brokers, which InfoBytes previously covered. In 2019, the CFPB entered into a settlement with an online loan broker that promised to connect veterans with companies offering high-interest loans in exchange for the assignment of some or all of their military pension payments. Again in 2019, InfoBytes covered another settlement between the CFPB and a pension-advance broker for allegedly misrepresenting the contracts offered to veterans and other consumers between 2011 and 2016. In 2020, the CFPB entered into a settlement with and a loan broker who offered high-interest loans to veterans in exchange for assignment of some of their monthly pension or disability payments. Lastly, and again in 2020, InfoBytes covered a complaint brought by the South Carolina Department of Consumer Affairs against a pension-advance scheme in violation of the CFPA for brokering contracts offering high-interest credit to disabled veterans and other consumers in exchange for the assignment of some of the consumers’ unpaid earnings, monthly pensions, or disability payments.

    The recent payments totaled $5.1 million from the CFPB’s victims’ relief fund and over $720,000 from money paid by the defendants. The CFPB sent checks in December to certain customers, but an individual who believes they are eligible can submit a claim for a refund.

    Agency Rule-Making & Guidance CFPB CFPB Act Fraud


Upcoming Events