InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC says bank impersonation is most-reported text message scam
On June 8, the FTC reported that consumers lost $330 million to text message scams in 2022, which is double the amount reported in 2021. The FTC’s recent Consumer Protection Data Spotlight found that the top five text message scams, accounting for over 40 percent of the 1,000 randomly sampled text frauds in 2022, are often impersonating well-known businesses. The data spotlight names copycat bank fraud prevention alerts, bogus “little gifts,” fake package delivery problems, phony job offers, and fake online-shopping account fraud prevention messages as the top five text message scams. With text message scam open rates at 98 percent and email scam open rates at 20 percent, scammers use the speed and cost effectiveness of text messages to their advantage, the FTC reported.
CFPB received nearly 1.3 million consumer complaints in 2022
On March 31, the CFPB published its Consumer Response Annual Report for 2022, providing an overview of consumer complaints received by the agency between January 1 and December 31, 2022. According to the report, the Bureau received approximately 1,287,000 consumer complaints last year and sent more than 820,000 complaints for review and response to roughly 3,200 companies. Among other trends, the Bureau found that complaints about credit or consumer reporting continued to increase, accounting for more than 75 percent of all complaints received last year. Checking and savings account-related complaints also increased. Many consumers reported issues with managing their accounts, including account closures, fraudulent activity, and issues with customer service. While complaints relating to student loans comprised a small percentage of complaints overall, the Bureau noted a significant increase from prior years, largely due to consumers reporting issues with their lender or servicer. Consumers described issues with repayment pause extensions, proposed changes to the federal loan program, and forgiveness programs. Additionally, the Bureau observed an increase in complaints about money service fraud and scams, where consumers reported losing money through phishing/smishing scams or via fraudsters who posed as investment or financial institution representatives to steal virtual currency. The most complained-about products and services—representing approximately 95 percent of all complaints—were credit or consumer reporting, debt collection, credit cards, checking or savings accounts, and mortgages. The Bureau also received complaints related to money transfers and virtual currency; vehicle finance; student, personal, and payday loans; prepaid cards; credit repair; and title loans.
Banking company pleads guilty to mortgage fraud
On March 15, a Michigan-headquartered bank holding company agreed to plead guilty to securities fraud for filing misleading statements related to its 2017 initial public offering (IPO) and its 2018 and 2019 annual filings. According to the DOJ’s announcement, the bank holding company and its wholly owned subsidiary were under investigation over allegations that loan officers were encouraged to increase the volume of residential mortgage loan originations in order to artificially inflate bank revenue leading up to and following the IPO. The DOJ explained that the bank filed false securities statements about its residential mortgage loan program in its IPO, as well as in subsequent annual filings that “contained materially false and misleading statements that touted the soundness of the [] loans.” These loans were actually “rife with fraud,” the DOJ said and cost non-insider victim-shareholders nearly $70 million. Senior management allegedly knew that loan officers were falsifying loan documents and concealing the fraudulent information from the bank’s underwriting and quality control departments, the DOJ maintained, noting that the actions caused the bank to originate loans and extend credit to borrowers who would have otherwise not qualified.
Under the terms of the plea agreement (which must be accepted by the court), the bank holding company will “be required to serve a term of probation through 2026, submit to enhanced reporting obligations to the department, and pay more than $27.2 million in restitution to its non-insider victim-shareholders.” The DOJ considered several factors when determining the criminal resolution, including the nature and seriousness of the offense and the pervasiveness of the misconduct at the most senior levels. The bank holding company received credit for its cooperation and for implementing extensive remedial measures, and has agreed to continue to fully cooperate with the DOJ in all matters relating to the covered conducts and other conduct under investigation. It is also required to self-report criminal violations and must continue to implement a compliance and ethics program to detect and deter future violations of U.S. securities law.
As previously covered by InfoBytes, the bank holding company’s subsidiary paid a $6 million civil money penalty to the OCC last September for alleged unsafe or unsound practices related to the residential mortgage loan program.
FinCEN warns financial institutions of surge in mail theft-related check fraud
On February 27, FinCEN issued an alert to financial institutions on the nationwide surge in check fraud schemes targeting the U.S. mail. Mail theft-related check fraud, FinCEN explained, generally relates to the fraudulent negotiation of checks stolen from the U.S. postal service, and represents one of the most significant money laundering threats to the U.S. The alert is intended to ensure financial institutions file suspicious activity reports (SARs) that appropriately identify and report suspected check fraud schemes possibly linked to mail theft. The alert highlighted red flags to help financial institutions identify and report suspicious activity, and reminded financial institutions of their Bank Secrecy Act (BSA) reporting requirements. According to FinCEN, BSA reporting for check fraud has increased significantly over the past three years. “In 2021, financial institutions filed over 350,000 [SARs] to FinCEN to report potential check fraud, a 23 percent increase over the number of check fraud-related SARs filed in 2020,” the agency said, adding that in 2022, SARs related to check fraud reached over 680,000. When suspecting this type of fraud, financial institutions are advised to refer customers to the United States Postal Inspection Service in addition to filing a SAR.
FTC says fraud cost consumers $8.8 billion in 2022
On February 23, the FTC released data showing 2.4 million consumers reported losing a total of nearly $8.8 billion to fraud in 2022—a more than 30 percent increase from the prior year. Investment scam losses totaled more than $3.8 billion (the most of any category in 2022 and double the amount of investment scam losses reported in 2021). Imposter scam losses came in at $2.6 billion, up from $2.4 billion in 2021. The FTC reported receiving more than 5.1 million reports directly from consumers, federal, state, and local law enforcement agencies, the Better Business Bureau, industry members, and non-profit organizations. In addition to fraud reports, the FTC received identity theft reports and complaints related to issues concerning problems with credit bureaus, banks, and lenders. Reports received through the FTC’s database serve as the starting point for many of the FTC’s enforcement investigations, the agency said, adding that reports are also shared with federal, state, local, and international law enforcement professionals. Full coverage of the reports received in 2022 can be accessed here.
Credit union to pay $558,000 in cyber fraud case
On January 12, the U.S. District Court for the Eastern District of Virginia ruled that a credit union (defendant) is responsible for $558,000 in compensatory damages for processing a payment order that was allegedly induced through fraud by the beneficiary, but later rescinded its decision to award punitive damages. According to the initial opinion and order, in October 2018, the plaintiff received a “spoofed” email from an unknown third party claiming to be one of the plaintiff’s suppliers. The email instructed the plaintiff to change its banking remittance information for the supplier. However, unknown to the plaintiff, the new banking information contained in the email belonged to an individual who had opened a personal account with the defendant months prior. The order stated that from October to November in 2018, the plaintiff made four payments to the individual’s account held by the defendant, identifying the supplier as the beneficiary. The plaintiff sued alleging that the defendant failed to “comport with basic security standards that resulted in the unlawful diversion of funds.” According to the opinion and order, the court found that Virginia Commercial Code required the defendant to reject the deposits if it knew there was a discrepancy between the intended beneficiary and the account receiving the deposit. The court further wrote that the defendant did not have a duty to “proactively” discover a discrepancy, but found that “the evidence at trial illustrated that [the defendant] did not maintain reasonable routines for communicating significant information to the person conducting the transaction. If [the defendant] had exercised due diligence, the misdescription would have been discovered during the first [] transfer.” Additionally, the court stated the defendant did have “actual knowledge” of the fraud because “the transfers generated real-time warnings that the name of the intended beneficiary [] did not match the name of the owner of the account receiving the [deposits].” The court awarded the plaintiff $558,000 in compensatory damages and $200,000 in punitive damages. However, the court rescinded the punitive damage award stating that the plaintiff has not provided sufficient evidence to support punitive damages.
CFTC, DOJ, SEC file charges in crypto fraud scheme
On December 13, the SEC filed a complaint against the former CEO/co-founder (defendant) of a collapsed crypto exchange for allegedly orchestrating a scheme to defraud equity investors. According to the SEC, from May 2019 to November 2022, the defendant raised over $1.8 billion from investors who bought an equity stake in his company in part because they believed his representations that the platform had “top-notch, sophisticated automated risk measures in place.” The complaint alleged, among other things, that the defendant orchestrated “a massive, years-long fraud” to conceal (i) the undisclosed diversion of customers’ funds to the defendant’s privately-held crypto hedge fund; (ii) the undisclosed special treatment afforded to the hedge fund on the company platform, including providing it with a virtually unlimited “line of credit” funded by the platform’s customers; and (iii) the undisclosed risk stemming from the company’s exposure to the hedge fund’s significant holdings of overvalued, illiquid assets, such as the platform-affiliated tokens. The complaint further alleged that the defendant used commingled funds at his hedge fund to make undisclosed venture investments, purchase lavish real estate purchases, and give large political donations. The SEC’s complaint charged the defendant with violating the anti-fraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934. The SEC is seeking injunctions against future securities law violations; an injunction that prohibits the defendant from participating in the issuance, purchase, offer, or sale of any securities, except for his own personal account; disgorgement of his ill-gotten gains; a civil penalty; and an officer and director bar.
The defendant was also indicted by a grand jury in the U.S. District Court for the Southern District of New York on wire fraud, commodities fraud, securities fraud, money laundering, and campaign finance charges.
The CFTC also filed a complaint against the former CEO/co-founder, in addition to the collapsed crypto exchange and the hedge fund for making material misrepresentations in connection with the sale of digital commodities in interstate commerce. Specifically, the CFTC alleged that the exchange’s executives, at the former CEO’s direction, created a number of exceptions to benefit his hedge fund, including adding features in the underlying code to permit the hedge fund to “maintain an essentially unlimited line of credit” on the trading platform through an “allow negative flag,” which allowed the hedge fund to withdraw billions of dollars in customer assets from the company. The CFTC is seeking restitution, disgorgement, civil monetary penalties, permanent trading and registration bans, and a permanent injunction against further violations of the Commodity Exchange Act and CFTC regulations, as charged.
Later, on December 21, the SEC and CFTC filed charges (see here and here) against the former CEO of the hedge fund and the former chief technology officer of the collapsed crypto exchange for their roles in the scheme to defraud equity investors. The agencies stated that investigations into other securities law violations and into other entities and persons relating to the alleged misconduct are ongoing.
North Carolina Supreme Court orders appeals court to review HAMP fraud claims
On November 4, the Supreme Court of North Carolina determined that an appeals court erred by remanding a case concerning a defendant bank’s Home Affordable Modification Program to a trial court with instructions to make factual findings and conclusions of law on the defendant’s motion to dismiss. Plaintiffs sued the defendant alleging fraud and other related claims arising out of the bank’s mortgage modification program. The trial court dismissed the claims for failure to state a claim pursuant to North Carolina’s Rule of Civil Procedure 12(b)(6), after concluding that plaintiffs’ claims were time barred and “that ‘the claims of all [p]laintiffs who were parties to foreclosure proceedings [were] barred by the doctrines of res judicata and collateral estoppel.’” Plaintiffs appealed. A divided panel of the Court of Appeals remanded the case to the trial court claiming that “it could not ‘determine the reason behind the grant’ and could not ‘conduct a meaningful review of the trial court’s conclusions of law.’” The North Carolina Supreme Court countered, however, that there exists “no legal basis or practical reason for the Court of Appeals to remand the case to the trial court to make factual findings and conclusions of law” as “a trial court is not required to make factual findings and conclusions of law to support its order unless requested by a party”—a request neither party made. According to the North Carolina Supreme Court, the appeals court erred by not conducting a de novo review of the sufficiency of the plaintiffs’ allegations. The North Carolina Supreme Court ordered the appeals court to address whether the plaintiffs’ allegations, if treated as true, are sufficient to state a claim upon which relief can be granted.
SEC charges investment operation targeting Muslim community
On November 2, the SEC filed a complaint against the founder of a capital investment company, alleging that the defendant targeted Muslim investors in a multimillion dollar fraudulent scheme. According to the complaint, the defendant started the company with the intention of providing purported investment expertise to members of the New York metropolitan area’s Muslim community. The defendant allegedly “offered investors promissory notes that claimed to offer guaranteed, significant returns on investments” in the company. The SEC claimed the defendant received roughly $8 million from investors by promising that the funds would be invested in Quran-compliant investments. However, the defendant allegedly misappropriated all of the funds to either make Ponzi-like payments to investors or to be used for his own personal use, including purchasing luxury vehicles and expensive jewelry or paying gambling debts. The complaint charges the defendant with violations of the antifraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934. The SEC’s announcement noted that the defendant consented to the entry of a judgment (subject to court approval) that imposes a permanent injunction and monetary relief to be determined at a later date. Concurrently, in a parallel action involving the same conduct, the DOJ announced criminal charges against the defendant who pleaded guilty to wire fraud, wire fraud conspiracy, and money laundering.
FINRA alerts firms about rising ACATS fraud
On October 6, FINRA issued Regulatory Notice 22-21, alerting member firms to the rising trend of fraudulent account transfers of customer accounts using the Automated Customer Account Transfer Service (ACATS)—an automated system that facilitates the transfer of customer account assets from one member firm to another. FINRA explained that “ACATS fraud is related to the growing threat of new accounts being opened online or through mobile applications using stolen or synthetic identities,” and may occur when the identity of a legitimate customer of a carrying member is stolen by a bad actor to open a brokerage account online or through a mobile app at a receiving member. Bad actors, FINRA warned, may open a new account using stolen information only or through a combination of stolen and false information, and will try to move the ill-gotten assets to an external account at a different financial institution. FINRA reminded members of regulatory obligations that may apply to ACATS fraud, including know-your-customer rules, Bank Secrecy Act/AML requirements, and the Identity Theft Red Flags Rule.