Looking for Banker’s Toolbox? You are in the Right Place!

Banker’s Toolbox is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to Banker’s Toolbox Community Online.

Make yourself at home!

Looking for MainStreet Technologies? You are in the Right Place!

MainStreet Technologies is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the contact us button here, or the link in the top navigation, to reach product support for your MST products.

Make yourself at home!

Looking for Sageworks? You are in the Right Place!

Sageworks is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to your Sageworks products.

Make yourself at home!

Have mercy, Aunt Becky! Federal prosecutors on Tuesday, April 9, brought new conspiracy and money laundering charges against 16 parents involved in the alleged $25 million college admissions scandal, including “Full House” actress Lori Loughlin and her clothing designer husband, Mossimo Giannulli. This is not the type of money laundering financial institutions generally detect in their BSA compliance programs or even hear about routinely in the news. Let’s look at why these cheating allegations turned into indictments of money laundering. 

Loughlin and Giannulli were initially charged with fraud for allegedly paying $500,000 to college consultant William “Rick” Singer and his non-profit organization, Key Worldwide Foundation (KWF), which prosecutors said was a front for accepting bribes.  

According to the indictment, Loughlin and Giannulli allegedly “[conspired] to launder the bribes and other payments in furtherance of the fraud by funneling them through Singer’s purported charity and his for-profit corporation, as well as by transferring money into the United States, from outside the United States, for the purpose of promoting the fraud scheme,” a press release from the U.S. Attorney’s Office states. 

Wiretapped conversations and emails between Loughlin and Singer discussing IRS audits of KWF led to the grand jury money laundering indictmentaccording to People.com. “They’re always worried about things going on in foundations,” Singer said. “I see,” Loughlin replied, and then later said, “So we just have to say we made a donation to your foundation and that’s it, end of story.”  

If you have an issue, we have a solution. Utilize our expertise to make big things happen.
Talk to an expert

The charge of conspiracy to commit money laundering carries a maximum sentence of 20 years in prison, three years of supervised release and a fine of $500,000. The fraud-conspiracy charge also carries a maximum 20-year prison term, three years of supervised release and a fine of $250,000. The stakes associated with cheating have just been raised for Loughlin, Giannulli, and the other 14 parents in these new indictments.  

The other more famous of the cheaters, Felicity Huffman, along with 12 other parents, pleaded guilty to lesser charges of fraud and conspiracy, avoiding the additional charges 

How the rich and famous respond to these new indictments is yet to be seen, and no doubt will be of interest to the anti-money laundering community. Although the facts of this case are a bit unusual, a few takeaways for the AML community remind us to go back to the basics: 

  • Know your customers and when possible, know your customer’s customers.
  • Conduct enhanced due diligence on your Non-Governmental Organizations (NGOs) and give higher risk points to NGOs as applicable.
  • When large amounts of funds are flowing through an NGO, moving from the U.S. and outside the U.S., confirm the source and use of funds. 
  • Does the amount of funds flow and purpose make logical sense (example, $25 million to a college consultant)?  
  • When in doubt, file a SAR. 

When investigating transactional activity, remember, even Aunt Becky makes bad decisions and could end up laundering money through your institution.  

Tax season is well underway and with that comes a little lesser-known, but equally as important season: Tax Identity Theft Season or Stolen Identity Refund Fraud (SIRF).

Tax ID fraud or tax return fraud is the use of someone else’s personal information to file a fraudulent tax return or claim tax benefits. This type of fraud costs the nation’s taxpayers an average of $5.2 billion annually. One of the biggest problems with this form of fraud is that fraudsters file these illegitimate tax returns early, armed with a fresh trove of stolen social security numbers, names and dates of birth. Their goal is to get fraudulent tax returns submitted before the actual person submits theirs. Most people do not know they are a victim until they go to file their taxes and are informed they have already been submitted.

As a BSA officer, what is your role in preventing tax ID fraud? Besides protecting your customers or members from being scammed, you have a role in identifying potential instances of tax return fraud and notifying the government by filing a Suspicious Activity Report (SAR). Most of these fraudulent returns are issued via direct deposit into accounts that could quite possibly be held at your financial institution.

Here are a few red flags to look for when identifying tax refund fraud, according to FinCEN, the IRS and law enforcement:

  1. Look for multiple direct deposit tax refunds payments made to multiple people but all deposited into the same account.
  2. Identify mule accounts established to facilitate fraud. These consist of accounts that are opened with the sole purpose of depositing fraudulent returns. Ensure your new account monitoring processes are sufficient for identifying this type of behavior.
  3. Business accounts processing tax return checks in a manner that differs from their initial stated business.
  4. Maintaining a business account for a check cashing business that processes a high volume of tax refund checks.
  5. The signature on the back of the check doesn’t match the ID of the person conducting the transaction or the same signature is used across multiple checks written to different people.

Read the full list of red flags from FinCEN here.

If you do find a transaction or transaction(s) that could possibly fall under tax refund fraud, or is suspicious in nature, do your due diligence. If necessary, file a SAR and use the term “tax refund fraud” in the narrative section with a detailed description of the activity. Additionally, contact your local IRS Criminal Investigation Field Office and alert them that a SAR was filed around tax refund fraud.


Three Emerging Check Fraud Trends to be Aware Of

When was the last time you wrote a check? We’ll wait…

You may not have written a check in a while, meaning you might not even realize your checkbook is missing. Businesses still rely on checks as one of their top forms of payment. Those accounts tend to have more money and/or higher limits than personal accounts. There is also usually more than one signee assigned to those accounts, making them more susceptible to fraud. Additionally, the access to new technology to create realistic counterfeit checks makes check fraud one of the largest forms of fraud in the world.

According to the ABA’s 2017 Deposit Account Fraud Survey Report, banks stopped $17 billion in fraudulent transactions in 2016, 35% of which were check fraud. (Financial institutions also stopped almost $6 billion of that $7 billion from getting paid out, so give yourselves a pat on the back!) The 2017 AFP Payments Fraud and Control Survey reported 75% of financial institutions experienced check fraud in 2016, up from previous years. Over 31% of those institutions said they experienced over 15 incidents of check fraud.

One would think as technology improves so would the safeguarding features around monetary transactions. Mobile depositing of checks, for example, has actually made check fraud easier. A growing fraud issue is duplicate deposits of those checks. Fraudsters cash the same check twice – once via mobile deposit, and once in the bank branch months later, making off with double the money if institutions aren’t vigilant. As mentioned before, these scammers are also using high-tech devices to their advantage, printing fraudulent checks from top-of-the-line printers making them look legit to the untrained eye.

Check fraud still appears in traditional forms, including basic counterfeit checks, forging checks, paperhanging (writing a check from a closed account) and check kiting (“floating” a check from one low- or no-balance account to another to cover payments). Yet, emerging check fraud trends are important for you and your staff to be aware of in order to protect both your financial institution and your customers.

Lottery/Sweepstake Winnings: Scammers send a letter saying you won a lottery or sweepstake with a check for a couple of thousand dollars. All you have to do is deposit the check into your account, keep a small part for yourself and wire the rest of the amount back. It’s a win-win, right? It would seem, but only until the check is marked as fraudulent and your account is overdrawn by a few thousand dollars.

How do you prevent this at your institution? If a customer comes in with a check like this, have your tellers/front of house start a conversation with him/her explaining the latest scams going around. They are especially susceptible to this type of scam if their account balance is normally well below the dollar amount on the check. Who doesn’t want to get rich quick? Also, pay attention to the physical check. Where is the origination address? Does this match the business on the front of the check? Are the routing numbers correct? Are there physical signs of alteration, including stains or discoloration? BAM+ fraud scenarios run over 30 scenarios to prevent lottery scams, including sudden check deposit activity, real-time deposited check fraud detection, and ACH credit amount spikes.

Business Email Compromise: According to AFP’s survey, 34% of all BEC scams targeted check fraud. Criminals send a fake or phishing email to a member of the finance team at a corporation either pretending to be a high-level executive or presenting a fake invoice. Often times the scammers will spend a few days “grooming” this employee to persuade him/her the claim is real. Eventually, the employee sends back secure financial information, allowing the criminal to forge a business check or process a wire transfer.

How do you prevent this? IT departments are becoming increasingly vigilant against these types of scams, but that doesn’t mean they stop 100% of them. Pay attention to business checks over a certain threshold amount or when there is a spike in the number of checks issued over a certain period. BAM+ fraud scenarios automatically check for both of these.

Check Overpayment Scams: A customer is selling his/her car online or in the local classifieds. They get a check in the mail from the buyer for $1,000 over the asking price. When he/she calls the buyer to alert them of the overpayment, they say it was an honest mistake and ask him/her to wire them back the extra $1,000. So your customer comes in with the check and starts a wire for the extra money. Then the check comes back as fraudulent, the scammer made a quick $1,000 and your customer depleted his/her account.

How do you prevent this? When a customer comes in to deposit a large check and make a wire payment, have your front of house strike up a conversation and see where the check came from. If it is over the CTR filing thresholds, you will have to file paperwork on it anyways, so the conversation is necessary. If it seems like this customer is a victim of an overpayment scam, suggest he/she return the check and ask for a new one with the correct amount.

These are just a few emerging fraud trends on a list that grows daily. As technology evolves so do the ways fraudsters conduct their illicit businesses and approach victims. Tellers can stop most check fraud at the teller line by spotting a counterfeit or fake check.

How do your tellers know what to look for?

When accepting a physical check, take a close look at the check. Pay attention to the check numbers. Most scammers use low numbers on personal checks (101-400) and higher numbers on business checks (1001-1500). Verify the customer’s address, look for signs of discoloration or stains from erasures or attempts at altering printed info. Visit FakeChecks.org for a fun way to test your staff’s knowledge of counterfeit checks.

When you’re ready to stop check fraud at a higher level at your institution, contact us for information on our BAM+ Fraud Scenarios. Together with our leading BSA/AML software, fraud solutions work to look for patterns through transactions that raise fraud red flags, including check fraud. Our scenarios scan for everything from sudden check activity to duplicate serial numbers to check amount thresholds, offering all this in real time monitoring. Our multi-dimensional technology combines institution-level risk thresholds and behavioral logic that identifies individual and peer deviations with typology pattern recognition. Our enterprise fraud case management system allows you to track and record fraud cases for your entire institution, giving you an all-encompassing view of the fraud at your organization.

At the end of the day, trust your intuition. If something feels off, take a second to investigate it a little deeper. Ask another question; take a harder look at the check. You may just save a customer a very real headache… and thousands of dollars.


Additional Resources

Webinar: Emerging Fraud Trends
Case Study: How BAM+ Fraud Scenarios Saved VACU Millions

October may be National Cybersecurity Awareness month, but the emphasis put on safeguarding customers’ digital data should be a top priority no matter the time of year. In 2017, nearly half of the population had their data exposed after the Equifax breach. By the mid-point of 2018, there were already 668 total security breaches and nearly 22.5 million records exposed. Community banks and credit unions are turning to technology to create a more efficient lending environment, as well as a more millennial-friendly digital experience. While technology can be an invaluable investment for a financial institution, it is also imperative to instill proper security controls and protocols for those technologies within the organization.

In 2005, there were fewer than 200 significant security breaches in the U.S., vs. in 2017, when the number of breaches topped 1,300. While the business and medical sectors are faced with substantially more security breaches than the financial services industry, the number of security breaches at financial companies is certainly on the rise in recent years. The financial services industry encountered 69 breaches in 2017; meanwhile, by the half-way point of 2018, there had already been 84 breaches. Creating a digital experience for your customers and members goes beyond a beautiful website display or new online capabilities – it also means ensuring their information is safeguarded.

To create a culture of cybersecurity awareness at your financial institution, there are critical educational and preventative measures for employees, board members, stakeholders, and vendors to acknowledge.

Cybersecurity is built in a proactive—not reactive—environment

One of the worst things an institution can do is to wait for something bad to happen before developing a robust cybersecurity system. Cybersecurity is not an occasional concern, but rather an everyday task that each employee at an institution should take seriously. Developing full buy-in from each employee at your institution is a critical first step to building a proactive culture of digital security. Emily Larkin, Chief Information Security Officer at Abrigo, suggests starting at the top with leadership and board members. “Get their attention by outlining the potential financial impact of a cybersecurity incident and breach,” Larkin said recently in a column for BAI Banking Strategies. “This is not a scare tactic, but a reality check and an education tool for those focused on growth and financials.”

Information security extends far beyond the IT team, and protective firewalls can only go so far. Larkin explains that employees at all levels should understand the financial implications of a breach, the reputational risk at stake, as well as the current vulnerabilities within an institution.

Align values with vendors

Purchasing software for an institution is a big undertaking, not only financially, but also from a due diligence perspective. Your customers and members expect your institution to keep their data safe and secure, and your institution should uphold those same standards for any third-party vendors it partners with. Be sure that your institution’s vendors hold the same cybersecurity standards as your bank or credit union. McKinsey & Company recommends scheduling regular conversations with vendors to state the levels of security required to protect your institution’s information. During these discussions, devise clear recovery and compensation plans and take the time to understand exactly how your institution’s data will be used. Banks are viewed as the most trusted provider of data security, but they also bear the largest obligation to accountability should a breach occur. Be sure to fully vet and choose third-party vendors that will continue to allow your institution to uphold customers’ trust and pass regulatory scrutiny.

Learn how to drive faster lending decisions.

Request More Information »

Educate employees and customers on common scams

Education is a virtually free way to thwart a cybersecurity attack at your institution. Oftentimes, individuals can compromise information simply because they don’t know any better. The banking industry is one of the top targets of hackers using phishing attempts to breach security. Phishing scams can include spoofed emails or a spoofed website. To better prepare your employees for potential phishing attempts, Larkin suggests implementing phishing tests at your institution. Many tools allow institutions to send phishing emails, track those that open the email and click on links or other attachments, as well as teach users how they could have spotted common phishing tricks. Phishing tests also allow institutions to implement and exercise response plans to better prepare employees for reporting suspicious activity.

Perhaps attackers are disguising themselves as your bank or credit union. Will recipients be able to distinguish your email from an attacker’s? On your institution’s website, you can include resources to help educate customers and members on the ways to identify potential phishing attempts. Provide examples of frequent scam tactics, such as URLs or language, that attackers often use in their phishing attempts. Providing resources to your customers not only prevents customers from falling victim to phishing attempts, but it also strengthens your customers’ trust that your institution will keep their data secure.

There are many moving parts to developing a comprehensive strategy for cybersecurity awareness. Ensuring that every person who is part of your institution is committed to protecting its data and its customers’ data requires many different approaches. It’s important for financial institutions to understand that increasing cybersecurity doesn’t always mean purchasing more software. There are so many ways to bolster your security, simply by keeping employees, stakeholders, and vendors educated and informed with up-to-date best practices and preventative measures.

Additional Resources

Webinar: Shaping the Borrower Experience
Whitepaper: Mitigating Top Member Business Lending Risks