Covid-19 Fraud: A Financial Pandemic

Written by

Even as some regulators have reduced reporting requirements, the Financial Crimes Enforcement Network (FinCEN) has opted for a less-relaxed approach in regard to financial institutions and Bank Secrecy Act compliance.

Earlier this year, FinCEN offered some insight into its expectations regarding the Covid-19 pandemic as it applies to BSA. It noted that financial institutions will face challenges related to the pandemic but “expects financial institutions to continue following a risk-based approach” to combat money laundering and related crimes and “diligently adhere” to current BSA obligations. There are some special issues that banks should look out for, along with reporting requirements surrounding those issues.

Potential Fraud Indicators
An 2017 advisory letter outlines some potential fraudulent activities that can occur during a natural disaster or relief efforts. The release was intended to help financial institutions identify and prevent fraudulent activity that may interfere with legitimate relief efforts. The following are likely issues that could arise in the wake of a disaster.

  • Benefits Fraud — Benefits fraud typically occurs when individuals apply for emergency assistance benefits to which they are not entitled. Financial institutions are at risk when fraudsters seek to deposit or obtain cash derived from the emergency assistance payments. FinCEN noted that fraudsters often used wire transfers to perpetrate these scams. In those situations, they request withdrawals and the banks wire funds to the accounts, where the fraudster immediately withdraws the funds.
  • Charities Fraud — Charities provide a vehicle for donations to assist disaster victims; during times of disaster, criminals seek to exploit these vehicles for their own gain. Both legitimate and fraudulent contribution solicitations and schemes can originate from social media, emails, websites, door-to-door collections, flyers, mailings, telephone calls and other similar methods.
  • Cyber-Related Fraud — Cyber actors take advantage of public interest during natural disasters in order to conduct financial fraud and disseminate malware. The Center for Internet Security expects this trend to continue, as new and recycled scams emerge involving financial fraud and malware related to natural disasters.

According to an October release, FinCEN advised financial institutions to remain alert when it comes to fraudulent transactions that resemble those that occur in the wake of natural disasters. FinCEN is monitoring public reports and BSA reports of potential illicit behavior connected to Covid-19 and notes some emerging trends, in addition to those issues identified above.

  • Imposter Scams — Bad actors could attempt to solicit donations, steal personal information or distribute malware by impersonating healthcare organizations or agencies like the Centers for Disease Control and Prevention or the World Health Organization.
  • Investment Scams — The U.S. Securities and Exchange Commission urged investors to be wary of coronavirus-related investment scams, such as promotions that falsely claim that the products or services of publicly traded companies can prevent, detect or cure coronavirus.
  • Product Scams — The U.S. Federal Trade Commission and U.S. Food and Drug Administration have issued public statements and warning letters to companies selling unapproved or misbranded products that make false health claims pertaining to Covid-19. Additionally, FinCEN has received reports regarding fraudulent marketing of coronavirus-related supplies, such as certain face masks.
  • Insider Trading — FinCEN has received reports regarding suspected coronavirus-related insider trading.

Suspicious Activity Reporting
FinCEN still expects institutions to report suspicious activity — however, there are some special expectations within the reporting fields. FinCEN requests, though does not require, that financial institutions reference the 2017 advisory letter and include the key term “disaster-related fraud” in the SAR narrative and in SAR field 31(z) (Fraud-Other) to indicate a connection between the suspicious activity being reported and possible misuse of relief funds.

New FinCEN COVID-19 Online Contact Mechanism
FinCEN has created a coronavirus-specific online contact mechanism, via a specific drop-down category, for financial institutions to communicate related concerns to FinCEN while adhering to their BSA obligations. While this reporting program is in place, FinCEN has not committed to more than an automated response to any communications received.

FinCEN has continued to encourage banks to follow existing guidance and regulation in an effort to secure transactions within the financial services space. FinCEN will offer additional guidance as fraudsters are identified and their efforts are better understood. Until then, financial institutions may do well to ensure that their BSA and anti-money laundering programs are prepared to weather the storm.

Your Bank’s Answer to the Cannabis Conundrum

Written by


strategy-5-30-19.pngBanks should not wait on lawmakers taking action on the myriad of proposed cannabis banking bills to make important strategic decisions about servicing marijuana-related business.

It is unclear if any of the proposed cannabis banking bills will gain enough traction and support in Washington to pass through Congress. Despite the inaction, a growing number of financial institutions are choosing to provide banking services to the cannabis industry. Banks considering doing business with cannabis companies need to determine if it fits within the institution’s overall strategy and risk appetite. To determine whether the business fits, a board should ask and answer the following four questions:

To be or not to be a cannabis bank? Every board needs to ask itself this question. Even if your bank does not actively seek out cannabis business customers, it is likely your bank has been or will be approached by a customer in the business who is seeking banking services.

The vast majority of banks in the U.S. have marijuana-related or hemp businesses in their market areas, now that more than three-fifths of the country permit some sort of legal cannabis production and use–medical, recreational or industrial hemp. It is quite possible your bank is unwittingly providing banking services to a customer who is at least tangentially related to the business. It is important for your board to definitively establish where your institution stands on this business line and communicate that to the business development, sales and other customer-facing personnel. Are you in or out? Not having a stance risks being flat-footed when an opportunity or a threat arises.

What is a marijuana-related business? The Financial Crimes Enforcement Network, or FinCEN, issued guidance in 2014 on how financial institutions can provide services to marijuana-related businesses in a manner consistent with their Bank Secrecy Act obligations. But neither FinCEN nor any bank regulator has defined the term “marijuana-related business,” or MRBs.

As a result, it is not always clear if your bank is doing business with an MRB. Certainly, those firms that physically handle the plant are MRBs: cultivators, processors, testing facilities, packagers, transporters and dispensaries. If they are required to have a state license, they are an MRB. Your bank should follow the FinCEN guidance regarding suspicious activity report filings when transacting with these companies.

But what about other individuals or companies that are indirectly connected to marijuana-related businesses, such as equipment suppliers, payment processors, consultants, landlords and advisors? There is no simple answer. If a significant portion of the customer’s revenue is dependent on the industry, it could be considered an MRB.

If your bank decides to offer banking services to cannabis businesses, the board and executives must establish a method to determine which indirectly related businesses are MRBs and prepare for revisions to the method if regulators provide further guidance.

Develop in-house compliance programs or engage a consultant? FinCEN is clear that a bank working with marijuana-related businesses must have a robust customer due diligence process. Shortcomings in the diligence process could lead to mistakes and missteps when it comes to compliance with the Bank Secrecy Act and anti-money laundering laws and lead to serious adverse outcomes.

Bank boards must determine whether their institutions have sufficient internal staff to develop and implement customer diligence and other compliance programs, or if they will outsource these functions. Any compliance function will require the board and management to provide appropriate oversight and monitoring of the cannabis-related compliance program.

Will your institution bank marijuana, hemp, or both? Recent changes in the Farm Bill made this a legitimate and important question for bank boards. Before the new Farm Bill was signed into law, the processes and procedures for dealing with hemp businesses were the same as cannabis businesses, because they were treated the same under the Controlled Substance Act.

The 2018 Farm Bill amended the Controlled Substance Act, including removing hemp from the definition of marijuana as long as it contains not more than 0.3% tetrahydrocannabinol, or THC. The bill also allowed states to establish programs for the licensure and regulation of cultivation, production, processing and sale of hemp products.

The Farm Bill changes mean it might become less difficult for banks to work with hemp-related customers from an operational and compliance standpoint. But neither the FinCEN nor federal bank regulators have issued updated guidance on working with hemp businesses following this change.

As federal policy on cannabis continues to evolve, banks will be well-served by internal evaluations and aligning their positions toward this industry sooner rather than later. Those four questions should assist any bank board in establishing their strategy for cannabis-related business.

Protecting Elderly Customers from Financial Abuse

Written by


regulation-2-28-18.pngRegulators across the financial services industry remain keenly focused on protecting the interests of an aging population, especially where there may be signs of diminished cognitive capacity. Banks should consider various operational and compliance measures to guard against elder financial exploitation. While bank staff are on the front lines in protecting elderly customers, bank directors play a pivotal, top-down role in emphasizing a culture of vigilance, and in defining policy and strategy to combat elder financial fraud.

Be Aware of the Problem
Frontline personnel in branches and call centers are the first and last lines of defense to prevent elder financial exploitation. These personnel are the most likely to interact with elderly clients, many of whom are more inclined to conduct their financial transactions in a branch or over the phone, rather than electronically. Conducting periodic training that highlights real-world scenarios will help personnel recognize the signs of elder financial exploitation. An additional training element that may prove beneficial, but that often goes overlooked, is educating personnel on the psychological and emotional aspects of elder fraud. A customer’s diminished cognitive capacity or potential confusion, fear or embarrassment may be central to a perpetrator’s ability to prey on an elderly client.

Empower Employees to Speak Up
Identifying signs of potential financial exploitation of elderly clients is a great start. However, it is critical that personnel escalate suspicious activity through the proper channels within the bank. Personnel may be reluctant to follow through with escalating an event that is not blatantly fraudulent, perhaps out of fear of delaying a transaction or potentially embarrassing or even angering a client. However, speaking up is prudent, even when in doubt.

Develop the Three Ps
Banks should develop policies, processes and procedures that are easy to understand and follow.

Policies: Clearly define your organization’s views, guidelines and stated mission with regard to elder financial fraud.

Processes: Identify the mechanisms in place to effectively carry out the bank’s stated policies. This may include pre-set withdrawal limits (either daily or monthly), disbursement waiting periods or communications with external sources, such as a trusted contact person for the client, local adult protective services (APS) or law enforcement.

Procedures: Describe the precise steps that personnel should follow to execute the identified processes. What must a teller do in the event that a withdrawal request exceeds an established limit? Who does a call center representative contact in the event of suspicious activity, and what information should be provided? What information should personnel provide to a trusted contact person? What reports must be filed with authorities?

Report Suspected Exploitation
Banks are subject to various reporting requirements at the state and federal levels that relate to suspected elder financial fraud. National banks, state banks insured by the Federal Deposit Insurance Corp. and other financial institutions must file a suspicious activity report (SAR) with the Financial Crimes Enforcement Network (FinCEN) upon detection of a known or suspected crime involving a transaction. FinCEN has provided related guidance, and the electronic SAR form includes an “elder financial exploitation” category of suspicious activity. Several states’ laws and regulations also require that banks report suspected elder abuse to APS or law enforcement.

Banks may consider permitting clients to identify a “trusted contact person” that the bank may contact upon reasonable suspicion of potential exploitation. This is consistent with a March 2016 advisory from the Consumer Financial Protection Bureau (CFPB). Privacy concerns exist when disclosing customer information to a third party. However, the Gramm-Leach-Bliley Act (GLBA) permits disclosure of nonpublic personal information with customer consent. Regulation P under GLBA also grants an exception to the notice and opt-out requirements to protect against fraud or unauthorized transactions, or to comply with federal, state or local laws, rules and other applicable legal requirements. Additionally, 2013 Interagency Guidance “clarifies that reporting suspected financial abuse of older adults to appropriate local, state or federal agencies does not, in general, violate the privacy provisions of the GLBA or its implementing regulations.” A safe harbor from liability also exists for a bank that voluntarily discloses a possible violation of law or suspicious activity by filing a SAR. Bank personnel are also protected from liability in this situation.

Regulators at all levels of, and sectors within, the financial services industry continue to prioritize the interests of elderly customers, especially where there may be signs of diminished cognitive capacity. The banking community has gone to great lengths to support these efforts, and bank directors will continue to play an important role in defining internal policies and emphasizing the importance of vigilance in this area.

Banking Blockchain: Making Virtual Currencies a Reality for Your Bank

Written by


blockchain-10-17-17.pngBlockchain-based virtual currencies are gaining in popularity and evolving quickly. Blockchain currencies often are described as disruptive, but also have the potential to radically revolutionize the banking industry in a positive manner. The reality is that blockchain currencies may develop into a useful tool for banks. Their acceptance, however, is hindered by their own innovative nature as regulators attempt to keep pace with the technological developments. Potential blockchain currency users struggle to understand their utility. Despite these hurdles, many banks are embracing opportunities to further develop blockchain currencies to make them work for their customers.

What Are Virtual Currencies and Blockchain?
Virtual currencies, also referred to as “digital currencies,” are generally described as a digital, unregulated form of money accepted by a community of users. Currently, blockchain currencies are not centrally regulated in the United States. For example, the federal government’s Financial Crimes Enforcement Network (FinCEN) and the Securities and Exchange Commission view blockchain currencies as money, the Commodities Futures Trading Commission sees them as a commodity, and the Internal Revenue Service calls them property. The IRS has attempted to define virtual currency as:

a digital representation of value that functions as a medium of exchange, a unit of account, and/or a store of value [and] does not have legal tender status in any jurisdiction.

FinCEN, the agency with the most developed guidance regarding virtual currency, regards it in a more practical fashion as a medium of exchange that operates like a currency in some environments, but does not have all the attributes of real currency. Whatever the regulatory definition, virtual currencies need more certainty in form and function before their use becomes commonplace.

Blockchain technology brings benefits to payment systems and other transactions that are quite revolutionary. Blockchain technology is essentially a decentralized virtual ledger (aka, distributed ledger), utilizing a comprehensive set of algorithms that records virtual currencies chronologically and publicly.

Some examples of blockchain currencies currently in use are Bitcoin, Dash, Ether, Litecoin and Ripple. These currencies are constantly evolving and are being developed by individuals, technology-based peer groups or financial institutions. In August 2016, a consortium of banks, led by UBS, Deutsche Bank, Santander and BNY Mellon, announced the development of the “utility settlement coin” or USC. The USC is meant to allow banks to transact payments in real time without the use of an intermediary. It is expected to go live in 2018.

Blockchain Currency Opportunities for Banks
Despite their reputation for being tools of illicit trade, blockchain currencies may be useful to banks in a variety of ways and can achieve certain benefits. Blockchain currencies could:

  • actually reduce fraud, including hacking or theft attempts, because the technology makes every step of the blockchain transparent.
  • reduce costs and risks associated with know-your-customer (KYC) programs because blockchain has the ability to store KYC information.
  • allow a financial institution to establish a new trading platform for exchange that eliminates intermediaries.
  • potentially could transform the payments industry. An obvious example is the USC, which permits payments to be made in real time, without the use of intermediaries; and strengthens the confidence in the authenticity of the transaction. Banks that are either able to establish a blockchain currency or adapt a proven technology for their operations will generate operational efficiencies and obtain a significant competitive advantage.

What Are the Regulatory Challenges?
Blockchain currencies currently are not centrally regulated in the United States. As discussed above, the lack of a uniform definition is a fundamental issue. FinCEN has classified any person or entity involved in the transfer of blockchain currencies as a money transmitter under money services business regulations.

As blockchain currencies continue to evolve, however, additional federal laws and regulations must be drafted to address the most substantial areas of risk. Some states are weighing in on the topic as well. For example, the Illinois Department of Financial and Professional Regulation recently issued guidance on the use of virtual currency in which the Department views virtual currency through the lens of the Illinois’ Transmitters of Money Act.

Additionally, the Uniform Law Commission is developing regulations that would, among other things, create a statutory structure (for each state that adopts it) to regulate the use of virtual currency in consumer and business transactions. Regardless whether the federal government or the states enact legislation affecting blockchain currencies, a more uniform regulatory approach would greatly aid their development and utility.

Conclusion
Blockchain currencies, and the laws and regulations governing them, are in a promising state of development. As new technologies emerge and existing technologies continue to evolve, banks are presented with real opportunities for innovation by successfully adapting blockchain for use by their customers. Those that figure it out are poised for real success.