Vol. XXXV, No. 6 FinCEN Alert Mail Theft – Check Fraud: Schemes Targeting the U.S. MailI. Background The Financial Crimes Enforcement Network (FinCEN) has issued an alert to financial institutions on the nationwide surge in check fraud schemes targeting the U.S. Mail. Fraud, including check fraud, is the largest source of illicit proceeds in the United States and is one of the anti-money laundering/countering the financing of terrorism (AML/CFT) National Priorities. In coordination with the United States Postal Inspection Service (USPIS), FinCEN has identified red flags to help financial institutions detect, prevent, and report suspicious activity connected to mail theft-related check fraud. Bank Secrecy Act reporting for check fraud has increased significantly in the last three years. In 2021, financial institutions filed over 350,000 Suspicious Activity Reports (SARs) to FinCEN to report potential check fraud, a 23 percent increase over the number of check fraud-related SARs filed in 2020. This upward trend continued into 2022, when the number of SARs related to check fraud reached over 680,000, nearly double from the previous year’s amount of filings. FinCEN requests that financial institutions reference this alert in SAR field 2 (Filing Institution Note to FinCEN) and the narrative by including the key term “FIN-2023-MAILTHEFT” and marking the check box for check fraud (SAR Field 34(d)). In addition to filing a SAR, as applicable, when suspecting this type of fraud, financial institutions should refer their customers who may be victims of mail theft-related check fraud to the USPIS online or at 1-877-876-2455. II. Mail Theft Risks and Vulnerabilities Criminals have been increasingly targeting the U.S. Mail and United States Postal Service mail carriers since the COVID-19 pandemic to commit check fraud. Criminals typically steal personal checks, business checks, tax refund checks, and checks related to government assistance programs, such as Social Security payments and unemployment benefits. Following the initial theft and fraudulent negotiation of the stolen checks, criminals may continue to exploit their victims by using the personal identifiable information found in the stolen mail for future fraud schemes, such as credit card fraud or credit account fraud. Criminals committing mail theft-related check fraud generally target the U.S. Mail in order to steal personal checks, business checks, tax refund checks, and checks related to government assistance programs, such as Social Security payments and unemployment benefits. Criminals will generally steal all types of checks in the U.S. Mail as part of a mail theft scheme, but business checks may be more valuable because business accounts are often well-funded, and it may take longer for the victim to notice the fraud. There have been cases of Postal Service employees stealing checks at USPS sorting and distribution facilities. However, according to USPIS, mail theft-related check fraud is increasingly committed by non-USPS employees, ranging from individual fraudsters to organized criminal groups comprised of the organizers of the criminal scheme, recruiters, check washers, and money mules. Check Washers: Check washing involves the use of chemicals to remove the original ink on a check to replace the payee and often the dollar amount. Fraudsters may also copy and print multiple washed checks for future use or to sell to third-party criminals. Money Mules: A money mule is a person (whether witting or unwitting) who transfers or moves illicit funds at the direction of or on behalf of another. III. Typologies of Mail Theft-Related Check Fraud and Associated Money Laundering After stealing checks from the U.S. Mail, fraudsters and organized criminal groups may alter or “wash” the checks, replacing the payee information with their own or fraudulent identities or with business accounts that the criminals control. During check washing, these illicit actors also often increase the dollar amount on the check, sometimes by hundreds or thousands of dollars. Washed checks may also be copied, printed, and sold to third-party fraudsters on the dark web and encrypted social media platforms in exchange for convertible virtual currency. In some cases, victim checks are also counterfeited using routing and account information from the original, stolen check. Illicit actors may cash or deposit checks in person at financial institutions, through automated teller machines (ATMs), or via remote deposit into accounts they control, and which they often open specifically for the check fraud schemes. Criminals may also rely on money mules and their pre-existing accounts to deposit fraudulent checks. Regardless, once the checks are deposited, the illicit actors often rapidly withdraw the funds through ATMs or wire them to other accounts that they control to further obfuscate their ill-gotten gains. The criminals may further exploit the victims by using personal identifiable information found in the stolen mail for future fraud schemes such as credit card fraud or credit account fraud. IV. Financial Red Flags Relating to Mail Theft-Related Check Fraud FinCEN, in coordination with USPIS, has identified red flags to help financial institutions detect, prevent, and report suspicious activity connected to mail theft-related check fraud, many of which overlap with red flags for check fraud in general. As no single red flag is determinative of illicit or suspicious activity, financial institutions should consider the surrounding facts and circumstances, such as a customer’s historical financial activity, whether the transactions are in line with prevailing business practices, and whether the customer exhibits multiple red flags, before determining if a behavior or transaction is suspicious or otherwise indicative of mail theft related check fraud. In line with their risk-based approach to compliance with the BSA, financial institutions are also encouraged to perform additional due diligence where appropriate.
Full-Text PDF The foregoing Compliance Update is for informational purposes only and does not constitute legal advice. As a reminder, the NBA general counsel is the attorney for the Nebraska Bankers Association, not its member banks. The general counsel is available to assist members with finding resources to help answer their questions. However, for specific legal advice about specific situations, members must consult and retain their own attorney.
Vol. XXXV, No. 5 Joint Statement on Crypto-Asset Risks to Banking OrganizationsThe federal banking agencies have issued a joint statement on crypto-asset risks to banking organizations. The events of the past year have been marked by significant volatility and the exposure of vulnerabilities in the crypto-asset sector have highlighted a number of key risks associated with crypto-assets and crypto-asset sector participants that banking organizations should be aware of, including:
It is important that risks related to the crypto-asset sector that cannot be mitigated or controlled do not migrate to the banking system. Given the significant risks highlighted by recent failures of several large crypto-asset companies, the agencies continue to take a careful and cautious approach related to current or proposed crypto-asset-related activities and exposures at each banking organization. Banking organizations are neither prohibited nor discouraged from providing banking services to customers of any specific class or type, as permitted by law or regulation. The agencies are continuing to assess whether or how current and proposed crypto-asset-related activities by banking organizations can be conducted in a manner that adequately addresses safety and soundness, consumer protection, legal permissibility, and compliance with applicable laws and regulations, including anti-money laundering and illicit finance statutes and rules. Based on the agencies’ current understanding and experience to date, the agencies believe that issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system is highly likely to be inconsistent with safe and sound banking practices. Further, the agencies have significant safety and soundness concerns with business models that are concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector. The agencies will continue to closely monitor crypto-asset-related exposures of banking organizations. As warranted, the agencies will issue additional statements related to engagement by banking organizations in crypto-asset-related activities. The agencies also will continue to engage and collaborate with other relevant authorities, as appropriate, on issues arising from activities involving crypto-assets. Each agency has developed processes whereby banking organizations engage in robust supervisory discussions regarding proposed and existing crypto-asset-related activities. Banking organizations should ensure that crypto-asset-related activities can be performed in a safe and sound manner, are legally permissible, and comply with applicable laws and regulations, including those designed to protect consumers (such as fair lending laws and prohibitions against unfair, deceptive, or abusive acts or practices). Banking organizations should ensure appropriate risk management, including board oversight, policies, procedures, risk assessments, controls, gates and guardrails, and monitoring, to effectively identify and manage risks. Full-Text PDF The foregoing Compliance Update is for informational purposes only and does not constitute legal advice. As a reminder, the NBA general counsel is the attorney for the Nebraska Bankers Association, not its member banks. The general counsel is available to assist members with finding resources to help answer their questions. However, for specific legal advice about specific situations, members must consult and retain their own attorney.
Vol. XXXV, No. 4 Home Mortgage Disclosure Act (HMDA)Change in Exemption ThresholdThe Board of Governors of the Federal Reserve System recently published in the Federal Register its annual notice of the asset-size exemption threshold for depository institutions under Regulation C, which implements the Home Mortgage Disclosure Act (HMDA). By this amendment, the Board of Governors has increased the asset-size exemption threshold to $54 million in 2023 for depository institutions that are required to report data under HMDA. As a result of this action, depository institutions with assets of $54 million or less as of December 31, 2022, are exempt from data collection in 2023. An institution’s exemption from collecting data in 2023 does not affect its responsibility to report the data it was required to collect in 2022. The adjustment was effective January 1, 2023. A review of the HMDA exemption threshold is mandated by provisions of the Economic Growth and Regulatory Paperwork Reduction Act of 1996. The adjustment reflects changes in the Consumer Price Index for Urban Wage Earners and Clerical Workers for the 12-month period ending in November 2021. The foregoing Compliance Update is for informational purposes only and does not constitute legal advice. As a reminder, the NBA general counsel is the attorney for the Nebraska Bankers Association, not its member banks. The general counsel is available to assist members with finding resources to help answer their questions. However, for specific legal advice about specific situations, members must consult and retain their own attorney.
Vol. XXXV, No. 3 HMDA Closed-End Loan Reporting ThresholdThe United States District Court for the District of Columbia recently issued an order vacating the 2020 Home Mortgage Disclosure Act (HMDA) Final Rule as to the loan volume reporting threshold for closed-end mortgage loans. The decision means that the threshold for reporting data on closed-end mortgage loans is now 25 loans in each of the two preceding calendar years, which is the threshold established by the 2015 HMDA Final Rule, rather than the 100-loan threshold set by the 2020 HMDA Final Rule. The 2020 Rule, which amended Regulation C, permanently increased the reporting threshold from the origination of at least 25 closed-end mortgage loans in each of the two preceding calendar years to 100 and permanently increased the threshold for collecting and reporting data about open-end lines of credit from the origination of 100 lines of credit in each of the two preceding calendar years to 200. The Consumer Financial Protection Bureau (CFPB) in recognition that financial institutions affected by this change may need time to implement or adjust policies, procedures, systems, and operations to come into compliance with their reporting obligations, does not view action regarding these institutions’ HMDA data as a priority. As a result, the CFPB does not intend to initiate enforcement actions or cite HMDA violations for failures to report closed-end mortgage loan data collected in 2022, 2021, or 2020 for institutions subject to the CFPB’s enforcement or supervisory jurisdiction that meet Regulation C’s other coverage requirements and originated at least 25 closed-end mortgage loans in each of the two preceding calendar years but fewer than 100 closed-end mortgage loans in either or both of the two preceding calendar years. The Federal Deposit Insurance Corporation (FDIC) has followed the lead of the CFPB and announced that it does not intend to initiate enforcement actions or site HMDA violations for failures to report closed-end mortgage loan data for 2022, 2021, or 2020 by FDIC-supervised institutions that (1) are subject to Regulation C's other coverage requirements, and (2) originated at least 25 closed-end mortgage loans in each of the two preceding calendar years, but fewer than 100 closed-end mortgage loans in either or both of the two preceding calendar years. The FDIC indicates that FDIC-supervised institutions may elect to report data voluntarily for those years, but the FDIC does not expect those institutions to collect and report data retroactively for closed-end mortgage loans covered by the Court’s order vacating the CFPB 2020 HMDA Final Rule. Accordingly, institutions affected by the Court’s order and that meet the reporting thresholds of 25 closed-end mortgage loans in each of the two preceding calendar years as of 2023, should start collecting data in 2023 and reporting data in 2024. The foregoing Compliance Update is for informational purposes only and does not constitute legal advice. As a reminder, the NBA general counsel is the attorney for the Nebraska Bankers Association, not its member banks. The general counsel is available to assist members with finding resources to help answer their questions. However, for specific legal advice about specific situations, members must consult and retain their own attorney.
|
STAY CONNECTED |
nEBRASKA bANKERS aSSOCIATION233 South 13th Street, Suite 700
PO Box 80008 Lincoln, NE 68501-0008 402-474-1555 Digital Millennium Copyright Act Policy |