Author: Dave Gowan

Dave brings a unique blend of experience as a former investigator and compliance officer with multi-billion dollar asset financial institutions. Dave has a 16+ years of career experience from the armed forces, as well as over a decade in the banking industry; from financial crime & fraud investigation to complete BSA compliance responsibilities. Dave brings a pragmatic and practical approach to the industry, grounded in fact and working knowledge of financial regulations. Dave has been with PayLynxs for over ten years.

Continuing Financial Crime Trends during COVID-19

Charity, Unemployment, Utility and Coronavirus Treatment Scams continue to target the Elderly and Unemployed

As access to the financial system has decreased due to the COVID-19 crisis, criminal activity has increased in several areas of interest, with much involving various forms of social engineering[i] and technology. This increase is largely due to the inaccessibility of conventional banking; in turn, fraud and money laundering conspirators have had to adapt. While many of us in the Banking Compliance arena do not personally feel susceptible to these types of scams, it continues to be important to consistently communicate to our members and customers regarding schemes and the propensity for financial loss by misdeeds and misrepresentation.

The elderly are specifically susceptible to both online and in-person COVID-19 scams. Many of these scams tend to take advantage of fear by attempting to sell fake cures and preventative medicines specifically formulated for the coronavirus. Other scams are even more nefarious, involving individuals offering services such as grocery and medicine shopping and delivery, ultimately taking the funds up front from immuno-compromised or elderly persons, and disappearing without delivering the items.[ii]

An interesting twist on specific abuses of the elderly and disabled involves caretakers, nursing homes, and assisted living facilities attempting to withhold the stimulus checks of those under their care.  The Federal Trade Commission goes on to assert it is receiving reports, “facilities are trying to take the stimulus payments intended for their residents on Medicaid…requiring those people to sign over those funds to the facility…claiming that, because the person is on Medicaid, the facility gets to keep the stimulus payment.”[iii]

Meanwhile, the CARES Act[iv] is due to expire at the end of July, 2020, with the Federal Government currently deliberating on its extension. This impending expiration has given rise to many Utility Shutoff Scams, where an unsuspecting recipient receives a phone call from a scammer reporting to be a utility demanding payment from a number of methods to avoid shutoff.[v] These methods often involve the use of prepaid cards, remittance, or basic debit or credit card information over the phone. Additional CARES Act-related scams involve the pre-funding of unemployment benefits and additional stimulus payments, none of which have been approved yet.

Social Engineering tends to play a large role in many of the schemes we see today. To end on an obvious note, but if it seems to good to be true, it more than likely is!

 

 

[i] https://www.csoonline.com/article/2124681/what-is-social-engineering.html#:~:text=Social%20engineering%20definition,to%20buildings%2C%20systems%20or%20data.&text=%5B%20Learn%20what%20makes%20these%206,signing%20up%20for%20our%20newsletters.%20%5D

[ii] https://www.wlvt.org/blogs/montgomery/scammers-targeting-senior-citizens-with-new-coronavirus-scams/

[iii] https://www.consumer.ftc.gov/blog/2020/05/did-nursing-home-or-assisted-living-facility-take-your-stimulus-check

[iv] https://home.treasury.gov/policy-issues/cares

[v] https://www.consumer.ftc.gov/blog/2020/07/utility-company-calling-dont-fall-it

 

Balancing Financial Crimes Compliance During Reopening

As the country slowly reopens after its response to the COVID-19 pandemic, many smaller financial institutions may be feeling the overwhelming effects of new rules in place to continue to slow the spread of the coronavirus. Likely, many institutions have seen a soft shutdown of normal services involving physical locations due to the obvious danger of maintaining normal activities within their branches and service centers. To add to the strain on daily operations, many have surely encountered staffing issues, Personal Protective Equipment (PPE) supply shortages, and the overwhelming onslaught of member questions regarding stimulus payments, small business loans, and the like. The coronavirus has affected both members’ health as well as staff; there is no shortage of related situations causing a strain on our communities, and with reopening comes the unknown.

Specific to financial crimes compliance, there have been reports of malicious scams involving various payment networks, as well as social engineering exploits imposed on the general public. The overall theme of many of these fraudulent activities is to play on the emotions of those that are experiencing extreme insecurity and are looking everywhere for assistance, in an attempt to assist them with some sort of prepayment arrangement, or some other expedited access to funds that involve government stimulus payments or unemployment insurance (UI) claims. This is in addition to the workforce shortages that many compliance departments are enduring, forcing many to multitask or put on pause many of the functions for which they were responsible for, in order to assist with various daily operational tasks deemed necessary to business continuity plans.

Now, with what some are calling “The Great Reopening,” your financial institution can be sure to see an uptick in activities that were previously put on pause: cash transactions, business banking, negotiable instrument purchases, and other activities which usually require face-to-face interactions with members and customers. It’s no doubt that criminal enterprise has been struck equally as hard, and the natural expectation is that the pause in activity due to closure will also cause an uptick in conventional suspicious activities. When one puts it all together, balancing the monitoring of new and established criminal typologies, as well as the daily to-do’s, can be a daunting task.

So, how does a compliance professional balance everything given the situation at hand? First, its important to give yourself and your department some grace. Try using this approach to acknowledge that everyone is working hard to get things done and reported in a timely manner and are also balancing everything in their own lives on top of the work that must be done. Adding to this, do not make drastic and blanket changes to the workload, such as auto-closing your red-flag alerts, Currency Transaction Report (CTR) monitoring, or other methods of monitoring using manual and automated systems. Continue to work through your queues and report with as much effectiveness as possible. It may seem obvious to most, but I reiterate the point because when under the stress of balancing all these things, the concept of skipping over work may not be too far off.

Considering a risk-based approach to balancing financial crimes compliance operations can be helpful in protecting your members and customers from crime. Taking a measured effort at distributing the scarce resources and temporarily focusing effort on immediate issues is one way to use a risk-based approach, while acknowledging that the need to catch up and get things done will ultimately come. Every financial institution is dealing with their form of balancing the needs versus the availability of resources, and bank regulators are acknowledging the sudden influx of changes affecting financial institutions, as seen in the following link: https://www.federalreserve.gov/covid-19-supervisory-regulatory-faqs.htm. One final word: look to your regulator as a partner in this ever-changing situation and reach out to your representative if you have questions on addressing financial crimes or other related issues. Communication between the financial institution and your regulatory agency is key to success.

Financial Crime Trends & Related Risk Issues in a Quarantined World

While nearly all financial institutions are dealing with some level of adversity during the quarantine, it should be of note that financial crime risk seem to be affected as well.  We may be in the middle of the current COVID-19 pandemic, but its residual effects on crime patterns and trends may be seen for quite some time. As we’ve all noticed, technology is playing a big part in our own adaptation to quarantine life, whether work or leisure, and the very same tools we use everyday are those same technologies that are changing crime patterns as the world has moved even further in a digital direction.

Some Financial Crime Trends Specific to Quarantine

With isolation comes a sense of unease and nervousness for many, often leading to depression and for some, self-medication[i]. It is no coincidence that we are seeing a spike in substance abuse and specifically, opioid-related deaths and hospitalizations[ii], because of society’s reaction to the pandemic. Joblessness and an insecure future further exacerbate the situation. As such, financial institutions should assume that a likely spike in transactions related to the sale and trafficking of drugs may be occurring, and traditional methods of transaction exchange using cash and dark alleys may not be how things are done[iii] in the “new normal.” Thinking outside the box with scenario-building exercises can help determine which trends your financial institution is seeing.

Another trend being seen is the use of social engineering[iv] tactics in various scams involving COVID-19 government payments and Unemployment Insurance (UI) claims. Because much of what is occurring is “faceless,” meaning there is no physical interaction among parties or the financial institution, it is as important as ever to ensure your financial institution is staying on top of local trends and occurrences. Similarly, fraud involving Payroll Protection Program is occurring[v] among financial institutions, as local oversight of these programs can be hindered by lax Customer Identification Program (CIP) protocols in our ever-growing virtual environment.

Trade-based Money Laundering (TBML) schemes are prevalent as well. These schemes tend to involve Personal Protective Equipment, or PPE, and may involve some combined practice of price-gouging or hoarding for later profiteering[vi]. The same can be said for medications and other resources needed in the fight against the Coronavirus, and often involves persons or businesses who do not normally purchase related items suddenly involved in procurement[vii].

Related Risk Issues for Financial Institutions during Quarantine

A common risk factor in the above crime trends is that the transactions in each scheme involve the use of technology as cash is no longer efficient. This means that everyone, including bad actors, are looking to technology to assist them in exchanging for goods and services[viii]. Not without scrutiny, cryptocurrency poses its own risks, but now that the world has been forced to move into a virtual space in rapid succession, schemes involving extortion, phishing, or outright spoofing of legitimate services, is on the rise[ix].

E-commerce is rapidly growing, and criminal elements will continue to test the waters, pushing the envelope to see what is recognizable, and where they can hide their actions. This rapid growth of users in the online marketplace will continue to challenge financial institutions to look beyond cash-based transactions.

For this matter, looking at your financial institution’s data sources to see what information can be gleaned for more accurate assessment is but one aspect of taking a proactive approach. Reassessing your compliance team’s roles and pivoting focus from traditional and conventional methods of entry to the financial system to modern and cutting-edge methods is another way to refine your process. Conduct a brief risk assessment of your institution’s situation and leverage this knowledge towards making effective decisions. Keeping up to date with the surrounding footprint is one step in the right direction.

Broadening your team’s curiosity and aligning your financial institution’s focus on current trends that are unique to your location is vital in our evolving world. Financial crime trends and risk-related issues do not stay static, but also evolve with the changing landscape. It will be imperative that financial crime compliance efforts stay fresh to protect not just the financial institution, but its members and customers.

[i] https://fox59.com/news/psychiatrists-notice-spike-in-substance-abuse-mental-health-cases-since-quarantine-began/

[ii] https://local21news.com/news/local/overdose-deaths-skyrocket-in-pennsylvania-during-covid-19-pandemic

[iii] https://www.independent.co.uk/life-style/gadgets-and-tech/news/coronavirus-vaccine-cure-dark-web-drugs-market-covid-19-a9442671.html

[iv] https://www.interpol.int/en/Crimes/Financial-crime/Social-engineering-scams

[v] https://www.cnbc.com/2020/05/05/coronavirus-men-charged-with-fraud-over-cares-act-ppp-small-business-aid.html

[vi] https://www.justice.gov/coronavirus

[vii] https://www.miamiherald.com/news/coronavirus/article241707796.html

[viii] https://www.brookings.edu/blog/order-from-chaos/2020/04/03/what-coronavirus-means-for-online-fraud-forced-sex-drug-smuggling-and-wildlife-trafficking/

[ix] https://www.justice.gov/opa/pr/department-justice-announces-disruption-hundreds-online-covid-19-related-scams

BSA Program Effectiveness During Crisis

During the current crisis, questions have arisen regarding how to reduce the workload regarding transaction monitoring and other compliance-related tasks. The question, as simple as it might sound, may be more tailored to current human capital constraints than it is to compliance burden. This is likely due to the sudden shock to a compliance program given many financial institution’s contingency plans and restructuring of work for purposes of continuity and efficiency. Given this new reality, I wanted to share some of my thoughts and ideas around making efficient and effective use of a BSA Compliance System such as ours, SimpliRisk.

One strategy that may be easy to employ would be to consolidate your tasks into a periodic format and break away from daily task management procedures. Using the BSA Compliance function as an example, one quick way of doing this would be to consolidate your scans into a weekly or monthly review. This would allow the user to isolate and focus their time and effort towards a larger set of alerts and reviews,  breaking away from multitasking on a daily basis. Multitasking, in effect, has been deemed inefficient and ineffective for quite some time, and it gets worse the more stress we are under. More can be read on the topic of multitasking in articles such as this one from Entrepreneur.com.

Another exercise that can make things easier in the long run is to reduce your outputs by conducting qualitative and quantitative analysis on your rules set. To better explain qualitative data analysis, the compliance professional is using their own knowledge through analytical and critical thinking skills to determine the “quality” of rules or processes by assessing the outputs. An example of performing qualitative data analysis on settings within your transaction monitoring software would be to align your thresholds with your current BSA Risk Assessment. Its important to note that the crux of conducting qualitative analysis lies in the documentation of reasons for changes made, documenting findings that may affect how a compliance department might change the way things are done, and ultimately providing your professional logic and reasoning to the opinion formed during the research.

Alternatively, a quantitative data analysis approach to data relies specifically on fact through data, calculation and hard numbers to enhance analytical and critical thinking. For Example, transaction monitoring outputs can be measurable by comparing SAR and CTR Filing rates to transaction monitoring rules, corresponding alerts to front line reports that corroborate unusual activity, or legal order processing activities to past alert or high-risk monitoring activity. One might also consider applying statistical analysis to sample transaction data sets and deriving the sigma, then applying the sigma to determine thresholds that might be better indicators of potential risk. The important thing to note is that data and the quality therein are integral to conducting quantitative analysis.

Ultimately, the last thing a compliance officer should do is to shut off rules monitoring, especially during crisis. For a quick read of why turning off alerts within transaction monitoring software is a bad idea, take a read of the Assessment of Civil Money Penalty for Michael La Fontaine, formerly of U.S. Bank. Among other things, he was cited for “improperly capp(ing) the number of alerts generated by (the bank’s) automated transaction monitoring system,” and failure “to adequately staff the BSA compliance function.” Ultimately, Mr. LaFontaine was personally assessed a penalty of $450,000.

In conclusion, if your compliance department needs help in these uncertain times, reach out to us. We are here to assist in discussing and formulating any strategy you might have on reducing or consolidating compliance work as it pertains to our product. We can easily be reached via email at support@simplirisk.com.