InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DOJ announces crackdown on fraud networks targeting consumer accounts
On December 15, in conjunction with the DOJ’s Consumer Protection Branch efforts to crack down on fraud, the DOJ unsealed two cases against groups that allegedly stole money from consumer accounts with financial institutions. According to the DOJ, the groups used “deceptive tactics” to cover the fraud, and in the two cases, the Department is seeking “temporary restraining orders and the appointment of receivers to stop defendants from dissipating assets.”
The first case (in the U.S. District Court for the Southern District of Florida) involves a group that allegedly committed bank and wire fraud and stole millions from consumers and small businesses by repeatedly creating sham companies. According to the complaint, since at least 2017, the defendants operated fraud schemes disguised as legitimate online marketing service providers by fabricating websites, forging consumer authorizations for charges, and establishing a “customer service” call center to handle complaints. The defendants allegedly obtained bank account information from individuals and small businesses without permission and utilized payment processors to make unauthorized debits to accounts. The DOJ claims that, to carry out the fraud, the defendants used remotely created checks, which are created remotely by a payee using the account holder’s information but without their signature. The second case (in the U.S. District Court for the Eastern District of California) bears many similarities to the first case, including the type of alleged fraud scheme. Both cases also involve the use of “microtransactions,” which are low-dollar fake transactions designed to artificially lower the apparent rate of return or rejected transactions. The defendants in the second case in particular allegedly gathered large deposits from their merchant clients and used those funds to initiate microtransactions that appeared as if they were payments for the merchants’ goods and services. Essentially, according to the Department’s complaint, the merchants paid themselves: the funds initially paid to the defendants were returned to the merchants as microtransactions, while the defendants allegedly collected a percentage of the transactions as service fees.
EU-U.S. releases statement from Joint Financial Regulatory Forum
On December 8, participants in the EU-U.S. Joint Financial Regulatory Forum met, including officials from the Treasury Department, Fed, CFTC, FDIC, SEC, and OCC, and issued a joint statement. The statement regarded ongoing dialogues from December 4-5 and focused on six themes: “(1) market developments and financial stability; (2) regulatory developments in banking and insurance; (3) anti-money laundering and countering the financing of terrorism…; (4) sustainable finance; (5) regulatory and supervisory cooperation in capital markets; and (6) operational resilience and digital finance.”
The joint statement acknowledged how risks to the EU and U.S. financial sectors have been mitigated in recent months, e.g., inflation risks, although lingering concerns remain regarding the impact of increased interest rates, high levels of private and public sector debt, and the ongoing geopolitical situations. Participants reaffirmed the significance of strong prudential standards for banks, effective resolution frameworks—particularly across borders—and robust supervisory practices, along with effective macroprudential policies. Finally, the conversations covered recent cryptoasset market changes and updates on regulatory and enforcement initiatives in the U.S.
FinCEN, IRS issue alert on Covid-19 employee retention credit fraud schemes
On November 22, FinCEN and the IRS issued an alert to financial institutions regarding Covid-19 Employee Retention Credit (ERC)-related fraud schemes. Authorized by the CARES Act, the ERC is a tax credit aimed at incentivizing businesses to retain employees on payroll during the Covid-19 pandemic, through which fraud and scams have been carried out, FinCEN explained. The alert offers insights into typologies linked to ERC fraud and scams, emphasizes specific warning signs to aid financial institutions in detecting and reporting suspicious activities, and reinforces these institutions' obligations to report under the Bank Secrecy Act (BSA).
According to the alert, “[d]uring the 2023 tax season, the IRS noted various scammers appeared throughout the [U.S.] using the false pretense of being tax credit experts to convince businesses to file for the ERC.” Third-party ERC promoters misled taxpayers about eligibility, aiming to profit from filing ERC claims without verifying qualifications, FinCEN added. As a result, the alert mentioned that victims risk claim denial or repayment, while scammers profit regardless of the claim's outcome, involving both willing and unaware businesses in these schemes. FinCEN added that businesses must meet specific ERC requirements, and those who received PPP loans cannot use the same wages counted in the PPP loan for the ERC application. Despite this, some may file amended tax returns misrepresenting their eligibility for the ERC by falsifying staff wages or claiming their operations were partially or fully suspended during the pandemic. FinCEN listed “red flags” indicative of ERC fraud that financial institutions should be cognizant of, including, among others, (i) a business account that receives multiple ERC check deposits over several days; (ii) small business accounts that receive ERC check deposits disproportionate to their size, employee count, and transaction volume; and (iii) a new account for an established business that only receives ERC deposits, suggesting possible identity theft using the business as a front for fraudulent claims. The alert also reminds financial institutions of their obligation to file suspicious activity reports and to keep a copy of the reports for five years from the date of the filing.
DOJ seizes $9 million in crypto from criminal scammers
On November 21, the DOJ seized nearly $9 million in stablecoins from cryptocurrency scammers after the criminals exploited over 70 victims. The DOJ seized stablecoins, a certain crypto asset pegged to a central bank’s currency, tied to the U.S. dollar. The scammers employed a long-con technique called “pig butchering” which is a tactic to build and exploit a victim’s trust over time by creating fake romantic enticements meant to swindle victims into handing over money. The criminals targeted and convinced victims to “make cryptocurrency deposits by fraudulently representing that the victims were making investments with trusted firms and cryptocurrency exchanges.”
The DOJ was able to trace the stolen funds based on the funds’ cryptocurrency addresses as part of a money laundering technique known as “chain hopping… used to ‘layer’ the proceeds of criminal activity into new cryptocurrency ecosystems, all to obfuscate the… ownership of those proceeds.” The DOJ worked with the U.S. Secret Service to trace the victim’s deposits, and it was originally alerted from victim reports made on the FBI’s Internet Crime Complaint Center and the FTC’s Consumer Sentinel Network.
FinCEN announces NPRM for new regulation to combat CVC mixing
On October 19, FinCEN announced a notice of proposed rulemaking (NPRM) that identifies international Convertible Virtual Currency mixing (CVC) as a primary money laundering concern. In its NPRM, FinCEN highlighted the prevalence of illicit actors, including Hamas and Palestinian Islamic Jihad, who use CVC mixing to fund their illegal activity, and how increased transparency can combat their efforts. According to FinCEN, CVC mixing is used to conceal the source, destination, or amount involved in transactions. The proposed rule would require covered financial institutions to collect records of, and report suspicious CVC mixing transactions, as defined, to FinCEN within 30 days of initial detection. The proposed rule would not require covered financial institutions to source additional report information from the transactional counterparty, adding that the information required for the report is similar to information already collected by financial institutions. FinCEN also noted this is its first ever use of its authority under Section 311 of the USA PATRIOT Act.
FinCEN invites comments for the proposed rule, including responses to questions addressing the impact of the proposed rule, definitions, reporting, and recordkeeping. Comments must be received by January 22, 2024, and they can be submitted via instructions found in the announcement.
DOJ announces international malware action, recovers $8.6 million in illicit profits
On August 29, the DOJ announced a multinational operation involving the U.S., France, Germany, the Netherlands, the UK, Romania, and Latvia to “disrupt” a malware’s infrastructure called Qakbot. Attorney General Merrick B. Garland stated that, “[t]ogether with our international partners, the Justice Department has hacked Qakbot’s infrastructure, launched an aggressive campaign to uninstall the malware from victim computers in the United States and around the world, and seized $8.6 million in extorted funds. ” The main method by which the Qakbot malware spreads to target computers is via spam emails that contain harmful attachments or links. Upon successfully infecting a target computer, the DOJ mentioned that Qakbot gains the capability to introduce other types of malware, such as ransomware. Over the past few years, many ransomware collectives have used Qakbot as an initial avenue for initiating infections and has caused hundreds of millions of dollars in damages. The DOJ highlighted that “[t]he action represents the largest U.S.-led financial and technical disruption of a botnet infrastructure leveraged by cybercriminals to commit ransomware, financial fraud, and other cyber-enabled criminal activity.”
FDIC releases operational risks in 2023 Risk Review
On August 14, the FDIC released its 2023 Risk Review, summarizing emerging risks in the U.S. banking system observed during 2022 and early 2023 in five broad categories: (i) credit risk; (ii) market risk; (iii) operational risk; (iv) crypto-asset risk; and (v) climate-related financial risk. According to the FDIC, the current risk review adds a new section relating to the FDIC’s approach to understanding and evaluating crypto-asset-related markets and activities. Monitoring these risks is among the agency’s top priorities, the FDIC said, and the “failure of three large banking institutions in March and May highlighted certain risks to the banking sector.” The FDIC stated that weaker economic conditions and higher interest rates in 2022 continued through early 2023, and “financial market conditions tightened considerably starting in 2022 on rising interest rates, high inflations, and concerns over a potential recession.” Overall, the FDIC said that “despite these challenges and the market stress in early 2023, the banking industry demonstrated resilience, but industry performance moderated from 2022.”
Senators ask Treasury, White House for answers on North Korea’s crypo-crime funding
On August 4, Senators Elizabeth Warren (D-MA), Tim Kaine (D-VA), and Chris Van Hollen (D-MD) sent a letter to the White House National Security Advisor and the Treasury Department’s Under Secretary for Terrorism and Financial Intelligence regarding their concerns over North Korea’s use of cyberattacks and cryptocurrency theft to skirt international sanctions and embargos. The letter urges the Treasury to provide details on its plan to stop North Korea from using digital assets to evade sanctions and continue with the development of nuclear weapons and ballistic missiles. The senators noted that a UN report found that in 2016, “North Korea exhibited a ‘clear shift’ to attacking cryptocurrency exchanges for the purposes of ‘generating financial revenue’” that is difficult to trace and subject to less government oversight. The letter highlights the effects of the cyberattacks, including how they have generated about $2 billion, which is then used to fund the North Korean military. The extent of the cybercrime and cryptocurrency thefts show its use is “key” to the regime’s survival, and notes that the regime has a workforce of thousands of IT workers who operate out of many different countries. The senators asked for a response to their five questions by August 16.
FFIEC updates BSA/AML examination manual
On August 2, the Federal Financial Institutions Examination Council (FFIEC) updated its Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual, which provides examiners with instructions for assessing a bank or credit union’s BSA/AML compliance program and adherence to BSA regulatory requirements. The revisions include updates to the following sections:
- Special Information Sharing Procedures to Deter Money Laundering and Terrorist Activity
- Due Diligence Programs for Correspondent Accounts for Foreign Financial Institutions
- Due Diligence Programs for Private Banking Accounts
- Prohibition on Correspondent Accounts for Foreign Shell Banks; Records Concerning Owners of Foreign Banks and Agents for Service of Legal Process
- Summons or Subpoena of Foreign Bank Records; Termination of Correspondent Relationship; Records Concerning Owners of Foreign Banks and Agents for Service of Legal Process
- Reporting Obligations on Foreign Bank Relationships with Iranian-Linked Financial Institutions
The FFIEC noted that the “updates should not be interpreted as new instructions or as a new or increased focus on certain areas,” but rather are intended to “provide information and considerations related to certain customers that may indicate the need for bank policies, procedures, and processes to address potential money laundering, terrorist financing, and other illicit financial activity risks.” In addition, the Manual itself does not establish requirements for financial institutions, which are found in applicable statutes and regulations but rather reinforce the agency’s risk-focused approach to BSA/AML examinations.
EU-U.S. release statement on Joint Financial Regulatory Forum
On July 20, participants in the U.S.-EU Joint Financial Regulatory Forum, including officials from the Treasury Department, Federal Reserve Board, CFTC, FDIC, SEC, and OCC, issued a joint statement regarding the ongoing dialogue that took place from June 27-28, noting that the matters discussed during the forum focused on six themes: “(1) market developments and financial stability risks; (2) regulatory developments in banking and insurance; (3) anti-money laundering and countering the financing of terrorism (AML/CFT); (4) sustainable finance and climate-related financial risks; (5) regulatory and supervisory cooperation in capital markets; and (6) operational resilience and digital finance.”
Participants acknowledged that the financial sector in both the EU and the U.S. is exposed to risk due to ongoing inflationary pressures, uncertainties in the global economic outlook, and geopolitical tensions as a result of Russia’s war on Ukraine. During discussions, participants emphasized the significance of strong bank prudential standards, effective resolution frameworks, and robust supervision practices. They also stressed the importance of international cooperation and continued dialogue to monitor vulnerabilities and strengthen the resilience of the financial system. Participants took note of recent developments relating to, among other things, recent bank failures, digital finance, the crypto-asset market, and the potential adoption of central bank digital currencies.