Panelists NACUSAC

Annual Conference June 15, 2016

FinCEN Update

Thomas K. Lawler Senior Liaison Officer

Financial Crimes Enforcement Network

MISSION STATEMENT

Safeguard the financial system from illicit use

and combat money laundering and promote

national security through the collection,

analysis, and dissemination of financial

intelligence and strategic use of financial authorities.

Primary Responsibilities

• Financial Intelligence Unit of the

United States

• Administrator of the Bank Secrecy Act

3

To administer the BSA, FinCEN:

• Issues and interprets regulations implementing the BSA

and supports and enforces compliance with those

regulations ;

• Supports and coordinates compliance examination

functions delegated to other federal regulators;

• Manages the collection, processing, storage, and

dissemination of BSA information;

• Maintains a government-wide access service to the BSA

information, and networks users with overlapping interests;

and

• Conducts analyses to support policy makers, law

enforcement, regulatory, and intelligence agencies, and the

financial industry. 4

Information Sharing MOUs

• Federal Deposit Insurance Corporation

• Federal Reserve Board

• Office of the Comptroller of the Currency

• National Credit Union Administration

• Securities and Exchange Commission

• Commodity Futures Trading Commission

• Internal Revenue Service – SB/SE

• 67 State Regulatory Agencies

Information Sharing MOU

Two-way Information Sharing

• Help FinCEN fulfill role as administrator of the BSA

• Assist Agencies in their role as supervisors

• Improve interagency cooperation in the area of BSA

examination and compliance

Ultimate Goal

Enhance communication and cooperation to help

financial institutions identify, deter, and interdict terrorist

financing and money laundering

314(b) Information Sharing

314(b) Voluntary Information Sharing

• Section 314(b) of the USA PATRIOT Act provides financial

institutions with the ability to share information with one

another, under a safe harbor that offers protections from

liability, in order to better identify and report potential money

laundering or terrorist activities.

• 314(b) information sharing is a voluntary program, and

FinCEN strongly encourages information sharing through

Section 314(b) .

7

314(b) Information Sharing

What Information can be Shared Under 314(b)?

Under 314(b), financial institutions or associations of

financial institutions may share information with each other

regarding individuals, entities, organizations, and countries

for purposes of identifying, and, where appropriate, reporting

activities that may involve possible terrorist activity or

money laundering.

FinCEN has issued guidance clarifying that, if 314(b) sharing

participants suspect that transactions may involve the

proceeds of specified unlawful activities under money

laundering statutes, information related to such transactions

can be shared under protection of the 314(b) safe harbor. 8

314(b) Information Sharing

• Banks and Credit Unions

• Casinos and Card Clubs

• Money Services Businesses

• Brokers or Dealers in

Securities

• Mutual Funds

• Insurance Companies

• Futures Commission

Merchants & Brokers in

Commodities

• Dealers in Precious Metals,

Precious Stones, or Jewels

• Operators of Credit Card

Systems

• Loan or Finance Companies 9

Who is Eligible to Participate in 314(b)? Financial institutions subject to an AML program requirement

under FinCEN regulations, and any association of such

financial institutions, are eligible to share information under

Section 314(b):

Introduction to FinCEN’s Secure Information Sharing System

Secure Information Sharing System (SISS) SISS is the expanded platform being developed for FinCEN to share information securely between law enforcement and financial institutions.

SISS provides financial institutions the capability to: access 314(a) subject lists by law enforcement and to report positive matches on that information; access advisories and reports on the latest trends in money laundering or terrorist financing; and provide special collections information to FinCEN in a secure environment. This August, 314(b) activities will be migrated to SISS.

Enhancements to Information

Sharing using SISS.

• September 2015: Major enhancement Visual enhancements and streamlined

layout

Security enhancements

Ability to transmit information to FinCEN securely via the Special Collections tab

• May 2016: Capability for law enforcement to receive

responses in real time

Capability for targeted communications to financial institutions

11

Recent Secure Information Sharing System Enhancements

314(b) Information Sharing

Benefits of 314(b) Information Sharing

To sign up:

http://www.fincen.gov/statutes_regs/patriot/section314b.html

(or “Search 314(b)”)

Or Call: 866-326-8314 (314(b) Helpline)

12

How/Why Credit Unions are being targeted for Financial Crimes.

Career Criminal Willie Sutton said it best:

“because that’s where the money is”

Cyber Security Cyber threat activity has continued to multiply

• Home Depot Card Breach

• JPMorgan hack

• Spoofed e-mail address used in phishing

(Fiserv)

• Russian Hackers Steal 1.2B Passwords

• OPM database hacked (22.1M)

Cyber Security Terms:

• Social Engineering

• Malicious Code

• Phishing……Spear Phishing

• Pharming

• Smurf

• Sniffing

• Polymorphism

• Ping of Death

• Stealthing

What is BEC?

• Is BEC new?

• Is BEC a new name for an

old scheme?

• How complex are BEC

schemes?

• Why is BEC such a

concern?

• Let’s find out…

BEC Defined

Business Email Compromise is a

form of fraud that targets businesses,

whereby the perpetrators

compromise the email accounts of

victims and/or use spoofed emails, in

order to send false payment

instructions that direct funds to

accounts under their control.

Key Characteristics of a BEC scheme

• Victim is a business • Acute, targeted attack – not random • Perpetrator tricks victim into

voluntarily initiating a funds transfer • This has significant implications

for liability • Email appears to originate from a

known individual as a part of normal business activity

• Coordinated actions of multiple actors • Funds flow overseas

-Directly -Via U.S. accounts

• Subsequent attempts on same victim • All business types are potential victims • Transfer amounts vary greatly • Larger transfers tend to go directly overseas • Recipients as victims/unwitting accomplices

Common Trends in BEC schemes

• Attacks are tailored to victim • Circumvent normal fraud safeguards • Impersonal business interaction is common • Subordinates hesitate to question superiors • People like being trusted with secrecy • Subsequent requests become easie

Why are BEC schemes successful?

• Transfer requests from a new email address • Transfer requests from web-based domains • Transfer requests to new accounts/ individuals

or companies • Overseas transfers- particularly China, Hong

Kong, Malaysia, and the UK • Subsequent transfer requests from recipient

Possible Red Flags for BEC

• Transfer requests sent when requestor is traveling or otherwise unavailable

• Transfer request sent near COB hours • Urgent/confidential transfer requests • Vague accounting information – “code to

administrative expenses” - “for construction expenses”

• Poor use of English language is not a tip-off

Additional BEC Red Flags

• Dual-band verification of all wires • Carefully verify accuracy of email addresses • Pay careful attention to account information • Question any changes to account information • Scrutinize overseas transfers (especially to high

risk jurisdictions) • Maintain list of authorized wire recipient info • Limit individuals authorized to send wires

Tips for Preventing BEC

• IC3 www.ic3.gov • FBI Cyber Crimes Task Force • FBI Local Field Office • USSS Electronic Crimes Task Force • USSS Local Field Office Quick Action is Critical

LE Contacts for BEC

Email Account Compromise (EAC)

EAC is a sister scam to BEC. EAC differs from BEC in that it targets individuals or individual professionals instead of businesses. EAC is defined as a sophisticated scam that targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms.

Ransomware

Ransomware is a form of malware that targets both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and/or systems. Ransomware is frequently delivered through spear phishing emails to end users, resulting in the rapid encryption of sensitive files on a corporate network. When the victim organization determines they are no longer able to access their data, the cyber actor demands the payment of a ransom, typically in virtual currency such as BitCoin, at which time the actor will purportedly provide an avenue to the victim to regain access to their data. Recent iterations target enterprise end users, making awareness and training a critical preventative measure. In 2015, the IC3 received 2,453 complaints identified as Ransomware with losses of over $1.6 million.

2015 Complaint Demographics

Victims Age Range Male Count Male Loss Female Count Female Loss Total Count Total Loss

Under 20 6,086 $5,535,268 4,349 $2,543,810 10,435 3.62% $8,079,077

20 - 29 26,539 $45,744,076 24,763 $25,222,975 51,302 17.81% $70,967,050

30 - 39 30,153 $102,334,135 26,866 $54,706,343 57,019 19.80% $157,040,478

40 - 49 28,694 $158,386,367 29,559 $105,668,109 58,253 20.23% $264,054,476

50 - 59 31,473 $171,954,578 27,655 $115,646,653 59,128 20.53% $287,601,231

Over 60 29,453 $153,157,867 22,422 $129,811,342 51,875 18.01% $282,969,208

Totals 52.91% $637,112,290 47.09% $433,599,232 288,012 $1,070,711,522

152,398 135,614

2015 Top 10 States by Victim Location

1. California 14.53%

2. Florida 8.47%

3. Texas 7.67%

4. New York 6.30%

5. Illinois 3.51%

6. Pennsylvania 3.31%

7. Virginia 3.14%

8. New Jersey 3.01%

9. Washington 2.72%

10. Ohio 2.69%

Note: Percent of complaints reported to the IC3 when the location was provided.

2015 Crime TypesBy Victim Count Non-Payment/Non-Delivery 67,375 Lottery/Sweepstakes 5,324 419/Overpayment 30,855 Malware/Scareware 3,294 Identity Theft 21,949 Corporate Data Breach 2,499 Auction 21,510 Ransomware 2,453 Other 19,963 IPR/Copyright and Counterfeit 1,931 Personal Data Breach 19,632 Investment 1,806 Employment 18,758 Crimes Against Children 1,348 Extortion 17,804 Civil Matter 1,148 Credit Card Fraud 17,172 Re-shipping 1,073 Phishing/Vishing/Smishing/Pharming 16,594 Denial of Service 1,020 Advanced Fee 16,445 Virus 971 Harassment/Threats of Violence 14,812 Health Care Related 465 Confidence Fraud/Romance 12,509 Charity 411 No Lead Value 12,187 Terrorism 361 Government Impersonation 11,832 Hacktivist 211 Real Estate/Rental 11,562 Gambling 131 Business Email Compromise 7,837 Criminal Forums 62 Misrepresentation 5,458

• Partnership of FinCEN and FBI (October 2014) • USSS joined the partnership (March 2015) • FinCENs counterpart FIUs in 152 jurisdictions • Used to freeze assets in foreign jurisdictions • 245 requests to 28 foreign FIUs* • USD $171.3 million recovered*

*As of 2/29/2026

Global Rapid Response Program

How to Contact FinCEN • FinCEN Resource Center

1-800-767-2825 or FRC@fincen.gov

• FinCEN website: www.fincen.gov (Subscribe!)

• 314(b) Helpline: 1-866-326-8314 (Not on website)

• FINANCIAL INSTITUTIONS HOTLINE: 1-866-556-3974.

7 days a week, 24 hours a day to report suspicious

transactions that may relate to terrorist activity

• Thomas K. Lawler, Senior Liaison Officer

(202) 354-6396 or thomas.lawler@fincen.gov

QUESTIONS?