fincen update - nacusac · fincen update thomas k. lawler senior liaison officer financial crimes...
TRANSCRIPT
Panelists NACUSAC
Annual Conference June 15, 2016
FinCEN Update
Thomas K. Lawler Senior Liaison Officer
Financial Crimes Enforcement Network
MISSION STATEMENT
Safeguard the financial system from illicit use
and combat money laundering and promote
national security through the collection,
analysis, and dissemination of financial
intelligence and strategic use of financial authorities.
Primary Responsibilities
• Financial Intelligence Unit of the
United States
• Administrator of the Bank Secrecy Act
3
To administer the BSA, FinCEN:
• Issues and interprets regulations implementing the BSA
and supports and enforces compliance with those
regulations ;
• Supports and coordinates compliance examination
functions delegated to other federal regulators;
• Manages the collection, processing, storage, and
dissemination of BSA information;
• Maintains a government-wide access service to the BSA
information, and networks users with overlapping interests;
and
• Conducts analyses to support policy makers, law
enforcement, regulatory, and intelligence agencies, and the
financial industry. 4
Information Sharing MOUs
• Federal Deposit Insurance Corporation
• Federal Reserve Board
• Office of the Comptroller of the Currency
• National Credit Union Administration
• Securities and Exchange Commission
• Commodity Futures Trading Commission
• Internal Revenue Service – SB/SE
• 67 State Regulatory Agencies
Information Sharing MOU
Two-way Information Sharing
• Help FinCEN fulfill role as administrator of the BSA
• Assist Agencies in their role as supervisors
• Improve interagency cooperation in the area of BSA
examination and compliance
Ultimate Goal
Enhance communication and cooperation to help
financial institutions identify, deter, and interdict terrorist
financing and money laundering
314(b) Information Sharing
314(b) Voluntary Information Sharing
• Section 314(b) of the USA PATRIOT Act provides financial
institutions with the ability to share information with one
another, under a safe harbor that offers protections from
liability, in order to better identify and report potential money
laundering or terrorist activities.
• 314(b) information sharing is a voluntary program, and
FinCEN strongly encourages information sharing through
Section 314(b) .
7
314(b) Information Sharing
What Information can be Shared Under 314(b)?
Under 314(b), financial institutions or associations of
financial institutions may share information with each other
regarding individuals, entities, organizations, and countries
for purposes of identifying, and, where appropriate, reporting
activities that may involve possible terrorist activity or
money laundering.
FinCEN has issued guidance clarifying that, if 314(b) sharing
participants suspect that transactions may involve the
proceeds of specified unlawful activities under money
laundering statutes, information related to such transactions
can be shared under protection of the 314(b) safe harbor. 8
314(b) Information Sharing
• Banks and Credit Unions
• Casinos and Card Clubs
• Money Services Businesses
• Brokers or Dealers in
Securities
• Mutual Funds
• Insurance Companies
• Futures Commission
Merchants & Brokers in
Commodities
• Dealers in Precious Metals,
Precious Stones, or Jewels
• Operators of Credit Card
Systems
• Loan or Finance Companies 9
Who is Eligible to Participate in 314(b)? Financial institutions subject to an AML program requirement
under FinCEN regulations, and any association of such
financial institutions, are eligible to share information under
Section 314(b):
Introduction to FinCEN’s Secure Information Sharing System
Secure Information Sharing System (SISS) SISS is the expanded platform being developed for FinCEN to share information securely between law enforcement and financial institutions.
SISS provides financial institutions the capability to: access 314(a) subject lists by law enforcement and to report positive matches on that information; access advisories and reports on the latest trends in money laundering or terrorist financing; and provide special collections information to FinCEN in a secure environment. This August, 314(b) activities will be migrated to SISS.
Enhancements to Information
Sharing using SISS.
• September 2015: Major enhancement Visual enhancements and streamlined
layout
Security enhancements
Ability to transmit information to FinCEN securely via the Special Collections tab
• May 2016: Capability for law enforcement to receive
responses in real time
Capability for targeted communications to financial institutions
11
Recent Secure Information Sharing System Enhancements
314(b) Information Sharing
Benefits of 314(b) Information Sharing
To sign up:
http://www.fincen.gov/statutes_regs/patriot/section314b.html
(or “Search 314(b)”)
Or Call: 866-326-8314 (314(b) Helpline)
12
How/Why Credit Unions are being targeted for Financial Crimes.
Career Criminal Willie Sutton said it best:
“because that’s where the money is”
Cyber Security Cyber threat activity has continued to multiply
• Home Depot Card Breach
• JPMorgan hack
• Spoofed e-mail address used in phishing
(Fiserv)
• Russian Hackers Steal 1.2B Passwords
• OPM database hacked (22.1M)
Cyber Security Terms:
• Social Engineering
• Malicious Code
• Phishing……Spear Phishing
• Pharming
• Smurf
• Sniffing
• Polymorphism
• Ping of Death
• Stealthing
What is BEC?
• Is BEC new?
• Is BEC a new name for an
old scheme?
• How complex are BEC
schemes?
• Why is BEC such a
concern?
• Let’s find out…
BEC Defined
Business Email Compromise is a
form of fraud that targets businesses,
whereby the perpetrators
compromise the email accounts of
victims and/or use spoofed emails, in
order to send false payment
instructions that direct funds to
accounts under their control.
Key Characteristics of a BEC scheme
• Victim is a business • Acute, targeted attack – not random • Perpetrator tricks victim into
voluntarily initiating a funds transfer • This has significant implications
for liability • Email appears to originate from a
known individual as a part of normal business activity
• Coordinated actions of multiple actors • Funds flow overseas
-Directly -Via U.S. accounts
• Subsequent attempts on same victim • All business types are potential victims • Transfer amounts vary greatly • Larger transfers tend to go directly overseas • Recipients as victims/unwitting accomplices
Common Trends in BEC schemes
• Attacks are tailored to victim • Circumvent normal fraud safeguards • Impersonal business interaction is common • Subordinates hesitate to question superiors • People like being trusted with secrecy • Subsequent requests become easie
Why are BEC schemes successful?
• Transfer requests from a new email address • Transfer requests from web-based domains • Transfer requests to new accounts/ individuals
or companies • Overseas transfers- particularly China, Hong
Kong, Malaysia, and the UK • Subsequent transfer requests from recipient
Possible Red Flags for BEC
• Transfer requests sent when requestor is traveling or otherwise unavailable
• Transfer request sent near COB hours • Urgent/confidential transfer requests • Vague accounting information – “code to
administrative expenses” - “for construction expenses”
• Poor use of English language is not a tip-off
Additional BEC Red Flags
• Dual-band verification of all wires • Carefully verify accuracy of email addresses • Pay careful attention to account information • Question any changes to account information • Scrutinize overseas transfers (especially to high
risk jurisdictions) • Maintain list of authorized wire recipient info • Limit individuals authorized to send wires
Tips for Preventing BEC
• IC3 www.ic3.gov • FBI Cyber Crimes Task Force • FBI Local Field Office • USSS Electronic Crimes Task Force • USSS Local Field Office Quick Action is Critical
LE Contacts for BEC
Email Account Compromise (EAC)
EAC is a sister scam to BEC. EAC differs from BEC in that it targets individuals or individual professionals instead of businesses. EAC is defined as a sophisticated scam that targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms.
Ransomware
Ransomware is a form of malware that targets both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and/or systems. Ransomware is frequently delivered through spear phishing emails to end users, resulting in the rapid encryption of sensitive files on a corporate network. When the victim organization determines they are no longer able to access their data, the cyber actor demands the payment of a ransom, typically in virtual currency such as BitCoin, at which time the actor will purportedly provide an avenue to the victim to regain access to their data. Recent iterations target enterprise end users, making awareness and training a critical preventative measure. In 2015, the IC3 received 2,453 complaints identified as Ransomware with losses of over $1.6 million.
2015 Complaint Demographics
Victims Age Range Male Count Male Loss Female Count Female Loss Total Count Total Loss
Under 20 6,086 $5,535,268 4,349 $2,543,810 10,435 3.62% $8,079,077
20 - 29 26,539 $45,744,076 24,763 $25,222,975 51,302 17.81% $70,967,050
30 - 39 30,153 $102,334,135 26,866 $54,706,343 57,019 19.80% $157,040,478
40 - 49 28,694 $158,386,367 29,559 $105,668,109 58,253 20.23% $264,054,476
50 - 59 31,473 $171,954,578 27,655 $115,646,653 59,128 20.53% $287,601,231
Over 60 29,453 $153,157,867 22,422 $129,811,342 51,875 18.01% $282,969,208
Totals 52.91% $637,112,290 47.09% $433,599,232 288,012 $1,070,711,522
152,398 135,614
2015 Top 10 States by Victim Location
1. California 14.53%
2. Florida 8.47%
3. Texas 7.67%
4. New York 6.30%
5. Illinois 3.51%
6. Pennsylvania 3.31%
7. Virginia 3.14%
8. New Jersey 3.01%
9. Washington 2.72%
10. Ohio 2.69%
Note: Percent of complaints reported to the IC3 when the location was provided.
2015 Crime TypesBy Victim Count Non-Payment/Non-Delivery 67,375 Lottery/Sweepstakes 5,324 419/Overpayment 30,855 Malware/Scareware 3,294 Identity Theft 21,949 Corporate Data Breach 2,499 Auction 21,510 Ransomware 2,453 Other 19,963 IPR/Copyright and Counterfeit 1,931 Personal Data Breach 19,632 Investment 1,806 Employment 18,758 Crimes Against Children 1,348 Extortion 17,804 Civil Matter 1,148 Credit Card Fraud 17,172 Re-shipping 1,073 Phishing/Vishing/Smishing/Pharming 16,594 Denial of Service 1,020 Advanced Fee 16,445 Virus 971 Harassment/Threats of Violence 14,812 Health Care Related 465 Confidence Fraud/Romance 12,509 Charity 411 No Lead Value 12,187 Terrorism 361 Government Impersonation 11,832 Hacktivist 211 Real Estate/Rental 11,562 Gambling 131 Business Email Compromise 7,837 Criminal Forums 62 Misrepresentation 5,458
• Partnership of FinCEN and FBI (October 2014) • USSS joined the partnership (March 2015) • FinCENs counterpart FIUs in 152 jurisdictions • Used to freeze assets in foreign jurisdictions • 245 requests to 28 foreign FIUs* • USD $171.3 million recovered*
*As of 2/29/2026
Global Rapid Response Program
How to Contact FinCEN • FinCEN Resource Center
1-800-767-2825 or [email protected]
• FinCEN website: www.fincen.gov (Subscribe!)
• 314(b) Helpline: 1-866-326-8314 (Not on website)
• FINANCIAL INSTITUTIONS HOTLINE: 1-866-556-3974.
7 days a week, 24 hours a day to report suspicious
transactions that may relate to terrorist activity
• Thomas K. Lawler, Senior Liaison Officer
(202) 354-6396 or [email protected]
QUESTIONS?