The following is an article reprinted with permission from the Fall 2004 edition of The WWR Letter:
Member Co-Conspiracy in Fraud
By: Robert Rutkowski, Esquire
Member calls concerning fraud seem to have jumped dramatically over the last few years. Technology plays a role both in creating fraudulent instruments as well as in taking advantage of Automated Clearing House (ACH) and other electronic transfers to move fraudulently obtained money quickly. However, people are still the lynchpin in the majority of fraud cases committed against credit unions today. Most of this occurs when a scam artist uses social engineering or “pfishing” to use people as his or her own tools. Social engineering is simply contacting someone by phone or email and tricking them into revealing sensitive information. Pfishing is similar but the goal is using technology to find information out about someone or to trick them into revealing passwords or account numbers.
The technique of scam artists getting help from the member to commit a fraud is also becoming more sophisticated. Credit union members have become, at times, unwitting co-conspirators in the commission of fraud. Some credit unions have developed a way of combating this phenomenon. They make a list of questions for their members and post it in the lobby. Questions asked often include:
- Are you depositing a check you received as a result of an email from Nigeria?
- Are you depositing a check you received as an overpayment for an item you sold on eBay?
- Has someone asked you to deposit your check on their behalf but allowing you to keep some of the proceeds?
People who read the poster and fall into one of these categories are directed to a specific person at the branch who is adept at handling fraud issues. One could be cynical and call this a “stupid member list”, but the list has real value. If a credit union loses money because of such a scam, often the courts will not hold the member accountable because of the lack of intent. If a court does grant a judgment against the member, a bankruptcy court may allow the person to discharge the debt because intent is in question. Stupidity can be a defense after all.
The most important thing a credit union can do to prevent fraud is to educate the front line tellers not to exchange value for a large instrument without going through a verification process with another employee. A person who is trying to commit fraud will make every effort to convince the teller to give cash or a certified check for a bogus instrument. If the credit union has policies to verify suspicious instruments with the originators and, where possible, put holds on the instruments, much over-the-counter fraud can be prevented.
Thus, fraud prevention can be as simple as having a point person who:
- Deals with customers who have questionable circumstances surrounding their deposits, and
- Acts as a decision maker when a teller is presented with a large, suspicious instrument
Having this person in place along with drafted policies to back up the procedure can go a long way in fraud prevention.
Robert Rutkowski is the Managing Partner of WWR’s Credit Union department. Located in the Brooklyn Heights operations center, he can be reached at (216) 739-5004 or rrutkowski@weltman.com.
Filed under: Equal Credit Opportunity Act, Fair Credit Reporting Act, Regulation B, adverse action
The following is an article reprinted with permission from the Fall 2006 edition of The WWR Letter:
To “B” Or Not to “B”: Sending Adverse Action Notices
By: John B.C. Porter, Esquire
The Fair Credit Reporting Act (“FCRA”) requires creditors to give adverse action notices (“AAN”) to each consumer whose application has been denied in part due to the evaluation of their credit report. There are two essential prerequisites to this obligation:
(1) The creditor acquired the consumer’s credit report; and
(2) The creditor took adverse action based on information contained within the consumer’s credit report.
The Equal Credit Opportunity Act (“ECOA”), implemented through Regulation B, also requires creditors to provide consumers with AAN when denying a consumer credit based in whole or in part on information contained within a consumer’s credit report. Both acts require AAN, but the acts differ on what triggers the AAN, to whom the creditor must provide the notice, and what information the AAN must contain.
Regulation B’s requirements are listed within 12 CFR §202.9, and require the AAN to include the:
· Creditor’s name and address
· A statement of the action taken
· A list of the principle and specific reasons for the AAN
· The ECOA notice
The FCRA notice, found within §615(a) of the Act, requires a:
· Statement that the creditor used the credit report in taking adverse action
· The address and telephone number of the credit reporting company
· A statement that the consumer has a right to a copy of their credit report and to dispute the accuracy of information in the report
· A statement that the credit bureau did not participate in and cannot explain the credit decision
When more than one consumer is involved, Regulation B allows creditors to send one notice. This is based on the assumption that if several people apply together for credit, they will be in communication with each other and can share the information about the decision. The FCRA, however, does not allow for one notice to serve all consumers whose credit reports were used for denial of credit. Because the FCRA protects an individual consumer’s rights with regard to how information about him or her is obtained and used, the FCRA adverse action notice must go to each consumer whose report was used in taking the adverse action.
Let us go through some real world examples to illustrate whether an AAN is necessary, what kind of notice is required, and to whom it should go:
1) A consumer opens a checking account with an ATM card. The consumer also requests a debit card, but his credit report does not warrant this feature. AAN?
The consumer needs a FCRA AAN, because this is not a request for credit, but adverse action was taken on an account based on the consumer’s credit report.
2) A consumer’s credit limit on a line of credit is suspended or terminated due to delinquency. AAN?
No. According to Regulation B Commentary, “The term adverse action does not include a creditor’s termination of an account when the accountholder is currently in default or delinquent on that account.”
3) A consumer is denied credit based on his original application, but accepts a counteroffer. AAN?
No. If a counteroffer is accepted, no AAN is necessary.
The consumer does not accept the counteroffer. AAN?
Yes. A creditor must notify a consumer of action taken within 90 days after notifying the consumer of a counteroffer if the consumer does not expressly accept or use the credit offered. However, a creditor that gives the consumer a combined counteroffer and AAN need not send a second AAN if the consumer does not accept the counteroffer.
4) A consumer applies for a loan via the Internet. May the creditor send the consumer an AAN via e-mail?
If the creditor has the consumer’s prior consent, the creditor may send the consumer an AAN via e-mail. Prior consent is obtained in the manner prescribed by E-Sign, including disclosures and an opt-in process that demonstrates success with the medium.
5) A consumer is denied further non-contractual overdraft privileges (courtesy pay) for failing to bring his account current. AAN?
While overdraft protection programs are “incidental credit” under Regulation B, an AAN is not necessary because the AAN requirements of Regulation B, §202.9, do not apply to “incidental credit.”
Determining whether an AAN is necessary, whether the AAN falls within the FCRA or Regulation B (or both), and ensuring that the right parties receive the AAN can be a complicated process. It is imperative, however, that your credit union understand this process and train its personnel properly.
John B.C. Porter is an Associate in the Credit Union department of the Brooklyn Heights operations center. He can be reached at (216) 739-5003 or jporter@weltman.com.
Filed under: USA PATRIOT Act, bank secrecy act, compliance, credit unions, directors
I would submit to you that credit union boards today have high concentrations of credit union members who have been directors of the credit union for a long time. Turnover on a credit union’s board is not usually a problem. I’m not saying that it doesn’t happen, but generally speaking, credit union directors tend to stick with it.
In the last few years, more regulations have come into being requiring director awareness and action. The Patriot Act and the increased regulatory focus on the Bank Secrecy Act are two areas where this is prominent. As with all credit union policies, the board of directors of the credit union needs to approve the credit union’s Bank Secrecy Act Policy. Moreover, the directors need to understand what it means.
There are plenty of new concepts: know your member, member due diligence, risk assessments as to member demographic and credit union geography. You might say: “well, we’ve always known our members.” To a certain extent that’s true for SEG based CUs. However, community credit unions may not have the same closeness and most credit union employees are not used to asking members probing questions about the source of the cash that the members are depositing.
If an examiner catches a director in the hallway and asks him or her about the credit union’s BSA policy, what will the response be? What should the response be? It should probably be something along the lines of: “Yes, I’m familiar with it. I’ve read it and we reviewed it and discussed it as a board before we approved it.”
How does a director help the credit union assess risk? The answer really is just in understanding what constitutes heightened risk. If the credit union has “a large and growing [member] base in a wide and diverse geographic area”, this indicates heightened risk, at least according to the FFIEC. Having “a large number of high-risk [members] and businesses” is high risk too. This includes “check cashers, convenience stores, money transmitters, casas de cambio, import or export companies, offshore corporations, PEPs, NRAs, and foreign individuals.” More obviously, a “large number of international accounts with unexplained currency activity” is going to show heightened risk. See generally: Bank Secrecy Act/Anti-money Laundering Examination Manual Appendix J. FFIEC.
The point is that in the past, a director never had to worry about such things. Hopefully, most directors today are aware of the move toward a risk-based model as to the degree that a credit union has to react in terms of policy to The Bank Secrecy Act and The Patriot Act.
Filed under: Current Issues in Credit Unions, blogging, credit unions, marketing, podcast, ranting
One thing “teh internets” are good for is ranting. Bloggers love to rant. Where else can you have a forum that lets you unleash vitriol on a topic where people actually listen to you? I mean you can always complain to your spouse, but he or she has probably tuned you out years ago.
Today, I want to rant about “Second Notice” marketing. Then I want to do a follow up to a previous rant.
In the last week, I’ve received two advertisements marked “second notice” in red letters on the outside of the envelope. One came from a bank and the other came from an insurance company. I sincerely hope that credit unions do not adopt this technique.
Why? It is because this notice makes the letter look like a collection letter. You might think if you are the type of person who pays their bills, you have nothing to fear. Not today. Nowadays, identity theft is such that a collection notice to someone who otherwise pays his or her bills is an indication that something very bad has happened. The “second notice” in red ink on the letter really jumps out.
I will give the inventor of this marketing technique credit: it commands attention. However, not all attention is positive. When I see this and I realize that it’s not a collection notice and that my identity has not been stolen, relief quickly gives way to anger. So far, I’ve stopped short of calling the vendors in question. Instead I just dispose of it in the same manner that I disposed of their “first notice.” I will probably call the vendor if I ever get a “third notice.”
So I ask you marketing folks: do you think the positive outweighs the negative in such a solicitation?
Ok, here’s the follow up to a previous rant. Listeners of Current Issues in Credit Unions might recall during the last episode I described a situation I had with an airline where the pilots and flight crew of one of my connecting flights delayed the flight so that they could get McDonalds. As I was waiting at the airport, I emailed the airline in question, ranting about that as well as two other cancellations or delays that I had on that trip.
In the mail yesterday I received a $100 voucher from that airline and an apology. Of course to use it, I’d have to fly that airline again. I would only do that if I were going somewhere when I wasn’t in a hurry. Their motto should be: “we’ll get you there when we feel like it.”
But the moral of the story is that ranting pays.
I get this question a lot. My first answer is always: “why would you want to do that?” But for those credit unions who want to exclude non-citizens from lending there are issues of which you need to be aware.
Regulation B prohibits discrimination based on a wide variety of factors, including race and national origin. Nonetheless, Reg B does allow a creditor to consider such things as (and I’m paraphrasing): permanent residency versus being a temporary visitor; immigration status and information concerning the lender’s ability to collect payments from the borrower. See generally: Rev. Reg. B §202.6(b)(7).
Moreover, in the Official Staff Commentary to Reg. B, the Board has stated: “A denial of credit on the ground that an applicant is not a United States citizen is not per se discrimination based on national origin.” Now before you think this makes it a slam dunk, remember that bright lines in law are few and far between. If, for example, a credit union were to allow some citizens from some countries to apply for loans but not others, then the credit union would have a problem under Reg. B.
Also, just because something might be acceptable under Reg. B does not mean that there isn’t another law that makes the activity illegal. The Civil Rights Act allows aliens to enter into contracts for example. Your particular state laws may come into play on this issue as well.
Has this issue been litigated? Yes. Look at Nguyen v. Montgomery Ward & Co., 513 F. Supp. 1039 (N.D. Tex. 1981) (Plaintiff’s claim that she was denied credit because she was not a U.S. citizen dismissed) and Bhandari v. First National Bank of Commerce, 808 F.2d 1082 (5th Cir. 1987) (Plaintiffs claim for discrimination on the basis of alienage dismissed where plaintiff was denied credit (other claims were allowed however)).
Ultimately, a credit union has to decide whether it wants to be the next test case on this issue. In other words, is a policy of refusing to lend to Non-U.S. citizens worth the potential litigation exposure (and potential bad press).
Like many Discovery Channel junkies out there, I’ve been watching the Planet Earth series recently. In HD, it is truly a sight to behold. Now I’m old enough to remember Mutual of Omaha’s Wild Kingdom shows from the ‘70s. Those old shows had nothing on the Planet Earth series, yet Planet Earth certainly has its roots in Wild Kingdom.
In one particular episode, a monkey strays too far from the trees and too far from other animals that serve as a warning system. Out from the grass sprang what is now almost a stereotypical tiger. Of course the tiger snapped the monkey’s neck and carried it off for lunch.
Here’s the part where I tie this into credit unions. We don’t see this type of imagery enough, I fear. Sure, if you watch the news or read the paper you hear about shootings and robberies and senseless violence that people commit against other people. But we don’t see enough purposeful violence. In the jungle, the cat has to eat.
When we talk about threats to the credit union movement, it seems to me that these come in two varieties: the senseless ones and the threats with a purpose that’s driven by a need. The latter are the real threats and they come from market forces.
Why are credit unions merging? Because the cat has to eat. I think it’s important to recognize that this is a market force. While it is not pleasant nor desirable for the movement, it is a natural process in the economy. One solution would be opening the door to the creation of more credit unions. Yet, do existing credit unions really want that? Doesn’t that amount to more competition in an already intense market?
I would submit to you that part of the reason that the entire financial services industry is so competitive is because of technology. Historically, having a branch close to where people lived meant something. Today it is still important, but less so. In the past, I needed to go to the credit union to 1) deposit a check, 2) withdraw money, and 3) get a loan. Now, I don’t have to do any of those things in person. So if it doesn’t matter if the financial institution is local or not, then essentially all financial institutions across the country (if not the world) are now directly competing with each other. That greater level of competition drives down the total number of financial institutions. It is an oversimplification to say that this is the sole driving force for mergers, but it is a factor. Increasing costs because of regulatory compliance is another factor.
The point is that credit unions need to grow. They need new members, they need to make new loans. If they don’t, they face stagnation in the face of ever increasing costs of doing business. Would it be possible for a credit union to pare down its costs using the same technology that is driving change? Sure! Do many credit unions do this? No.
But eventually it comes down to a choice: do you want to be the tiger or the monkey?
