Skip to content

Banker's Toolbox Announces — ACQUISITION OF LOAN LOSS RESERVE POWERHOUSE, MAINSTREET TECHNOLOGIES
Banker's Toolbox, Inc., leaders in compliance solutions for financial institutions, announced the acquisition of Georgia-based MainStreet Technologies (MST). MST is an industry leader in the loan risk management space. This acquisition adds to a strong and growing portfolio of compliance-related solutions and will continue to enhance the value Banker's Toolbox brings to both their customers and the industry. (Read full press release here.)

Top Story Security Related

07/19/2019

Members of global Iranian nuclear enrichment network designated

OFAC has announced it has designated a network of seven front companies and five agents involved in the procurement of sensitive materials for sanctioned elements of Iran’s nuclear program. The individuals and entities targeted are based in Iran, China, and Belgium and have acted as a procurement network for Iran’s Centrifuge Technology Company (TESA), which plays a crucial role in Iran’s uranium enrichment nuclear program through the production of centrifuges used in facilities belonging to the Atomic Energy Organization of Iran (AEOI). The targeted companies and agents are identified in BankersOnline's OFAC Update.

07/19/2019

Treasury targets four under Global Magnitsky Act

The Treasury Department has announced that OFAC has designated two Iraqi military members, Rayan al-Kildani and Waad Qado, and two former Iraqi governors, Nawfal Hammadi al-Sultan and Ahmed al-Jubouri under Executive Order 13818, which builds upon and implements the Global Magnitsky Human Rights Accountability Act and targets perpetrators of serious human rights abuse and corruption. Many of the corruption- and abuse-related actions committed by these sanctioned individuals occurred in areas where persecuted religious communities are struggling to recover from the horrors inflicted on them by ISIS. For identity information on the four designees, see BankersOnline's OFAC Update.

07/19/2019

DMDC updates schedule for MLA site enhancements

The Defense Manpower Data Center (DMDC) has posted a revised notice yesterday about its plan (announced in June to make significant changes to the Military Lending Act (MLA) website (https://mla.dmdc.osd.mil) to enhance security of the site and better protect the personal information of Service members. A user account will be required to access both the Single Record Request and the Multiple Record Request capabilities of the MLA website. No search for active service on the MLA website will be possible without a user account.

In addition to the username, password, company name, and challenge questions currently required to create a user account, beginning July 25, 2019, new MLA website users will be required to supply the user's first name, last name, address, and e-mail address in order to create their user account.

In September of 2019, existing MLA website users will be required to update their accounts with the additional fields (user's first name, last name, address, and e-mail address). The July and September dates represent a delay of about a month when compared with the earlier announcement.

07/19/2019

NCUA approves rules changes and proposal

The National Credit Union Administration Board has announced it has approved three items on its recent meeting agenda:

07/18/2019

Bureau updates advisory on elder financial exploitation

The CFPB has announced it has issued an updated advisory urging financial institutions to report suspected incidents of financial exploitation of older adults to the appropriate local, state and federal authorities. The Bureau also recommended that financial institutions file Suspicious Activity Reports (SARs) with the federal government when they suspect elder financial exploitation (EFE).

The updated advisory includes information on state reporting requirements and laws authorizing (in some states) delays in disbursing funds, the Senior Safe Act and SAR filing, and cooperation with adult protection service agencies, law enforcement and other government agencies.

07/18/2019

FTC: Does COPPA Rule need changes?

The Federal Trade Commission is requesting comments on the effectiveness of the amendments the agency made to the Children’s Online Privacy Protection Rule (COPPA Rule) in 2013 and whether additional changes are needed. The COPPA Rule, which first went into effect in 2000 to implement the Children’s Online Privacy Protection Act, requires certain websites and other online services that collect personal information from children under the age of 13 to provide notice to parents and obtain verifiable parental consent before collecting, using, or disclosing personal information from those children. Specific questions on which the FTC is seeking comment include:

  • Has the Rule affected the availability of websites or online services directed to children?
  • Does the Rule correctly articulate the factors to consider in determining whether a website or online service is directed to children, or should additional factors be considered? For example, should the Rule be amended to better address websites and online services that may not include traditionally child-oriented activities, but have large numbers of child users?
  • What are the implications for COPPA enforcement raised by technologies such as interactive television, interactive gaming, or other similar interactive media?
  • Should the Commission consider a specific exception to parental consent for the use of education technology in schools?
  • Should the Commission modify the Rule to encourage general audience platforms to identify and police child-directed content uploaded by third parties?

07/17/2019

Business email compromise attempts hit $301M a month

FinCEN has issued a report warning that manufacturing and construction firms are top targets for business email compromise attacks. The number of suspicious activity reports describing business email compromise (BEC) incidents reported monthly has grown rapidly, averaging nearly 500 per month in 2016, and above 1,100 per month in 2018. The total value of attempted BEC thefts, as reported in SARs, climbed to an average of $301 million per month in 2018 from only $110 million per month in 2016. For portions of this report, FinCEN analyzed randomly selected, statistically representative samples of SAR narratives on BEC incidents filed in 2017 and 2018 to assess BEC trends and methods.

FinCEN has established an exchange forum that focuses on BEC scams and issued an updated advisory [FIN-2019-A005] on email compromise fraud schemes that target vulnerable business processes.

07/17/2019

Al-Qa'ida in Mali targeted

The Treasury Department announced Tuesday that OFAC, in concert with the Department of State, took action targeting Jama’at Nusrat al-Islam wal-Muslimin (JNIM), a previously designated west African terrorist group, by designating a JNIM leader as a Specially Designated Global Terrorist (SDGT) under Executive Order 13224, which targets terrorists and those providing support to terrorists or acts of terrorism. OFAC designated Bah Ag Moussa for acting for or on behalf of JNIM. OFAC also designated Bah Ag Moussa for acting for or on behalf of JNIM leader Iyad ag Ghali, designated in 2013. The Department of State also designated Ali Maychou as an SDGT. For identity information, see BankersOnline's OFAC Update.

07/16/2019

Protecting your bank from phishing attempts

FRBservices.org's July 15 FED360° newsletter includes an article, "Gone phishing—Tips to help protect your organization from phishing attempts." Phishing is used by threat actors in attempts to acquire sensitive information using a fraudulent solicitation, via email or on a website (or through text messages) in which the fraudster poses as a legitimate business or reputable person. The article offers tips to help protect banks and other organizations from phishing attempts:

  • Educate your staff on what phishing is, how to spot it and how/where to report it when it occurs.
  • Consider having occasional "testing" phishing exercises.
  • Have clear and well documented policies on how to manage phishing attempts to ensure staff respond appropriately
  • When possible, use technology to aid in the identification of phishing emails though the classification of internal versus external email sources
  • Add warning messages to the header of all incoming emails from external senders, alerting employees to review external messages with extra care
  • Maintain contemporary anti-virus and anti-malware scanning software to offer additional protections in the event staff inadvertently click on suspicious links embedded in the body of an email
  • Stay on top of the evolving phishing tactics by consulting with your information security staff to monitor trends and adjust internal policies and procedures accordingly
  • Restrict or remove email and web browsing on systems routinely used for payments processing

07/15/2019

FinCEN advisory on FATF list

The Financial Crimes Enforcement Network (FinCEN) has issued an advisory [FIN-2019-A004] to financial institutions regarding the Financial Action Task Force’s (FATF) updated list of jurisdictions with strategic anti-money laundering and combating the financing of terrorism (AML/CFT) deficiencies and relevant actions by the U.S. Government. These changes may affect U.S. financial institutions’ obligations and risk-based approaches regarding relevant jurisdictions. The advisory also reminds financial institutions of the status and obligations involving these jurisdictions.

Pages

Training View All

Penalties View All

Search Top Stories