Skip to content

Banker's Toolbox Announces — ACQUISITION OF LOAN LOSS RESERVE POWERHOUSE, MAINSTREET TECHNOLOGIES
Banker's Toolbox, Inc., leaders in compliance solutions for financial institutions, announced the acquisition of Georgia-based MainStreet Technologies (MST). MST is an industry leader in the loan risk management space. This acquisition adds to a strong and growing portfolio of compliance-related solutions and will continue to enhance the value Banker's Toolbox brings to both their customers and the industry. (Read full press release here.)

Top Story Security Related

07/18/2019

Bureau updates advisory on elder financial exploitation

The CFPB has announced it has issued an updated advisory urging financial institutions to report suspected incidents of financial exploitation of older adults to the appropriate local, state and federal authorities. The Bureau also recommended that financial institutions file Suspicious Activity Reports (SARs) with the federal government when they suspect elder financial exploitation (EFE).

The updated advisory includes information on state reporting requirements and laws authorizing (in some states) delays in disbursing funds, the Senior Safe Act and SAR filing, and cooperation with adult protection service agencies, law enforcement and other government agencies.

07/18/2019

FTC: Does COPPA Rule need changes?

The Federal Trade Commission is requesting comments on the effectiveness of the amendments the agency made to the Children’s Online Privacy Protection Rule (COPPA Rule) in 2013 and whether additional changes are needed. The COPPA Rule, which first went into effect in 2000 to implement the Children’s Online Privacy Protection Act, requires certain websites and other online services that collect personal information from children under the age of 13 to provide notice to parents and obtain verifiable parental consent before collecting, using, or disclosing personal information from those children. Specific questions on which the FTC is seeking comment include:

  • Has the Rule affected the availability of websites or online services directed to children?
  • Does the Rule correctly articulate the factors to consider in determining whether a website or online service is directed to children, or should additional factors be considered? For example, should the Rule be amended to better address websites and online services that may not include traditionally child-oriented activities, but have large numbers of child users?
  • What are the implications for COPPA enforcement raised by technologies such as interactive television, interactive gaming, or other similar interactive media?
  • Should the Commission consider a specific exception to parental consent for the use of education technology in schools?
  • Should the Commission modify the Rule to encourage general audience platforms to identify and police child-directed content uploaded by third parties?

07/17/2019

Business email compromise attempts hit $301M a month

FinCEN has issued a report warning that manufacturing and construction firms are top targets for business email compromise attacks. The number of suspicious activity reports describing business email compromise (BEC) incidents reported monthly has grown rapidly, averaging nearly 500 per month in 2016, and above 1,100 per month in 2018. The total value of attempted BEC thefts, as reported in SARs, climbed to an average of $301 million per month in 2018 from only $110 million per month in 2016. For portions of this report, FinCEN analyzed randomly selected, statistically representative samples of SAR narratives on BEC incidents filed in 2017 and 2018 to assess BEC trends and methods.

FinCEN has established an exchange forum that focuses on BEC scams and issued an updated advisory [FIN-2019-A005] on email compromise fraud schemes that target vulnerable business processes.

07/17/2019

Al-Qa'ida in Mali targeted

The Treasury Department announced Tuesday that OFAC, in concert with the Department of State, took action targeting Jama’at Nusrat al-Islam wal-Muslimin (JNIM), a previously designated west African terrorist group, by designating a JNIM leader as a Specially Designated Global Terrorist (SDGT) under Executive Order 13224, which targets terrorists and those providing support to terrorists or acts of terrorism. OFAC designated Bah Ag Moussa for acting for or on behalf of JNIM. OFAC also designated Bah Ag Moussa for acting for or on behalf of JNIM leader Iyad ag Ghali, designated in 2013. The Department of State also designated Ali Maychou as an SDGT. For identity information, see BankersOnline's OFAC Update.

07/16/2019

Protecting your bank from phishing attempts

FRBservices.org's July 15 FED360° newsletter includes an article, "Gone phishing—Tips to help protect your organization from phishing attempts." Phishing is used by threat actors in attempts to acquire sensitive information using a fraudulent solicitation, via email or on a website (or through text messages) in which the fraudster poses as a legitimate business or reputable person. The article offers tips to help protect banks and other organizations from phishing attempts:

  • Educate your staff on what phishing is, how to spot it and how/where to report it when it occurs.
  • Consider having occasional "testing" phishing exercises.
  • Have clear and well documented policies on how to manage phishing attempts to ensure staff respond appropriately
  • When possible, use technology to aid in the identification of phishing emails though the classification of internal versus external email sources
  • Add warning messages to the header of all incoming emails from external senders, alerting employees to review external messages with extra care
  • Maintain contemporary anti-virus and anti-malware scanning software to offer additional protections in the event staff inadvertently click on suspicious links embedded in the body of an email
  • Stay on top of the evolving phishing tactics by consulting with your information security staff to monitor trends and adjust internal policies and procedures accordingly
  • Restrict or remove email and web browsing on systems routinely used for payments processing

07/15/2019

FinCEN advisory on FATF list

The Financial Crimes Enforcement Network (FinCEN) has issued an advisory [FIN-2019-A004] to financial institutions regarding the Financial Action Task Force’s (FATF) updated list of jurisdictions with strategic anti-money laundering and combating the financing of terrorism (AML/CFT) deficiencies and relevant actions by the U.S. Government. These changes may affect U.S. financial institutions’ obligations and risk-based approaches regarding relevant jurisdictions. The advisory also reminds financial institutions of the status and obligations involving these jurisdictions.

07/12/2019

Venezuela’s counterintelligence agency designated

OFAC has announced the designation of the Government of Venezuela’s General Directorate of Military Counterintelligence, or La Dirección General de Contrainteligencia Militar, most commonly known as the DGCIM. As a result of this action, all property and interests in property of this entity, and of any entities that are owned, directly or indirectly, 50 percent or more by this entity, that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Identification information on the DGCIM is included in BankersOnline's OFAC Update.

07/10/2019

White paper on synthetic ID fraud

The Federal Reserve's FedPayments Improvement Task Force has released Synthetic Identity Fraud in the U.S. Payment System—A Review of Causes and Contributing Factors, a white paper on the growing problem of synthetic identity fraud in the U.S. payment system. The paper is a compilation of insights from Federal Reserve and industry subject matter experts. It’s intended to be a resource for industry professionals on the current state of synthetic identity fraud, including the scope of the issue, causes, contributing factors and its impact on the payments industry.

07/10/2019

Treasury targets Hizballah officials

The Treasury Department reports that OFAC designated on Tuesday three Hizballah political and security figures leveraging their privileged positions to facilitate Hizballah’s malign agenda and do Iran’s bidding. Specifically, OFAC designated Hizballah Members of Parliament Amin Sherri and Muhammad Hasan Ra’d, and Hizballah security official Wafiq Safa, for acting for or on behalf of Hizballah. These individuals were designated under Executive Order 13224, which targets terrorists and those providing support to terrorists or acts of terrorism.

As a result of Tuesday’s action, all property and interests in property of these targets that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC. For identification details, see BankersOnline's OFAC Update.

07/08/2019

FATF risk assessment guidance

The FATF requires each member country to identify, assess and understand the terrorist financing risks it faces in order to mitigate them and effectively dismantle and disrupt terrorist networks. Countries often face particular challenges in assessing terrorist financing risks due to the low value of funds or other assets used in many instances, and the wide variety of sectors misused for the purpose of financing terrorism. The FATF has issued "Terrorist Financing Risk Assessment Guidance," which aims to assist practitioners, particularly those in lower capacity countries, in assessing terrorist financing risk at the jurisdiction level by providing good approaches, relevant information sources and practical examples based on country experience.

Pages

Training View All

Penalties View All

Search Top Stories