Top Story Technology Related

The Federal Trade Commission has reported that new Commission data shows that scams originating on social media have accounted for $2.7 billion in reported losses since 2021, more than any other contact method.

In a new data spotlight, the FTC also takes a deep dive into social media scam trends in the first half of 2023. Reports show that the most frequently reported scams on social media are related to online shopping, with 44 percent of reports pointing to fraud related to buying or selling products online. Most of these reports come from people who never received the items they ordered after responding to an ad on Facebook or Instagram.

While online shopping scams are the most commonly reported scam on social media, the spotlight notes that scams using social media to promote bogus investment schemes account for larger overall losses, accounting for 53 percent of all the money reported lost to scams on social media in the first half of the year. Cryptocurrency played a significant role in the investment scams consumers reported; more than half of the reports showed that consumers paid the scammers using cryptocurrency. After investment scams, the spotlight noted that romance scams accounted for the second-most reported scam losses on social media.

Federal Reserve Financial Services announced yesterday that the FedNow Service has grown to include 108 institutions now sending and receiving via the network. In addition, 21 financial institutions are providing liquidity and settlement services, and 20 service providers are supporting payment processing in the instant payments infrastructure.

As participation grows, the Federal Reserve continues to prioritize enhancements to the service and plans to introduce new features and functionality in the coming months. Updates will include select risk management and operational enhancements of the service geared toward providing additional fraud prevention tools and straightforward access to important account and transaction information.

The Federal Reserve also plans to introduce a tech-centric developer resource in the coming months allowing financial institution participants to access documentation such as the recently updated operating procedures, technical specifications, as well as code and message samples to assist with service implementation.

The FDIC's Financial Institution Letter FIL-52-2023 issued Friday, announced that the FDIC has updated its Information Technology Risk Examination (InTREx) procedures to improve the Audit module‘s usability, specify compliance review steps relative to the Computer Security Incident Notification Rule (Part 304 Subpart C), provide more specificity regarding examiner review of service provider reports of examination, and update links to references. Examiners use these procedures to review information technology risk management at each bank safety and soundness examination.

The OCC has released its bank supervision operating plan for fiscal year 2024, which begins October 1, 2023.

The plan outlines the OCC’s supervision priorities and objectives for the year. It also facilitates the implementation of supervisory strategies for individual national banks, federal savings associations, federal branches and agencies of foreign banking organizations, and third-party service providers subject to OCC examination. OCC staff uses this plan to guide its supervisory priorities, planning, and resource allocations.

Key areas of heightened focus for supervisory strategies in FY 2024:

• Asset and liability management
• Credit
• Allowance for credit losses
• Cybersecurity
• Operations
• Digital ledger technology activities
• Change management
• Payments
• Bank Secrecy Act/anti-money laundering/countering the financing of terrorism and Office of Foreign Assets Control
• Consumer compliance
• Community Reinvestment Act
• Fair lending
• Climate-related financial risks

The Consumer Financial Protection Bureau yesterday announced its issuance of guidance about certain legal requirements that lenders must adhere to when using artificial intelligence and other complex models. The guidance describes how lenders must use specific and accurate reasons when taking adverse actions against consumers. This means that creditors cannot simply use CFPB sample adverse action forms and checklists if they do not reflect the actual reason for the denial of credit or a change of credit conditions. This requirement is especially important with the growth of advanced algorithms and personal consumer data in credit underwriting. Explaining the reasons for adverse actions help improve consumers’ chances for future credit, and protect consumers from illegal discrimination.

The CFPB confirmed in Consumer Financial Protection Circular 2022-03, published at 87 FR 35864 in the June 14, 2022, Federal Register, that the Equal Credit Opportunity Act requires creditors to explain the specific reasons for taking adverse actions. This requirement remains even if those companies use complex algorithms and black-box credit models that make it difficult to identify those reasons. Yesterday’s guidance expands on last year’s circular by explaining that sample adverse action checklists should not be considered exhaustive, nor do they automatically cover a creditor’s legal requirements.

Specifically, Tuesday's guidance explains that even for adverse decisions made by complex algorithms, creditors must provide accurate and specific reasons. Generally, creditors cannot state the reasons for adverse actions by pointing to a broad bucket. For instance, if a creditor decides to lower the limit on a consumer’s credit line based on behavioral spending data, the explanation would likely need to provide more details about the specific negative behaviors that led to the reduction beyond a general reason like “purchasing history.” Creditors must disclose the specific reasons, even if consumers may be surprised, upset, or angered to learn their credit applications were being graded on data that may not intuitively relate to their finances.

• Consumer Financial Protection Circular 2023-03, Adverse action notification requirements and the proper use of the CFPB’s sample forms provided in Regulation B

FinCEN has announced it has issued a Financial Trend Analysis (FTA) on patterns and trends contained in Bank Secrecy Act (BSA) reporting on suspected evasion of Russia-related export controls. The BSA reports analyzed for this FTA were filed in response to previous joint Alerts on this topic and indicate almost $1 billion in suspicious activity.

The FTA describes several trends found in this BSA reporting:

• Suspicious transactions conducted after Russia’s invasion indicate that companies in intermediary countries appear to have purchased U.S.-origin goods on behalf of Russian end-users.
• Suspicious transactions link trade activity, likely involving sensitive items, between end users in Russia and other jurisdictions, particularly China, Hong Kong, and Turkey.
• The majority of companies within the dataset are linked to the electronics industry and are potentially associated with—or directly facilitating—Russian export control evasion.
• Companies in the industrial machinery industry are also potentially supplying Russia with equipment.

FinCEN anticipates that new trends in BSA data may emerge as more individuals and entities are publicly identified as being potentially connected to evasion of Russia-related export controls.

FinCEN has issued an alert to highlight a prominent virtual currency investment scam known as “pig butchering.” Multiple U.S. law enforcement sources estimate victims in the United States have lost billions of dollars to these scams and other virtual currency investment frauds.

“This scam has impacted far too many Americans, which is why FinCEN is sounding the alarm and asking financial institutions to report suspicious activity indicative of this scheme,” said Acting Director Himamauli Das. “Suspicious Activity Reports filed by financial institutions will enable law enforcement to both aid victims and track down the perpetrators.”

“Pig butchering” scams resemble the practice of fattening a hog before slaughter. Victims invest in supposedly legitimate virtual currency investment opportunities before they are conned out of their money. Scammers refer to victims as “pigs,” and may leverage fictitious identities, the guise of potential relationships, and elaborate storylines to “fatten up” the victim into believing they are in trusted partnerships before they defraud the victims of their assets—the “butchering.” These scams are largely perpetrated by criminal enterprises based in Southeast Asia who use victims of labor trafficking to conduct outreach to millions of unsuspecting individuals around the world.

The alert includes a number of "red flag" indicators s to help detect, prevent, and report potential suspicious activity related to pig butchering, as well as a request that any SAR filed that reports suspected pig butchering activity include "FIN-2023-PIGBUTCHERING" in SAR field 2 and in the narrative, and have "Fraud-Other" selected under SAR field 34(z) with the description "Pig Butchering."

• FIN-2023-Alert005

The Financial Stability Board (FSB) and International Monetary Fund (IMF) have published a report outlining a comprehensive policy and regulatory response to crypto-asset activities.

The report synthesizes the IMF and FSB’s policy recommendations and standards. It illustrates macroeconomic and financial stability implications of crypto-asset activities, how they may interact, and how the IMF and FSB’s policy recommendations fit together. The report also encourages implementation of the Financial Action Task Force (FATF) anti-money laundering and counter-terrorist financing (AML/CFT) standards to address risks to financial integrity and mitigate criminal and terrorist misuse of the crypto-assets sector.

The report finds that a comprehensive policy and regulatory response for crypto-assets is necessary to address the risks of crypto-assets to macroeconomic and financial stability. To address macroeconomic risks, jurisdictions should safeguard monetary sovereignty and strengthen monetary policy frameworks, guard against excessive capital flow volatility and adopt unambiguous tax treatment of crypto-assets. Comprehensive regulatory and supervisory oversight of crypto-assets can help to address financial stability and financial integrity risks while supporting macroeconomic policies. Comprehensive regulatory and supervisory oversight of crypto-assets should be a baseline to address macroeconomic and financial stability risks.

A Treasury Department release on Thursday reported that OFAC, in coordination with the United Kingdom, sanctioned eleven individuals who are part of the Russia-based Trickbot cybercrime group. The Department of Justice concurrently unsealed indictments against nine individuals in connection with the Trickbot malware and Conti ransomware schemes, including seven of the individuals designated yesterday.

For the names and identification information of the designated individuals, see the September 7, 2023, BankersOnline OFAC Update.

The CFPB has announced its publication of a new Issue Spotlight report, "Big Tech's Role in Contactless Payments: Analysis of Mobile Device Operating Systems and Tap-to-Pay Practices," which highlights the impacts of Big Tech companies’ policies and practices that govern tap-to-pay on mobile devices like smartphones and watches. Apple currently forbids banks and payment apps from accessing the tap-to-pay functionality on Apple iOS devices and imposes fees through Apple Pay. Google’s Android operating system does not currently have such a policy. The issue spotlight explains how regulations imposed by mobile operating systems can have a significant impact on innovation, consumer choice, and the growth of open and decentralized banking and payments in the U.S.

According to the CFPB, as of the second quarter of 2023, Apple’s iOS operating system was on 55 percent of smartphones shipped in the U.S., and Google’s Android operating system was on 45 percent of smartphones shipped. Apple and Google set regulations that govern app developers’ ability to integrate near field communication (NFC) technology into their apps, which is needed to execute tap-to-pay transactions. The dominant market share of these two operating systems, coupled with the increasing shift toward mobile device payments, underscores the important role their policies and practices play in retail payments.

The report states that restrictive tap-to-pay practices may reduce consumer choice and hamper innovation. That can inhibit progress toward a more robust open banking ecosystem, where consumers have more control over their personal financial information and developers provide payments solutions that better meet consumers’ needs. For example, Apple’s current NFC policy prohibits directly integrating tap-to-pay functionality into existing banking applications and other payment apps (e.g., PayPal, Venmo, Cash App).