Podcast
ComplianceAugust 21, 2020

Episode 6: Fraud opportunists, six feet away and closer than ever

Banking Compliance Insights is a podcast series created to deliver insights on compliance trends and provide strategies for navigating today's regulatory and risk environments. Our new podcast, “Fraud Opportunists, Six Feet Away and Closer Than Ever,” focuses on how social distancing and branch closures are driving more financial institutions to partner with fintechs to increase profits by conducting transactions digitally. The downside is that this fast-paced, digital environment has created a breeding ground for fraud opportunists. 

Wolters Kluwer® Vice President, Banking Compliance Solutions, Samir Agarwal and Gary Schweers, a Consulting Manager with the Wolters Kluwer Advisory team, discuss trends that are creating opportunities for fraudsters (including a few driven by the pandemic), regulatory oversight measures, and strategies for shoring up fraud prevention programs. Plus, they’ll share details about industry-emerging areas that are typically vulnerable to fraud in pandemic conditions, as well as practical suggestions to help financial institutions remain vigilant.

Samir Agarwal
Vice President & Segment Leader, GRC Community Banking, Compliance Solutions

Transcript: 

Greg Corombos, News Director at Radio America  00:06
Hi, I'm Greg Corombos. Welcome to Banking Compliance Insights, a podcast series from Wolters Kluwer. This series was created to deliver insights on compliance trends and strategies for navigating today's regulatory and risk environments. Today's episode, "Fraud Opportunists: Six Feet Away and Closer Than Ever," will focus on trends that are creating opportunities for fraudsters, including a few driven by the pandemic. We’ll also look at regulatory oversight measures and strategies for shoring up fraud prevention programs. Here to lead our discussion on this subject is Wolters Kluwer Vice President of Banking Compliance Solutions, Samir Agarwal. He is joined today by Gary Schweers, a Senior Regulatory Consultant with Wolters Kluwer, to provide expert insights on these challenges. Samir, let me pass the conversation over to you.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  00:57
Thanks, Greg. Today, more financial institutions are partnering with fintechs, and they're conducting transactions digitally due to social distancing requirements or brick and mortar branch closures. This is a really fast-paced move, and the digital environment has created a new breeding ground for fraud opportunities. I've invited Gary Schweer, a Consulting Manager with Wolters Kluwer’s Advisory team, to share some of his observations about the current environment. What our listeners and I want to understand is what are the strategies for getting in front of the emerging risk areas? How do we manage them? Gary, welcome. Please give us some insight into what you do at Wolters Kluwer today.

Gary Schweer, Consulting Manager, Wolters Kluwer  01:37
Thank you, Samir. I appreciate it. I'm Gary Schweers. I'm a Senior Regulatory Consultant with Wolters Kluwer, and we work with bank clients and fintech clients to ensure they have the compliance management systems and the BSA and AML policies and procedures that they need in place. To make sure, one, that they stay out of trouble with the government. Two, that they reduce fraud and risk within their own portfolios. And three, that they serve the customers that they need. So, whether it's the bank, the fintech partner, or their ultimate customers, make sure that they're getting the products and services that they're trying to deliver.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  02:13
One of the significant legislative initiatives out there is the CARES Act, which created the Paycheck Protection Program. The soon-intended HEALS Act is something I want to cover with you quickly. Money is set aside in both of those programs for qualifying small businesses to support small businesses during the pandemic. Ultimately, it's providing protection for millions of American jobs. Gary, what's your take on the situation now. and how do you see that these funds are designated to provide relief?

Gary Schweer, Consulting Manager, Wolters Kluwer  02:47
First, let's talk about the population, Samir. The government issued over $4 trillion in stimulus in 2020, and some of that went directly to states, cities, hospitals, and things like that to help support the issues that they're having. Then other parts of that went directly to people for unemployment or just straight stimulus checks. But a lot of these programs were put together super-fast, with changes in the requirements while they were being set up, and some had very ambiguous standards. But under the Paycheck Protection Program, or PPP, the government has issued about $659 billion in loans that go directly to support small businesses and the jobs they provide in everyone's communities. The PPP loans were made to businesses of all sizes with the purpose to support continued payroll and jobs. These loans are forgiven by the government if the criteria set by the government was met, which is mostly that the majority of that loan is being used for the payroll of the business. Of that $659 billion, about five million loans were made, and 86 percent of those loans are about $150,000 or less. It really was designed for and intended to support small businesses. Hopefully, most of those funds are going for those reasons. Of course, with that big of a pie, there's always going to be attempts for fraud.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  04:10
How do we ensure money is used in the intended way? If we're lenders or supporters of the transaction, we want that money to go into the right hands and be used in the right way. How does that occur?

Gary Schweer, Consulting Manager, Wolters Kluwer  04:22
There weren't a lot of standards set up by the government for what the banks needed to do to ensure the funds were used in the right way. It's a lot of adaptation by the borrower, on their part, to ensure the funds were used in the right way. But like we said, with that big of a pie, there are opportunities for fraud. The first day you could actually get a PPP loan was on April 3 of 2020, and the first announced fraud that was being investigated by the Department of Justice was on May 5. So, it took a month for some kind of fraud to pop-out immediately to the government.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  04:56
Can you give us some examples of the types of fraud that have come out since the program started?

Gary Schweer, Consulting Manager, Wolters Kluwer  05:01
There have been about a billion dollars in reported investigations going on with the Department of Justice and other government agencies at this point. The first one we talked about, that was brought up on May 5 was two guys in the northeast. They got a loan for just over half a million dollars. They had listed four different businesses on their PPP application. None of these businesses actually had any employees, and the big red flag was that all these businesses were started after the pandemic. There was a red flag there for the bank and others to see, but apparently, it got missed.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  05:36
Did it matter what type of business they were? Or was this red flag simply because they didn't meet the criteria of having an established business with profitability?

Gary Schweer, Consulting Manager, Wolters Kluwer  05:47
It's not so much profitability, but it's that there weren't any employees for the Paycheck Protection Program to be paying. So, the red flags were there, potentially, for the bank to see. There's another example that I'd like to share with you. I think it's kind of interesting because it occurred where I'm from in Texas. It was for a barbecue place, and the loan was just under a million dollars. But all that actually existed was a website for this barbecue place. You couldn't even order online, no physical location, and no employees. But the red flag that came out of this one was the credit union that took this loan application, started asking some questions, and the applicant was asking about paying his employees with cryptocurrency. And then it turns out, the guy actually took all his PPP funds and invested it in cryptocurrency for himself. People have bought Rolls Royces and Lamborghinis with their PPP funds. This is clearly not payroll related, and there was even a report about a guy that took all his PPP funds straight to the casino.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  06:51
It sounds really exciting, I guess, from the start of the transaction. The government is paying the lending institution quite a percentage point just for making a loan. And then the repayment is at a fixed rate that's very low, too. With each one of these situations, do you know if they were brand new clients to that bank, or were they clients that the banks had already done business with?

Gary Schweer, Consulting Manager, Wolters Kluwer  07:14
The Department of Justice didn't disclose anything like that. But, the government did have some standards that they stressed for banks that were dealing with either existing clients of the bank or new clients of the bank. They really stressed that the BSA and anti-money laundering standards of beneficial ownership and due diligence on those new customers was very important. Apparently, with the stress of the PPP loans being done in a very short period of time and bankers and credit unions working very hard to make sure that those funds were actually distributed, some of these red flags obviously got missed.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  07:54
What should have happened in both the credit union and the bank example that you've given us?

Gary Schweer, Consulting Manager, Wolters Kluwer  07:59
The government didn't really place a lot of standards on the banks to investigate these things. But clearly, like in the first example, if they're saying they have dozens of employees at these four companies that they just started, that doesn't make a lot of sense. Or this guy that just has a barbecue joint that only exists as a webpage. The banks could have potentially seen these issues. They should have been doing the due diligence that they would have done for any customer, not just a PPP customer.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  08:32
Let's talk about potential fraud in the program. Are there any estimates out there that dictate how much of the $659 billion might be subject to fraud?

Gary Schweer, Consulting Manager, Wolters Kluwer  08:42
As I said before, the government reported they're investigating at least a billion dollars in fraud, and those are the blatant cases. Those are the easy targets that these red flags are just sitting there for you to see. But imagine if that criminal was more sophisticated. They could make it much harder to detect and even prosecute. I've seen estimates from some fraud experts saying it's more like $10 to $20 billion. That's a lot. Just think of all the time, energy, and money that the government is going to have to use to pursue those fraudsters and prosecute them. It's a lot of money.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  09:17
It's going to be well above that estimate of just the transaction for fraud. Let's talk about that further and get into the impact of the pandemic on how we do banking and what the expectations are. Specifically, let’s talk about the relationships that banks have with customers, and then how to prevent fraud or how to how to really identify it before the pandemic. We're also facing a generational shift that I feel is accelerated now with digital banking. Right? Their client base has been getting more comfortable with computers, mobile devices, and online banking applications. Now, with the pandemic, it's almost like we've added fuel to the fire. How is that impacting fraud, and are there tools and other things that we need to lookout for regarding how people transact today?

Gary Schweer, Consulting Manager, Wolters Kluwer  10:04
Right. Samir. I definitely understand the part about the generational thing. The other day, my 25-year-old daughter asked how to write a check. She had never actually written a check before, but she does know how to use Venmo and other electronic wallet-type things. So, she doesn't have problems spending money; it was just the old way of doing it didn't compute in her brain. But banks are having to adapt to these new expectations of everyone wanting it fast, easy, immediate, all those kinds of things. With the potential for fraud increased with those expectations, banks and their fintech partners, if they have those, are having to have more sophisticated fraud technology and use of various types of products that help them identify the customer—not only identify the applicant that they're talking to exists but that it is actually the person they're talking to.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  10:57
Let's dig in just a little bit and talk about the steps that are involved. When we think about check fraud, it's pretty easy. Someone's looking at the person writing the check, they're taking a driver's license number or other security information, and they're validating on the spot. When we translate that into digital banking, what are the verification processes that take place?

Gary Schweer, Consulting Manager, Wolters Kluwer  11:20
In the absence of that face-to-face interaction, banks and fintechs are utilizing more sophisticated software and verification systems to ensure that they're dealing with the person whose name is on application and that they are going above and beyond what a traditional bank would do for knowing your customer. So, they're not just getting a driver's license, but they may be verifying your data through three or four different systems, three or four different databases, including cross-referencing your name, dates you’ve provided, the bank account information, and even your geographic location. If you're applying from Austin, Texas, is the geo information from your computer telling me that's where you're really sitting at right now?

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  12:05
Makes sense. I guess there's a lot of security that's involved with that. It's pretty neat technology.

Gary Schweer, Consulting Manager, Wolters Kluwer  12:12
Samir, maybe one of the funny things, though, is a lot of these high tech companies, even with the sophisticated tools and everything that they have, they still usually have an old school process where they might just still get a driver's license or some other document verification. Even if it's on an exception basis, sometimes they still have to revert back to the way it used to be.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  12:34
With the bank being the ultimate responsible party for that control, are there any recommendations that you would suggest to our listeners about best practices? How do I make sure that I know who I'm transacting with?

Gary Schweer, Consulting Manager, Wolters Kluwer  12:50
While the sales involved with these fintechs and other opportunities are really exciting. The controls are boring, right? But they still have to be in place, and it really does still go back to that old school what is my culture? What's the tone at the top? That's not just in words; that's also in action. And that action is providing the resources and the tools that are needed. It's also the board and management, paying attention to those items, and not just giving that lip service, but actually making that a part of your company, your bank, or your fintech, whichever one it is. Another thing is actually living working policies and procedures. Like we said, these things are complex and fast. You need to make sure that you are getting that CAP information. You do know your customer. Also, if you're dealing with merchants, you need to know your merchants because they can commit insider fraud as well. A third thing is experienced knowledgeable BSA on fraud stuff. We see a lot of fintechs that somebody gets stuck with this job or, "Hey, this guy worked at a bank before, let's make him a BSA officer." That's not a great approach. You can find experienced people that know what they're doing to help protect the bank or the fintech and the processes.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  14:09
I'm curious. As we look at experienced, knowledgeable individuals, how does technology play a big role? Do these individuals need to have familiarity now since everything's digital?

Gary Schweer, Consulting Manager, Wolters Kluwer  14:21
Definitely, part of that is based on the systems you're using or the monitoring tools you're using. Say, for example, you're a credit card-related fintech, and there are hundreds of transactions that may process through your system. You have to have the tools that will help you identify issues, but you also have to have people that are knowledgeable about that tool, how to set it and calibrate it for your particular company, and then how to use that data.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  14:49
The best way to describe what I'm hearing from you is these controls are extremely important. They enable the bank to make safe transactions. No matter how exciting or profitable some of these transactions are, the controls are really the enablers for making sound decisions. Is that right?

Gary Schweer, Consulting Manager, Wolters Kluwer  15:14
Definitely, or at least to help you, hopefully, not make the wrong decision.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  15:18
Let's get back into the fintech world and how all this relates into the bank partnership with fintechs. What's the volume of transactions that fintechs are responsible for?

Gary Schweer, Consulting Manager, Wolters Kluwer  15:29
At Wolters Kluwer, we work with some very large and some small fintechs. But the volumes can be huge. We've worked with some fintechs that have made billions of dollars in loans to millions of customers out there. They work with thousands of retail merchants. Most of the transactions are applied for and approved in minutes, if not quicker. It's really critical for those controls to be in place with that kind of volume and speed. Most banks aren't set up for that kind of consumer volume, and so when they work with these fintech partners, they have to make sure their systems are ready for that.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  16:08
What are the consequences if we don't adhere to those controls?

Gary Schweer, Consulting Manager, Wolters Kluwer  16:12
One, your program can overwhelm you with the volumes and with the amount of data and the requests that are coming through. Banks have to have those operational controls and the infrastructure in place to not only fund these loans but to then monitor those transactions and report suspicious activity that could be required under your BSA programs. The government could potentially fine you. There's memorandums of understanding where they would make you put in other operational controls and things like that. Most of the time, those are problems that you don't want to have and face. Setting your controls and your operations up to begin with, in the way that they should be, is really critical.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  16:53
How can we protect ourselves?

Gary Schweer, Consulting Manager, Wolters Kluwer  16:56
Like we discussed, the volumes can be overwhelming, Samir. Those banks have to be ready with their operational controls and their infrastructure to handle that volume. Most banks aren't set up for this consumer transactional volume, and they have to have those controls in place to not only fund the loans but to monitor transactions and report suspicious activity related to that.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  17:19
Let's get into a little bit more about the AML side of it or the anti-money laundering side of this. What are the regulatory expectations are during the pandemic? Are there heightened expectations around this? What else can have you heard on the street or with clients that can help us be more informed on how regulators look at fraud management?

Gary Schweer, Consulting Manager, Wolters Kluwer  17:42
Just the other week, I was at the Dallas-area Compliance Association meeting, where they have a regulatory examination panel with all the agencies speaking about consumer compliance issues, BSA, and AML issues. Their main word was they're not changing their exams, and they're not being tougher right now. But they're not being lighter either. Their expectations are just as high as they ever have been, and the way they're approaching a lot of issues that they see now is through change management. If your program was weak already, and now it's in trouble further because of remote working or an inability to monitor things because of the pandemic, they're approaching that through change management, the issues around that, and their examination reports. It's not that their expectations are different. They're just not going to be easier because of the issues going on in the world. Their expectations of your BSA program, and your compliance program, are the same as always. They want those core tenants covered, in addition to what you may be having to add on top of that, Maybe you need more staff at this point, or maybe you need a little extra time to review things, which they are allowing, but you still just have to make sure the program's operating as if nothing else in the world was going on.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  19:06
Are they saying anything else other than just changing the organization?

Gary Schweer, Consulting Manager, Wolters Kluwer  19:10
FinCEN has put out some advisories related to imposter scams and money mules. They also have some requirements around what you include in your SARS, or your suspicious activity reports. If you think it is coronavirus-related, the government has issued some advisories on those kinds of things.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  19:30
What do we see in the future for fraud management? Do we have a new entrance that we need to be worried about, or is it going to be more of just strengthening what we already know?

Gary Schweer, Consulting Manager, Wolters Kluwer  19:41
Probably the biggest thing for banks and compliance people out there is the introduction of cryptocurrency into the world and into the banking system, and fraud around that. The Office of the Comptroller of the Currency, who regulates national banks, just issued interpretive letters expressing that banks can custody crypto assets for customers and provide banking services to crypto-related businesses. Maybe you could have done that anyway, but now it's official that you can do those things. That introduces a whole new world of transactions that people want to not be traceable, and those kinds of things into the banking system. That's definitely what's coming in the future.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  20:24
What else, Gary, can Wolters Kluwer do to help clients maintain vigilance during this time? Do you see KYC, BSA, AML, and also crypto, becoming more of a focus point for lenders?

Gary Schweer, Consulting Manager, Wolters Kluwer  20:38
As we mentioned upfront, Samir, I'm a member of the Wolters Kluwer Advisory team, and we help clients by conducting CMS, BSA, AML reviews and risk assessments. We can also work with fintech partners. One of those controls earlier is audits and reviews. We'd love to be able to help clients with those kinds of things going into the future.

Samir Agarwal, Vice President, Banking Compliance Solutions, Wolters Kluwer  20:59
Great, great. Gary, it was a pleasure to speak with you today. I'm really happy to hear that we have a few teams out there doing health checks for institutions that require them. It's definitely a fast-paced environment. Everything is going digital. Thank you for joining us, and it was really good to hear your practical suggestions for all of our listeners today.

Gary Schweer, Consulting Manager, Wolters Kluwer  21:19
Thank you.

Greg Corombos, News Director at Radio America  21:20
That's Wolters Kluwer Vice President of Banking Compliance Solutions, Samir Agarwal, joined by Gary Schweer, a Senior Regulatory Consultant with Wolters Kluwer Advisory Services practice. Wolters Kluwer is the host of this podcast and a market-leading provider of advisory services and technology solutions for optimizing compliance and risk management programs. For more information and additional guidance, please visit Wolters Kluwer.com or call 1-800-397-2341. Please join us for future podcasts focused on navigating emerging trends in regulatory compliance.