Mortgage Fraud: Basic Categories

QUESTION 

We are reviewing our branch and home office procedures for identifying mortgage fraud. As the Compliance Officer, I receive all allegations of mortgage fraud for review. However, I can't be at all the branches all the time, and I want to be able to categorize some basic areas related to mortgage fraud. 

Each branch has a Branch Manager who works with a senior underwriter to identify potential mortgage fraud. The senior underwriter conducts a second review, and the Branch Manager provides oversight. Even with the training we do, there is no standardization for a categorical approach. What I am looking for is a list of the most likely areas of mortgage fraud. We would like to distribute the list so that it can be used throughout the company. It will help us to set basic standards. 

What are some of the basic categories of mortgage fraud? 

COMPLIANCE SOLUTION 

QC Tune-up® 

Forensic Mortgage Audit®

RESPONSE 

Mortgage fraud prevention is an area in which we have extensive expertise. Indeed, we invented the Forensic Mortgage Audit®, which uses loan-level reviews to detect mortgage fraud. I've provided expert witness representation and given testimony in cases related to mortgage fraud. Our clients regularly discuss potential cases of it with us. We've written policies and procedures to prevent it. I've spoken about it at conferences and written extensively on the topic, for instance, here. 

Here's my published article, with linked sections, entitled Mortgage Fraud Challenges: How to Catch a Crook. 

And I can tell you, based on my experience, crooks continue to find new ways to commit mortgage fraud all the time. To identify the means and methods of these crooks requires staying one step ahead of them – and, even then, they devise new plans to scam, deceive, rip off, con, double-deal, cheat, and skunk their way toward new contrivances of chicanery. 

For instance, request information about our Identity Theft Prevention Program – a program which, by the way, is a statutory requirement. Our policy provides an extensive list of the various nefarious methods by which thieves commit mortgage fraud. 

If you are a subscriber to our newsletters, we will be happy to provide our checklist of Common Red Flags for Mortgage Fraud. Just request it here! 

BASIC CATEGORIES

The basic features of mortgage fraud revolve around intentional deception or misrepresentation to obtain a mortgage loan or to profit from the lending process. 

If you're looking for a basic set of mortgage fraud categories, it is possible to group them into a few areas, with the proviso that this construct is a very high-level outline. The outline should not be taken as comprehensive. But if you want to offer it to the affected personnel, it might help to streamline the review process. 

I think you should still be notified that a mortgage fraud review is taking place, even if the second review clears it. Be aware of potential false positives! 

In my opinion, mortgage fraud can be categorized into fraud for housing, fraud against homeowners, and fraud for profit. Unfortunately, industry professionals are often involved in mortgage fraud activities in pursuit of profits. 

So, let's outline these categories. 

Fraud for Housing 

This illicit activity happens when a borrower provides false information to acquire or maintain ownership of a home. A borrower commits this type of fraud to obtain or maintain ownership of a home in an illegal manner. They may misrepresent their financial standing to qualify for a loan they would not otherwise be able to get. 

Categories of Fraud For Housing 

Income and Employment Fraud 

Falsifying or inflating income, fabricating employment history, or creating forged documents like W-2s, tax returns, and bank statements to qualify for a larger loan or a better interest rate.

Money Mules: ID Theft and AML Compliance

QUESTION 

Our company is under investigation by the banking department and law enforcement for allowing "money mules" to use our financial services. They managed to use our mortgage and depository services. The crooks targeted people in nursing homes and hospice care facilities. 

The banking department is now determining if we properly implemented an Identity Theft Protection Program and Anti-Money Laundering Program. They're looking back at the procedures as well as the level of testing and training. Our CEO has told us that she expects an administrative action against us. 

We haven't updated our Identity Theft Protection Program and Red Flags Rule in years. We're reviewing it now. Well, better late than never! 

But we do the Anti-Money Laundering Program testing and training as required. The banking department is closely scrutinizing both written policies. Yesterday, we received a notice from FinCEN that they are investigating our SAR filings. 

The news fallout has been devastating. We have been in business for decades and have never had a hit to our reputation, let alone something as shocking as being an unwitting accessory to an identity theft and money-laundering scheme. There's not enough money in the world to reestablish trust! 

How do "money mules" operate? 

How do "money mules" exploit the stealing of identities? 

How do "money mules" undermine anti-money laundering procedures? 

ANSWER 

Your situation reminds me of a recent arrest in California involving money mules. The victims' money is often initially handled by "money mules," individuals who permit their addresses or bank accounts to be used or agree to receive or negotiate cashier's checks. In brief, a money mule moves money obtained illegally on behalf of another individual. Funds are transferred in person, digitally, or through mail or courier. 

I have discussed money mules previously. Here is one about how the COVID pandemic was used by criminals to bilk the public: COVID-19: Imposters and Money Mules. 

Money mules can be – but are not always! – aware they are involved in laundering money obtained illegally. The purpose of this illegal activity is to obscure the source of funds. They are a key element in the money laundering and identity theft process. 

Scheme 

With some variance and nuances here and there, the following are the steps to money mule schemes: 

Step 1: Criminal looking to launder money employs a money mule to layer illicit funds. 

Step 2: Criminal transfers the funds to the money mule in person or electronically. 

Step 3: Money mule either places[i] the money into the financial system or receives money that has already been integrated[ii] into the financial system. 

Step 4: Money mule uses a series of transfers and transactions to layer[iii] the money. 

Step 5: Money mule returns the layered funds to the criminal. 

In the case I have in mind,[iv] the FBI arrested money mules involved in scams that bilked grandparents. This is brutal, wicked, and heartless, of course, but crooks will do what crooks will do! A con is a con. A mark is a mark. As Hamlet observed, "one may smile, and smile, and be a villain!"[v] 

Two money mules were arrested and indicted for their scheme to launder at least $2 million in proceeds obtained from victims of grandparent scams who were defrauded with false claims that their relatives were in distress and urgently needed funds. 

The indictment detailed how perpetrators of grandparent scams convince victims to send money – purportedly to help relatives, frequently their grandchildren, who are typically described as being in legal trouble – "to bank accounts, business entities, and physical addresses specified by the scammers, using interstate wires and cashier's checks…for the supposed purpose of assisting the relatives in distress." 

One of the money mules is said to be a manager of money mules, and the other, thus recruited, recruited his own money mules. Federal prosecutors further assert that the manager created business entities and opened bank accounts using information stolen from identity theft victims. 

Once the money was in the accounts associated with the money mules or identity theft victims, the two money mules allegedly engaged in transactions designed to conceal the true nature of the funds, which, in this case, had been obtained via wire fraud. 

The indictment specifically alleges that the scheme laundered funds obtained from victims of grandparent scams who live in California and Pennsylvania. The bank fraud scheme alleged in the indictment involves fraudulently obtained funds held in suspense in an account set up in the name of an identity theft victim. 

The two money mules and a co-conspirator allegedly worked in concert to contact the bank and impersonate the identity theft victim to secure the issuance of a check for nearly $83,000 that was remaining in the account. 

As I noted above, money mules can be unwittingly involved in a money mule scam. That seems hard to believe. Investigators find that the trail usually ends with the money mule, who might not have realized that they are laundering money for crime gangs. Unfortunately, the process often depends on the unwitting money mule for its effectuation. The enforcement authorities have found at least three primary types of money mules: (1) unwitting, (2) witting, and (3) complicit. Here's a synopsis of each type. 

Types 

(1) Unwitting Individuals are unaware they are involved in criminal activity and engage in it thinking it's legal. They are often deceived into doing the activity for someone they believe to be an employer, acquaintance, perhaps a romance scammer, or somebody in a position of some trust. 

(2) Witting Individuals who should be aware they are involved in suspicious activity but engage in it anyway. While they aren't fully aware of the extent to which they are involved in criminal activity, they typically ignore clear indicators that what they do is illegal or suspicious. 

(3) Complicit Individuals know they are involved in criminal activity yet still engage in it willfully. This type of money mule ranges from inexperienced individuals unaware of their involvement to experienced and adept fraudsters who run entire money mule rings. 

Identity Theft Prevention Program 

Beyond the legal ramifications of acting as a money mule,[vi] the people who serve as money mules may open themselves up to identity theft. All of their personally identifiable information ("PII") can be stolen by criminals, leading to the theft of their financial assets. Victims often wind up with drained accounts, damaged credit, and deprivation of medical treatment due to loss of cash liquidity. 

Stealing an individual's identity is a fraud committed or attempted using the identifying information of another person without authority.[vii] The "identifying information" of a victim is particularly onerous because such information means "any name or number that may be used, alone or in conjunction with any other information, to identify a specific person."[viii] 

The Red Flags Rule (" Rule") goes back to 2007 under a section in the Fair and Accurate Credit Transaction Act (FACTA), which amended the Fair Credit Reporting Act (FCRA).[ix] The Rule was promulgated in 2010.[x] 

If you haven't reviewed your written Identity Theft Protection Program – which is statutorily required – it is a bit late now, given that the regulators are currently involved in an investigation. In compliance, it is not the case to throw up your hands and, as you do, declare it is "better late than never." Indeed, that phrase harks all the way back to Geoffrey Chaucer in the 14^th century, who said, "For better than never is late; never to succeed would be too long a period."[xi] 

In compliance, virtually everything has a tail, a trace, a remnant, a vestige, some lingering scintilla of activity, a dash of evidence that cannot escape discovery at some point and in some way. Thus, "better late than never" is not functionally good enough in compliance. 

Pay attention to the second half of Chaucer's statement, "never to succeed would be too long a period." There are no viable exceptions to maintaining regulatory vigilance, and if there is a systemic or some other failure, admitting the mistake and fixing it permanently. Regulators are sometimes sympathetic to companies that recognize and willingly fix mistakes. But be assured that most of the time, they will find out about the errors you prefer not to tell them about. To succeed in compliance, you must proactively review, monitor, test, train, and implement regulatory requirements. 

There are notorious correlations between money mules and identity theft. I have been discussing "traditional" money mules, but there are "synthetic identities" used by money mules. Synthetic identities are created using a discrete combination of PII to fabricate a person or entity. Given the availability of stolen data on the dark web, these identities are easy to create on a large scale. 

If you haven't reviewed your Identity Theft Prevention Program in some time, you are quite remiss, and, from a regulatory compliance perspective, you are not only opening yourself to regulator scrutiny but may also be recklessly endangering your customers. 

Anti-Money Laundering Program 

You asked, How do "money mules" undermine anti-money laundering procedures? In our Anti-Money Laundering test audits, we have noted weaknesses in screening for money mules. The results of our findings are provided in our Executive Summary, and we offer our work papers so that you can see how deep we have gone to evaluate your AML program. We provide recommendations to fix the weaknesses. 

Our reviews have uncovered many money mule schemes. However, catching the scams is a never-ending task because the crooks are remarkably inventive in finding ways to undercut even the best AML programs. 

There are telltale elements that might indicate a money mule has landed on your AML radar. We are always adding to our audit list as crooks invent new schemes and scams. You should do the same! These scams come up repeatedly in our AML test audits to the point that we consider them triggers to conducting an investigation to determine if a Suspicious Activity Report (SAR) should be filed with FinCEN[xii]. 

Our organization maintains a list of warning signs that a money mule may be making their way onto a client's AML radar. Our list contains elements provided by CISA[xiii], and we build on these elements continually. In our estimation, AML compliance must include, among other things, periodic testing, employee training, due diligence, transaction monitoring, Identity Theft Protection Program mandates, KYC and KYB[xiv] requirements, CIP[xv], OFAC[xvi], identity theft[xvii] "frozen credit" alerts, and historical SAR filings. 

An example of due diligence is conducting your own investigation. Money mules can contaminate PII. During an investigation, a client of ours discovered that a money mule group used fake websites and social media profiles to trick victims into providing their personal information. It then used that PII to open bank accounts, apply for mortgage loans, and set up cryptocurrency wallets. This criminal group then laundered the stolen funds through a network of money mules, who received and transferred the funds on behalf of the criminals.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

---

[i] Placement is where illegitimate funds are introduced to the legitimate financial system.

[ii] Integration is where layered funds (which now appear legitimate) are returned to the criminal.

[iii] Layering is where the criminal intentionally moves funds to disguise where the money actually originated.

[iv] Two Indicted in Scheme that Allegedly Laundered over $2 Million Generated by ‘Grandparent Scams’ Targeting Elderly Victims, Press Release, Department of Justice, U.S. Attorney's Office, Central District of California, December 12, 2023

[v] Hamlet, Act 1, Scene 5, Shakespeare

[vi] For instance, among other things, the charge of conspiracy to commit money laundering carries a statutory maximum penalty of 20 years in federal prison, and the charge of conspiracy to commit bank fraud carries a sentence of up to 30 years.

[vii] 16 CFR 603.2(a)

[viii] 16 CFR 603.2(b)

[ix] The Red Flags Rule was issued in 2007 under § 114 of the Fair and Accurate Credit Transaction Act of 2003 (FACT Act), Pub. L. 108-159, amending the Fair Credit Reporting Act (FCRA), 15 USC 1681m(e). The Red Flags Rule is published at 16 CFR 681.1. See also 72 FR, Nov. 9, 2007.

[x] The Rule was amended in 2010 by the Red Flag Program Clarification Act of 2010, 15 U.S.C. 1681m(e)(4), Pub. L. 111-319, 124 Stat. 3457 (December 18, 2010).

[xi] Actually, the phrase is a direct translation from the Latin “potiusque sero quam nunquam” (viz., and better late than never) in Livy’s fourth book Ab Urbe Condita (History of Rome), 27 BC. The full quote in Livy is “Their insolence and recklessness must be opposed, and better late than never.” (My translation.)

[xii] Financial Crimes Enforcement Network (FinCEN), for nonbanks, see Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Residential Mortgage Lenders and Originators, Financial Crimes Enforcement Network, 77 FR 8148-8160 (February 14, 2012), as revised from time to time.

[xiii] CISA provides several publications involving money mules and other schemes. One example is Understanding and Protecting Yourself Against Money Mule Schemes, Matthew DeSantis, Chad Dougherty, Mindi McDowell, US-CERT, Cybersecurity & Infrastructure Security Agency

[xiv] Respectively, Know Your Customer (KYC) and Know Your Business (KYB)

[xv] Customer Information Program (CIP)

[xvi] Office of Foreign Assets Control (OFAC)

[xvii] FCRA Identity Theft Rules, Op. cit. ix

Identity-Related Suspicious Activity

QUESTION 

We are a large mortgage lender in the West. A hedge fund owns us. Recently, the hedge fund came down hard on our compliance department for allowing the originating of loans that our AML process should have screened out. They were up in arms because our state regulator issued an administrative action against us. 

We didn't file some SARs that were identity-related, but we did document why the SARS were not filed. That didn't satisfy the regulator because they said we did not follow our own AML program guidelines. We may now lose our Safe Harbor because we didn't file the SARs by following our own policy. 

There are other issues, but the biggest one involves not screening for identity-related suspicious activity. That's the regulator's term: "identity-related suspicious activity." 

The auditor we hired to do our annual AML test was fired. Now, to comply with the regulator, we have to find an auditor who will work with us to review the last 36 months to determine if we should have filed more identity-related SARs. This is a massive undertaking. I am one of several operations persons drafted into the compliance department to assist. I want to know more, and I hope you will give us some feedback. 

What is identity-related suspicious activity? 

ANSWER 

We provide Anti-Money Laundering (AML) testing and training. We were the first compliance firm in the country to offer testing, training, and a written AML Program. Also, we handle large AML due diligence projects such as the one you've described. If you want information about our AML compliance support, contact us here. 

For years, the Financial Crimes Enforcement Network (FinCEN) has issued trend analyses showing that identity-related suspicious activity is a huge percentage of filings. For instance, in 2021, approximately 1.6 million SARs (42% of the SARs filed that year) related to identity, which was $212 billion in suspicious activity. 

Just a few weeks ago, FinCEN published its findings as part of its ongoing Identity Project ("Report").[i] The Report outlines how bad actors exploit identity-related processes in processing transactions as well as opening and accessing accounts. 

I will provide a cursory overview of the Report and then move on to an answer to your question. 

TYPOLOGIES 

The Report discusses the existence of significant identity-related exploitations through various schemes. FinCEN identified over fourteen "typologies" commonly indicated in identity-related SARs. 

The most frequently reported were 

(1) fraud,

(2) false records,

(3) identity theft,

(4) third-party money laundering, and

(5) circumvention of verification standards. 

These top five typologies accounted for 88% of identity-related SARs and 74% of the total suspicious activity reported in 2021. 

TRENDS 

Trends found in the BSA reporting include: 

·       Although identity-related suspicious activity impacted all types of financial institutions, depository institutions filed the most identity-related BSA reports, which was about 54% of all identity-related filings. 

·       The impact of identity-related exploitations by BSA report volumes and cited U.S. dollar values are significant. Attackers most frequently use impersonation tactics, followed by compromise during authentication, and then circumvent verification to evade detection. Compromised credentials have a disproportionally large monetary impact compared to impersonation and circumvention. 

·       The Report found that compromised credentials have a disproportionate financial impact compared to other types of identity exploitation. 

SAFE HARBOR 

I will not comment on your company's exposure to losing the Safe Harbor except to point out that the Safe Harbor provision of the Bank Secrecy Act (BSA)[ii], among other things, shields financial institutions, their officers, and employees from civil liability for reporting known or suspected criminal offenses or suspicious activity by filing a SAR. From your question, I can't tell who told you that your company may lose the Safe Harbor. 

The Safe Harbor provides immunity to any "financial institution that makes a voluntary disclosure of any possible violation of law or regulation to a government agency." This protection precludes liability under any federal, state, or local law, or regulation, or under any contract. Nevertheless, courts have disagreed about the scope of the protection it affords. You should be working with competent counsel in responding to the regulatory agency. 

SCREENING PROCEDURES 

It seems to me that your screening procedures failed to identify identity-related suspicious activity. You state that the regulator alleges you did not follow your own AML program procedures. That infers that you have procedures in a ratified AML Program that were not implemented. 

There are three stages to a systemic framework that mitigates identity-related suspicious activity.[iii] These stages are: (1) Validation; (2) Verification; and (3) Authentication. I do not think this framework is failsafe, but it is quite comprehensive. Nonetheless, in the age of Artificial Intelligence, we can expect updates to these stages. 

The following is a brief outline of each stage. 

Validation 

The validation stage begins when a customer presents identity attributes and supporting evidence (i.e., birth certificate, passport, driver's license, and so forth) – in person or remotely – for review by a financial institution. The financial institution then attempts to determine:

a)     Whether the presented identity exists (i.e., whether it is tied to a real-life identity);

b)     Whether the presented identity is unique (i.e., whether it is claimed by only one entity);

c)     Whether the presented information and evidence are authentic and accurate. 

Generally, the financial institution makes these determinations by comparing the presented information and evidence against authoritative government data, such as public records and Social Security Administration data, or third-party data sources, such as credit reporting agency, utility, and employer data (i.e., independent and reliable data sources). 

Verification 

In the verification stage, the financial institution confirms that the previously validated identity evidence belongs to the customer. The financial institution may, for instance, match the customer's appearance in person (or virtually) via photo or video to a photo on the customer's driver's license, passport, or other photo identification. 

Verification tools and techniques can rely on humans or be entirely automated. These tools may also use biometrics like facial recognition and "liveness" detection or verify documents and attributes to determine a match. This process may also use various other technical and risk data from third parties. 

Authentication 

In the authentication stage, a financial institution assesses whether the customer is who they purport to be based on the customer's possession and control of valid "authenticators." Financial institutions may also engage in other activities involving transactions, such as verifying counterparties and other transaction monitoring. 

Authentication is supposed to provide "risk-based" assurance that the customer is the same customer whose identity was validated and verified during previous steps of the identity process. 

The authentication process can occur in person or remotely, be manual or digital, rely on humans or machines, and is considered more robust when it depends on multiple authentication factors (i.e., multifactor authentication). 

Common authentication factors include: 

a)     Ownership of something the customer has (i.e., a badge, phone, or cryptographic key);

b)     Knowledge of something the customer knows (i.e., a password, passphrase, or PIN);

c)     Inherent or something the customer is (i.e., a fingerprint or other biometric data).

Customer Identification Procedures

QUESTION 

We submitted our CIP policy to our regulator in an examination.

In the exit interview, we were told the CIP policy does not have a set of core procedures required under the USA Patriot Act. We’ve provided this policy before, and they never said anything. Now they want us to revise it by including a checklist, but they are not telling us what goes into the checklist! 

We could use an outline of some basic checklist items to update the checklist. 

What should we provide as some checklist areas to implement our CIP policy? 

ANSWER 

Remember that whatever you put into a policy document with respect to procedures must be monitored and tested periodically. How do you know any checklist works if you are not monitoring and testing its effectiveness? 

The USA Patriot Act is a foundational Act for Customer Identification Procedures (CIP), and any checklist must conform with the Act’s mandates. 

In my view, your checklist should contain at least four procedural features: verifying identity, recordkeeping, list-checking, and customer notice. 

Let’s consider each of them in a checklist format. 

Verifying Identity 

The identity of every mortgage loan applicant should be screened for the following information (at minimum):

·       Name 

·       Date of birth 

·       Residential or business street address 

·       Citizenship:

o   For a U.S. person, use a taxpayer identification number.

o   For a non-U.S. person, one or more of the following:

§  a taxpayer identification number; passport number, and country of issuance;

§  alien identification card number, or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard.

o   Instead of obtaining a taxpayer identification number from a customer before opening the account, you may open an account for a customer who has applied for a taxpayer identification number but has not yet received one. In this case, however, you should confirm the application for the number was filed before the customer applied for the loan, and you should obtain the taxpayer identification number within a reasonable period of time after the account is opened.

One warning: Documents used to verify identity may include any unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguards, such as a driver’s license or passport. But be very careful in utilizing this method! 

Recordkeeping 

It is essential to maintain records of the information used to verify a person’s identity, including, but not limited to: 

·       All identifying information about a customer; 

·       A description of any document relied on, noting the type of document; 

·       Any identification number contained in the document, the place of issuance, and, if any, the date of issuance and expiration date; 

·       A description of the methods and the results of any measures undertaken to verify the identity of the customer; and, 

·       A description of the resolution of any substantive discrepancy discovered when verifying the identifying information obtained. 

Record of the foregoing information should be kept for at least five years after the mortgage loan is paid off or transferred to a loan purchaser. 

List-Checking 

Checking certain lists is a critical aspect of the CIP process. You should determine whether the person appears on any lists of known or suspected terrorists or terrorist organizations available to your financial institution or provided to your financial institution by any government agency. 

·     Designate a person or department responsible for determining whether each new customer appears on any list of known or suspected terrorists or terrorist organizations issued by any federal government agency and designated as such by the Treasury Department in consultation with the federal functional regulators. 

·     The designated person should make a determination within a reasonable period of time after a loan closes, or earlier, if required by another federal law or regulation or federal directive issued in connection with the applicable list. 

·     Follow all federal directives issued in connection with the lists. 

Customer Notice 

Be sure to provide customers with adequate, written notice that you request information to verify identities as required by the USA Patriot Act.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

Mortgage Fraud versus Money Laundering

QUESTION         

We recently completed your AML audit test and found that mortgage fraud and money laundering differ. This became clear when we learned that layering occurred on one of our loans. 

Three people were involved in a mortgage fraud scheme. Two stole the personal information, and the other one used that information to obtain a fraudulent loan. She became our borrower. Once the borrower received the loan's proceeds, some of the funds were transferred to the other two accomplices. We were shocked. 

Our question involves finding out how to identify mortgage fraud as distinct from money laundering. 

What is the difference between fraud and money laundering? 

ANSWER

Conducting the test of the Anti-Money Laundering Program is statutorily required. Each Residential Mortgage Lender and Originator[i] ("RMLO") must adopt a policy and procedure for Anti-Money Laundering in recognition of its obligations under the Bank Secrecy Act ("BSA"), other related money laundering regulations, the requirements of the Financial Crimes Enforcement Network (FinCEN), and federal and state licensing agencies. 

Testing every twelve months is recommended but not later than every eighteen months. An audit of the procedures must be conducted either internally, pursuant to FinCEN guidelines, or by an independent, external auditor entirely independent of the BSA Officer. Most clients retain us to conduct the audit test every twelve months. Our firm was the first in the country to offer AML testing for RMLOs.[ii] 

You can request information about our AML policy, testing, and training HERE. 

Simply stated, fraud creates value for the fraudster. Money laundering is the process by which that value enters the financial system and then moves around within and exits the financial system. 

Money laundering is the criminal practice of processing ill-gotten gains, or "dirty" money, through a series of transactions; in this way, the funds are "cleaned" so that they appear to be proceeds from legal activities. In effect, money laundering is the process of disguising funds derived from illicit activity in order to permit the use of the funds without the detection of the illegal activity that produced the funds. 

Fraud negatively impacts an organization's balance sheet, as the fraud will likely result in a loss of assets. The goal of a fraud is to steal value from the financial services provider. 

On the other hand, money laundering often boosts the balance sheet of a financial institution, as it results in greater use of the organization's products and services and more fee income. Money launderers are accustomed to paying a premium to place their funds in the financial system and often are less sensitive, if not indifferent, to the costs of moving such funds within the financial system. 

FinCEN has amassed substantial data on mortgage fraud. Traditional mortgage fraud involves homebuyers and/or lenders who falsify information to obtain a home loan. Other forms of mortgage fraud have proliferated in recent years and may include a plethora of scams, such as mortgage rescue and loan modification scams, reverse mortgage scams, rent-to-own scams, and bait-and-switch scams. 

Scammers may pose as lawyers, credit counselors, forensic loan auditors, mortgage loan auditors, or foreclosure prevention auditors. Indeed, in our AML tests and risk assessments, we have found that in both money laundering and terrorist financing, criminals can exploit loopholes and other weaknesses in the financial system to launder criminal proceeds, finance terrorism, or conduct other illegal activities, and, ultimately, hide the actual purpose of their activity. 

Terrorist Financing and Money Laundering

Since I'm providing an understanding of the difference between mortgage fraud and money laundering, I think this is a good place to clarify the difference between terrorist financing and money laundering. Many people think they're the same, but that is not true. 

Money laundering and terrorist financing are distinctly different criminal acts. However, as the law enforcement community has investigated how terrorists finance their activities, they have found that money laundering is often a necessary part of financing terrorist efforts. 

Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same or similar to those used by other criminals who launder funds. For example, terrorist financiers use currency smuggling, structured deposits or withdrawals from bank accounts, purchases of various types of monetary instruments, credit, debit, or prepaid cards, and funds transfers. 

Getting back to the concept of "clean" funds versus "dirty" funds, terrorist financing may involve either of them. Clean funds are funds obtained from ostensibly legitimate sources, such as personal employment, donations to a charitable organization, or the good faith purchase of goods – the purpose of which is the intention to use or contribute the proceeds therefrom to fund terrorist activities. 

Dirty funds, however, are those obtained through criminal activities. Terrorists have reportedly relied on extortion, kidnapping, narcotics trafficking, smuggling, fraud, theft, robbery, identity theft, and the use of conflict diamonds[iii] to raise money for their activities. 

Money laundering is typically described as occurring in three stages: placement, layering, and integration. However, as more financial transactions are conducted electronically, the lines between the three phases are gradually blurring.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 

Lenders Compliance Group

---

[i] Briefly put, a person who accepts a residential mortgage loan application or offers or negotiates terms of a residential mortgage loan.

[ii] Residential mortgage lenders and originators (RMLOs – known as “mortgage companies” and “mortgage brokers” but not individual loan originators) were subject to the Bank Secrecy Act’s (BSA) anti-money laundering regime pursuant to a regulation published in the Federal Register on February 14, 2012 by FinCEN, a part of Treasury that implements the U.S.’s anti-money laundering regime. Under the new rules, RMLOs are required to develop and implement an anti-money laundering program (AML Program) and begin suspicious activity reporting (SAR filings) by August 13, 2012.

[iii] Conflict diamonds originate from areas controlled by forces or factions opposed to legitimate and internationally recognized governments and are used to fund military action in opposition to those governments, or in contravention of the decisions of the United Nations Security Council.

COVID-19: Imposters and Money Mules

QUESTION

I am an attorney who handles compliance for a small bank here in the southeast. A customer came into our branch and indicated that a person claiming to represent a government agency contacted her by phone, followed up with email, and asked for bank account information to process an Economic Impact Payment.

Customers have told us about unsolicited communications from supposedly trusted sources or government programs related to COVID-19, instructing readers to open embedded links or files or to provide personal or financial information, including account credentials (i.e., usernames and passwords).

We even reported a SAR on a customer who made several atypical transactions involving an overseas account. When we asked about these transactions, the customer indicated they were for a person located overseas who needs financial assistance because of the COVID-19 pandemic.

I wonder if you would provide some possible scams relating to COVID-19. What are some illicit activities and consumer fraud schemes that are associated with COVID-19?

ANSWER

Most people want to obey the law. Unfortunately, there are plenty of bad actors who spend their time cooking up ways to defraud consumers. One set of responsibilities for a bank or nonbank is to detect, prevent, and report consumer fraud and other unlawful activities. COVID-19 has brought out the best and the worst in people, especially the worst of the worst: those who would stalk consumers to connive ways to filch their hard-earned assets amid a pandemic. Let’s face it, some people are just so broken that they don’t care about anyone but themselves. But everyone has a stake in a stable economy.

There has definitely been an increase in consumer fraud relating to COVID-19. I am going to briefly outline two types of fraudulent schemes: imposter scams and money mule schemes. Both of these deceptive tactics are described in your question.

Keep in mind that crooks are very creative. As soon as their scam is exposed, they come up with another way to commit fraud. So, even as I write a response, the bandits are continuing to find new ways to manipulate consumers, doing their illegal most to exploit vulnerabilities caused by the pandemic.

Imposter scams and money mule schemes happen where actors deceive victims by impersonating federal government agencies, international organizations, or charities. FinCEN has identified the financial red flag indicators to alert financial institutions to these frauds and to assist financial institutions in detecting, preventing, and reporting suspicious transactions associated with the COVID-19 pandemic. We have broadened our Anti-Money Laundering Program testing, policies, and training to include such red flags.

For AML compliance assistance, contact us HERE.

But no single financial red flag indicator is necessarily indicative of illicit or suspicious activity. Financial institutions should consider additional contextual information and the surrounding facts and circumstances. Such context-related information includes a customer’s historical, financial activity, whether the transactions are in line with prevailing business practices, and whether the customer exhibits multiple indicators. Various criteria should be considered before determining if a transaction is suspicious or otherwise indicative of potentially fraudulent COVID-19-related activities.

In other words, your review should be “risk-based,” ensuring compliance with the Bank Secrecy Act (BSA). Therefore, perform additional inquiries and investigations where appropriate. Unfortunately, some of the financial red flag indicators may apply to multiple COVID-19-related fraudulent activities. Given that many scammers are targeting customers as opposed to financial institutions directly, financial institutions should remain on the alert for potential suspicious activities when interacting with their customers,

Let’s discuss imposter scams first, and then follow with a discussion about money mule schemes. I have given you numerous footnotes to help you to train yourself, train your staff, and inform your customers. I will conclude with some guidance on completing the Suspicious Activity Report. You can always contact me if you want to discuss your compliance needs in detail. Contact me HERE.

Imposter Scams

In imposter scams, criminals impersonate organizations such as government agencies, non-profit groups, universities, or charities to offer fraudulent services or otherwise defraud victims. While imposter scams can take multiple forms, the basic methodology involves an actor who (1) contacts a target under the pretense of representing an official organization, and then (2) coerces or convinces the target to provide funds or valuable information, including engaging in behavior that causes the target’s computer to be infected with malware, or spreading disinformation.[i] In the case of schemes connected to COVID-19, imposters may pose as officials or representatives from the Internal Revenue Service (IRS),[ii] the Centers for Disease Control and Prevention (CDC),[iii] the World Health Organization (WHO), other healthcare or non-profit groups, and academic institutions.[iv]

Imposters defraud and deceive the vulnerable, including the elderly and unemployed, through the solicitation of payments (such as digital payments and virtual currency), donations, or personal information via email, robocalls, text messages,[v] or other communication methods. For instance, an imposter may contact potential victims by phone, email, or text to require that the victim must verify personal information or send payments to scammers in return for COVID-19-related stimulus payments or benefits, including Economic Impact Payments (EIP)[vi] under the Coronavirus Aid, Relief, and Economic Security (CARES) Act.[vii]

We have provided considerable information about EIPs in our free Checklist & Workbook, Business Continuity Plan, COVID-19 Pandemic Response (now on its Update # 7, with Update # 8 to be released soon). Get it HERE.

Another instance includes imposters contacting victims and posing as government or health care representatives engaged in COVID-19 contact tracing activities, implying that a victim must share personal or financial information as part of contact tracing efforts.[viii] I could give a host of multiple examples, including phishing schemes, where imposters send communications appearing to come from legitimate sources, to collect victims’ personal and financial data while potentially infecting their devices by convincing the target to download a malicious attachment or click malicious links.[ix]

Scammers may also impersonate legitimate charities or create sham charities, taking advantage of the generosity of the public and embezzling donations intended for COVID-19 response efforts.[x]

As to other communication methods, criminals often use social media accounts, door-to-door collections, flyers, mailings, telephone and robocalls, text messages, websites, and emails mimicking legitimate charities and non-profits to defraud the public. These operations may include words like “relief,” “fund,” “donation,” and “foundation” in their titles to give the illusion that they are a legitimate organization.[xi]

Money Mule Schemes

You may not have heard this term before. It’s a pretty nasty activity. A money mule is “a person who transfers illegally acquired money on behalf of or at the direction of another.”[xii] Money mule schemes, including those associated with the COVID-19 pandemic, span the spectrum of using unwitting, witting, or complicit money mules.[xiii] An unwitting or unknowing money mule is an individual who is “unaware that he or she is part of a larger criminal scheme.”

This crook is motivated by a host of reasons, most of them not worth mentioning.[xiv] A witting money mule is an individual who “chooses to ignore obvious red flags or acts willfully blind to his or her money movement activity.” The individual is motivated by financial gain or an unwillingness to acknowledge his or her role.[xv] A complicit money mule is an individual who is “aware of his or her role as a money mule and is complicit in the larger criminal scheme.” The individual is motivated by financial gain or loyalty to a criminal group.[xvi]

During the COVID-19 pandemic, U.S. authorities have been detecting recruiters using money mule schemes, such as good-Samaritan, romance, and work-from-home schemes.[xvii] In work-from-home schemes, for instance, COVID-19 money mule recruiters, under a false charity or company label, approach targets with a seemingly legitimate offer of employment under the pretense of work-from-home jobs, often through Internet or social media advertisements, emails, or text messages. Once the target accepts the “employment,” he or she receives instructions to move funds through accounts or to set up a new account in the target’s name for the bogus “business.” The target (i.e., the money mule) earns money by taking a percentage of the funds that he or she helps to transfer per the instructions of the bogus “employer.”[xviii]

U.S. authorities also have identified criminals using money mules to exploit unemployment insurance programs during the COVID-19 pandemic.[xix]