Compliance Blog

Aug 19, 2020
Categories: BSA Fraud NCUA

Side Effect of COVID-19: Fraud Is on The Rise; NCUA issues Risk Alert


The National Credit Union Administration (NCUA) recently issued a risk alert (20-RISK-02) informing credit unions of the heightened risk of fraud amid the COVID-19 pandemic. The emergency situation we have been facing for over five months now, required the implementation of new or expanded government programs to aid consumers, such as the Coronavirus Aid, Relief, and Economic Security Act (CARES Act). Scammers are taking advantage of such opportunities and are defrauding consumers.

Though the alert, NCUA outlines the increased risks credit unions are facing associated with routine operations, summarizes red flags identified in fraud schemes related to CARES Act programs, and provides resources to report fraud to the most appropriate authorities and member education tools. This blog provides a summary of the most relevant points covered in the risk alert.

Financial Institution Fraud

This type of fraud includes new account fraud, identity theft, cybersecurity, risks, imposter and money mule schemes, and mobile banking application fraud. Because of the pandemic, most financial institutions have increased their digital presence and the scope of member’s remote access. Shifting from face-to-face to mainly providing products and services virtually have helped members during these difficult times, but as a side effect it has also created vulnerabilities scammers are trying to exploit. The NCUA encourages credit unions to monitor information about trends being released by federal agencies as they are identified “to remain vigilant and aware of the rapidly changing nature of these schemes.”

Small Business Administration Loan Fraud

The Paycheck Protection Program (PPP) was designed to help businesses affected by the COVID-19 pandemic by offering payroll financial relief. Common red flags associated with the program and PPP loan fraud include:

  • PPP applications containing engineered or fraudulent documentation, as well as applications in different names but almost identical information, supporting documentation and the same IP addresses;
  • PPP applications for fake business established during the pandemic most likely for fraudulent purposes;
  • Applications for existing accounts with a low balance and no history of payroll expenses during the relationship;
  • Applications by new members or new accounts that “do not reflect any previous business-related transaction activity, and funds are quickly transferred after receiving loan advances or proceeds”; and
  • Movement of the loan proceeds immediately after they hit the account (transfer, withdrawal, wire, etc.). In some cases, funds were used to “purchase luxury assets not associated with typical business-related expenses, or used to start an entirely new business.”

Credit unions can report suspected fraud to the Office of Inspector General.

Business Tax Credits Fraud

This type of fraud can include U.S. Treasury check deposits while receiving loan proceeds from SBA programs. A member taking advantage of the PPP is not allowed to also take advantage of the Employee Retention Credit. It can also include exaggerated wages or numbers of employees as doing this increases the amount of tax credits or advances a business is eligible to receive. Other red flags include U.S. Treasury check deposits into members accounts with no indication of business or payroll activity and members using deposits to pay personal expenses. If you suspect of fraud through your credit union related to business tax credits, you can report it to the IRS Criminal Investigation.

Unemployment Insurance Fraud

According To NCUA, the most common red flags associated with this type of fraud include the following:

  • An account receiving unemployment insurance benefits from other states without a reasonable explanation or unemployment insurance benefits for multiple recipients;
  • Using new accounts or established accounts with no transaction history to collect unemployment insurance benefits;
  • Imposter schemes where a fraudster impersonates an official entity to defraud victims; and
  • Money mule schemes “where an individual knowingly or unknowingly obtains money on behalf of, or at the direction of, someone else to improperly obtain unemployment insurance benefits.”

You can report fraud suspected in unemployment insurance benefits to the Department of Labor Office of the Inspector General.

Reporting Fraud and Educating Members

Credit unions are required to file Suspicious Activity Reports (SARs) related to these schemes through the Financial Crimes Enforcement Network (FinCEN) as they would for any other suspicious activities. The agency reminds credit unions that when they file such reports they should incorporate the type of fraud (name of the scam or scheme) on the appropriate field of the SAR, as well as “other detailed information, such as the potentially affected programs, common methodologies, identities, and IP addresses can significantly enhance law enforcement’s ability to detect and respond to CARES Act related frauds.” FinCEN usually indicates in its advisories the wording or key terms to use when filing SARs in order to link the instruments to the specific suspicious activity at hand.

You can contact NCUA’s Fraud Hotline at 800.827.9650 if you suspect employees, officers, or volunteers have engaged in fraud in connection with these or other programs. Alternatively, your credit union can provide the information to your NCUA regional office or state supervisory authority.

Educating members is one of the best mechanisms of defense credit unions can implement when it comes to fraud prevention. This can be accomplished by sharing fraud prevention and financial literacy resources with their members. If your credit union has any questions about NCUA’s educational resources, you can contact the agency at 703.518.1140.