During Tax Season, CUs Should Remain on Alert for Tax Refund Fraud
January 30, 2017
The Financial Crimes Enforcement Network (FinCEN) issued Advisory Fin-2013-A001 to remind financial institutions of information concerning tax refund fraud and the reporting of such activity by filing Suspicious Activity Reports (SARs).
Credit unions are critical in identifying tax refund fraud, and to assist credit unions in identifying potential tax fraud, FinCEN has identified the following red flags:
- Multiple direct deposit tax refund payments, directed to different individuals, from the United States Department of the Treasury (Treasury) or state or local revenue offices are made to a demand deposit or prepaid access account held in the name of a single accountholder;
- Suspicious or authorized account opening at a depository institution, on behalf of individuals who are not present, with the absent individuals being accorded signatory authority over the account. The subsequent deposits are comprised solely of tax refund payments. This activity often occurs with fraudulent returns for the elderly, minors, prisoners, the disabled, or recently deceased;
- A single individual opening multiple prepaid card accounts in different names, using valid TINs for each of the supplied names and having the cards mailed to the same address. Shortly after card activation, Automated Clearing House (ACH) credit(s) from Treasury, state or local revenue offices, representing tax refunds, occur. This is followed quickly by ATM cash withdrawals and/or point-of-sale purchases;
- Business accountholders processing third-party tax refund checks in a manner inconsistent with their stated business model or at a volume inconsistent with expected activity. Similarly, individuals processing third-party tax refund checks through a personal account with no business or apparent lawful purpose;
- Business accountholders processing third-party tax refund checks and conducting transactions inconsistent with normal business practices, which may include:
- A large volume of Treasury refund checks or bank checks being deposited, in contrast to other checks, such as payroll checks;
- A large volume of refund checks bearing addresses of customers who reside in another state;
- Multiple refund checks for the same or almost the same dollar amount;
- Treasury refund checks or bank checks representing electronic refunds with sequential or close to sequential numbers;
- The dollar amount of checks being deposited is not commensurate with the amount of currency being withdrawn to cover the cashing of these refund checks.
- Multiple prepaid cards that are associated with 1) the same physical address [individuals involved in criminal activity may also contact the customer service department requesting to change their address for their permanent prepaid card shortly after opening their temporary prepaid card account on-line]; 2) the same telephone number; 3) the same e-mail address; or 4) the same Internet Protocol (IP) address, which receive tax refunds as the primary or sole source of funds;
- The opening of a business account for a check cashing business at a financial institution, which subsequently processed a high volume of tax refund checks issued to individuals from other states;
- A sudden increase in volume involving the cashing of tax refund checks issued to individuals from across the United States, moving through the account of an existing check cashing service;
- Individuals using bank accounts where the majority of the transactions are ACH federal tax refunds or refund anticipation loans;
- Individuals attempting to negotiate double endorsed Treasury tax refund checks with questionable identification;
- Individuals accompanying multiple parties to the bank to negotiate Treasury tax refund checks. Such items may or may not be double endorsed checks;
- The freezing or closure of a personal or business account due to suspicious activity involving either Treasury tax refund checks or ACH Treasury deposits;
- The signature/endorsement on the back of the check(s) does not match the identification of the individual conducting the transaction;
- The same signature/endorsement is used on multiple checks, with multiple names;
- Employees of financial institutions may also facilitate tax refund fraud by conducting transactions inconsistent with normal activity through the following practices:
- Tellers who regularly process large quantities of Treasury tax refund checks. This may include one or more tellers during a specific time frame;
- Credit Union employees who open multiple bank accounts that received a large quantity of Treasury tax refund checks;
- Credit Union employees who did not follow proper identification procedures or accepted apparent fraudulent identification when opening an account.
Credit unions that know or have reason to suspect that potential tax refund fraud is occurring are required to file a SAR. When completing SARs on suspected tax refund fraud, credit unions should use the term “tax refund fraud” in the narrative section of the SAR. Due to the time sensitive nature of these transactions, a credit union may also wish to contact their local IRS Criminal Investigation Field Office to alert them that a SAR has been filed related to tax refund fraud. In order to obtain contact information for your local IRS Criminal Investigation Field Office, credit unions can call the FinCEN Regulatory Helpline.
Additional questions or comments regarding the contents of this Advisory should be addressed to the FinCEN Regulatory Helpline at 800-949-2732. Credit Unions wanting to report suspicious transactions that may relate to terrorist activity should call the Financial Institutions Toll-Free Hotline at (866) 556-3974 (seven days a week, 24 hours a day). The purpose of the hotline is to expedite the delivery of this information to law enforcement. Credit unions should immediately report any imminent threat to local-area law enforcement officials.
National Credit Union Administration (NCUA)
The NCUA released a video aimed at helping educate credit union boards about key ratios.
The NCUA announced that board member McWatters has been named the acting NCUA Chairman.
The NCUA issued a statement reminding tax payers about the potential benefits of applying for the Earned Income Tax Credit.
Federal Reserve Board (FRB)
The FRB announced the issuance of its progress report on efforts to improve the U.S. payment system. The progress report outlines accomplishments and steps needed to more forward relating to enhancing the efficiency and security of the U.S. payment system.
Federal Deposit Insurance Corporation (FDIC)
The FDIC has released the Winter 2017 issue of its FDIC Consumer News publication.
Office of the Comptroller of the Currency (OCC)
The OCC issued Bulletin 2017-7 which supplements Bulletin 2013-29 “Third Party Relationships: Risk Management Guidance.”
Internal Revenue Service (IRS)
The IRS, along with state taxing agencies, issued an alert regarding an email scam that is using a corporate officer’s account to request copies of employees’ W-2s. The IRS is urging companies to ensure that the request is legitimate and to verify any request that seems unusual.
Federal Trade Commission (FTC)
The FTC announced that it will a host Tax Identity Theft Awareness Week January 30, 2017 through February 3, 2017. The awareness week will include webinars and social media events aimed at helping consumers understand and reduce their risk related to tax identity theft.
Office of Foreign Assets Control (OFAC)
OFAC has updated the SDN list as of January 17, 2017. The last update prior to this was January 12, 2017.
Compliance Question of the Week
Are we required to implement policies and procedures specifically relating to safe deposit boxes and BSA monitoring? We have heard rumors that the NCUA is asking credit unions to produce and monitor reports that monitor safe deposit box activity.
Yes and no. Appendix F of the FFIEC BSA Manual does indicate that certain patterns of behavior/activity directly related to a safe deposit box can be considered suspicious.
Appendix F– Other Suspicious Activity:
- Customer visits a safe deposit box or uses a safe custody account on an unusually frequent basis.
- Safe deposit boxes or safe custody accounts opened by individuals who do not reside or work in the institution’s service area, despite the availability of such services at an institution closer to them.
- Customer exhibits unusual traffic patterns in the safe deposit box area or unusual use of safe custody accounts. For example, several individuals arrive together, enter frequently, or carry bags or other containers that could conceal large amounts of currency, monetary instruments, or small valuable items.
- Customer rents multiple safe deposit boxes to store large amounts of currency, monetary instruments, or high-value assets awaiting conversion to currency, for placement into the banking system. Similarly, a customer establishes multiple safe custody accounts to park large amounts of securities awaiting sale and conversion into currency, monetary instruments, outgoing funds transfers, or a combination thereof, for placement into the banking system.
- A safe deposit box opened on behalf of a commercial entity when the business activity of the customer is unknown or such activity does not appear to justify the use of a safe deposit box.
- A customer accesses a safe deposit box after completing a transaction involving a large withdrawal of currency, or accesses a safe deposit box before making currency deposits structured at or just under $10,000 to evade CTR filing requirements.
Most credit unions will not have a way to produce a report that shows the frequency of access by each member to a safe deposit box. However, credit union staff generally know their members and can determine if a member is changing their routine, if the routine is suspicious to begin with, and if the situation should be monitored.
While it may not be feasible to create a report that documents safe deposit box activity, credit union staff should be trained around the red flags found in Appendix F of the BSA Manual. The red flags that are listed provide a great training tool and could be incorporated into procedures that discuss identifiable suspicious activity. Most importantly, credit union staff should be able to identify suspicious behavior and know when, how and to whom it should be reported. Branch staff is usually the best resource when it comes to identifying suspicious activity. Their training should be targeted to the situations they would most likely encounter, such as over the counter transactions, safe deposit boxes, and account opening.