NCUA Issues New Risk Alert on COVID-19-Related Fraud


FraudThe National Credit Union Administration recently released Risk Alert 20-RISK-02 to inform credit unions about the risk of fraud associated with COVID-19. The alert describes increased risks associated with routine operations, outlines red flags associated with common fraud schemes in major CARES Act programs, provides references and avenues to report fraud or misconduct to the appropriate authorities, and gives suggestions for member education resources.

Fraud activity has been noticed in the following four areas:

Financial Institution Fraud – New account, identity theft, cybersecurity risks, imposter and money mule schemes, and mobile banking application fraud are all on the rise. Fraudsters are particularly motivated to attempt these schemes because of the predominately virtual environment, and the significant shift towards remote access. Fraudsters are increasingly seeking opportunities to exploit vulnerabilities in financial institutions’ remote access systems and customer-facing processes.

Small Business Administration Loan Fraud – Both the SBA’s Paycheck Protection Program and EIDL program have been targets for the fraudsters. Credit unions may not be directly part of the application process for these attempts but may be seeing proceeds being deposited via ACH. Some of the common red flags in these SBA programs include:

  • PPP applications with manipulated or fraudulent supporting documentation.
  • PPP applications in different names that contain nearly identical application information and supporting documentation, and originate from the same Internet Protocol (IP) address.
  • Fake businesses established during the pandemic that do not have an internet presence, and have minor differences between names on the application documents and public business registration documents.
  • Existing accounts may have a consistently low balance with no history of business payroll expenses.
  • New accounts created for the sole purpose of applying or receiving SBA funds. These accounts do not reflect any previous business-related transaction activity, and funds are quickly transferred after receiving loan advances or proceeds.
  • After loan advances or proceeds are deposited into an account, funds are immediately withdrawn in cash, wired out, transferred to an investment account, used to purchase luxury assets not associated with typical business-related expenses, or used to start an entirely new business.

Report fraud suspected through these or other SBA programs to the SBA Office of the Inspector General (SBA OIG).

Guidance on reporting ongoing PPP loans, how to cancel PPP loans, and additional information on fees paid to lenders is provided in SBA Procedural Notice 5000-20036. The SBA OIG has also published a lender alert regarding EIDL and how to return funds.

Business Tax Credits Fraud – The CARES Act allows businesses to take an Employee Retention Credit through business tax credits from the IRS. The CARES Act also authorizes an additional Credit for Sick and Family Leave for employers. Employers eligible for both tax credits can request an advance of the credits. These advances are paid by U.S. Treasury paper checks. Businesses must complete an IRS Form 7200 to receive these advances. Common red flags associated with fraud on the business tax credits include:

  • U.S. Treasury check deposits while receiving loan proceeds from SBA programs. Businesses are only allowed to take advantage of the Employee Retention Credit or the PPP program. They may not take advantage of both programs.
  • Inflated wages or numbers of employees to increase the amount of tax credits or advances received through a U.S. Treasury check.
  • U.S. Treasury check deposits into accounts with no indication of business or payroll activity.
  • U.S. Treasury check deposits used to pay personal expenses.

Report fraud suspected through these business tax credits to IRS Criminal Investigation.

Unemployment Insurance Fraud – The CARES Act provides additional unemployment insurance funding for eligible individuals. Unemployment insurance benefits can be disbursed using different mechanisms, such as debit cards or direct deposits. Risks and fraud schemes can vary significantly based on inherent risks posed by the mechanism used to receive the funds.

The most common red flags associated with these programs include:

  • An account receiving unemployment insurance benefits from another state without a reasonable explanation, or from multiple other states other than where the individual resides.
  • An account receiving unemployment insurance benefits on behalf of multiple individuals.
  • New or established accounts are opened, but they lack transactional activity. Then they are suddenly used to collect unemployment insurance benefits.
  • Imposter schemes, where a fraudster poses as an official entity to defraud victims, such as obtaining personally identifiable information to fraudulently file for unemployment insurance benefits.
  • Money mules, where an individual knowingly or unknowingly obtains money on behalf of, or at the direction of, someone else to improperly obtain unemployment insurance benefits.

Report fraud suspected in unemployment insurance benefits to the Department of Labor Office of the Inspector General.

Reporting Fraud – Credit unions should contact the respective federal agencies to report fraud and file Suspicious Activity Reports (SARs) as appropriate. Credit unions should include the type of fraud and/or name of the scam or scheme (for example, imposter scam or money mule scheme) in the appropriate field of the SAR. Including other detailed information, such as the potentially affected programs, common methodologies, identities, and IP addresses can significantly enhance law enforcement’s ability to detect and respond to CARES Act related frauds.

Member Education – Credit union members may also be vulnerable to the risks of fraud associated with the pandemic. Credit unions are encouraged to share fraud prevention and financial literacy resources with their members.

Question of the Week

Q. Do transfers initiated through a mobile device require a receipt with the transaction?

A. No. Like transfers and bill payments that are initiated by the member through their online banking, transactions on mobile devices are considered analogous in function to a telephone transfer. These transactions are considered electronic funds transfers and are covered under Reg E, but are not considered to be initiated at an electronic terminal, such as an ATM or POS, and do not require a receipt at the time of the transaction.

The transactions will need to be clearly identified on the periodic statement.

Related Links

12 CFR 1005.2(h)
Reg E Official Interpretations 1005.2(h)

Legal Briefs

National Credit Union Administration

Regulatory Alert – CFPB Issues Amendments to Payday Lending Rule
The NCUA issued Regulatory Alert 20-RA-07 to inform credit unions that the CFPB released final rule amendments to the Payday, Vehicle Title, and Certain High-Cost Installment Loans Rule on July 22.

Joint Statement on Enforcement of BSA/AML Requirements
The NCUA, along with the other federal banking agencies, issued a joint statement updating their existing enforcement guidance to provide transparency on how they evaluate enforcement actions. The statement clarifies that isolated or technical violations or deficiencies are generally not considered the kinds problems that would result in an enforcement action.

Washington State Department of Financial Institutions

Summer 2020 Consumer Services Newsletter
The DFI released the summer 2020 Consumer Services Newsletter. Some of the articles of interest focus on DFI assistance to distressed homeowners, remote operations and exams, and common exam findings.

Office of Foreign Assets Control

OFAC has updated the SDN list as of Aug. 17. The last update prior to this was Aug. 7.

Questions? Contact the Compliance Hotline: 1.800.546.4465;

Posted in Compliance News, Compliance News.