LAS VEGAS (10/31/14)--It was 16 months between when Widget FCU submitted a complete record of eight suspicious accounts opened to the FBI and when CEO Gail Cook received a call from the FBI Special Agent Michael Thoreson saying Widget helped them crack one of the largest fraud conspiracies in history.
According to the FBI and the IRS, Widget's diligence helped them paint a picture of a wide-ranging conspiracy that resulted in tens of millions of fake IRS refunds and thousands of stolen identities.
"The IRS said to us, 'What you did is give us an Excel spreadsheet and you showed us the names and phone numbers and addresses, and I was able to go back and search the SAR [Suspicious Activity Report] database and requested a search on those names, addresses and phone numbers. And the request gave us so much information we didn't know where to begin,'" Cook said. "He told us how important the SARs are--that's what helped them put together the pieces together with all the financial institutions that were affected."
Seven credit unions, in addition to Widget FCU of Erie, Pa., with $264 million in assets, as well as P&C Bank are listed in the indictment as financial institutions affected by the fraud. According to the FBI, roughly 3,000 fraudulent accounts at 600 to 700 financial institutions, including at least one in every state, have been affected.
"The FBI told us the vast majority of those credit unions and banks have not been informed that they had fraudulent activity going on at their institutions," Cook said. "The media contacted some of the financial institutions in the indictment after a press release went out, and most of them said they had filed SARs and contacted the FBI, which is true, and some of that information was very helpful. But Agent Thoreson said, 'No one gave us the information and provided the research you did to show us how to crack the case.'"
Doherty Kushimo, Saburi Adeyemi, Abiodun Bakre, Adetunji Gbadegeshi and Adebola Mejule were indicted in April on charges of conspiracy to commit wire fraud and aggravated identify theft. According to the indictment, the five defendants submitted fraudulent federal tax returns in the names of individuals whose identities the conspirators stole, then opened accounts using other stolen identities, using those to hold the refunds.
The indictment alleged that approximately $21 million in fraudulent tax refunds was sought from the IRS, $10 million of which was paid.
Cook said closer inspection of new accounts, including the use of ChexSystems Qualifile product, which verifies identities, might have caught the red flags sooner.
"What we learned was, we really needed to look at ID verification and ChexSystems Qualifile reports. If we had read them a little closer, and if it doesn't look right, we need to start asking questions," Cook said. "Our reports showed that information was used to request a number of accounts at financial institutions around the country, and that should have been a red flag right there."
Since the case, Widget FCU has taken additional verification measures, including:
"One other thing we're working on is we have adapted a more sophisticated detection system for our online activity for IP addresses," Cook said. "If we're starting to see different IP addresses on an account, we'll call the member."
Cook presented Widget's story at the Credit Union National Association Bank Secrecy Act Conference in Las Vegas this week, which was held in partnership with the National Association of State Credit Union Supervisors (NASCUS).
"One of the frustrations of BSA compliance is you do a lot of work and some of it seems to go down the rabbit hole--you file your SARs and nothing ever comes of it--so we try to have one session every year that focuses on the results," said Brian Knight, NASCUS general counsel. "This is a success story for this credit union. They tugged on a little thread and tumbled a nationwide tax fraud."