Can you spot disaster-related fraud?

Agencies offer guidance to identify common fraud schemes.

July 11, 2018

NCUA consistently urges all federally insured credit unions to perform routine reviews of their disaster preparedness and response plans. During times of emergency, credit unions need to have heightened awareness of related fraud schemes and scenarios.

Disaster recovery plans help credit unions minimize service interruptions and maintain member confidence. They also should address the increased potential for fraud.

The National Center for Disaster Fraud (NCDF) identified fraudulent activity red flags to inform financial institutions. The Department of Justice established NCDF to investigate, prosecute, and deter fraud in the wake of any natural or man-made disaster.

More than 30 federal, state, and local agencies participate in NCDF, which acts as a centralized clearinghouse of information related to all types of disaster relief fraud. The Financial Crimes Enforcement Network (FinCEN) highlighted NCDF’s red flags in a 2017 advisory (FIN-2017-A007).

Common schemes that arise include benefits fraud, charities fraud, and cyber-related fraud. Credit unions should consider the following fraud indicators as they fine-tune their preparedness and response plans for the 2018 hurricane season—June 1 to Nov. 30—and beyond.

Benefits fraud

Benefits fraud occurs when individuals apply for emergency assistance for which they are not entitled. These individuals use financial institutions as a conduit for fraudulent transactions, such as depositing or obtaining cash derived from emergency assistance payments.

Fraudsters typically use wire transfers to request withdrawals, wire funds to accounts, and immediately withdraw the funds.

Red flags include:

►Deposits or electronic fund transfers of multiple emergency assistance payments (e.g., Red Cross, Federal Emergency Management Agency) being made into the same account. Dollar amounts are similar or identical.

Cashing of multiple emergency assistance checks by the same individual.

Deposits of one or more emergency assistance checks, when the accountholder is a retail business and the payee/endorser is an individual other than the accountholder.

Opening of a new account with an emergency assistance check, where the name of the potential accountholder is different from the check depositor.

Charities fraud

Charities are a vehicle for donations to assist victims of man-made and natural disasters. Criminals, however, use bogus charities to exploit the public’s generosity for their own gain. Both legitimate and fraudulent charity solicitations can originate from emails, social media, websites, phone calls, mailings, and more.

Disaster-related charities fraud may occur when a credit union notices that a payee organization’s name is similar to—but not exactly the same as—those of reputable charities. It also may recognize the atypical use of money transfer services for charitable collections. Legitimate charities don’t solicit donations via this channel.

The following tips may help credit union officials, employees, and members avoid bogus charities:

Don’t respond to any unsolicited incoming or spam emails or click links in those messages because they may contain computer viruses.

Be wary of individuals asking for donations via email or social networking sites.

Beware of organizations with names similar to but not exactly the same as those of reputable charities.

Rather than follow a link to a website, verify the legitimacy of a nonprofit organization before providing any payment information.

Be cautious of emails that claim to show pictures of the disaster areas in attached files because the files may contain viruses. Only open attachments from known senders.

Don’t rely on others to make the donation on your behalf. This ensures contributions are received and used for intended purposes.

Donate directly to the charity.

Cyber-related fraud

Cybercriminals often exploit natural disasters by sending fraudulent communications via email or social media and by creating fake websites to solicit contributions.

Credit union officials, employees, and members should watch out for emails from potentially illegitimate charitable organizations requesting donations—even when they appear to originate from a trusted source. These fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to phishing or malware infected websites.

Credit unions should also beware of illegitimate crowdfunding platforms. Again, cybercriminals create copycat websites using designs or names that are practically identical to legitimate charities and relief organizations. The sites often end with .com or .net. Payments to these sites may indicate fraudulent activity. Most legitimate charities’ websites end in .org.

Suspicious activity reports

When filing a suspicious activity report (SAR) on these types of fraud, FinCEN requests, but doesn’t require, that filers reference the advisory FIN-2017-A007 and include the term “Disaster-related Fraud” in the SAR narrative and in field 31(z) (FraudOther) to indicate a connection between the suspicious activity being reported and the possible misuse of relief funds.

Credit unions are required to file a SAR with respect to:

►Criminal violations involving insider abuse in any amount.

►Criminal violations aggregating $5,000 or more when a suspect can be identified.

►Criminal violations aggregating $25,000 or more regardless of a potential suspect.

SARs are also required for transactions conducted or attempted by, at, or through the financial institution (or an affiliate) and aggregating $5,000 or more, if the institution or affiliate knows, suspects, or has reason to suspect that the transaction:

►May involve potential money laundering or other illegal activity (e.g., terrorism financing).

►Is designed to evade the Bank Secrecy Act or its implementing regulations.

►Has no business or apparent lawful purpose or is not the type of transaction that the particular customer or member would normally be expected to engage in, and the financial institution knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.

The presence or absence of a red flag in any given transaction is not by itself determinative of whether a transaction is suspicious. Credit unions should consider additional factors such as a member’s overall financial activity and whether the transaction exhibits multiple red flags, as well as the specifics of their own risk profiles and business models.

In other words, take all of the relevant facts into consideration. Don’t presume fraud is involved just because one of the above-mentioned red flags is present.

VALERIE Y. MOSS is CUNA’s senior director of compliance analysis. Contact CUNA’s Compliance Team at