news.cuna.org/articles/117978-congressional-action-needed-to-help-fis-fight-covid-19-scammers
Conv

Congressional action needed to help FIs fight COVID-19 scammers

June 16, 2020

CUNA wrote in support of several bills it believes will help financial institutions combat financial scammers, it wrote Tuesday to the House Financial Services subcommittee on national security, international development and monetary policy. The subcommittee conducted a hearing Tuesday addressing ways financial bad actors are exploiting the COVID-19 crisis.

CUNA fully supports the Internet Fraud Prevention Act, introduced by Rep. Brad Sherman (D-Calif.), which would require the Federal Reserve, Federal Trade Commission, and FBI to study and report on Business Email Compromise Scams and require the Federal Financial Institutions Examination Council to include Business Email Compromise Scams in its Bank Secrecy Act and Anti-Money Laundering (BSA/AML) exam procedures.

“This effort could not be timelier. Nefarious actors are becoming more and more savvy, recruiting unsuspecting money mules – individuals who unknowingly transfer money acquired illegally in person, through a courier service, or electronically, on behalf of others,” the letter reads. “And, since the beginning of the pandemic, instances of reported cyber-attack have increased.”

Another CUNA-supported bill, introduced by Rep. Tulsi Gabbard (D-Hawaii), would require Federal Regulators, including NCUA, to issue guidance encouraging financial institutions to educate their members and customers at the signs of money mule scams.

CUNA also reiterated its principles that should be followed for any federal data security legislation:

  • Any new privacy law should include both data privacy and data security standards;
  • The new law should cover all business, institutions and organizations;
  • Any new law should preempt state requirements to simplify compliance and create equal expectation and protection for all consumers. 
  • Breach disclosure and consumer notification are important, but these requirements alone won’t enhance security or privacy:
  • Hold entities that jeopardize consumer privacy and security accountable through private right of action and regulatory enforcement:   
  • Recognize this issue for what it is--a national security issue.