UNLOCK THE POWER OF THE VAULT

Fraud Risks for Alternative Fund Sponsors and How to Reduce Your Exposure

June 14, 2021

Fraud Risks for Alternative Fund Sponsors and How to Reduce Your Exposure

June 14, 2021 | James Sprow | Blue Vault 

The following is derived from the June 9, 2021 Blue Vault Webinar featuring:

• Amy Small – SVP, Director of Institutional Custody, UMB Bank

• Anthony Rogers – SVP, Director of Fraud Operations, UMB Bank

• Chelsea Cook – VP, Enterprise Fraud Program Specialist, UMB Bank

Introduction

Fraud is an intentional or deliberate act to deprive another of property or money by deception. UMB’s main goal:  Protect the assets of our customers at the bank. (Fraud prevention is not viewed solely as a compliance exercise.)

Click here to watch this webinar on-demand!

Four Pillars of Fraud Prevention Program

• Fraud Prevention – activities and controls designed to limit the ability of fraud to occur in the first place

• Fraud Detection- dedicated monitoring efforts, identifying suspicious and anomalous behavior

• Fraud Response – once a fraud event has occurred, response focuses on what happens next (investigation, root causes, etc.)

• Fraud Recovery – action engaged to locate and recover stolen funds on behalf of the customer and/or the bank if possible

Education and training – fraud awareness programs provide a strong fraud prevention lift by engaging employees and customers in recognizing and reducing fraud risk.

Types of Fraud Risks

Identity Theft

ID Fraud has two main forms:

    • Fraudulent Applications – This involves attempts to use fraudulent identity information to obtain a new account

    • Account Takeover – This involves attempts to fraudulently gain access to existing accounts

Mitigation

• Data – Comparing info on application to various valid data sources

• Risk models – use of tools that score transaction or application, also score risky devices

• ‘Negative lists’ – Credit bureau or other industry alerts of known fraud

• Multi-factor authentication – at least two of the following:

› Something you know (knowledge factor) – password

› Something you have (possession factor) – phone or key fob

› Something you are (inherence factor) – voice or fingerprint

Card Fraud

• Counterfeit – fake cards with real account information stolen from victims

• Lost / Stolen – criminals know the clock is ticking until lost/stolen card is reported missing

• Non-Receipt – interception of a card before victim even has possession

• Card Not Present – criminals steal basic card information and use it to buy goods and services at e-commerce, phone and mail-order merchants

• Fraud Prevention Tips:

› Online banking tools to monitor account

› Text alerts

› Review statements

› Notify bank asap of card fraud or stolen/lost card

› Safe storage and use of cards

› Addressing Card Fraud – Strategy Development

              • Fraud strategy development is a fluid process with a general process:

› Identify fraud trends through reporting, fraud claims, overall analysis

› Analysis performed on the identified trends

› Mitigation strategies developed and tested

› Monitor effectiveness

› Make adjustments

Check Fraud

• In 2018, check fraud accounted for 47% or $1.3 billion of industry deposit account fraud losses

• Counterfeits, forgeries, and check alterations remain the most common check fraud types

• Scam deposit fraud also remains popular year over year

• Fraud Prevention Tips:

› Online banking tools to monitor account, text alerts

› Review statements

› Notify bank asap

› Positive Pay

› Paper Draft Block

› Dual control for reconciling

› Awareness on phishing and social engineering

Wire Fraud

• Wire fraud is the use of international wire networks to perpetrate fraud

• Sending a wire is like sending cash – there is no way to recall a wire once it has been sent, and chances of recovery are very low

• According to the SWIFT wire network, banks using SWIFT sent over 35 million transactions per day in 2020

ACH Fraud

• ACH Fraud is the use of Automated Clearing House network to perpetrate fraud

• All that is needed is the ABA routing number and an account number

• According to NACHA over $23 billion in ACH payments were made in 2018

• 24 hour window to return a business ACH/60 days for a personal account

• Fraud Prevention Tips:

› Use online banking tools to monitor an account

› Review statements

› ACH filters

› Awareness on phishing and social engineering

What is Social Engineering?

Social engineering is an in-person or online attack used to trick individuals into breaking normal security measures or routines.

It is our nature to trust and want to help. Cybercriminals use psychology and human nature to try to get you to bypass important security controls.

The attacker will attempt to:

• Deceive by presenting themselves as someone that can and should be trusted

• Communicate in person or through an online private message that appears harmless or even useful

• Prey on your emotions to encourage you to help them get through security protocols

What is Phishing?

Phishing scams are the most common types of social engineering attacks

These scams direct you to a fake website or install malware to allow cybercriminals to steal and use your credentials.  Once they have any authority you do, they can set up fraudulent wire transfers to steal customer funds or move secure files outside the controlled network.

They seek to obtain confidential information:

• System credentials

• Account information

• Social Security Numbers (SSN)

They use:

• Shortened URLs

• Sites that appear legitimate

They attempt to:

• URL link redirect you to a page to try to harvest your credentials

• Ask you to break routine and transfer funds outside normal protocol

• Introduce an executable malware file (.exe) through an email attachment that will do damage deceptively behind your workstation

Best Practices to Detect Phishing

•  Always look at the sender’s email address.  Think it’s from someone you know? An added letter or number in the address is a sign that it could be a compromised email account

•  Hover over the link with your mouse.  This will help make sure it is a valid link with destination name in the address.

• Never reply to an email unless you know for certain it’s valid.  Don’t try to find a reason to validate why someone is emailing you – it’s ok to be suspicious!

• Is the email general and not personalized?  Does it contain words like “Hello” instead of your name?  Watch for tone, poor spelling, and generic sign offs like “Regards” or “Thanks” with no name

What is Business Email Compromise?

A business email compromise (BEC) is a phishing scam that targets businesses and financial institutions to commit wire fraud.

How does it happen?

• A fraudster identifies himself as a high-level executive (CFO, CEO, CTO, etc.), lawyer, vendor, customer, or other type of representative

• He or she claims to be handling confidential or time-sensitive matters and initiate an urgent wire transfer to an account that they control

• If you don’t follow normal security controls to confirm the request using customer data on file funds lost through BEC can be permanently lost, leading to a loss of business, reputational damage, corrective action, etc.

Per the FBI, BEC is now the biggest cause of cybercrime financial losses for US organizations: $1.7 billion in reported losses in 2019

BEC is the fraud sweet spot – social engineering mixed with phishing that results in a big payoff

• Payment instruction changes

• Urgent wire requests

• Urgent requests from senior leaders or CEOs

Fraud Mitigation Tools / Solutions

•  Risk based & proactive monitoring – anticipating trends, early detection on emerging trends

• Pattern recognition – neural networks and machine learning (How does the fraudster’s behavior differ from legit transactions?)

• ‘Time is Money’ – fraud needs to be stopped in relevant time

• Industry solutions – many vendors & associations, from sophisticated AI machines to “snake oil”

• Collaboration among banks and other parties – consortium data, forums & conferences

• Law enforcement engagement

• Investment in technology, people and training

 

Click here to watch this webinar on-demand!

About UMB:

UMB Financial Corporation (Nasdaq: UMBF) is a financial services company headquartered in Kansas City, Missouri. UMB offers commercial banking, which includes comprehensive deposit, lending and investment services, personal banking, which includes wealth management and financial planning services, and institutional banking, which includes asset servicing, corporate trust solutions, investment banking, and healthcare services. UMB operates branches throughout Missouri, Illinois, Colorado, Kansas, Oklahoma, Nebraska, Arizona and Texas, and serves business and institutional clients nationwide. For more information, visit UMB.com, UMB Blog, UMB Facebook and UMB LinkedIn, or follow us on Twitter at @UMBBank. For information about UMB’s operations, approach and relief measures during the COVID-19 pandemic, please visit https://more.umb.com/covid-info/.

Go Back
Gil Armour, CFP
February 3, 2016

I have been using Blue Vault Partners for the past five years.  I have found them to be a valuable, unbiased resource when it comes to evaluating and comparing non-traded REITs.  The reports help me analyze which sponsors are doing a responsible job of managing their offerings.  This allows me to limit my REIT recommendations to only the most competitive products, and then track those REITs throughout their life cycle.