Who We Are
Compliance Services Group, LLC is the product of two nationally respected companies that provide responsive and high-quality compliance consulting and audit services for financial institutions of all types. In the summer of 2017, Compliance Services, Inc. and Northwest Compliance Group, LLC merged to form Compliance Services Group, LLC. Check out our press release for more details.
Our team of consulting and auditing professionals, with decades of consulting, auditing, and financial institution experience, serves over 75 financial institutions throughout the nation.
Compliance Services Group, LLC is focused on meeting your financial services compliance needs at a value proposition. We can help you implement and maintain a high-quality compliance management program for less than it costs to maintain internal expertise. We also offer compliance audit services either on an independent basis for board audit and supervisory committees or on behalf of the management team. We invite you to explore our service options on the above links to examine what we can do for the benefit of your institution. Contact us to discuss your specific needs.
Email Compromise Fraud
Earlier this month, the NCUA released Risk Alert 19-RISK-01, Business Email Compromise Fraud. The alert describes the increasing frequency of, and losses related to, business email compromise fraud schemes. It advises that credit unions should take steps to prevent this type of fraud and report such fraud to the FBI’s Internet Crime Complaint Center. Reporting the fraud increases the chance to recover funds that have been wired under fraudulent pretenses.
The Alert provides the following actions that credit unions can take to help prevent business email compromise fraud:
- Never make a payment change without verifying the change with the intended recipient.
- Verify the accuracy of email address when checking mail on a mobile device.
- Use a two-step verification process to verify wire requests with members, and use information from previously known email addresses and phone numbers rather than what is provided in the wire transfer request.
- Require staff to investigate and verify changes to members’ personal information or business practices of the credit union’s vendors or member business accounts.
- Know the routines of members’ wire activity and contact them with any changes or concerns before sending a wire transfer.
- Verify transaction details with the recipient bank before sending a suspicious wire transfer.
- Use email spam filters to quickly identify potential fraudulent or spoofed emails.
- Create rules in the credit union’s intrusion detection system to flag emails with extensions that are similar, but different to, your credit union or members.
- Use caution posting information on social media and company websites, especially job duties/descriptions, hierarchal information, and out-of-office details
- Implement multi-factor authentication (MFA) for corporate e-mail accounts that requires at least two pieces of information to login (something a user knows, such as a password, and something a user has, such as a dynamic PIN)
The Alert also contains an overview of the FBI Recovery Asset Team, including the types of crimes and fraud schemes upon which the team acts.
NCUA’s Risk Alert follows the Federal Reserve’s Synthetic Identity Fraud in the U.S. Payment Systems, the FFIEC’s Manufacturing and Construction Top Targets for Business Email Compromise, and FinCEN’s Updated Advisory on Email Compromise Fraud Schemes Targeting Vulnerable Business Processes (an updated version of FIN-2016-A003), all released in July, 2019.
These reports reflect how technology-driven fraud and identity theft schemes can target financial institutions, businesses, and consumers alike, with impact on AML and anti-fraud programs of financial institutions. All of these reports should be required reading for fraud and BSA staff in all financial institutions.