News & Press: News

Why Financial Crime Detection and Prevention Matters

Friday, April 1, 2016  
Posted by: Brian Kindle
Share |

A story graciously submitted by Marie Kerr
Independent AML consultant and systems expert in Annapolis, MD.
Mkerr.shamrock@comcast.net

With light editing and introduction by Brian Monroe
Director of Content and Business Development

Marie Kerr is one of these people you can’t just help but like and enjoy talking to about financial crime compliance or any other topic for that matter.

She has impressive knowledge of the most arcane minutia tied to financial crime compliance, including systems and technology and how it weaves through anti-money laundering compliance. She has investigated, remediated and helped thwart all manner of schemes, scams, spam and any other kind of green eggs and ham bad guys try to cook up.

The bottom line is after roughly a decade of regularly getting her help on stories covering the most challenging and frustrating topics regulators and investigators can come up with, I have never stumped her. In fact, in every conversation I spend as much time laughing as learning.

She is a true professional who reached out to me after she read a recent piece ACFCS did on the scourge of elder abuse.

Kerr pic

Well, without further ado, and blathering for me, here is Marie’s story.


A lonely woman falls for a silver-haired gentleman—the face of a criminal enterprise in Africa—in one of the most common romance scams known to law enforcement.  She loses her house and her savings.

She is devastated both financially and emotionally, taken in by shysters who understand the vulnerabilities of the lonely.  And in this true case, the lonely woman is also a victim of the American banking system.

When we first meet “Ms. Gray” she is sitting pretty on the cusp of retirement.  She owns her home, has money in the bank, and at 65, will soon be receiving Social Security.  Life is good, except for the loneliness.

Within 6 months, though, she will have lost her home, her savings, and her sense of safety.  Being taken in by the handsome white-haired gentlemen who gained her trust on an Internet chat room was bad enough.

What troubles her even more is the fact that one of the largest banks in the world—despite numerous strong red flags—enabled the financial fraud leaving her financially broken and the fraudsters financially whole.

This was a multi-bank scam involving sophisticated megabanks that included wire transfers, automated clearing house (ACH) transactions, high-risk countries and out-of-profile activity by our victim.  And yet they failed to detect the fraud.

The fraudsters were also sophisticated—in the psychology of lonely people and in bank payment systems.  They operate out of cavernous rooms filled with computers, the perpetrators reading from scripts, luring people from chat rooms, dating sites, social media in general.

They know human nature.  More importantly, they know precisely how transactions flow from bank to bank, country to country, within and between application software.  In this article we’ll focus on what happens within a bank and how banking software should have been used to detect, stop and mitigate this crime. [1]

Under Know Your Customer (KYC) mandates the victim’s bank (MegaBank1) would have created a profile of Ms. Gray and assigned her risk category.

The bank will have assessed various facets of her as a customer: her account types; her transaction types; typical dollar amounts of transactions; and which countries may have been involved in her transactions.

They also would have determined a baseline of her transactional activity (behavior) to set a pattern against which future transactions or account changes would be compared.

Alerts for the aged, vulnerable should garner more attention

Any time she acted outside of her profile, a transaction monitoring or fraud detection system would issue an alert to notify bank staff that something may be amiss and that a Suspicious Activity Report may have to be filed with the Financial Crimes Enforcement Network (FinCEN)[2].

Ms. Gray, being over 60, employed, and a home-owner—was computed by the bank’s scoring algorithms to be low risk.

Her account types and transactions were considered to be low risk as well. She had a checking account with a balance of approximately $1,500 and a Home Equity Line of Credit (HELOC) supported by the value of her home, worth over $600,000.

Over the course of two years, her accounts were almost dormant.

There were fewer than 30 low-dollar transactions through her checking account; she had not activated her HELOC; and she had not used the Internet/telephone banking feature that came with the checking account.  She had never made a wire transfer or used the Automated Clearing Houses (ACH) for regular debits/credits to or from another bank.

And then…a barrage of high-dollar transactions involving multiple banks and countries hit her account.

The fraudsters had convinced Ms. Gray that money needed to be wired to Ghana so that her love interest could get his son out of the country.  When she demurred, they told her they would put money into her account and then she should wire the money to a financial institution in Ghana (which was 90% owned by a bank in Nigeria).

Not only was Ms. Gray’s profile “shattered” by the following transactions in general (volume, dollar value), she (actually the fraudster) was transacting with high-risk financial institutions and countries.

Key red flags detail classic hallmarks of ‘romance scams’ 

These red flags, although glaring to a trained anti-money laundering (AML) or fraud specialist, eluded detection.  The bank had not created detection algorithms in their application software to identify the fraud:

  1. In a span of three weeks, 15 ACH transactions were made by telephone transfer, deposits into her HELOC. Each of the transfers, for just under $20,000, was a debit against a concentration account (for an offshore Caribbean bank, held at another bank, MegaBank2). Another bank, MegaBank3, was the settlement bank for these ACH transfers[3].
  2. Gray was instructed to transfer these funds from her HELOC into her checking account so she could then wire the funds out. She did this in the same time period, in five large-dollar amounts ($20,000, $20,000, $10,000, $40,000 and $80,000).
  3. The final step was three wire transfers for $40,000, $45,000 and $80,000 in the final two weeks of this cycle. Gray went to a branch of her bank, MegaBank1, to do this.  In her instructions to the teller, she stated that the funds should be routed through MegaBank2 on the way to the bank in Ghana.

Disaster struck Ms. Gray when MegaBank2, who held the concentration account for the Caribbean bank, disputed the 15 ACH transactions.  These transactions were then reversed, through the settlement bank, MegaBank3, and her checking account went into a serious overdraft situation.

Ms. Gray’s bank, MegaBank1, then debited her Home Equity Line of Credit for the amount of the 15 ACH transactions, causing her to default on her mortgage.  Ms. Gray not only lost her home, she also lost a significant amount of cash along with her dashed dreams for a future with her handsome suitor.

In attack aftermath, banks get whole, victim, a whole lot of nothing

All three megabanks in this sad story denied any fault, and all were made whole despite the known pattern of fraud perpetrated by these fraudsters.

In an ensuing article, we’ll look more at the superstructure and processes of the payment systems involved.

But for now it’s important to understand that Ms. Gray’s bank is the financial institution that not only had the legal requirement to detect patterns of fraud and money laundering, per the Patriot Act and the Bank Secrecy Act, the bank’s financial crime compliance team clearly should have seen the egregious red flags that pointed to the crime as it was being carried out.

This was a preventable fraud that is being perpetrated against innocent people every day.

There were clear signs of fraud that should have been detected by this sophisticated bank’s transaction monitoring/fraud systems.

Detection scenarios look for individual high-risk things as well as patterns that fit known fraudulent schemes.  The bank should have uncovered the following anomalies:

  1. Major change in her profile and transaction activity.
  2. Sudden high dollar amount transactions.
  3. Transaction amounts that are obviously threshold avoiding, designed to fly under the radar of detection system algorithms.
  4. Transactions to high-risk countries (Ghana, Nigeria)
  5. Detailed wire instructions (to Caribbean/offshore bank via MegaBank2). Customers do not typically care how wires are routed through banks.
  6. Large, round dollar amounts for the outgoing wires.
  7. Use of a HELOC to transact incoming ACH credits. HELOCs are not typically used for transacting business.

Ms. Gray’s bank is a large multi-national financial institution that clears millions of transactions daily.

The institution has a duty to know and detect the patterns of financial fraud. Although banks may typically focus on monitoring their customers as the possible originators or perpetrators of financial crime, detection scenarios must also look for patters of fraud from a victim’s point of view.

Everything about Ms. Gray, her accounts and her transactions, spoke of a low-risk person.  And then came the of out-of-profile, high-risk activity that screamed fraud.

The case described in this article is not an aberration; the statistics are staggering.

The most recent report from the FBI’s Internet Crime Complaint Center (IC3) shows that in 2014 Confidence Fraud/Romance Scam losses exceeded $86,000,000[4].

And the real number could actually be significantly higher as this figure only includes those crimes that are reported; many victims are too embarrassed to do so.

As well, banks should keep in mind that the vast majority of victims are female. And the future of such romance scams is a grim one.

Demographic trends suggest a worsening picture, as the baby boom population gets older and widowhood, with its concomitant loneliness, increases. The next victim may be your mother, your aunt, your sister.

[1] A subsequent article will look at this crime at the macro level—how bank-to-bank payment systems were used for the ACH and telephone banking transactions in this fraud.

[2] In this case the SAR category would be “elder financial exploitation.”

[3] These 15 ACH transactions were backward ACH “TEL” transactions; they were debits against a commercial account from her personal account, illegal under ACH rules.  A “TEL” is a one-time consumer-authorized payment to a vendor. As the ACH settlement bank, MegaBank3 should have understood the transactions to be invalid, and MegaBank1’s telephone banking system should not have allowed them in the first place. This will be expanded in the second article.

[4] http://www.ic3.gov/media/annualreport/2014_IC3Report.pdf

*this post has been updated*


©2016 Association of Certified Financial Crime Specialists
All Rights Reserved