ARTICLE
Compliance Update with Amy K by Amy Kleinschmit, Chief Compliance Officer Risk Mitigation Webinar Don’t miss the upcoming Attorney Conference for the Non-Attorney webinar – risk mitigation, on November 10, 2021, 9:30 a.m. – 12 p.m. (CT). Registration can be found here. Attendees will hear about CUNA Mutual Group claims update, presented by Cheryl Guthrie-Swarztrauber and Christa Loger with CMG; HR/Employer Risks presented by Carlos Molina with CMG; arbitration clauses presented by attorneys at Husch Blackwell; and Remote Capture update presented by attorneys at Husch Blackwell. Most credit unions do not have in-house counsel or access to the type of information provided at events like CUNA’s Attorney Conference. The Attorney’s Conference for Non-Attorneys can provide this information to you, along with risk mitigation strategies to help protect your credit union from liability. Each session is only $25 – be sure to reserve your seat now! You’ll learn from lawyers with expertise in working with credit unions. This series is made possible thanks to our sponsor Husch Blackwell and the collaborative efforts of the Minnesota Credit Union Network, Heartland Credit Union Association, Illinois Credit Union League, Iowa Credit Union League, Montana Credit Union League, Dakota Credit Union Association, Nebraska Credit Union League, and Wisconsin Credit Union League. NCUA 21-RISK-01 – Business Email Compromise The NCUA has issued 21-RISK-01 regarding business email compromise through exploitation of cloud-based email services, which can be found here. Review this alert in its entirety as it discusses prevention of business email compromise fraud, prevention of wire transfer fraud, and reporting and recovery of funds from business email compromise fraud. “While several Business Email Compromise (BEC) scam variants exist, one of the most effective types is initiated through phishing emails designed to steal email account credentials. Cybercriminals use phishing kits that impersonate popular cloud-based email services. Many phishing kits identify the email service associated with each set of compromised credentials, allowing the cybercriminal to target victims using cloud-based services. Upon compromising victim email accounts, cybercriminals analyze the content of compromised email accounts for evidence of financial transactions. Often, the actors configure mailbox rules of a compromised account to delete key messages. They may also enable automatic forwarding to an outside email account.” FinCEN Update – Ransomware The Financial Crimes Enforcement Network (FinCEN) recently issued a report on ransomware trends for the first half of 2021, which can be found here. Ransomware is malicious software that encrypts a victim’s files and holds the data hostage until a ransom is paid. As found by FinCEN, “In the first six months of 2021, FinCEN identified $590 million in ransomware-related SARs, a 42 percent increase compared to a total of $416 million for all of 2020.” The report discusses variants of ransomware and how a majority of reported ransomware related payments was Bitcoin. FinCEN also reviewed ransomware related money laundering typologies. The barrier to ransomware is detection, mitigation and reporting by financial institutions. As stated in the report, “Financial institutions play an important role in protecting the U.S. financial system from ransomware-related threats through compliance with BSA obligations.” FinCEN recommends the following detection and mitigation steps: 1. Incorporate IOCs from threat data sources into intrusion detection systems and security alert systems to enable active blocking or reporting of suspected malicious activity. 2. Contact law enforcement immediately regarding any identified activity related to ransomware, and contact OFAC if there is any reason to suspect the cyber actor demanding ransomware payment may be sanctioned or otherwise have a sanctions nexus. Please see contact information for the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), OFAC, and U.S. Secret Service at the end of this report. 3. Report suspicious activity to FinCEN, highlighting the presence of “Cyber Event Indicators.” IOCs, such as suspicious email addresses, file names, hashes, domains, and IP addresses, can be provided in the SAR form. Information regarding ransomware variants, AECs requested for payment, or other information may also be useful to law enforcement and for trend analysis in addition to virtual currency addresses and transaction hashes associated with ransomware payments. 4. Review financial red flag indicators of ransomware in the “Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments” issued by FinCEN in October 2020.45 For additional resources, CISA’s StopRansomware.gov offers a one-stop-shop for government resources containing alerts, guides, fact sheets, and training all focused on reducing the risk of ransomware. CISA and the Multi-State Information Sharing and Analysis Center’s (MS-ISAC’s) Ransomware Guide provides high-level prevention best practices and a response checklist while the National Institute of Standards and Technology’s (NIST’s) Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events offers a comprehensive focus on detailed methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network. Bias in Home Appraisals and the Racial Homeownership Gap Webinar Join the National Credit Union Administration (NCUA) on October 27 for a free webinar on homeownership, the wealth gap, and bias in home appraisals. Per the NCUA, the webinar will highlight how systemic and institutionalized discrimination in the U.S housing system has created a wide wealth gap between races. Experts will share strategies on closing the homeownership gap and eliminating appraisal bias, due to its direct impact on wealth accumulation for minority homeowners. The broadcast will also explore the collaborative efforts of federal agencies and other stakeholders to initiate valuation and housing policy reforms for more equitable outcomes in communities of color. Registration for this webinar can be found here. Cybersecurity Evaluation Toolbox Webinar The National Credit Union Administration (NCUA) will be hosting a free webinar on October 28 to explain the NCUA’s Automated Cybersecurity Evaluation Toolbox (ACET). Registration and more details can be found here. The Toolbox is a downloadable self-contained application developed for credit unions as a holistic cybersecurity resource. The Toolbox guides credit unions through the ACET Maturity Assessment, which is aligned with the Federal Financial Information Examination Council’s Cybersecurity Assessment Tool (CAT). Using the ACET Maturity Assessment allows institutions of all sizes to determine and measure their own cybersecurity preparedness over time. As always, DakCU members may contact Amy Kleinschmit with any compliance related questions.
Compliance Update with Amy K
by Amy Kleinschmit, Chief Compliance Officer
Risk Mitigation Webinar
Don’t miss the upcoming Attorney Conference for the Non-Attorney webinar – risk mitigation, on November 10, 2021, 9:30 a.m. – 12 p.m. (CT). Registration can be found here.
Attendees will hear about CUNA Mutual Group claims update, presented by Cheryl Guthrie-Swarztrauber and Christa Loger with CMG; HR/Employer Risks presented by Carlos Molina with CMG; arbitration clauses presented by attorneys at Husch Blackwell; and Remote Capture update presented by attorneys at Husch Blackwell.
Most credit unions do not have in-house counsel or access to the type of information provided at events like CUNA’s Attorney Conference. The Attorney’s Conference for Non-Attorneys can provide this information to you, along with risk mitigation strategies to help protect your credit union from liability. Each session is only $25 – be sure to reserve your seat now! You’ll learn from lawyers with expertise in working with credit unions. This series is made possible thanks to our sponsor Husch Blackwell and the collaborative efforts of the Minnesota Credit Union Network, Heartland Credit Union Association, Illinois Credit Union League, Iowa Credit Union League, Montana Credit Union League, Dakota Credit Union Association, Nebraska Credit Union League, and Wisconsin Credit Union League.
NCUA 21-RISK-01 – Business Email Compromise
The NCUA has issued 21-RISK-01 regarding business email compromise through exploitation of cloud-based email services, which can be found here. Review this alert in its entirety as it discusses prevention of business email compromise fraud, prevention of wire transfer fraud, and reporting and recovery of funds from business email compromise fraud.
“While several Business Email Compromise (BEC) scam variants exist, one of the most effective types is initiated through phishing emails designed to steal email account credentials. Cybercriminals use phishing kits that impersonate popular cloud-based email services. Many phishing kits identify the email service associated with each set of compromised credentials, allowing the cybercriminal to target victims using cloud-based services. Upon compromising victim email accounts, cybercriminals analyze the content of compromised email accounts for evidence of financial transactions. Often, the actors configure mailbox rules of a compromised account to delete key messages. They may also enable automatic forwarding to an outside email account.”
FinCEN Update – Ransomware
The Financial Crimes Enforcement Network (FinCEN) recently issued a report on ransomware trends for the first half of 2021, which can be found here. Ransomware is malicious software that encrypts a victim’s files and holds the data hostage until a ransom is paid.
As found by FinCEN, “In the first six months of 2021, FinCEN identified $590 million in ransomware-related SARs, a 42 percent increase compared to a total of $416 million for all of 2020.” The report discusses variants of ransomware and how a majority of reported ransomware related payments was Bitcoin. FinCEN also reviewed ransomware related money laundering typologies.
The barrier to ransomware is detection, mitigation and reporting by financial institutions. As stated in the report, “Financial institutions play an important role in protecting the U.S. financial system from ransomware-related threats through compliance with BSA obligations.”
FinCEN recommends the following detection and mitigation steps:
1. Incorporate IOCs from threat data sources into intrusion detection systems and security alert systems to enable active blocking or reporting of suspected malicious activity.
2. Contact law enforcement immediately regarding any identified activity related to ransomware, and contact OFAC if there is any reason to suspect the cyber actor demanding ransomware payment may be sanctioned or otherwise have a sanctions nexus. Please see contact information for the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), OFAC, and U.S. Secret Service at the end of this report.
3. Report suspicious activity to FinCEN, highlighting the presence of “Cyber Event Indicators.” IOCs, such as suspicious email addresses, file names, hashes, domains, and IP addresses, can be provided in the SAR form. Information regarding ransomware variants, AECs requested for payment, or other information may also be useful to law enforcement and for trend analysis in addition to virtual currency addresses and transaction hashes associated with ransomware payments.
4. Review financial red flag indicators of ransomware in the “Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments” issued by FinCEN in October 2020.45
For additional resources, CISA’s StopRansomware.gov offers a one-stop-shop for government resources containing alerts, guides, fact sheets, and training all focused on reducing the risk of ransomware. CISA and the Multi-State Information Sharing and Analysis Center’s (MS-ISAC’s) Ransomware Guide provides high-level prevention best practices and a response checklist while the National Institute of Standards and Technology’s (NIST’s) Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events offers a comprehensive focus on detailed methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network.
Bias in Home Appraisals and the Racial Homeownership Gap Webinar
Join the National Credit Union Administration (NCUA) on October 27 for a free webinar on homeownership, the wealth gap, and bias in home appraisals. Per the NCUA, the webinar will highlight how systemic and institutionalized discrimination in the U.S housing system has created a wide wealth gap between races. Experts will share strategies on closing the homeownership gap and eliminating appraisal bias, due to its direct impact on wealth accumulation for minority homeowners. The broadcast will also explore the collaborative efforts of federal agencies and other stakeholders to initiate valuation and housing policy reforms for more equitable outcomes in communities of color. Registration for this webinar can be found here.
Cybersecurity Evaluation Toolbox Webinar
The National Credit Union Administration (NCUA) will be hosting a free webinar on October 28 to explain the NCUA’s Automated Cybersecurity Evaluation Toolbox (ACET). Registration and more details can be found here.
The Toolbox is a downloadable self-contained application developed for credit unions as a holistic cybersecurity resource. The Toolbox guides credit unions through the ACET Maturity Assessment, which is aligned with the Federal Financial Information Examination Council’s Cybersecurity Assessment Tool (CAT). Using the ACET Maturity Assessment allows institutions of all sizes to determine and measure their own cybersecurity preparedness over time.
As always, DakCU members may contact Amy Kleinschmit with any compliance related questions.