The rapid growth of synthetic identity fraud
By Hannah Flanders
Like many aspects of our day-to-day lives, the expansion of technology has both enhanced and complicated the ways in which we operate. As more and more of our information lives online, identity theft — once more likely to occur because of a stolen wallet — has also assumed a digital appearance: synthetic identity theft.
What is Synthetic Identity Fraud?
Synthetic identity fraud is defined as the use of a combination of pieces of personally identifiable information (PII) to fabricate a person or entity in order to commit a dishonest act for personal or financial gain.
This form of identity theft has allowed bad actors to combine a stolen Social Security Number (SSN) and other false information — such as a fake name, address, date of birth, or phone number — to create a counterfeit identity to steal funds, escape prosecution, or any other number of criminal and fraudulent activities.
An Alarming Trend
In 2020, the Federal Bureau of Investigation (FBI) named synthetic identity theft as the fastest growing financial crime in the United States. Fraud targets are often those who do not typically use credit or are less likely to monitor their credit activity — including children, homeless individuals, and the elderly. These victims may find themselves blindsided as fraudsters create a new identity, apply for credit, and after years of building good credit by making payments for a time, abandon the account without paying anything back to the financial institution.
While this type of fraud is already difficult to detect due to its elusive or “normal” nature, many bad actors go to incredible lengths to appear as such, states Forbes. In addition to establishing good credit by making payments quickly and on time, some create digital profiles or use P.O. boxes for addresses.
Not only has technology and access to the dark web made PII more accessible to fraudsters, in 2011 the Social Security Administration (SSA) began randomizing the nine-digit social security codes rather than assigning them to individuals based on their geographical location and group number. No longer do social security numbers raise red flags when enrolling or opening accounts “out of state.”
As online banking grows in popularity, so too do concerns for synthetic identity theft. Between prevalent phishing schemes and heightened risks for data breaches — accessing PII and conducting synthetic identity fraud has become much easier than in years prior.
How to be Proactive Against Bad Actors
Inconsistent categorization and reporting make it difficult to identify and mitigate this type of fraud — as far as banks and credit bureaus can tell, these individuals are just like anyone else. . . until they “bust out” or abandon the maxed-out account with no intention of repayment.
After abandoning the false identity’s account, a fragmented file is created. This additional file not only becomes associated with the original SSN but also holds the additional credit report information and other fabricated PII. Unfortunately, this information could negatively impact the credit rating of the real individual.
When working with customers, bankers should advise frequent credit report checks or freezing unused credit at credit bureaus throughout the U.S. as to deter criminals or catch them early.
In addition, customers may take additional steps to protect themselves and their family against synthetic identity theft. One way parents can protect their children from fraudsters is by requesting their child be added to their credit profile. By adding a child to an adult’s credit profile, not only does the child’s own credit profile become established in his or her name and SSN, but the child is also able to begin building their credit.
The Cost of Synthetic Fraud
While victims of identity theft typically are not liable for fraudulent purchases or accounts, as long as they can prove they are the real SSN holder and not the thief, banks and other financial institutions are left to absorb the cost. This scheme is not only incredibly costly to banks across the country — with losses estimated at $20 billion in 2020, according to the Federal Reserve Bank of Boston — but gaps in the U.S. Fair Credit Reporting Act may have also increased the likelihood of repeat offenders.
The Federal Reserve has reported that bad actors are able to ‘flood the financial institution with an overwhelming number of claims’ on their fake accounts, and when creditors are unable to fulfill the investigation in the allotted timeframes, the disputed item is removed from the false credit report and time and time again, fraudsters get away with the act.
“Synthetic IDs are a struggle for community banks to identify,” states Lenore Breit, vice president – compliance manager at Wausau’s Prevail Bank. “Based on a recent presentation, [community banks] most likely have synthetic ID fraud in their deposit and loan accounts that remains undetected with traditional third-party ID verification programs that most community banks use.”
“There are other, more robust ID verification programs available to detect synthetic ID fraud,” adds Breit. “But they are costly and may not interface with legacy software.”
One such software program, the electronic Consent Based SSN Verification service, was created in part by the Economic Growth, Regulatory Relief, and Consumer Protection Act. The electronic service offered by the SSA was created in 2018 to aid financial institutions in combating synthetic identity fraud and verify an authorizing individual’s name, date of birth, and SSN against the SSA records. Services are based on the annual transaction volume and can cost thousands or even millions of dollars.
Common Signs of Synthetic Identification Theft
While difficult to trace, there are a few significant ways bankers can remain attentive to PII and other key indicators of synthetic identity fraud.
Most obvious is ensuring all SSNs match to the PII given. Do not assume a name change or relocation; ask questions or require verification for the sake of your bank and the security and privacy of all customers. This extra step could make all the difference in protecting the personal information of every customer.
If an account is already open, bankers should note applicants who have the same contact information or SSN as well as those with multiple authorized users.
As synthetic identity fraud becomes increasingly prevalent throughout the U.S., it is critical, for the safety of customers and security of all financial institutions, that Wisconsin bankers are prepared to combat this emerging fraudulent activity, caution community members against sharing unnecessary personal information with others, and assist individuals in regaining their rightful identity if necessary.
If you are interested in learning more about synthetic identity fraud, how these schemes can impact your bank or customers, or more ways you can take a stand against bad actors, please contact WBA’s Legal Team at wbalegal@wisbank.com or 608-441-1200.
The October 2022 WBA Compliance Journal is now available. In this edition, WBA Legal covers Part 2 of a two-part series regarding contracting with minors. In this second part, readers will find guidance on what banks should consider when banking minors, including the doctrine of incapacity. The publication also includes an article about a recent court action that overturned closed-end loan HMDA reporting thresholds for exempt institutions, a summary of recently published agency rules and notices and other important compliance-related updates for bankers.
By Rose Oswald Poels
Given recent rate increases by the Federal Reserve and the overall market impact of the current economy, banks that have lines with a Federal Home Loan Bank (FHLBank) need to be mindful of how FHLBank regulation can impact a member bank’s ability to obtain new FHLBank advances or letters of credit. With this Executive Letter, I wanted to be certain FHLB member banks are aware of the possibility.
Under FHLBank Regulation 12 CFR 1266.4(b), a FHLBank cannot make a new advance to a member bank whose tangible capital is not positive. To make a determination of whether a member bank has negative tangible capital, the FHLBank will use the member bank’s most recently available Call Report data. A member bank would not be considered to have negative tangible capital until its quarterly report is filed.
As an exception, a new advance may be made if the member bank’s prudential federal regulator (the Federal Reserve or OCC) or federal insurer (FDIC) requests, in writing, the FHLBank lend to the member bank. It is my understanding that the federal regulators are currently not willing to issue such instruction unless a particular member bank has a dire liquidity need for the advance.
Historically, bank capital calculations of the prudential federal banking regulators and the Federal Housing Finance Agency (FHFA) were similar. However, recent changes made to capital calculations by the banking regulators have not been adopted by FHFA. In particular, under FHLBank regulations the definition of tangible capital is inclusive of Accumulated Other Comprehensive Income (AOCI). Therefore, this difference will impact those member banks that made the election to opt-out of the requirement to include components of AOCI when calculating common equity tier 1 capital under Basel III rules.
It is important to note that the FHLBank regulation does allow member banks with negative tangible capital to renew outstanding advances, for successive terms of up to 30 days each. There is no limit to the number of times a member bank may roll over an existing advance. Such member banks may also renew outstanding advances for a term greater than 30 days at the written request of the appropriate federal banking regulator or FDIC as federal insurer.
It is also important to note that the limitation for a new advance does not impact a member bank’s use of Community Investment Products or for a member bank’s ability to sell loans into FHLBank’s Mortgage Partnership Finance (MPF) Program.
FHLBank member bankers who may be impacted by this limitation should work closely with their FHLBank Sales Director for more information specific to the member. Affected member banks should also work closely with your accounting and investment resources as there may be options to consider as a means to avoid reaching a negative tangible capital position. Accounting and investment resources will also be able to explain the impact of such options to the member bank in areas other than under FHLBank regulation.
WBA is monitoring the impact of this FHLBank regulation component and is working for a resolution whereby banks whose tangible capital is negative due to a difference in tangible capital calculations are not negatively impacted by an inability to obtain new FHLBank advances. WBA plans to advocate for a change in the rule starting with addressing the issue directly with FHFA later this month during our D.C. Regulatory Trip. In addition, WBA is also working to organize an all-member call on this issue — please watch our publications for an announcement of a complimentary webinar in the near future.
Help your team make the most of WBA’s robust online resources
By Scott Birrenkott
Q: Does WBA Have New Resources Available for Compliance Officers?
A: Yes. WBA recently added new, updated resources to its website.
WBA continues to add to its new website — one such section recently updated was the Compliance Resources page. The Compliance Resources page can be found by visiting wisbank.com/resources/compliance or by navigating from the home page to the News and Resources tab found in the top menu, scrolling down, and looking for the red button under the heading Don’t Face Changes Alone.
On this section of the website, bankers will find previously listed resources such as the most recent WBA Compliance Journal, the comment letter library, links to Wisconsin laws, various compliance toolkits, and a number of new resources. New sections and resources include a monthly FAQ, a recently released resources section, most frequently requested resources, popular legal Q&As, and a new video series called the “WBA Compliance Corner.”
These resources will be updated and refreshed frequently as well as discuss hot topics, recently issued rulemakings, and commonly faced situations.
For example, the monthly FAQ is taken from questions received through the WBA legal call program to provide an answer to the most frequently asked question by Wisconsin bankers each month. The recently released resources section provides WBA’s newest creations — such as a flowchart for Wisconsin’s newly Revised Uniform Unclaimed Property Act. The most frequently requested resources section compiles some of the most useful guides and articles. The popular legal Q&As includes answers to the most frequently asked questions, and common scenarios bankers are likely to encounter. Lastly, the WBA Compliance Corner is a brand-new, monthly video series designed to provide the most recent compliance news in a concise presentation of 30–40 minutes, along with links to applicable material.
WBA hopes compliance staff and others interested in these resources find them useful. Additionally, while not new, WBA of course still maintains the legal call program. Certainly do not hesitate to contact WBA legal at wbalegal@wisbank.com or 608-441-1200.
Bank policies, procedures assist in determining the risk associated with minors
By Scott Birrenkott
Q: Can Banks Contract with Minors
A: Yes, depending on policies and procedures.
WBA frequently receives questions regarding the ability of minors to enter into a contract. No rule or regulation prohibits a bank from contracting with a minor. However, a minor can escape liability under the contract. Meaning, a minor could avoid liability from a bank seeking to hold a minor accountable for terms under the contract. Thus, banks are free to enter into contracts with minors, but must decide so as a matter of risk.
The ability of a minor to escape liability or void a contract is often referred to as the doctrine of incapacity. This is a common law term, meaning, generally, a concept under the law that is derived from judicial precedent rather than statute. As such, there is no specific rule governing contracting with a minor. It also means that there is no specific point at which a minor is deemed “competent.” If a minor attempts to escape liability under contract, it would be up to the bank to attempt to enforce the contract against the minor, and up to a court to decide.
It is important to understand the theory behind the doctrine of incapacity. Generally speaking, the theory is that a minor has not developed enough to understand the significance of contracting and thus may potentially escape liability. Because it is not readily defined, a court could find that someone who has attained the age of 18, or older, still hasn’t matured enough to understand that significance and might be permitted to void the contract.
When it comes to minor accounts, WBA generally recommends that banks consider the use of a WUTMA account. A WUTMA account is created under Wisconsin’s Uniform Transfers to Minors Act, which provides certain requirements, procedures, and responsibilities. Thus, it creates a means for a bank to open an account with an understanding of what rules apply to the relationship between the minor, the adult custodian, and the bank. While WUTMA provides for this certainty, banks should be careful before opening custodial accounts that are not governed by WUTMA, as it would leave questions as to how the account would be handled.
As a result, banks must decide, as a matter of business and policy, whether they are willing to contract with minors. This includes both deposit and loan account relationships. For the above reasons, financial institutions should consult with their policies and procedures regarding contracting with minors.
For any questions on this, or other matters, you may reach WBA legal at wbalegal@wisbank.com or 608-441-1200.
The September 2022 WBA Compliance Journal is now available. In this edition, WBA Legal covers Part 1 of a two-part series regarding contracting with minors. In this first part, readers will find a series of Q&As regarding WUTMA accounts and a new reference chart. The publication also includes a summary of recently published agency rules and notices and other important compliance-related updates for bankers.
Banks need be aware of a recent Freedom of Information Act (FOIA) request of the Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) for all Type 2 Consolidated Employer Information Reports, Standard Form 100 (EEO-1), filed by federal contractors from 2016-2020. OFCCP announced the request in the August 19, 2022, edition of the Federal Register. The FOIA request was made by Will Evans of the Center for Investigative Reporting (CIR). It is expected Evans seeks the information for further reporting about the racial, ethnic, and gender composition of federal contractors’ employees.
As stated in the Federal Register notice, OFCCP has reason to believe that the information requested may be protected from disclosure under FOIA Exemption 4, which protects disclosure of confidential commercial information, but has not yet determined whether the requested information is protected from disclosure under that exemption. OFCCP has requested that entities that filed Type 2 Consolidated EEO-1 Reports as federal contractors at any time from 2016-2020, that object to the disclosure of the information, to submit those objections to OFCCP within 30 days of the date of the notice.
Objections must be filed with OFCCP by September 19, 2022.
For banks that consider themselves to be federal contractors, WBA urges the bank to file objections to the disclosure of its EEO-1 Report data by the filing deadline. OFCCP has stated that if it does not receive a written objection by September 19, it will assume that the federal contractor has no objection to the disclosure and will begin the process of sending specific EE0-1 Report data to the FOIA requester.
Background
Will Evans of CIR submitted a FOIA request for “[a] spreadsheet of all consolidated (Type 2) EEO-1 reports for all federal contractors for 2016.” CIR subsequently amended the request multiple times, most recently on June 2, 2022, to include Type 2 EEO-1 reports for all federal contractors, including first-tier subcontractors, from 2016-2020. The Type 2 EEO-1 report is one of several different types of reports that multi-establishment employers must file annually, which consists of a consolidated report of demographic data for all employees at headquarters as well as all establishments, categorized by race/ethnicity, sex, and job category.
Title VII of the Civil Rights Act provides statutory authority for the EEO-1 Reports. The Equal Employment Opportunity Commission (EEOC) enforces the employment nondiscrimination law. See 42 U.S.C. 2000e-8(c). The EEOC’s regulations require employers with 100 or more employees to file the EEO-1 Report with the EEOC. See 29 CFR 1602.7. In addition, OFCCP’s regulations require federal contractors and first-tier subcontractors that are covered by Executive Order 11246 and that have 50 or more employees to file the EEO-1 Report.
Banks as Federal Contractor
Whether a bank is a federal contractor for purposes of having to file an EEO-1 Report is a determination banks have previously made with instruction from bank counsel. Therefore, each bank should already have determined whether it must file an EEO-1 Report, including whether it had filed such report in 2016-2020.
Regarding OFCCP’s interpretation of federal contractor, there are a couple of items to consider. First, OFCCP has concluded through an “FAQ” posted on its website that because deposit insurance is a federal contract, FDIC-insured banks would be considered federal contractors as the bank would accept the insurance. See FAQ #13.
Second, some banks are required to file Affirmative Action Plans via OFCCP’s Contractor Portal. It is anticipated that if a bank is registered through OFCCP’s Contractor Portal or has subscribed to OFCCP’s “GovDelivery” e-mail listserv, the bank can generally expect that OFCCP considers the bank to be a federal contractor and may disclose the bank’s EEO-1 Report data.
In response to the FOIA request, a bank, as federal contractor, need consider whether to file objections with OFCCP regarding the FOIA request for its EEO-1 Report data. OFCCP has also issued a FAQ regarding the FOIA request.
Consider Filing an Objection to the Disclosure of EEO-1 Report Data and Steps for Filing
If a bank filed any EEO-1 Report in 2016–2020, it need consider whether to file an objection with OFCCP over the release of its EE0-1 Report data. As some banks voluntarily report diversity data, the release of EEO-1 Report data may be less of a concern than for those who seek to keep diversity data nonpublic. Again, it is expected that CIR seeks the information for further reporting about the racial, ethnic, and gender composition of federal contractors’ employees.
As stated in the Federal Register notice, OFCCP acknowledges that Exemption 4 of FOIA may provide for OFCCP to withhold specific federal contractor EEO-1 Reports. However, each federal contractor must object to the release if it seeks to protect its EEO-1 Reports from being released under the FIOA request. The written objection must be received no later than September 19, 2022.
To facilitate the process, OFCCP has created a web form through which written objections may be submitted. WBA recommends the use of the specifically created web form. Written objections may also be submitted via email. Regardless of the delivery system used, any objections filed by the bank must include the bank’s name, address, and contact information for the bank.
A bank will need to answer the following six questions. With exception to question #6, WBA recommends banks filing objections to answer “yes” to each question. Banks filing an objection also need to include a description of how the release of its EEO-1 Report data would impact its recruiting efforts, employee retention, and management of its workforce. Banks also need to describe the protections it has in place for maintaining the confidentiality of the data contained in its EE0-1 Reports. Answering the questions and providing descriptions are critical for OFCCP to determine whether the information should be withheld or disclosed pursuant to FIOA Exemption 4.
- Do you consider information in your EEO-1 report to be a trade secret or commercial information? If yes, please explain why.
- Do you customarily keep the requested information private or closely-held? If yes, please explain what steps have been taken to protect data contained in your reports, and to whom it has been disclosed.
- Do you contend that the government provided an express or implied assurance of confidentiality? If yes, please explain. If no, skip to question 4.
- If you answered “no” to question 3, were there expressed or implied indications at the time the information was submitted that the government would publicly disclose the information? If yes, please explain.
- Do you believe that disclosure of this information could cause harm to an interest protected by Exemption 4 (such as by causing genuine harm to your economic or business interests)? If yes, please explain.
- Are there other legal issues OFCCP should be aware of? If yes, please explain.
Summary
A recent FOIA request of OFCCP seeks data from EEO-1 Reports filed by federal contractors from 2016-2020. As a result of the request and of the type of information requested, OFCCP requested that entities (which could include banks) that filed Type 2 Consolidated EEO-1 Reports as federal contractors at any time from 2016-2020, that object to the disclosure of the information, to submit those objections to OFCCP by September 19, 2022.
OFCCP has created a web form for filing objections. If OFCCP does not receive a written objection by September 19, it will assume that the federal contractor has no objection to the disclosure and will begin the process of sending the bank’s EE0-1 Report data to the FOIA requester.
Any follow-up questions to the OFCCP notice may be posed to WBA Legal by email or by phone at 608-441-1200.