Share
Compliance Specific News & Resources for GoWest Credit Unions
 ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌
Compliance Newsletter

COMPLIANCE HEADLINES

Consumer Financial Protection Bureau (CFPB) 


CFPB Proposes Federal Oversight of Larger Nonbank Companies that Offer Digital Wallets and Payment Apps 


The CFPB issued a proposed rule regarding the supervision of larger nonbank companies that offer services like digital wallets and payment apps.  Under the proposed rule larger companies handling more than 5 million transactions per year would be required to adhere to the same rules as large banks, credit unions, and other financial institutions already supervised by the CFPB. 


The proposed rule would subject larger nonbank digital consumer payment companies to the CFPB’s authority to conduct examinations, helping to ensure consistent application of federal consumer financial laws across the marketplace. Specifically, the proposed rule would help ensure these large nonbank companies: 

  • Adhere to applicable funds transfer, privacy, and other consumer protection laws: The CFPB would be able to supervise larger participants for compliance with applicable federal consumer financial protection laws, which includes applicable protections against unfair, deceptive, and abusive acts and practices, rights of consumers transferring money, and privacy rights. 

  • Play by the same rules as banks and credit unions: The CFPB’s supervision of these large companies can foster a level playing field with depository institutions. Greater supervision of nonbanks in this market would ensure federal consumer financial protection law is enforced consistently between non-depository and depository institutions in order to promote fair competition. 


____________________________________________________________________________________ 



Financial Crimes Enforcement Network (FinCEN) 


FinCEN Finalizes Rule on Use of FinCEN Identifiers in Beneficial Ownership Information Reporting 


FinCEN issued a final rule that specifies the circumstances in which a reporting company may report an entity’s FinCEN identifier in lieu of information about an individual beneficial owner. 


A FinCEN identifier is a unique number that FinCEN will issue upon request after receiving required information. Although there is no requirement to obtain a FinCEN identifier, doing so can simplify the reporting process and allows entities or individuals to provide the required identifying information directly to FinCEN. 


The final rule, which amends FinCEN’s final Beneficial Ownership Information (BOI) Reporting Rule, specifically responds to commenter concerns that the reporting of entity FinCEN identifiers could obscure the identities of beneficial owners in a manner that might result in greater secrecy or incomplete or misleading disclosures. The final rule provides clear criteria that must be met in order for a reporting company to report an intermediate entity’s FinCEN identifier in lieu of information about the individual beneficial owner. 



League InfoSight Highlight

League InfoSight Highlight: Internal Spoofing Attacks are on the Rise – Is Your Staff Prepared? 


Spoofing is a scam where cybercriminals impersonate a company with a fake email address, display name, text message, or website URL to convince a target that they are a trusted, well-known source from the company. It can be as simple as changing one letter, symbol, or number in a communication that is difficult to spot. The benefit of spoofing for cybercriminals is that the person will likely disclose financial and personal information, download malware, wire funds, and more. 


Types of spoofing attacks: 

  • Email Spoofing: This technique is one of the most common types where cybercriminals send an email posing as a trusted source. They usually ask for an urgent request or attempt to lure the target to click a malicious link or attachment.  

  • Domain or Website Spoofing: These attacks aim to lure users into logging into their accounts on fake websites or exposing other personal information about themselves. The cybercriminals can then use the stolen credentials to log into the actual account on the real website.  

  • Caller ID Spoofing: Similar to email spoofing, caller ID alters the phone number to show up as someone familiar to the target they are calling. For example, the fraudster may pose as a customer service representative from the target’s bank and attempt to gather personal information like their banking credentials, social security number, etc. in order to gain access to their account.  

  • Text Message Spoofing: This technique targets a person via text message posing as a trusted source like their bank or a friend. They substitute the sender ID with a recognizable source and use the text message as a springboard for data theft, spear phishing, and scams.  


The reality is that credit unions are being targeted, as well as employees. Implementing a Proactive Security Awareness Program aims to empower users with skills to identify and report suspicious activity, including emails, texts, or website links. People are the first line of defense for the credit union, and when equipped with cybersecurity awareness, it will only propel their security posture. 

The following tips can help identify a spoofed message in the email headers: 

  • Identify that the 'From' email address matches the display name. The from address may look legitimate at first glance, but a closer look in the email headers may reveal that the email address associated with the display name is actually coming from someone else.  

  • Make sure the 'Reply-To' header matches the source. This is typically hidden from the recipient when receiving the message and is often overlooked when responding to the message. If the reply-to address does not match the sender or the site that they claim to be representing, there is a good chance that it is forged.  


Question the Content of the Message 

Sometimes the best defense against phishing is to trust your instincts. If you receive a message from a supposed known source that appears out of the ordinary, it should raise a red flag. When receiving an unsolicited message, users should always question the content of the message, especially if the message is requesting unusual information or directing the user to click on links or open attachments. 

Before responding to any questionable message, perform the following tasks to ensure the message is reliable. 

  • Ask yourself:  

  • Was I expecting this message? 

  • Does this email make sense? 

  • Am I being pushed to act quickly? 

  • Examine the email and look for:  

  • Sense of urgency 

  • Unsolicited request of personal information 

  • Generic greeting/signature 

  • Unfamiliar links or attachments 

  • Contact the sender of the message through a trusted channel  

  • If the email appears legitimate, but still seems suspicious, it is best to contact the supposed sender through a trusted phone number or open a new outgoing email message using their real email address found in the address book. Do not reply to the message in question. 


It is important to always remain vigilant when receiving mail whether it is from an unknown sender, someone you are close with, and sometimes even when it is someone you are familiar with within your organization. Cyber scammers are always looking for new ways to exploit individuals for their own personal gain. 


We are seeing an increase in criminal activity where individuals are targeting credit union employee’s email addresses inside and outside of the credit union. Do you have procedures in place if one of your employees receives an email requesting a monetary transaction from management? Now is the perfect time to add Spoofing to your training plan for 2024! 


*This article is courtesy of the League of Southeastern Credit Unions & Affiliates 

ARTICLES OF INTEREST



CFPB Orders Citi to Pay $25.9 Million for Intentional Discrimination Against Armenian Americans 


IRS Provides Tax Inflation Adjustments for Tax Year 2024 


SCAM UPDATES


New Help for Spotting, Avoiding, and Reporting Scams in Multiple Languages 



COMPLIANCE CALENDAR

Nov 23, 2023: Thanksgiving Day - Federal Holiday 


Dec 25, 2023 – Christmas Day – Federal Holiday 


Dec. 26, 2024: Comments Due NCUA Proposed Rule on Simplification of Share Insurance Rules 


Dec 29, 2023 – Comments Due CFPB Proposed Rule on Personal Financial Data Rights 


Jan. 8, 2024: Comments Due NCUA Proposed Rule on Fair Hiring in Banking  


Jan 22, 2024:<> Comments Due FinCEN Proposed Rule on CVC Mixer Reporting 


TOOLS & RESOURCES

Effective Dates
Bulletins & Alerts
Webinar Calendar
AffirmX and GoWest Partnership

Q&A OF THE WEEK

If a member gives their debit card and pin number to another person to do occasional purchases for them and subsequently this person withdrawals cash for themselves, is the member liable for the total amount of the withdrawals or would the credit union have to refund the funds to the member? 


The credit union may hold the member liable.  The transaction would not be considered "unauthorized" if the member gave the individual access to the account and did not notify the credit union that transfers by that person were no longer permissible. Therefore, the transaction would not be considered "unauthorized" under 12 CFR 1005.2(m)(1). 


12 CFR 1005.2 


For your individualized login, select your state below. 

Arizona
Colorado
Idaho
Oregon
Washington
Wyoming

If you have questions about this communication, contact us at 800.546.4465, or via our shared email inbox at compliance@gowest.org.

Have a great week!

Your GoWest Compliance Team, 

David Curtis

CUCE

Director, Compliance Services
P: 206.340.4785

Tiarra Sanders-Hausa

NCCO

Manager, Compliance Services

P: 206.618.9302

Copyright © 2023 GoWest Credit Union Association. All Rights Reserved.

Mailing Address:
GoWest Credit Union Association, 18000 International Blvd Ste. 1102, SeaTac, WA 98188, United States
1.800.995.9064

View in Browser | Manage Your Preferences | Unsubscribe


Email Marketing by ActiveCampaign