A Guide to AML/CFT Reforms in the US Real Estate Sector
Learn how real estate businesses can respond to US authorities' new measures for improved corporate transparency and financial crime risk management.
Download Your CopyBusiness email compromise (BEC) scams are one of the top four major cybercrime threats to US networks, targeting a range of entities from small local businesses to large corporations, and personal transactions. Security vendor Abnormal Security’s H1 2023 threat analysis showed that attacks increased by over 81 percent in 2022.
With the increasing threat of BEC fraud, more firms are looking to take additional steps to safeguard themselves and their customers. This article explores the nuances of BEC fraud, offering compliance professionals guidance and practical tips to help them mitigate this risk and improve their firm’s fraud risk management protocols.
Business email compromise (BEC) fraud is a type of cybercrime where attackers manipulate or compromise email accounts with an organization to defraud the company or its employees. These scams often involve convincing employees to transfer money to fraudulent accounts or disclosing confidential data, resulting in significant financial losses for the targeted organization.
BEC fraud can take various forms, including:
According to the FBI’s 2022 Internet Crime Report, the real estate industry has become the most targeted sector for BEC scams for two consecutive years, with losses amounting to $2.7 billion.
In March 2023, the Financial Crimes Enforcement Network (FinCEN) published a report that analyzed financial trends relating to BEC scams in the real estate sector. The report used Bank Secrecy Act (BSA) data from January 2020 to December 2021 to provide money laundering typologies that were used by BEC attackers, such as:
According to FinCEN, title and closing entities are the most commonly impersonated BEC incidents, representing almost 40 percent of recorded attacks. Other impersonated parties included realtors (23 percent) and investors (16 percent).
Learn how real estate businesses can respond to US authorities' new measures for improved corporate transparency and financial crime risk management.
Download Your CopyWhile the strategies fraudsters use inevitably vary depending on the type of scam being attempted, there are four steps typically involved in BEC fraud:
However, as compliance staff well know, fraudsters are constantly changing their tactics to avoid detection. To keep up with new scams and emerging typologies, many companies are now prioritizing powerful fraud detection solutions that can identify patterns in fraudulent behavior and quickly adapt to new threats.
As with most cyber-enabled financial scams, BEC fraud can be difficult to spot. However, being aware of the following red flag indicators can help firms stay protected:
To report BEC scams, US firms must contact the FBI’s IC3 or the nearest United States Secret Service (USSS) field office. FinCEN also reminds firms to contact the Office of Foreign Assets Control (OFAC) if there is any reason to suspect a cyber actor may be sanctioned or have a sanctions nexus.
BEC fraud can pose several significant risks to organizations, including:
In light of these risks, the Biden administration’s Interim National Security Strategic Guidance identified the need to strengthen cybersecurity defenses against the increasing prevalence of malicious cyber activity. As part of this effort, the government has funded the “Shield’s Up” initiative, led by the Cyber Infrastructure Security Agency (CISA). The initiative focuses on three key recommendations to enhance cybersecurity preparedness:
To effectively mitigate the risk of BEC attacks, FinCEN has compiled the following guidelines for compliance staff:
These guidelines are designed to help compliance staff take the necessary steps to prevent, detect, and report any BEC scams or fraudulently induced wire transfers. By following these guidelines, FIs can better protect themselves and their customers from the risks associated with BEC attacks.
To address the growing threat of BEC fraud, it is crucial for firms to ensure their fraud detection solutions are capable of identifying common scenarios and predicting future risks. This can be achieved in a cost-effective and efficient manner by implementing an AI overlay to existing tools. AI overlays not only eliminate the need for a complete system overhaul but also enable organizations to customize their rule sets and prioritize the most high-risk alerts, making it easier for analysts to quickly identify and investigate actual incidents.
A risk-based approach built around customer profiles, security, and payment flows is also key to a robust fraud risk-mitigation program – alongside employee and customer awareness of red flags.
Request a demo to see how our fraud detection capabilities can help you see the unseen.
Get Started NowOriginally published 24 October 2023, updated 12 April 2024
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2024 IVXS UK Limited (trading as ComplyAdvantage).