US regulators recently issued an Interagency Statement on Elder Care Financial Exploitation. They interestingly preface the statement by saying it “does not replace previous guidance on this subject” and “does not impose new regulatory requirements or establish new supervisory expectations.” But, in fact, it does have clear expectations on how financial institutions should prevent elder financial exploitation. It goes on to say, “In this statement, the agencies provide examples of risk management and other practices that supervised institutions could consider adopting.” And the last quote has a reference that states, “Supervised institutions are expected to operate in a safe and sound manner and in compliance with applicable laws and regulations, including those related to safety and soundness (italics added), consumer protection, and anti-money laundering/countering the financing of terrorism (AML/CFT).”

I think one can infer that maybe in the “soon to be environment of less regulation is better,” the agencies are alerting financial institutions that much regulation is on the books and financial institutions need to be aware of the agency expectations around existing consumer protections.

Recent Insights from Regulators

Before we explore the details of this new Interagency Statement, let’s review two recent regulator documents and one OCC speech on the topic of elder financial exploitation.

Insights from FinCEN

The US Treasury Financial Crime Enforcement Network (FinCEN) put out a report in April 2024, called Elder Financial Exploitation: Threat Pattern and Trend Information, June 2022 to June 2023. In the report, they provide two categories of elder financial exploitation:

1. Elder theft: when persons known and trusted by older adults steal victim funds.

2. Elder scam: This involves fraudsters with no known relationship to their victims, who are sometimes located outside the United States. Elder scams involve the transfer of money to a stranger or imposter for a promised benefit or good that the older adult did not receive.

The elder scams are what occur online, such as romance scams and pig butchering. The FinCEN report went on to say: “BSA filings relating to elder scams accounted for approximately 80 percent of reported EFE (Elder Financial Exploitation)-related activity. This blog will mainly address these elder scams.

The FinCEN report contained several statistics on elder crime (typically against victims 60+ years old):

The Bank Secrecy Act (BSA) reports between 15 June 2022 and 15 June 2023 show roughly $27 billion in Elder Financial Exploitation incidents.

The FBI’s Internet Crime Complaint Center reported that it received 88,262 complaints totaling over $3 billion from victims aged 60 or over in 2022.

In June 2023, AARP issued a report estimating EFE losses at approximately $28.3 billion annually. For comparison, in an FTC report published in October 2024 (page 28), entitled Protecting Older Consumers 2023–2024 A Report of the Federal Trade Commission, the FTC said: “The estimated 2023 overall loss (cost of fraud), adjusted to account for underreporting, was $158.3 billion (for all consumers), with an estimated $61.5 billion lost by older adults.” These FTC statistics include reported and estimated unreported crimes.

So, from various sources, the range of annual losses on elder scams is $3 billion to $27 billion to $61.5 billion. These are extremely large numbers.

The report went on to say that “digital payments, peer-to-peer transfer systems and ATMs account for a significant portion of funds transfers” in these elder scams. It also noted that “elder scam victims who conducted in person (scam) transactions often appear nervous, struggle to maintain a consistent reason for sending their attempted transaction and may have been on the phone with someone directing their activities.”

Insights from the OCC

The Office of the Comptroller of the Currency (OCC) issued a Community Developments Insights in June 2024. In this document, the OCC stated, “The OCC encourages national banks and federal savings associations (“banks”) to support consumers’ financial health in a safe, sound, and fair manner.” The OCC wants banks to consider how they can support customers’ financial health. It went on to say: “A holistic focus on customers can add to the favorable reputation of, and customer trust in, a bank”.

The document provided three attributes of financial health:

Stability: The ability to use financial services and products to meet regular financial obligations

Resilience: The ability to withstand financial shock

Security: The ability to feel secure about the long-term

The FinCEN reports helps to frame the significant financial impact of scam losses to elders and the OCC Insights describes the regulator’s expectation for banks to operate in a safe and sound manner and to support their customers’ financial health.

OCC Speech on “The Fraud Challenge”

Acting Comptroller of the Currency, Michael J. Hsu, gave a speech on December 11, 2024 focused on the increasing prevalence of financial fraud (fraud and scams). In the speech, Hsu made several key points:

Fraud leads to distrust in the financial system.

 Doing the minimum is not enough. Hsu stated, “If everyone does only the minimum of what is legally required of them, consumers will continue to be harmed, people’s distrust in each other and in institutions will continue to rise, and elevated levels of fraud will become normalized.”

 He sees many banks increasing their efforts to fight fraud by “improving or tightening fraud detection and monitoring systems to identify potential frauds.”

 He mentioned several applicable laws and regulations for banks to follow, including the Expedited Funds Availability Act (reg CC), Section 5 of the FTC Act and Section 1031 of the Dodd-Frank Act. He says when customers fall victim to fraud or scams, “they should have confidence banks will comply with applicable laws.”

Thoughts on The Interagency Statement

The new Interagency Statement is reiterating financial institutions’ obligations to “employ risk management and other practices that can be effective in identifying, preventing and responding to elder financial exploitation.”

There is a specific emphasis around ongoing transaction monitoring practices, including the ability to use transaction holds and disbursement delays. Also, the Statement identifies the importance of employee training to recognize and respond to elder financial exploitation. The Statement also advise FIs that with proper elder training, there are certain safe harbor protections for the FI and its employees.

The statement has a section on supervised institutions having a complaint process to identify and measure elder financial exploitation. In other words, the Fis need to track elder scam activity. This could include types of elder scams, attempted scams, actual customer losses and any reimbursement to customers of scam losses.

The Statement also discussed the benefit of customers designating one or more trusted contacts in the event the FI sees a suspicious transaction and is concerned with how the customer is responding to the bank query. This is very important as oftentimes when a customer is in the middle of a romance scam or investment scam, the customer is in effect being “psychologically controlled” by the fraudster. The customer will often not believe the banker, so if a known trusted contact can be brought into the situation, they can help ‘break the spell’ and make the customer realize they are being scammed.

In reading the Interagency Statement, what this sounds like to me is that FIs need an elder scam strategy, which would include effective employee training, effective customer education, sound scam controls and elder scam tracking/reporting to address the risk management included in this Statement. Part of risk management should include proper money mule management because bank account money mules are most often the way proceeds acquired fraudulently through an elder scam money are exfiltrated from the banking system. Also, money mule management ties into the comment in the Statement about “anti-money laundering/countering the financing of terrorism” mentioned above.

As part of the money mule management program, banks also need to have strong online account opening controls. Fraudsters are finding ways to easily beat (e.g. through the use of Gen AI) the basic online account opening controls, as they know this is the quickest way to open a money mule account.

In addition to FI regulations, there are also a number of Federal laws to protect elders, including the Stop Senior Scams Act enacted in 2022, and state laws around elder care that allow the ability to hold suspicious financial transaction. In October, the FTC created a list of states with laws allowing suspicious transactions to be held. With these recent state laws, banks are provided safe harbor when they follow the laws as they hold suspicious transactions for elderly and (sometimes also allowed) vulnerable customers. There have been many examples of success using these state laws.

In creating a strategy to address scams against elders, FIs need to take these other Federal and state laws into account.

Extending Protection Beyond Elder Customers

Once an FI creates this structure (strategy, controls, training and education) for elder customers, for the soundness of banking, shouldn’t the same strategy and controls be extended to all customers? If you think of the work required to build out scam controls for elder suspicious transactions, there would be little extra work to extend these controls to all customers. One notable difference would be handling non-elderly suspicious transactions, as aspects of ‘safe harbor” for holding suspicious transactions may only apply to elder/vulnerable customer transactions.

OCC Comptroller Hsu’s recent speech asks banks to think about going beyond what is legally required to help protect bank customers. And this is important to keep trust in banking. He asked “each and every stakeholder to step up and do their part to combat fraud.”

In support of the approach that banks need to have scam controls for all customers, in addition to money mule management, is the December 16, 2024 OCC Semiannual Risk Perspective. The document contains a special topic, "Increased External Fraud Activity Targeting the Federal Banking System." Below are some of the key points from the document:

1. Banks should maintain sound fraud risk management practices through prudent controls and appropriate fraud monitoring capabilities to identify, investigate, mitigate, and report fraudulent activity.

2. Effective fraud risk management includes appropriate internal controls, such as authentication, customer identification and verification processes, fraud monitoring, and open lines of communication between bank departments responsible for researching unusual activities. It is critical for banks to promptly identify, investigate, and resolve suspicious activities and potential fraudulent concerns.

3. Staff can be trained to identify and respond to customers seeking to conduct unusual transactions that have signs of fraud, such as a large withdrawal or wire transfer that may be outside of a customer’s usual transaction habits. Employee training may also include identifying red flags for different types of financial exploitation, providing proactive approaches to detecting and preventing elder financial exploitation, and detailing actions for employees to take when they have concerns.

Summary

In my opinion, the Interagency Statement on Elder Financial Exploitation is a way for regulators to remind FIs that there are many existing regulations that should be reviewed in the context of how banks should manage elder care. The statement, “Supervised institutions are expected to operate in a safe and sound manner” is very telling.

I would not be surprised if regulators are soon asking FIs to see their scam strategy for elder customers. I think having an elder scam strategy could be viewed as part of the existing regulation, and FIs need to review what they have in place to protect elders from scams, identify any gaps, and create/update their elder care strategy/controls.

All of this raises the question: why should such a scam strategy not be applicable to all customers, to be able to address the OCC concern for customer financial health and safety/soundness in banking for all customers? A customer’s financial health collapses when they suffer from a significant scam or fraud loss. The December 2024 OCC Semiannual Risk Perspective document makes it clear, short of actual specific regulatory guidance, that banks need to protect customers from unauthorized transaction fraud and authorized transaction scams, which obviously also requires money mule management.

I think it is time for FIs to have a scam strategy, scam controls, and a money mule management program for all customers, but no doubt at minimum for elder customers. I think if you read between the lines, the regulator guidelines are saying they should already be in place. As an industry, we must ask ourselves: is the US banking system really safe for consumers when they lose up to an estimated $158 billion per year in scam losses – most of which is exfiltrated across bank payment rails and cash withdrawals from branches?

I know my answer to that question. What are your thoughts?

Note: This article should not be taken as a legal opinion on whether US financial institutions (FIs) are required to have scam controls and money mule management in place, but more the thoughts of a fraud fighter on what regulations and guidance exists and how it might be applicable to protecting FI customers from financial scams.

Learn More

Implementing controls to identify scams is only one side of the fraud problem. On the flip side – and what is often overlooked – are controls to identify the money mule accounts that facilitate these attacks. So where do you start? Explore four key components of building a money mule account management program, the primary controls and considerations for each, and recommendations for reporting metrics to monitor for ongoing improvement and success. Download the white paper now!

Recent Posts