First ‘risk alert’ in six years advises credit unions to be on lookout for business email compromise fraud

Credit unions and other victims of fraud such as business email compromise are urged to file a complaint with federal law enforcement as soon as they identify suspicious activity, their federal regulator said in a “risk alert” published Monday.

The National Credit Union Administration (NCUA), in issuing its first “risk alert” since 2013, noted the increasing frequency of and losses related to business email compromise fraud schemes, and that credit unions can take steps to prevent the fraud and report it, when it occurs, to the FBI’s Internet Crime Complaint Center.

“Credit unions that report incidents to the Internet Crime Complaint Center promptly increase their opportunity to recover funds that have been wired under fraudulent pretenses,” NCUA Board Chairman Rodney Hood wrote in the alert.

Credit unions that identify business email compromise or a similar wire-transfer fraud scheme should also contact the originating financial institution as soon as possible to request a recall or reversal, as well as a “Hold Harmless Letter” or “Letter of Indemnity,” the alert adds. The agency said it also encourages those credit unions to file a Suspicious Activity Report (SAR) with the Treasury’s Financial Crimes Enforcement Network (FinCEN).

The alert also lists 10 steps credit unions can take to help prevent business email compromise fraud.

NCUA Risk Alert (19-RISK-01), Business Email Compromise Fraud