Fraudulent SBA Disaster Relief Payments; New FinCEN Advisory on Imposter Scams and Money Mule Schemes Related to COVID-19

Fraudulent SBA Disaster Relief Payments
Several credit unions throughout the country, including California, have reported members receiving ACH deposits representing SBA disaster relief payments to inactive or non-business accounts.  The payments are labeled “SBAD TREAS 310” – which commonly denotes SBA Economic Injury Disaster Loan (EIDL) and may have the company ID of 9101036151.  Some payment amounts exceed $10,000.

While details of the scam are limited, credit unions have described an advance fee scheme, sometimes called a “money mule” scheme. That is, fraudsters are recruiting members to receive SBA PPP and EIDL payments via ACH. The member is instructed to keep a certain amount of the payment and send the remaining to the person who is directing the activity.

ACH Guidelines:
  • If the credit union returns an ACH credit you believe is fraudulent, use Return Reason Code R23 (Credit Entry Refused by Receiver) or R03 for a name mismatch or R17 for an invalid account number initiated under questionable circumstances.  The use of R17 requires “Questionable” to be inserted in the first twelve positions of the addenda record.
  • Under NACHA Operating Rules, the credit union is not liable for funds resulting from fraudulent ACH credit entries if the funds are no longer available in the member’s account.  NACHA Rules provide the ODFI warrants to the RDFI that the entry is correct and properly authorized.  If the RDFI posts a fraudulent credit to the account number in the entry, and the funds are withdrawn, the RDFI is not liable for the funds.
  • The credit union cannot return partial funds.  The NACHA Operating Rules require return entries to contain the same dollar value as the original entry.  A partial return of funds must be handled outside the ACH network (e.g., with a wire transfer or official check), or with a new credit entry agreed to by both institutions.
  • If you receive a warrant from the Secret Service or other law enforcement agency requesting a return of fraudulent funds, you should only return whatever is left in the account.
Risk Prevention Tips:
  • Manually review incoming ACH credit entries to identify suspicious records.
  • Be aware of members that withdraw the entirety of funds received from the ACH deposit.
  • Many members may have rightfully applied for SBA relief loans.  Verify the legitimacy of the member’s business prior to returning or releasing potentially fraudulent funds.
  • Close their account and/or file a suspicious activity report, as necessary.
Report any SBA Disaster Assistance Program suspected fraud to SBA Office of Inspector General’s  (OIG’s) Hotline at 800-767-0385 or by submitting a complaint online here.

New FinCEN Advisory on Imposter Scams and Money Mule Schemes Related to COVID-19
The Financial Crimes Enforcement Network (FinCEN) issued an advisory on July 7, 2020 to alert financial institutions to potential indicators of imposter scams and money mule schemes, which are two forms of consumer fraud observed during the COVID-19 pandemic. The advisory contains descriptions of these scams and schemes, financial red flag indicators for both, and information on reporting suspicious activity.  Read the advisory here.

July 8, 2020

Risk Category:

Share With:
Chief Lending Officers
Compliance Officers
Security Officers
Risk Officers
Branch Managers
Electronic Payment Managers

Risk Alerts

Report a Risk Alert


This email was sent to <<Email Address>>
why did I get this?    unsubscribe    update subscription preferences
California and Nevada Credit Union Leagues · 2855 E Guasti Rd Ste 202 · Ontario, CA 91761 · USA