FinCEN Analysis of Business Email Compromise in the Real Estate Sector Reveals Threat Patterns and Trends

The Financial Crimes Enforcement Network (FinCEN) has issued a new financial trend analysis on „patterns and trends identified in Bank Secrecy Act (BSA) data relating to business email compromise (BEC) in the real estate sector“. Therein, FinCEN primarily outlines the findings from an analysis of suspicious activities reports (SARs) filed from January 2020 through December 2021 relating to suspicious transactions as regards real estate related payments. The report thereby highlights common typologies of involved fraud schemes which should help firms in their risk assessments and control setups to help prevent illicit actions and transactions in that regard.
#### The main findings of the analyzed data include the following:
– Generally speaking, the monetary value of the reported incidents increased notably, from on average monthly value of $354,402 in 2020 to an average of $503,436 in 2021.
– Most often, BEC involves the gaining of access to systems and confidential information of „businesses and financial institutions that routinely conduct large wire transfers and rely on email for communication regarding the wires“.
– The information is subsequently used , for instance, to impersonate certain government agencies and / or firms to initiate the redirection of fund transfers.
– The entities which were most often victims of impersonation attempts were firms „involved in the title and closing processes within a real estate transaction“.
– Nearly 88% of redirected, fraudulent fund transfers involved transfers to domestic financial institutions. The remaining 12% involved transfers to foreign jurisdictions, whereby most incidents included fund transfers to Hong Kong, China, and Mexico.
As financial institutions are always engaged in fund transfers involving real estate transactions, FinCEN has summarized a number of steps, banks and payment service providers shall take to help prevent and mitigate the risk of BEC, including the following:
– institutions need to assess their vulnerability to BEC, particularly their vulnerabilities involving email fraud;
– institutions need to verify that communications received are de facto from the noted sources;
– institutions should adopt adequate practices as regards the authorization of real estate payments, particularly those with high values;
– institutions should verify AND communicate any changes to previously established payment terms;
– institutions need to adopt a „multi-faceted transaction verification process“ before transactions are in fact initiated;
– institutions need to train their staff and raise awareness as to the BEC fraud scheme;
– institutions need to file a SAR as quickly as possible to enable authorities to promptly investigate the matter and potentially recover fraudulent payments.