Private lenders run the wire-transfer framework against the loan-funding cycle, the borrower-payoff cycle, the investor-distribution cycle, and the vendor-payment cycle. Wire fraud runs against each cycle — borrower-payoff diversion, vendor-impersonation redirection, escrow-instruction substitution, and business-email compromise of the lender’s wire-approval framework. The FBI Internet Crime Complaint Center runs the business-email-compromise framework as one of the highest-loss cybercrime categories against the financial-services sector. This article walks the five-layer defense framework against the wire-fraud cycle — out-of-band verification, the callback-to-known-number discipline, dual-control wire approval, fidelity-bond and cyber-liability coverage, and the IC3 recovery framework against a wire-fraud event.
Defense one: Out-of-band verification
The out-of-band verification framework runs the wire-instruction verification against a separate communication channel from the channel that delivered the wire instruction. A wire instruction that arrives by email runs the verification framework against a phone call to a known number, a known fax number, or an in-person verification. The framework runs against the wire-fraud schemes — business-email compromise, email spoofing, and email-account takeover — that run the fraudulent wire instruction through the email channel. The framework runs the verification against the wire amount, the recipient bank name, the recipient routing number, the recipient account number, the recipient name on the account, and the wire-instruction reference on the loan or transaction.
Defense two: Callback to a known number
The callback-to-known-number framework runs the verification call against a phone number on the lender’s pre-existing record for the borrower, vendor, or counterparty — never against a phone number on the incoming wire instruction or against a phone number in an email signature. The fraudster runs the spoofed phone number on the wire instruction or in the email signature against the lender’s verification framework. The framework runs the callback against the borrower’s loan-application phone number, the vendor’s W-9 phone number, the title-company’s closing-instructions phone number, or the counterparty’s contract phone number. The framework runs the callback discipline against the lender’s pre-existing record on each wire verification.
Defense three: Dual control on wire approval
The dual-control framework runs the wire-approval discipline against the segregation-of-duties framework. The framework runs the wire-initiation framework against one role — the loan officer, the closing coordinator, the vendor-payment coordinator — and runs the wire-approval framework against a separate role — the operations manager, the CFO, the principal — on each wire. The framework runs the second-set-of-eyes discipline against the wire amount, the recipient framework, and the wire-instruction reference. The lender that runs the wire-approval framework on a single-control framework runs the wire-fraud framework against the lender’s operations on a thin discipline. The framework runs the dual-control discipline against each wire above the lender’s defined dollar threshold.
Defense four: Fidelity bond and cyber-liability coverage
The insurance framework runs the financial-recovery framework against a wire-fraud loss event. The fidelity-bond framework runs the coverage framework against employee-dishonesty losses on the lender’s framework. The cyber-liability framework runs the coverage framework against the business-email-compromise loss, the social-engineering-fraud loss, and the funds-transfer-fraud loss on the lender’s framework. The lender runs the cyber-liability framework against the social-engineering-fraud endorsement — the framework runs the coverage against the fraudster’s social-engineering framework on the wire-instruction cycle. The lender runs the funds-transfer-fraud endorsement against the wire-instruction-substitution framework. The framework runs the coverage against the wire-fraud loss event on the policy framework.
Defense five: The IC3 recovery framework
The IC3 recovery framework runs the post-loss response framework against a wire-fraud event. The framework runs four cycles. First, the lender runs the sending-bank notification framework against the wire-recall request within twenty-four hours of the wire — the Financial Fraud Kill Chain framework runs the wire-recall framework against the receiving bank on the FBI Domestic Financial Fraud Kill Chain process. Second, the lender runs the IC3 complaint framework against the FBI Internet Crime Complaint Center on the ic3.gov framework. Third, the lender runs the local-law-enforcement framework against the wire-fraud report. Fourth, the lender runs the insurance-claim framework against the cyber-liability and fidelity-bond carriers on the policy framework. The framework runs the recovery framework against the wire-fraud loss event on the time-sensitive cycle.
The wire-fraud schemes lenders see
Four schemes run on a recurring framework against private lenders. The first runs the business-email-compromise framework — the fraudster runs an email-spoofing or email-account-takeover framework against a lender, title company, or borrower and runs a fraudulent wire instruction against the wire-approval framework. The second runs the vendor-impersonation framework — the fraudster impersonates a known vendor and runs an updated banking-instruction framework against the vendor-payment cycle. The third runs the borrower-payoff diversion framework — the fraudster runs a substitute payoff-wire-instruction framework against the title company or the loan-servicer on a payoff cycle. The fourth runs the escrow-instruction substitution framework — the fraudster runs a substitute disbursement-instruction framework against the escrow-account holder on the closing cycle. Each scheme runs against the out-of-band verification framework on the lender’s defense framework.
The borrower-payoff wire framework
The borrower-payoff wire runs the highest-frequency wire-fraud framework against the private-lending sector. The framework runs three controls. First, the lender runs the lender-to-borrower payoff-wire-instruction framework — the wire instructions run from the lender to the borrower on the lender’s outbound framework, not from the borrower to the lender on an inbound framework. Second, the lender runs the no-mid-transaction-change framework — the wire instructions do not run a mid-transaction change framework on the standard. Third, the lender runs the in-person or callback-verification framework against any wire-instruction change on the payoff cycle. The framework runs the borrower-payoff wire-fraud discipline against the payoff cycle.
The vendor-payment wire framework
The vendor-payment wire runs the vendor-impersonation wire-fraud framework against the lender’s vendor-management cycle. The framework runs four controls. First, the lender runs the vendor master file framework against the W-9 framework on the standard. Second, the lender runs the vendor-banking-change framework against the callback-to-known-number framework on each banking change. Third, the lender runs the vendor-banking-change framework against the dual-approval framework on the vendor-master-file framework. Fourth, the lender runs the audit-trail framework against the vendor-banking-change cycle on the lender’s vendor-management framework. The framework runs the vendor-payment wire-fraud discipline against the vendor-payment cycle.
The lender’s wire-fraud governance framework
The lender runs the wire-fraud governance framework against the lender’s operational discipline. The framework runs five elements. First, the written wire-transfer policy framework against the lender’s operations. Second, the training framework against the wire-approval roles on the annual cycle. Third, the tabletop-exercise framework against the wire-fraud response cycle on the annual cycle. Fourth, the incident-reporting framework against the wire-fraud near-miss and loss cycles. Fifth, the insurance-renewal framework against the cyber-liability and fidelity-bond cycles on the annual cycle. The framework runs the lender’s wire-fraud discipline against the operational, training, and insurance frameworks on a recurring cycle.
Want to set up your private-lending operation the right way?
Wire fraud defenses run against the loan-funding cycle, the borrower-payoff cycle, the investor-distribution cycle, and the vendor-payment cycle. Note Servicing Center runs the third-party loan-servicing framework against the borrower-payoff wire framework, the investor-distribution wire framework, and the trust-account-disbursement framework — and runs the dual-control wire-approval framework against the lender’s wire-fraud discipline.
Explore the cluster
- Seven Wire Fraud Warning Signs
- How to Run Out-of-Band Wire Verification
- When the Lender Recovered a Wire Fraud Through IC3
- Single-Control vs Dual-Control Wire Approval
- Wire Fraud Questions Private Lenders Ask
Related Topics
- Fidelity Bonds for Trust Account Signatories
- Quarterly Waterfall Distributions for Mortgage Funds
- Mortgage Fund Subservicing Done Right
- Multi-Lender Notes With Up to 10 Investors
- California Section 10238 Multi-Lender Loan Rules
Frequently Asked Questions
What is the business-email-compromise framework?
Business-email compromise runs an email-spoofing or email-account-takeover framework against a lender, title company, or borrower. The fraudster runs a fraudulent wire instruction through the compromised email channel against the lender’s wire-approval framework. The out-of-band verification framework runs the defense framework against the business-email-compromise framework.
What is the Financial Fraud Kill Chain?
The Financial Fraud Kill Chain framework runs the FBI Domestic Financial Fraud Kill Chain wire-recall framework. The framework runs the wire-recall request from the sending bank against the receiving bank within the time-sensitive cycle — the FBI runs the framework on a defined wire-amount threshold and within a defined hours-from-wire window from the wire-execution time. The framework runs the wire-recall discipline against the wire-fraud event on the recovery cycle.
What is IC3?
The Internet Crime Complaint Center runs the FBI cybercrime-complaint framework on the ic3.gov framework. The lender runs the wire-fraud complaint framework against IC3 on the post-loss response cycle. The framework runs the wire-fraud complaint against the FBI cybercrime-investigation framework and runs the wire-recall coordination framework against the sending and receiving banks.
What is a social-engineering-fraud endorsement?
The social-engineering-fraud endorsement runs the cyber-liability policy framework against the fraudster’s social-engineering framework on the wire-instruction cycle. The endorsement runs the coverage framework against the business-email-compromise loss event, the vendor-impersonation loss event, and the wire-instruction-substitution loss event on the policy framework.
How much fidelity-bond coverage runs against wire fraud?
The fidelity-bond framework runs the employee-dishonesty coverage framework against the lender’s operations. The wire-fraud coverage runs against the cyber-liability framework on the social-engineering-fraud and funds-transfer-fraud endorsement frameworks. The lender runs the coverage framework against the lender’s wire-volume framework and the lender’s risk-tolerance framework. Consult the lender’s insurance broker on the specific coverage framework.
What is the callback-to-known-number framework?
The callback-to-known-number framework runs the verification call against a phone number on the lender’s pre-existing record for the counterparty — never against a phone number on the incoming wire instruction. The framework runs the callback against the borrower’s loan-application phone number, the vendor’s W-9 phone number, the title-company’s closing-instructions phone number, or the counterparty’s contract phone number on the standard.
What is dual-control wire approval?
Dual-control wire approval runs the segregation-of-duties framework against the wire-approval discipline. The framework runs the wire-initiation framework against one role and runs the wire-approval framework against a separate role on each wire. The framework runs the second-set-of-eyes discipline against the wire amount, the recipient framework, and the wire-instruction reference on each wire.
This article is educational and does not constitute legal, financial, or cybersecurity advice. The wire-fraud defense framework runs against the lender’s operational discipline, the lender’s insurance framework, and the FBI Internet Crime Complaint Center framework on the ic3.gov framework. Consult qualified legal counsel, an insurance broker, and a cybersecurity adviser on the specific wire-fraud framework against any private-lending operation.
Sources
- FBI Internet Crime Complaint Center — ic3.gov. Federal Bureau of Investigation.
- FBI Domestic Financial Fraud Kill Chain. Federal Bureau of Investigation.
- FinCEN — Financial Crimes Enforcement Network advisories on business-email compromise. Financial Crimes Enforcement Network.
- FFIEC IT Examination Handbook — Wholesale Payment Systems. Federal Financial Institutions Examination Council.
- CISA — Cybersecurity and Infrastructure Security Agency advisories on business-email compromise. Cybersecurity and Infrastructure Security Agency.
- Federal Reserve — Wire Transfer Risk Management Guidance. Federal Reserve Board.
- FBI Public Service Announcement — Business Email Compromise Update. Internet Crime Complaint Center.
- FinCEN Advisory FIN-2019-A005 — Updated Advisory on Email Compromise Fraud Schemes Targeting Vulnerable Business Processes. Financial Crimes Enforcement Network.