1. Access National Bank Nonprofit and Association Banking 1 Preventing Nonprofit Banking Fraud and the Tools You Can Use! 2. Introductions Tom Ciolkosz Vice President, Relationship Manager Joined Access National Bank in 2009 as a Vice President, Relationship Manager and is the lead manager for the CPA and Nonprofit/Association segment teams with over 25 years of experience in the banking industry He is a resident of Loudoun County and is very involved in the community Past President of his Rotary Club and is currently serving as a Chair of Public Relations Member of both the Public Policy and Non Profit Initiatives Tom serves as a Board of Director for Loudoun Interfaith Relief and Brain Injury Services 2 3. Our Performance Record Organized in 1999 by local area business professionals and bankers Headquartered in Reston, VA with five banking centers: Reston, Vienna/Tysons, Chantilly, Leesburg and Manassas Our financial performance is attributed to our exceptional clients and our excellent client service o Consistent profits, quarter after quarter o 5-Star Rating (Superior) from Bauer Financial in each quarter since 6/30/2014 Public company known for our financial strength and traded on the NASDAQ global market (ANCX) Over 1 billion dollars in assets 3 4. The Access Value Proposition Hosting educational seminars and networking opportunities are an integral part of ANBs strategy to help our clients grow their business. Involvement by our associates in various associations that are relevant to the nonprofit and association industry. o Greater Washington Society of CPAs o Financial Administration Roundtable o www.nonprofitaccountingbasics.org o ASAE o The Nonprofit Roundtable 4 5. Preventing Nonprofit Banking Fraud and the Tools You Can Use! Agenda Fraud Statistics Fraud Articles The Fraud Triangle Real Fraudsters Check Fraud ACH Fraud Further Controls Resources 5 6. Preventing Nonprofit Banking Fraud and the Tools You Can Use Statistics 10% of fraud occur in not-for-profit organizations It typically lasts 18 months Approximately 55% were committed by single individuals Median loss of $100,000 Primary Areas of Weaknesses* Lack of Controls Override of Existing Controls Lack of Management review Poor Tone at the top *One of these factors was present in over 80% of the cases studied 6 * According to the Association of Certified Fraud Examiners 7. Preventing Nonprofit Banking Fraud and the Tools You Can Use 7 * According to the Association of Certified Fraud Examiners 8. Washington Post Inside the hidden world of thefts, scams and phantom purchases at the nations nonprofits 8 By Joe Stephens and Mary Pat Flaherty October 26, 2013 For 14 years, the American Legacy Foundation has managed hundreds of millions of dollars drawn from a government settlement with big tobacco companies, priding itself on funding vital health research and telling the unadorned truth about the deadly effects of smoking. Yet the foundation, located just blocks from the White House, was restrained when asked on a federal disclosure form whether it had experienced an embezzlement or other diversion of its assets. 9. Washington Post Inside the hidden world of thefts, scams and phantom purchases at the nations nonprofits 9 Legacy officials typed yes on Page 6 of their 2011 form and provided a six-line explanation 32 pages later, disclosing that they became aware of a diversion in excess of $250,000 committed by a former employee. They wrote that the diversion was due to fraud and now say they believe they fulfilled their disclosure requirement. 10. Washington Post Inside the hidden world of thefts, scams and phantom purchases at the nations nonprofits 10 Records and interviews reveal the full story: an estimated $3.4 million loss, linked to purchases from a business described sometimes as a computer supply firm and at others as a barbershop, and to an assistant vice president who now runs a video game emporium in Nigeria. Also not included in the disclosure report: details about how Legacy officials waited nearly three years after an initial warning before they called in investigators. 11. Preventing Nonprofit Banking Fraud and the Tools You Can Use! 11 The Virginia Scholastic Rowing Association in Alexandria said it lost as much as $223,000 an estimate the association president now has raised to $500,000 to a longtime bookkeeper, later convicted of embezzlement. People are going to say, You stupid people, said the groups president, John D. White. Theyre exactly right. You have to pay attention. 12. Preventing Nonprofit Banking Fraud and the Tools You Can Use! Real Fraudster or do you really know? 12 13. Preventing Nonprofit Banking Fraud and the Tools You Can Use! Fraud is a deception deliberately practiced in order to secure unfair or unlawful gain (adjectival form fraudulent; to defraud is the verb). The two main types of fraud Misappropriation of assets theft of company's assets Fraudulent financial reporting misrepresentations in financial reports 13 14. Preventing Nonprofit Banking Fraud and the Tools You Can Use! When it comes to banking, many types of fraud schemes are out there, and new types are being engineered every single day. The fraudster typically will test their scheme with a small amount to see if the transaction goes through unnoticed and then gradually increases it to the bigger payday. Fraud is happening both externally by hackers and vendors and internally by employees who are improperly scanning checks for payment 14 15. Check Fraud Problem: Through remote deposit capture or mobile phone deposit technology, check fraud involves individuals double debiting. For example, an organization issues a check to an individual and the individual deposits the check through a scanner or smartphone. The individual then quickly takes it to another bank to cash it. Both transactions flow through the check clearing process, which could result in the account being debited twice. This could go undiscovered until the account is reconciled. 15 16. Check Fraud Another way is for the fraudsters to get access to your money is to create counterfeit checks through stealing your check stock or obtaining a legitimate check and copying it. Solution: Check Positive Pay - This is an antifraud service offered by banks to help protect businesses against fraud from altered and counterfeit checks. Positive pay assists in the creation, transmission, and research of check records sent to the bank for payment. 16 17. ACH Fraud Problem: The fraudster targets nonprofit organization accounts in search of bigger payouts. Fraudsters will steal online banking credentials by hacking computer networks and installing key logging software or malware. Once the thief has the right credentials, they can access the organization's accounts and send out wires or ACHs to another country and into their own bank accounts. Solution: ACH Positive Pay - This allows clients to assign filtering or blocking services to various accounts based on company IDs, standard entry class codes, and dollar amounts. 17 18. Further Controls Protect your online environment 18 Be sure your bank uses a Two-factor authentication process. The best way to utilize a two factor authentication communication is: Email Cell Phone Phone 19. Further Controls Protect your online environment 19 TrustDefender secures your connection to Access National Bank transactional websites. TrustDefender protects your Access National Bank transactional banking session by locking down your browser and blocking all other internet traffic, including email. It also isolates unknown software and programs including viruses, malware, trojans and spyware on your computer that can steal your identity or carry out fraud on your account. TrustDefender identifies and alerts you to risks on your computer. Handout Online Banking Data Security and You 20. Further Controls Protecting your Online Environment 20 Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. Phishing is a type of social engineering. Phishing, relates to acquiring that confidential information by masquerading as a trustworthy entity in an electronic communication. *Handout-Phishing for Red Flags 21. Further Controls 21 Educate your employees A strong security program should be paired with employee education about the warning signs and safe practices that you can implement. The best secure password is: Password 1234 May2009marie S97@fde 22. Further Controls Partner with your bank to prevent unauthorized transactions 22 Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call- backs, device authentication, multiperson approval processes, and batch limits to help protect you from fraud. Positive Pay ACH Filters 23. Further Controls Partner with your bank to prevent unauthorized transactions Positive Pay An anti-fraud service offered by banks to help protect businesses against altered checks and counterfeit check fraud. The system matches the account number, check number, and dollar amount of each check presented for payment against an Issued File(s) submitted by the business. Any mismatches with the three components will create an exception item that will enable the business owner and clients to make a decision to pay or return the check 23 24. Further Controls Partner with your bank to prevent unauthorized transactions ACH Positive Pay Designed to protect business-client accounts from unauthorized electronic charges. Two methods of protecting your organization are detailed below. Solution: ACH Blocking All ACH debit transactions are blocked and clients make daily pay or no- pay decisions for each item. Solution: ACH Filtering Automatic payment of ACH transactions is based on pre-established organization IDs, Standard Entry Class, or dollar amounts. The client makes a decision to return or pay any exception items. 24 25. Further Controls Pay attention to suspicious activity and react quickly 25 Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Do you perform bank reconciliation on your operating account? Monthly Weekly Daily Quarterly 26. Further Controls Understand your responsibilities and liabilities The Electronic Funds Transfer Act (EFT), also known as Regulation E, was implemented in the U.S. in 1978 to establish the rights and liabilities of consumers as well as the responsibilities of the financial institution in EFT activities. Regulation E covers a consumer under certain conditions, limiting loss to $50 if the institution is notified within two business days. There currently are no similar loss protections for commercial customers 26 The account agreement with your bank will detail what commercially reasonable security measures are required by your organization. 27. Resources You can also visit the following websites to learn more about how to protect your nonprofit organization: ACFE Fraud Prevention Check Up - Handout Greater Washington Society of CPAs: Nonprofit Accounting Basics - http://www.nonprofitaccountingbasics.org/topic/internal-controls Federal Communications Commission: 10 Cybersecurity Strategies for Small Business https://www.uschamber.com/sites/default/files/legacy/issues/defense/fi les/10_CYBER_Strategies_for_Small_Biz.pdf 27 28. Contact Information Tom Ciolkosz Vice President Nonprofit Relationship Manager Access National Bank 1800 Robert Fulton Dr Reston, VA 20191 Direct: 703-871-1045 tciolkosz@accessnationalbank.com 28