Auditing Elder Financial Exploitation: Minding Your Own...
20
Auditing Elder Financial Exploitation: Minding Your Own Business or Making It a Part of Your Business Terri P. Sands, CAMS, At-Risk Adult Crime Tactics (ACT) Specialist, AAP
Transcript of Auditing Elder Financial Exploitation: Minding Your Own...
Auditing Elder Financial Exploitation: Minding Your
Own Business or Making It a Part of Your Business
Terri P. Sands, CAMS, At-Risk Adult Crime Tactics (ACT) Specialist, AAP
2
TABLE OF CONTENTS
Executive Summary .............................................................................................................................................. 3
Background ........................................................................................................................................................... 3
Regulatory Guidance and Expectations ................................................................................................................ 5
Mandated Reporters and Protected Individuals ................................................................................................... 5
Auditing the Financial Institution’s Elder Financial Exploitation Program ........................................................... 6
Risk Assessment ............................................................................................................................................... 7
Program Governance ........................................................................................................................................ 7
Board Reporting and Escalation ................................................................................................................... 8
Policies and Procedures ................................................................................................................................ 8
Elder Financial Exploitation Policies and Procedures Audit Checklist .......................................................... 9
Internal Controls............................................................................................................................................. 10
Systems ...................................................................................................................................................... 10
Elder Financial Exploitation Internal Control Audit Checklist..................................................................... 11
Training .......................................................................................................................................................... 12
Elder Financial Exploitation Training Audit Checklist ................................................................................. 14
Independent Testing ...................................................................................................................................... 16
Strategic Focus on Emerging Risks ................................................................................................................... 16
Conclusion .......................................................................................................................................................... 17
Resources and References ................................................................................................................................ 18
Glossary of Terms .............................................................................................................................................. 19
3
Executive Summary
At the crossroads of privacy and mandated reporting of elder financial exploitation, financial
institutions sometimes struggle with their obligation to detect, respond and report this type
of suspicious activity. The sensitivity of trying to stop possible elder financial exploitation
when the senior woman or man knowingly gives funds to a caregiver or family relative, may
be met with hesitation and discomfort. Employees and management at financial institutions
may feel their involvement is intrusive and unnecessary because the senior communicates
their intent to provide cash in large amounts to a caregiver, family member or in some cases
strangers. The act of a seniorsimply “knowing” about his/her surrendering of funds may be
interpreted as permission for the financial institution to move forward with a transaction that
in turn may lead to elder financial exploitation and in some cases physical abuse and the
death of the elderly woman or man. In a January 2015, True Link Financial Report’s research
revealed that seniors lose $36.48 billion each year to elder financial abuse. The research
further reflected that approximately 36.9 percent of seniors are affected by financial abuse
in a given five year period. 1 The common denominator of seniors is they have scheduled
monthly social security payments, have the majority of the wealth and are easily identified.
Without a structured program and an effective audit plan for elder abuse prevention and
detection, financial institutions may unknowingly open the door to reputational risk in cases
where elder abuse occurs on their watch, was undetected and becomes public.
The purpose of this white paper is to furnish best business practices for independent testing
on validating the effectiveness of the program, provide awareness of the growing problem
and significance of a financial institutions’ involvement and highlight regulatory
expectations and guidance. Best business practices are based on experience, trial and error,
known elder financial exploitation cases and today’s regulatory expectations.
Background
Financial institutions are often times the center of elder financial exploitation based on the
inherent nature of their business purpose: the trusted custodian of the funds and assets.
Knowingly or unknowingly, financial institutions face the problem of elder financial
exploitation by default through the ordinary course of business including cashing checks,
originating and receiving ACH and wires, withdrawing funds from an ATM, use of the debit
card at a point of sale terminal and even the approval of a loan or reverse mortgage.
Financial exploitation defined is when a person misuses or takes the assets of a vulnerable
adult for his/her own personal benefit. This frequently occurs without the knowledge or
consent of a senior or disabled adult, depriving him/her of vital financial resources for
1 "The True Link Report on Elder Financial Abuse 2015." The True Link. True Link Financial, Jan. 2015. Web.
4
his/her personal needs.2 As previously stated, it is important to note that seniors are also
exploited even when they have provided consent, as often times they feel pressured or
confused about how their funds will be used.
A factor that makes elder financial exploitation even more significant is that it is personal
and global. Whether it is a mother, father, grandmother, grandfather, distant relative or
family friend, people generally know an individual who is a senior, knows of an attempt of
financial exploitation of a senior or is aware of an actual crime that has occurred resulting
in monetary loss and mental anguish of an elderly individual.
Psychological manipulation of the elder population can originate from two different groups—
known relationships or strangers. Seniors or incapacitated or mentally challenged adults
may be tricked at the expense of those individuals that are in a position to be trusted
(“trusted entities”). Examples of this group may include a son, child, grandchild or a
caregiver. The common denominator is that this group is highly trusted and can easily
manipulate the elder adult into surrendering a portion or the entire value of his/her life
savings. The term “undue influence” is often used to describe when a person in a position
of trust takes advantage of a vulnerable adult to gain control of their money, property, or
their life—either directly or through a power of attorney (POA), a trust, marriage, adoption or
inheritance.3
Strangers represent the second group. This group normally preys on the elderly by promising
goods, services or other benefits that are nonexistent, unnecessary, or never intended to be
provided or misrepresented. An example of this would be the Jamaican lottery scheme that
is comprised of Jamaican fraudsters tricking seniors into believing they won the lottery. The
senior receives a FedEx or UPS package with the instructions to claim his/her prize in an
attempt to legitimize the winning. The senior is provided instructions on how to claim his/her
prize. The instructions include a request to pay a processing fee. Once the senior pays the
processing fee, there are often additional fees that the fraudster is claiming the senior owes
which further perpetrates the fraud and results in significant amounts of funds being
withdrawn and paid out to the criminals. Seniors are often targeted for this reason and then
in turn are tricked into becoming money mules for the purpose of using their account for the
movement of fraudulent funds. This could result in money laundering up to other criminal
activities. A money mule or sometimes referred to as a "smurfer" is a person who transfers
money acquired illegally (e.g., stolen) in person, through a courier service, or electronically,
on behalf of others. The mule is paid for their services, typically a small part of the money
2 "What Is Financial Exploitation?" National Adult Protective Services Association. N.p., n.d. Web.
3 "Practical Law." N.p., n.d. Web. .
5
transferred.4 Whether through known relationships or strangers, the crime is real and
negatively impacts the victims.
Regulatory Guidance and Expectations
In March 2016, the Consumer Financial Protection Bureau published an Advisory for
Financial Institutions on Preventing and Responding to Elder Financial Exploitation.5 The
increased scrutiny of this type of crime can be seen through these types of advisory notices
and regulatory expectations trickling down to warn financial institutions to be prepared.
Preparedness means that regulators want to see program structure, proof of training and
also proof that the program is effective. The financial institution’s audit program is
fundamental to evidence the effectiveness of such program.
Mandated Reporters and Protected Individuals
One important point that sometimes gets overlooked is that financial institution employees
are mandated reporters. A mandated reporter refers to “an individual required by law to
report suspected or confirmed abuse.”6 A mandated reporter may range from an employee
of a financial institution to a health care facility which is defined by state law. An example
of a mandated reporter in the state of Maryland is defined as:
“Notwithstanding any law on privileged communications, each health care practitioner, police officer,
or human service worker who contacts, examines, attends, or treats an alleged vulnerable adult.
Notwithstanding any other law limiting or prohibiting disclosure, a fiduciary institution shall make an
abuse report as provided in this subsection if an employee of the fiduciary institution, while acting
within the scope of the employee’s employment: (i) has direct contact with an elder adult or reviews
or approves an elder adult’s financial documents, records, or transactions in connection with
financial services provided by the fiduciary institution to or for the elder adult; and (iii) observes or
obtains knowledge of behavior or unusual circumstances or transactions that leads the employee to
know or have reasonable cause to suspect that the elder adult is the victim of financial abuse.” 7
As mandated reporters vary by state, the definition of protected individuals also differs by
state. A protected individual while defined by each state is generally characterized as any
person that would be vulnerable to elder financial exploitation and is protected by law. An
4 “Money Mule.” Wilkamedia Foundation, n.d. Web. 5 "Advisory for Financial Institutions on Preventing and ..." Consumer Financial Protection Bureau. N.p., n.d. Web.
6 "A Profile of Older Americans: 2015 - Aoa.gov." N.p., n.d. Web.
7 "Maryland Reporting Requirements Chart." N.p., n.d. Web.
6
example of a protected individual in the state of Georgia includes two types of protected
individuals as provided below:
Disabled adult: a person 18 years of age or older who is not a resident of a long term care facility
as defined in Article 4 of Chapter 8 of Title 31, but who is mentally or physically incapacitated or
has Alzheimer’s disease, as defined in Code Section 31-8—180, or dementia, as defined in Code
Section 49-6-72. G.A. Code. 8
Elder Person: a person 65 years of age or older who is not a resident of a long-term care facility
as defined Article 4 of Chapter 8 of Title 31. G.A. Code.9
A part of a financial institution’s audit program is to understand the mandatory reporting
requirements for the elderly and/or vulnerable persons. Mandated reporter information is
used when reporting an elder financial exploitation case with the states’ Department of
Aging Services and when filing a suspicious activity report. This list can be obtained by
contacting your states’ Department of Aging Services or accessing Mandatory Reporting
Requirements for Elderly and/or Vulnerable Persons.10 NOTE: This list may not have updated
information so it is important to contact your state directly for specific reporting
requirements.
Auditing the Financial Institution’s Elder Financial Exploitation Program
When auditing the effectiveness of an elder financial exploitation program, a financial
institution should understand and document the requirements of mandated reporters,
protected individuals by state, and key controls that are necessary to mitigate the risks
associated with elder financial exploitation. It is essential to ensure the BSA/AML program
includes documentation to support the financial institution’s compliance practices for
mitigating elder financial exploitation. Proof of compliance is dependent on a documented
risk assessment, program governance, strong internal controls, training, independent testing
and a designated BSA/AML officer that is responsible for the program and the assurance
that training for all applicable personnel is completed timely and tracked.
8 "2010 Georgia Code: TITLE 30 - HANDICAPPED PERSONS: CHAPTER 5 - PROTECTION OF DISABLED ADULTS AND ELDER
PERSONS: § 30-5-8 - Criminal Offenses and Penalties." Justia Law. N.p., n.d.. Web 9 "Read "Elder Mistreatment: Abuse, Neglect, and Exploitation in an Aging America" at NAP.edu." Appendix B: Analysis of Elder Abuse and Neglect Definitions under State Law. N.p., n.d. Web.
10 "Http://www.napsa-now.org/wp-content/uploads/2014/11/Mandatory-Reporting-Chart-Updated-FINAL.pdf."
Http://www.napsa-now.org/wp-content/uploads/2014/11/Mandatory-Reporting-Chart-Updated-FINAL.pdf. N.p., n.d. Web.
7
Risk Assessment
The risk assessment is an integral part of complying with regulatory guidance. Elder
financial exploitation is a current risk for fraud and any fraud vulnerable area is also
susceptible to money laundering. It is important to recognize elder financial exploitation as
potentially high risk and document this type of risk and the financial institution’s risk controls
into the risk assessment. This shows the transparency of the BSA/AML program and
highlights the financial institution’s ability to appropriately mitigate and manage the
emerging risk of elder financial exploitation.
As part of the BSA/AML risk assessment, the financial institution should include signs of
potentially high-risk activities and controls used to mitigate these risks. Below is a chart that
provides signs of elder financial exploitation. The financial institution should also track
additional emerging indicators specific to their program and include it as part of their
ongoing risk management procedures.
Signs of
Financial
Exploitation
(include but
are not
limited to):
Accompanied by a stranger to the bank who encourages them to withdraw large
amounts of cash
Accompanied by a family member or other person who seems to coerce them
into making transactions
Client not allowed to speak for themselves or make decisions
Implausible explanation about what they are doing with their money
Concerned or confused about "missing" funds in their accounts
Neglected or receiving insufficient care given their needs of financial status
Isolated from others, even family members
Unable to remember financial transactions or signing paperwork
Program Governance
Program governance of the elder financial exploitation program should include the
appropriate oversight, management and ongoing review of the effectiveness of the program.
To ensure the financial institution can demonstrate the effectiveness of such a program, it
is important to have documented policies and procedures in place that are approved by the
designated committee such as the board of directors. In addition, it is important to ensure
the financial institution has a structured program that includes a method for measuring,
monitoring and reporting elder financial exploitation. A strong BSA/AML program is the
ability to demonstrate a compliance of culture and a tone at the top with reporting directly
to the board of directors.
8
Board Reporting and Escalation
As part of a strong BSA/AML program is the ability to demonstrate a compliance of culture
and a tone at the top with reporting directly to the board of directors. As proof of this
compliance, it is important to have effective reporting and escalation procedures that are in
place andclearly defined that outlines the depth of risks and mitigating controls. Specific to
the elder financial exploitation program, the following areas should be covered:
Trending information on suspicious activity reports filed for elder financial
exploitation;
Periodic trending of elder financial exploitation cases;
Periodic trending of dollars unable to recover (monetary loss of elder financial
exploitation);
Carving out and reporting significant elder financial exploitation events;
Identification of high-risk trends (i.e., spikes in strangers targeting elders, spikes in
elder financial exploitation based on debit card use);
Current regulatory guidance, new state and/or federal laws, rules and regulations
that apply to elder financial exploitation and any roadblocks that may impede the
financial institution’s ability to mitigating and/or prevent this crime.
As part of the financial institution’s ability to report the effectiveness of the elder financial
exploitation program to the board of directors, it is important to have a case management
system that provides a clear and trackable method for identifying, measuring, monitoring,
and reporting to the board of directors or designated committee.
Policies and Procedures
As a requirement of the FFIEC Guidance on BSA/AML,11 policy and procedures are at the
core of defending the compliance program. Policies and procedures are important to create
structure, organizational discipline and ongoing compliance with regulatory expectations.
Below is a an audit checklist that outlines sample policy and procedure content, description
of what should be documented and testing criteria used to validate the documentation
compared to business practices and determine discrepancies:
11 FFIEC Guidance on BSA/AML. N.p., n.d.
9
Elder Financial Exploitation Policies and Procedures Audit Checklist
Policy and
Procedures
Content
Content Description Documentation compared to Business Practice
Purpose of Policy
andProcedures
The purpose of the elder financial
exploitation policy and procedures is to
ensure it reflects the need to identify,
prevent and report elder financial
exploitation.
Review policy and procedures documentation to
ensure the intent of the policy and procedures are
clear and readily understandable by all applicable
parties. Also ensure the board of directors or
designated group has approved the policy and
procedures.
Age Based on
State Law
State law defines protected individuals
that should be reflected in policy.
Review policy and procedures documentation and
compare to system settings and training material to
ensure the state law age matches what is in the
policy and procedures.
Roles
andResponsibilities
Roles and responsibilities should include
all applicable areas responsible for
adhering to the policy and procedures.
Review policy and procedures documentation to
ensure roles and responsibilities are clearly reflected
and talk to those individuals to determine if they
understand their roles and responsibilities as
documented in the policy/procedures.
System Controls
System controls should be outlined in the
policy and procedures as those key areas
that are relied upon for the identification,
prevention and reporting of elder financial
exploitation.
Review policy and procedures to ensure system
controls match what is documented. Review relied
upon systems and controls that are documented and
interview management/employees to validate these
controls are known and followed.
Reporting
Protocols
Reporting protocols should be documented
to reflect how the financial institution
reports the elder financial exploitation to
the appropriate agencies such as
Department of Aging Services and law
enforcement. Reporting protocols should
also be documented for escalations within
the financial institution for the purpose of
further reporting possible suspicious
activity.
Review policy and procedures to ensure reporting
protocols are documented. Obtain a reported elder
financial exploitation event and determine if that
reporting protocol matches that documented in the
policy/procedures and review those suspicious
activity reports to determine if the documentation
reflects the extent of the elder financial exploitation
event.
Compliance
Requirements
Policy and procedures should include
regulatory guidance, laws such as
Regulation E requirements and the
Gramm-Leach-Bliley Act that reflects the
financial institution’s obligation to comply.
Review policy and procedures to ensure that the
appropriate regulatory guidance and laws are clearly
documented and that training of these requirements
are conducted for applicable staff.
Training
Requirements
Review policy and procedures to ensure the
training requirements for the financial
institution are documented.
Review policy and procedures to ensure training
requirements are documented and determine if all
applicable areas of the financial institution are
required to take the elder financial exploitation
training (this can be elder financial exploitation
training by itself or as part of other types of training
such as security training/BSA/AML training).
10
Internal Controls
Internal controls as required by BSA/AML FFIEC Guidance focuses on various aspects of the
elder financial exploitation program including controls such as policies and procedures,
sufficient controls for identifying and reporting suspicious activity, and internal policy
guidelines. The guidance further recommends that “internal controls should be
commensurate with the structure, risks and complexity of the bank.”12
This section will focus on methods for auditing internal controls such as system
effectiveness.
Systems
As this type of crime has increased, an important factor for preventing elder financial
exploitation is the ability to differentiate between normal activity and unusual and possibly
suspicious activity. Specific to elder financial exploitation, an important key control is the
ability to identify elder financial exploitation patterns and abnormal transactional behavior
in your BSA/AML and/or fraud system and ensuring the system is effectively optimized to
mitigate the risks of an overabundance of false alerts.
The best business practice for elder financial exploitation prevention is the identification of
abnormal behavior based on the activity in the account. Transactional monitoring has
varying validation rules including static and neural rules.
Static rules, sometimes referred to as peer group analysis are built on specific scenarios that
represent possible suspicious activity based on the entirety of the peer group in question.
An example would be setting the system to generate an alert for all account holders 65 years
of age and older that have a wire activity greater than one transaction, cash out greater than
$500 and based on a 30-day time period.
Neural rules sometimes referred to as intelligence-based rules monitor for transactional
patterns based on the individuals normal transactional history. An example would be an alert
generated for excessive withdrawal of funds based on debit card usage or sending an
international wire when the customer does not have the history of performing such
transactions. Neural rules provide a more robust and meaningful monitoring method based
on its ability to identify suspicious activity specific to the individual rather than a one-size-
fits-all monitoring based on peer group analysis.
12 "Online Manual - BSA InfoBase - FFIEC." Online Manual - BSA InfoBase - FFIEC. N.p., n.d. Web.
11
It is important to note that not all monitoring systems have the same flexibility so it is
necessary to understand how the monitoring system works and then determine the
effectiveness of the system based on true possible suspicious activity that have been
identified, researched and possibly filed as a suspicious activity report. Financial institutions
and other organizations that have a significantly greater population of the elderly may wish
to have software that is solely dedicated to this type of monitoring. If you are auditing this
type of outsourced system, the same criteria may be used as cited below. It is up to the
financial institution to ensure their systems are effective. Dependency on third party systems
does not remove a financial institution’s liability. An example of evaluating the effectiveness
of the system(s) used to identify possible elder financial exploitation is below:
Elder Financial Exploitation Internal Control Audit Checklist
Criteria
Criteria Verification
System/Process Testing Examples
Age of Individual
Should be based on the financial
institution’s state requirements for
protected persons or earlier (i.e., if the
protected individual is 65+ in age, the
parameters should be set at a minimum
on the age 65 or maybe even younger
based on experience of unusual activity).
Review parameters of the system to determine if there
is a discrepancy between the age criteria on the system
compared to the age of protected individuals by state
requirements. If the age is greater than that of the
required age of the protected person by state, this
would be an exception and should be documented.
Transactional
Should be set and tested based on
meaningful criteria (age, cash-out and
dollar amounts of cash out)
Review the transactional worklists criteria to identify
possible elder financial exploitation such as:
Age
Cash-out from checks cashed
Activity inconsistent with elder’s ability such as
ATM use by a physically impaired person
Excessive new withdrawals, usually in round
numbers ($50, $100, $1,000, $5,000,
withdrawals made from savings or CD’s in spite
of penalty assessments, changing in authorized
signers)
One way to test the effectiveness of a system is to
identify elder financial exploitation reported outside of
the system by employees and determine why the system
did not identify this transactional suspicious activity. In
some situations, the financial institution’s monitoring
systems have not been optimized to turn on the elder
financial exploitation module and therefore the auditor
can determine that the financial institution is not trained
on this type of crime or has not taken the appropriate
steps to mitigate elder financial exploitation.
Products/Services
Should be set and tested based on
meaningful criteria (products/services
such as international wires that are not
Review the system settings to determine how
products/services that are not utilized by elder adults
would be identified as possible suspicious activity. One
way to test the effectiveness of a system is to identify
12
Criteria
Criteria Verification
System/Process Testing Examples
frequently used by customers 65 or
older).
elder financial exploitation reported outside of the
system by employees and determine why the system did
not identify the unusual act of using certain
products/services such as:
Outgoing international wires
Reversed mortgages
Remote check deposits
Ordering of debit cards
Request for online banking services after certain
number of months/years of having an account)
In some situations, the financial institution’s monitoring
systems have not been optimized to turn on the elder
financial exploitation module and therefore the auditor
can determine that the financial institution is not trained
on this type of crime or has not taken the appropriate
steps to mitigate elder financial exploitation.
Suspicious
Activity Filing
The financial institutions monitoring
system should be set appropriately to
effectively identify and capture possible
elder financial exploitation.
System Testing: The auditor could pull the last elder
financial exploitation cases that were identified outside
of the system (i.e., by employees of the financial
institution) and determine if the system identified the
event or missed the event based on system settings. The
auditor should also validate that the SAR reflects elder
financial exploitation. On February 22, 2011, FinCEN
issued an advisory to financial institutions on filing
suspicious activity. This advisory focused on red flags or
indicators that abuse may be occurring and specifically
asked financial institutions to include the term "Elder
Financial Exploitation" on filings of suspicious activity
reports (SARs).13
SARs Filed vs. SARs not Filed: Review suspicious activity
that was filed and not filed to determine if there is a
discrepancy between those events that rose to the level
of filing and ones that did not. Ask the BSA officer the
reason for those filed versus those not filed to determine
if there is a discrepancy in decisions to fileand not file a
SAR.
Training
In 2015, I conducted a training for a group of financial institutions on elder financial
exploitation. In this group, one of the attendees communicated that her bank had never had
to deal with elder financial exploitation and stated that “her bank was lucky to have avoided
this type of crime.”.Four months later, the same financial institution contacted me regarding
how to engage law enforcement as this had become a significant issue at her bank. She
13 "FinCEN Advisory Warns of Elder Financial Exploitation." FinCEN Advisory Warns of Elder Financial Exploitation. N.p.,
n.d. Web.
13
admitted that it was not that her bank had been lucky; it was that her bank had not been
trained on how to identify elder financial exploitation.
Training is an important pillar to be used as proof of compliance and important in the
financial institutions ability to mitigate the risks of this type of criminal activity. As the
BSA/AML Guidance states, “At a minimum, the bank’s training program must be conducted
for all personnel whose duties require knowledge of BSA. The training should be tailored to
the person’s responsibilities.”14 There are generally five types of training to consider when
building a strong elder financial exploitation training program:
Beginning/General Purpose Elder Financial Exploitation Training – General purpose elder
financial exploitation training serves as the commitment by the financial institution for
providing awareness of elder financial exploitation, how this
crime can be identified by employees, examples of elder
financial exploitation in financial institutions and escalation
procedures of the financial institutions.
Job Family Specific Training for Higher Risk Impacted Areas -
This training would build upon the general purpose elder
financial exploitation training and provides specifics on
methods used to identify elder financial exploitation in higher risk areas of the financial
institution that would be more susceptible to this type of crime.
Board of Directors Training (Inclusion of Elder Financial Exploitation) – This training would
entail specific training that educates the board of directors on the threats of this
emerging risk and how the financial institution is mitigating this type of risk. Since elder
financial exploitation is an emerging risk, it is a best business practice to highlight to the
board of directors any spikes in elder financial exploitation activity and discuss how the
financial institution plans to mitigate its risk (i.e., change in system parameters, training
the branch locations, trust departments). Financial institutions should ensure that the
board of directors are apprised of the FinCEN Advisory on elder financial exploitation as
a category for filing SARs and educated on this regulatory guidance.15
Elder Adult Account Holders, Caregivers and Community Training – This type of training
focuses on community outreach. The purpose of this training is to not scare elder adults
but bring awareness to the senior citizen community and caregivers regarding financial
14 "BA/AML Compliance Program — Overview." Online Manual. N.p., n.d. Web.
15 "FinCEN Advisory Warns of Elder Financial Exploitation." FinCEN Advisory Warns of Elder Financial Exploitation. N.p.,
n.d. Web.
14
exploitation and how to prevent this type of event. An effective method would be to
conduct training at nursing homes, extended care facilities, and other senior citizen
events that could bring awareness to this group regarding the identification of financial
exploitation and the methods to report this type of crime. Often times, financial
institutions partner with local law enforcement groups to jointly conduct these types of
training. Financial institutions that create special training brochures, documentation,
and/or videos may consider reaching out to their regulatory partners to determine if this
could be counted toward the financial institution’s Community Reinvestment Credits.
The Community Reinvestment Act (CRA) is intended to encourage depository institutions
to help meet the credit needs of the communities in which they operate, including low-
income and moderate-income neighborhoods, consistent with safe and sound banking
operations.16
Important Network Collaboration and Training - Law Enforcement, Department of Aging
Services and Network Training and Collaboration – In August 2016, the Consumer
Financial Protection Bureau published a Resource Guide for Elder Financial Exploitation
Prevention and Response Networks.17 This guide provides the industry with resources on
current networks and provides direction on how groups can collaborate and begin a
network to bring more concentrated efforts to prevent this type of crime. Financial
institutions could use this guide to determine how they could create peer networks for
the exchange of information, strengthen their own internal program and collaborate with
law enforcement, department of aging and other like groups to create a more unified
prevention program.
Elder Financial Exploitation Training Audit Checklist
Type of Training
Training testing examples
General Purpose
Obtain training documentation that includes elder financial exploitation from the
BSA/AML officer or designated individual responsible for this type of training. This
may be a part of the BSA/AML training or conducted as a separate training. Training
could be conducted online or in-person. Determine if the general training includes
at a minimum the following: a clear definition of elder financial exploitation,
mitigation tools for preventing elder financial exploitation and a protocol for
reporting this type of activity. This should include any employee that has any
dealings/interactions with account holders.
Job Specific Training
Obtain training documentation that includes elder financial exploitation from the
BSA/AML Officer or designated individual responsible for this type of training. This
may be a part of the BSA/AML training or conducted as a separate training. Training
could be conducted online or in person. Determine if the job-specific training
16 FFIEC Guidance on BSA/AML N.p., n.d. Web.
17 "A Resource Guide for Elder Financial Exploitation ..." N.p., n.d. Web.
15
Type of Training
Training testing examples
includes at a minimum the following: a clear definition of elder financial
exploitation, mitigation tools for preventing elder financial exploitation, a protocol
for reporting this type of activity and job specific “red flag” events specific to the job
family that would rise to the level of escalation. Examples may include but not
limited to:
Electronic Banking/Operations - This training should include specific “red flag”
events/examples of identifying elder financial exploitation such as outgoing
international wire transfer for 85-year-old accountholder that does not align
with his/her normal activity. This training should include the escalation point
for these types of events.
Information Security– This training should include specific “red flag’
events/examples of identifying elder financial exploitation from access into
online banking systems such as IP addresses that may lead to unauthorized
access of an elderly adult account. This training should include the escalation
point for these types of events.
Branch/Retail Services– This training should include specific “red flag”
events/examples of identifying elder financial exploitation such as an 85-year-
old account holder cashing a check for $7,000 who never withdrew that amount
of cash in the past. This training should include the escalation point for these
types of events.
Lending/Mortgage Services – An individual wishing to get a loan in an amount
that does not align with his/her normal activity or wishes to get a reverse
mortgage. This training should include the escalation point for these types of
events.
Wealth/Trust Services/Private Banking– An individual having abnormal activity
including a withdrawal of funds from trust or private banking accounts. This
training should include the escalation point for these types of events.
Call centers – A senior customer requesting to activate online banking services,
unusual calls for balance in the account, a person contacting the call center and
handing the phone to the senior individual for authorization to provide
information. This training should include the escalation point for these types of
events.
Compliance/Risk Management/Audit Staff– Compliance/audit/risk
management staff should be trained on the importance of governing the
oversight of the elder financial exploitation program, consumer complaints
regarding elder financial exploitation and ensuring these key personnel are
trained on this emerging risk.
Elder Adult Account
Holders, Caregivers
and Community
Training
Obtain documentation that reflects training conducted for elder account holders,
caregivers and the community. Determine the type of training conducted to ensure
the effectiveness of the training (i.e., online training may not be as effective for
seniors than in-person training). Determine if training was conducted in
partnerships with law enforcement, department of aging services, nursing homes,
and/or assisted living establishments. Also, determine if the training may include
too much of a “scare” tactic rather than a supportive type approach. This training
should include information on where to report this type of activity.
Important Network
Collaboration and
Training - Law
Enforcement,
Department of Aging
Services and
Network Training and
Collaboration
Discuss with the BSA/AML officer or designated staff to determine how the financial
institutions works with key groups such as law enforcement, Department of Aging
Services, and other networks. Without this type of network training, it may be
difficult for the financial institution to know how to report this type of crime and
have a sustainable and structured program.
16
Independent Testing
Independent testing is an important pillar to evidence the effectiveness of a financial
institution’s BSA/AML compliance program. It is important as part of the financial
institutions’ vendor management efforts to choose an audit program that is independent,
conducted by experienced individuals with the right credentials and qualifications and
incorporates the validation of emerging risks such as elder financial exploitation. There is a
difference between regulatory guidance and regulatory expectations. While a financial
institution may be able to demonstrate compliance with documented regulatory guidance,
the struggle is defending regulatory expectations. In the area of elder financial exploitation,
there is a trend in the increase of interagency guidance, advisory notices and increased
threats which results in the expectation of the financial institution to beef up its internal
controls, training and independent testing.
To effectively support the effectiveness of such a program, the financial institution is
expected to demonstrate its ability to measure the results. The ability to defend the program
boils down to proving the overall effectiveness of internal controls, training, independent
testing and the actions taken by the BSA/AML officer to mitigate elder financial exploitation.
Strategic Focus on Emerging Risks
In some cases, financial institutions strategically wait to get the nudge from regulators to
implement a new program until they are forced to implement a program based on regulatory
recommendations, negatively impacted elder customers and/or consumer complaints. A
regulatory expectation is for financial institutions to pay close attention to emerging risks as
these risks could negatively impact a financial institution’s ability to handle new threats or
future compliance requirements. Although elder financial exploitation is not a new threat, it
is a serious crime that has gained significant attention over the years based on escalated
fraud and significant monetary losses, more elderly individuals speaking out on their
experiences, media interest and the attention of the regulatory community.
A compelling risk of financial exploitation is two-fold—the ability to drain an elderly
individual’s savings and potentially exploiting the elder adult to facilitate another crime such
as human trafficking. In human trafficking, there are generally three phases including
recruitment, transportation and exploitation.18 The exploitation phase includes funding the
human trafficking criminal activity and therefore criminals could use a vulnerable senior to
facilitate such a crime. This could be achieved by a criminal manipulating a vulnerable senior
to initiate a wire transfer destined to a beneficiary in a city along the Southwest border to
18 "FinCEN Advisory: Financial Red Flags for Human Smuggling and Human trafficking”
17
fund the crime. In the normal course of business, a financial institution may not consider
this type of activity suspicious; however, human trafficking could be concealed behind the
financial exploitation of the elder adult. In an ACAMS white paper written by Nancy E. Lake
titled Human Trafficking in the Community Bank,19 it states “We in the anti-money
laundering (AML) may never be personally impacted by criminal activity, but we know that
monies from numerous crimes pass through the FIs on a daily basis, regardless of their size.”
The failure to keep up with industry threats and emerging criminal trends could be
significantly damaging to a financial institution’s reputation and its ability to comply with
U.S. law.
Conclusion
The purpose of this paper is to provide the reader a best business practice for auditing an
elder financial exploitation program and to bring awareness of the seriousness of elder
financial exploitation that impacts millions of victims each year—some reported and others
undetected. The failure of a financial institution to have a program in place for detecting
elder financial exploitation through a documented risk assessment, governance, policies
and procedures, effective systems, trained employees, and structured processes presents
significant risks and further intensifies the problem. Failure of an independent audit to test
the effectiveness of the elder financial exploitation program discounts the problem and
silently suggests that elder financial exploitation is not something the financial institution
has taken seriously and/or made part of its business.
The perfect storm or as a criminal would consider a perfect situation is when a financial
institution fails to identify, prevent and report this crime. The third line of defense is a critical
part of ensuring vulnerable areas are appropriately tested and validated for effectiveness. I
encourage readers to use this paper as a best business practice model for auditing and/or
reviewing their current elder financial exploitation program, documenting gaps and bringing
awareness to business owners and the community. When you interview your business
owner(s) and request information on the last elder financial exploitation event and they do
not have one to provide, this will be your que that the financial institution has some work to
do in this area. Auditors can serve as partners for not only documenting the gaps in the
program but being an active participant in the fight against this horrific crime.
19 Lake, Nancy. "Human Trafficking in the Community Bank." – This paper was published by the Association of Certified Anti-Money Laundering Association (ACAMS).
18
Resources and References
Regulatory Guidance
Regulatory Agency Guidance, Letters and Advisory’s Website
FDIC
Federal Regulators Issue Guidance
on Reporting Financial Abuse of Older Adults
https://www.fdic.gov/news/news/press/2013/pr13084.html
OCC
Federal Regulators Issue Guidance on Reporting Financial Abuse of
Older Adults
https://www.fdic.gov/news/news/press/2013/pr13084.html
NCUA
NCUA Letter to CUs out on elder financial abuse -
http://www.nafcu.org/News/2013_News/September/NCUA_Letter_to_CUs_out_on_elder_financial_abuse/
Federal Reserve Bank
Federal Regulators Issue Guidance on Reporting Financial Abuse of
Older Adults
http://www.federalreserve.gov/newsevents/press/bcreg/20130924a.htm
FinCEN
Advisory to Financial Institutions on Filing Suspicious Activity Reports
Regarding Elder Financial Exploitation
https://www.fincen.gov/statutes_regs/guidance/html/fin-2011-a003.html
Interagency Guidance on Privacy Laws and
Reporting Financial Abuse of Older Adults
https://www.sec.gov/news/press/2013/elder-abuse-guidance.pdf
Consumer Financial Protection Bureau
Recommendations and report for financial institutions on preventing
and responding to elder financial exploitation.
http://files.consumerfinance.gov/f/201603_cfpb_recommendatio
ns-and-report-for-financial-institutions-on-preventing-and-responding-to-elder-financial-exploitation.pdf
Consumer Financial Protection Bureau
Recommendations and report:
Fighting Elder Financial Exploitation through Community Networks
http://www.consumerfinance.gov/data-research/research-
reports/report-and-recommendations-fighting-elder-financial-exploitation-through-community-networks/
Mandated Reporting Requirements and Other Resources
Resources Website Address
2013 Nationwide Survey of Mandatory Reporting
Requirements for Elderly and/or Vulnerable Persons
http://www.napsa-now.org/wp-
content/uploads/2014/11/Mandatory-Reporting-Chart-Updated-FINAL.pdf
The United States Department of Justice on Elder Financial
Exploitation laws
https://www.justice.gov/elderjustice/prosecutors/statutes.html
National Adult Protective Services Association
http://www.napsa-now.org/get-informed/what-is-financial-
exploitation
U.S Department of Health and Human Services
http://www.aoa.gov
Answers on Aging - Financial Exploitation - Safeguarding Your Money and Property
http://www.n4a.org/
19
Glossary of Terms
Adult Protective Services (APS) - exists to receive and investigate incidents of abuse, neglect, or exploitation
of incapacitated or vulnerable adults, and to offer appropriate services in accordance with individual need
and acceptance.
At-Risk Adult – This is a term used to describe a protected individual that may be at risk based on age,
vulnerability to elder abuse based on mental incapacity.
Department of Health and Human Services - Department of Health and Human Services mission is to enhance
and protect the health and well-being of all Americans. We fulfill that mission by providing for effective health
and human services and fostering advances in medicine, public health, and social services.
Consumer Financial Protection Bureau (CFPB) - a U.S. government agency that makes sure banks, lenders, and
other financial companies treat consumers fairly...
Emerging Risk – New risks that are in the process of being understood and quantified by the industry and
regulatory community.
Financial Exploitation - when a person misuses or takes the assets of a vulnerable adult for his/her own
personal benefit. This frequently occurs without the exploit knowledge or consent of a senior or disabled adult,
depriving him/her of vital financial resources for his/her personal needs
Financial Abuse – Financial abuse is using the elder’s funds or assets different to the elder’s wishes, needs or
best interests – or for the abuser’s personal gain.
FinCEN - FinCEN's mission is to safeguard the financial system from illicit use and combat money laundering
and promote national security through the collection, analysis, and dissemination of financial intelligence and
strategic use of financial authorities.
The Gramm-Leach-Bliley Act - generally requires that a financial institution notify consumers and give them an
opportunity to opt out before providing nonpublic personal information to a third party. Today’s guidance
clarifies that it is generally acceptable under the law for financial institutions to report suspected elder financial
abuse to appropriate local, state or federal agencies.
Jamaican Lottery Scheme - Jamaican lottery schemes are not new and generally target retirement-age citizens
in the U.S. The scam has been modified in recent years to take advantage of the U.S. Department of the
Treasury's move to require benefit payments be made electronically. Benefit payments can be directed to an
account or to a prepaid debit card.
Mandated Reporters - A mandated reporter refers to “an individual required by law to report suspected or
confirmed abuse
Mentally Incapacitated – impairment by reason of mental illness, mental deficiency, mental disorder,
physical illness or disability, advanced age, chronic use of drugs, chronic intoxication or other cause to the
extent that a person lacks sufficient understanding or capacity to make or communicate informed decisions
concerning his/her person.
Money mule - sometimes referred to as a "smurfer" is a person who transfers money acquired illegally (e.g.,
stolen) in person, through a courier service, or electronically, on behalf of others. The mule is paid for their
services, typically a small part of the money transferred.
20
Neural Rules - Neural rules sometimes referred to as intelligence-based rules monitor for transactional patterns
based on the individuals normal transactional history
Protected Individual - Protected individuals are persons who by reason of their age or physical impairment
cannot manage their own affairs.
Reporting Protocol – the procedure that an organization has in place to report elder financial exploitation.
Static Rules - Static rules, sometimes referred to as peer group analysis are built on specific scenarios that
represent possible suspicious activity based on the peer group in question.
Suspicious Activity Reports - In financial regulation, a suspicious activity report (or SAR) is a report made by a
financial institution about suspicious or potentially suspicious activity.
Undue Influence – This term is often used to describe the when a person in a position of trust takes advantage
of a vulnerable adult to gain control of their money, property, or their life – either directly or through a POA, a
trust, marriage, adoption or inheritance.
