Business Account Security
Protecting your business is the most effective way of controlling corporate account takeover. According to recent reports, an overwhelming majority of attacks were not considered difficult to undertake. The targets were found to possess an exploitable weakness, not because they were pre-identified for the attack.
What is Corporate Account Takeover?
Corporate Account Takeover is a type of business identity theft in which a criminal entity steals a business’s valid online banking credentials. Small to mid-sized businesses remain the primary target of criminals, but any business can fall victim to these crimes. Attacks today are typically perpetrated quietly by the introduction of malware through a simple email or infected website.
What is the Risk?
The bank’s ability to protect you is severely undermined when your online credentials are compromised by a data breach initiated within your computer system. Once your computer is compromised, a criminal will attempt to fraudulently perform any function of online banking: Bill Pay, ACH transfers, wires, copies of checks and signatures, etc. Any possible way to financially defraud you will not be overlooked by smart criminals with the intent to steal your money or personal information.
How does it happen?
Hackers often take aim at small firms' computers because they are easier to infiltrate than banks' systems. For example:
- An infected document attached to an email
- A link within an email that connects to an infected website
- Employees visiting legitimate websites – especially social networking sites – and clicking on infected documents, videos, or photos posted there
- An employee using a flash drive that was infected by another computer
Once the employee opens the attachment or goes to the website, malware is installed on the computer. Then attackers infect your system and are able to obtain security credentials to access your company’s business accounts.
What you can do!
Mitigate - Read these best practices to mitigate the risk of becoming a victim...
Identify - Learn how to monitor your business' accounts for vulnerabilities...
Respond - Apply these tactics to possibly recover funds in the event of an incident...
Incident Response Checklist - Complete the steps on this checklist IMMEDIATELY...
Educate yourself and your employees! Follow this link to our Business Online Security Training. There are three sections: The Risk Background and Threat Landscape; Risk Management and Reduction; Managing a Negative Event. Learn more...
Glossary of Terms - Don't be confused with the terms used for account takeover...
Warning Signs of Corporate Account Takeover - Spot the warning signs indicating a corporate takeover threat...
The Federal Government has enacted new regulations with which all banks in the United States must comply. The updated Financial Crime Enforcement Network (FinCEN) regulation applies to Customer Due Diligence and Beneficial Ownership and:
- Aids the government in the fight against crimes which evade financial measures designed to combat terrorism and national security threats;
- Allows the U.S. to align with other international countries who have implemented this rule years ago
- Makes it difficult for non-legitimate businesses to open accounts with financial institutions.
- It helps us as a financial institution to better understand and know our customers who are running the business that we are financing.
Customer Due Diligence
The update requires banks to implement and maintain procedures to include:
- Understanding the nature and purpose of the customer relationships; and
- Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.
This is already in place utilizing the questions you answered at account opening regarding your expected account activity.
Beginning in May, each time an account is established (including Loan / CD Renewals) or when account signers change, we will be required to ask for identifying information (name, address, date of birth, social security number, and identification documents) regarding the Beneficial Owners of your Legal Entity.
A Beneficial Owner is defined as:
- Each individual that has beneficial ownership (25% ownership or more); AND,
- One individual that has significant managerial control (President, Chief Financial Officer, Treasurer, etc.).
The individual opening an account on behalf of the Legal Entity will be required to provide the above listed identifying information, and certify that this information is true and accurate to the best of their knowledge.
Who is a legal entity customer?
- A legal entity customer is defined as a corporation, Limited Liability Company (LLC), general partnerships, business trusts that are created by filing with a state office.
- A legal entity customer does not include sole proprietors or persons opening business accounts on their own behalf.
How does the rule define a “beneficial owner”?
- An individual who fits within at least one of the following “prongs”:
- Any individual who, directly or indirectly, owns 25% or more of the legal entity customer (known as the “Ownership Prong”); and
- One individual within the management structure who has “significant responsibility to control, manage, or direct the legal entity.” (known as the “Control Prong” Examples: CEO, CFO, COO, Managing Member, General Partner, President, Vice President, Treasurer, any other person who regularly performs similar functions).
When is the Certification Form required?
- Each time an account is established or account signers change, we will be required to ask for identifying information regarding the Beneficial Owners of your Legal Entity.
- Existing customers are exempt from the Rule until they open a new account or renew an existing loan or certificate of deposit, because we have not previously identified their beneficial owner.
Read the U.S. Treasury Announcement: Key Regulations and Legislation to Counter Money Laundering and Corruption, Combat Tax Evasion