SardineCon SF/2026

Learn More
Fraudology

Unlocking Real-Time Collaboration: FinCEN’s Historic 314B Fraud Guidance Update

Podcast graphic for Fraud/ology episode #410, featuring guest Hailey Windham and host Karisse Hendrick.

Welcome back to Fraudology.

In this episode, I’m sitting down with Hailey Windham to talk about something that may sound like a compliance update on the surface, but could become one of the most important fraud-fighting shifts we have seen in a long time: FinCEN’s updated 314(b) fraud guidance.

For years, fraud teams, AML teams, and financial institutions have talked about the need for better information sharing. We all know fraud does not happen inside one institution at a time. Scam networks move across banks, fintechs, payment platforms, mule accounts, and customer touchpoints. By the time one institution sees the full picture, the money may already be gone.

FinCEN’s new guidance clarifies that Section 314(b) information sharing can include suspected fraud, not just traditional money laundering or terrorist financing activity. It gives participating financial institutions a clearer path to share fraud indicators, cyber-related fraud data, account activity, and other signals that may help stop scams before they spread.

This conversation is really about what that means in practice. Because guidance is only useful if teams understand how to operationalize it. The opportunity here is not just to say, “We can share more.” The opportunity is to build better real-time collaboration between financial institutions, fraud teams, AML teams, compliance leaders, and investigators who are all seeing different pieces of the same problem.

What you’ll hear in this episode:

  • Why FinCEN’s 314(b) fraud guidance update matters for fraud teams, AML teams, and financial institutions.
  • How 314(b) information sharing can support faster collaboration when suspected fraud is moving across institutions.
  • Why the Section 314(b) safe harbor matters, and what it does and does not solve.
  • How fraud information sharing between financial institutions could help with scam activity, mule accounts, account takeover, and cyber-related fraud data.
  • Why SAR confidentiality and 314(b) still need to be handled carefully.
  • What financial institutions should be thinking about when it comes to 314(b) registration requirements and participation requirements.
  • Why this guidance could help bridge the operational gap between fraud prevention and AML/CFT information sharing.

You should listen to this episode if you:

  • Work in fraud prevention, AML, investigations, compliance, or financial crime operations.
  • Have ever seen scam activity move across institutions faster than your team could respond.
  • Want to understand how 314(b) fraud information sharing may support real-time collaboration.
  • Are trying to connect fraud indicators, mule account information sharing, and money mule detection across institutions.
  • Need a clearer way to think about FinCEN fraud guidance without turning it into a purely legal or compliance conversation.

Episode notes & key takeaways:

FinCEN’s 314(b) fraud guidance gives financial institutions clearer room to collaborate

The biggest takeaway from this episode is that FinCEN’s updated 314(b) fraud guidance gives financial institutions much-needed clarity around suspected fraud information sharing.

Fraudsters collaborate. Scam networks collaborate. Money mule rings collaborate. But the institutions trying to stop them are often limited by uncertainty, internal risk concerns, privacy questions, or fear that sharing the wrong thing could create regulatory exposure.

Section 314(b) safe harbor has existed for years, but many institutions have historically treated it as an AML tool first. This update helps clarify that fraud can also be part of the information-sharing conversation when it may involve money laundering, terrorist financing, or other specified unlawful activity.

Real-time information sharing fraud workflows are the real opportunity

The phrase that matters most here is real-time. Fraud is not waiting for quarterly working groups, slow escalations, or after-the-fact case studies. Scams move fast. Mule accounts move fast. Social engineering moves fast. Account takeover moves fast. And once the money leaves one institution and starts moving through another, the window for recovery gets smaller by the minute.

If one institution sees a suspicious pattern, and another institution is seeing the next hop in the movement of funds, those teams need a way to compare signals quickly and responsibly. That might include account identifiers, transaction patterns, device signals, IP addresses, behavioral indicators, payee details, or other fraud indicators that help institutions understand whether they are looking at isolated activity or part of a larger network.

This is also where fraud operations and AML/CFT information sharing need to work together more closely. Fraud teams may see the customer-facing activity first. AML teams may understand the broader movement of funds. Compliance teams may understand the rules around what can be shared, how it should be documented, and who needs to be involved.

The power of 314(b) fraud information sharing is not just in the legal permission. It is in the operational design that comes after it.

The Section 314(b) safe harbor does not remove the need for governance

One of the most important parts of this conversation is that 314(b) fraud safe harbor does not mean “share anything with anyone.” That is not how this works.

Financial institutions still need to understand 314(b) compliance requirements, registration requirements, and participation requirements. They need policies. They need controls. They need documentation. They need to know who inside the institution is allowed to share information, under what circumstances, with which other participating institutions, and for what purpose.

This is especially important when teams are dealing with SAR confidentiality and 314(b). Institutions need to be careful not to disclose the existence of a SAR or reveal protected SAR-related information. That does not mean teams cannot collaborate. It means they need to collaborate correctly.

If the process is too restrictive, teams will not use it. If the process is too loose, institutions create new risk. The goal is a practical framework that lets teams move quickly without being careless.

Fraud information sharing between financial institutions can help expose networks, not just transactions

Fraud teams are often forced to look at one customer, one account, one transaction, or one event at a time. But modern fraud rarely works that way. The same device, mule, phone number, IP address, email pattern, synthetic identity, or receiving account may touch multiple institutions before anyone realizes the connection.

A single institution might only see one strange login, one suspicious new payee, one unusual transfer, or one victim report. But when multiple institutions compare information, the larger pattern may become visible. That is especially true for money mule detection, account takeover information sharing, cyber-related fraud data sharing, and scam networks that rely on speed and fragmentation.

This is also where suspected fraud information sharing can help institutions move from reactive case handling to proactive network detection. The challenge now is making sure institutions have the internal structure to use it well.

This guidance could help bridge the gap between fraud and AML

One of the things I care about most in this space is making sure fraud and AML teams are not operating like they are solving completely separate problems. They have different mandates, yes. They have different reporting obligations, yes. But the activity they are looking at is increasingly connected.

Fraud generates proceeds. Those proceeds move. They are layered, cashed out, transferred, converted, or pushed through mule accounts. If fraud teams only focus on the victim event and AML teams only focus on downstream suspicious activity, both teams may miss the full story.

That is why this FinCEN fraud guidance matters beyond compliance.

It gives institutions a better reason to connect fraud prevention, AML fraud information sharing, AML/CFT information sharing, and investigations strategy. It also gives teams a way to think about 314(b) not as a narrow compliance process, but as a bridge between teams that need to work together more often.

The fraud fight is moving from institution-by-institution defense to networked collaboration

If there is one bigger theme in this episode, it is that fraud defense cannot stay institution by institution forever. That model benefits the criminals. It lets scam networks exploit the gaps between financial institutions, payment platforms, fintechs, banks, and consumers.

The 314(b) fraud guidance update is important because it recognizes something fraud fighters already know: financial institutions are often seeing suspicious activity in real time, but they need better ways to connect those signals before the damage spreads.

This is not about making fraud teams reckless with data. It is about making collaboration more usable, more timely, and more effective.

The institutions that take this seriously should be thinking now about how to build a 314(b) fraud information sharing process that is practical, compliant, and operationally useful. That means looking at registration, participation, governance, SAR confidentiality, fraud indicators, scam escalation paths, and the day-to-day workflow between fraud and AML.

Final takeaway:

FinCEN’s updated 314(b) fraud guidance is not just another regulatory update. It is a signal that fraud information sharing between financial institutions needs to become faster, clearer, and more useful.

And honestly, that is overdue.

Fraudsters already collaborate across platforms, accounts, institutions, and borders. If financial institutions are going to keep up, they need responsible ways to collaborate too. Section 314(b) safe harbor is one of the tools that can help make that possible, but only if teams understand how to use it.

So if you are in fraud, AML, compliance, investigations, or financial crime leadership, this is one of those episodes I would not just listen to and move on from. Bring it back to your team. Ask how your institution is using 314(b) today. Ask whether your fraud team knows when and how to use it. Ask whether your AML team and fraud team are aligned. Ask whether you have a process that can move at the speed of scams.

Because the guidance matters. But what institutions do with it next matters even more.

Connect with Hailey Windham, CFCS | LinkedIn

Host of the Fraud Forward Podcast

Banking Community Lead at Sardine

Certified Financial Crimes Specialist (CFCS)

2023 Credit Union Rockstar, CU Magazine

Continuous Improvement Award, SAFE Federal Credit Union, 2023

Top 20 Professionals Under 40, The Sumter Item, 2022

Connect with Karisse Hendrick | LinkedIn

Host of the Fraudology Podcast

Award-Winning Cyberfraud Expert

Ecommerce Fraud Prevention Consultant

Startup Advisor, Keynote Speaker, and

Consultant to Fortune 500 merchants


Host
A smiling woman with short brown hair and glasses, wearing a black and white striped blazer.
Karisse Hendrick
Ecommerce Fraud Prevention Consultant

Guests

Hailey Windham
Hailey Windham
Fraud Forward, Sardine
Episode transcript
00:00
𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:00:02): Welcome to Fraudology Podcast where we dive into the science and study of online fraud from the perspective of an e-commerce fraud fighter. 2 00:00:01,000 --> 00:00:02,000 I'm Karisse Hendrick. Welcome back to the Fraudology podcast. I am so excited to have Hailey Windham here with me today. 3 00:00:02,000 --> 00:00:03,000 It's been a little while since Hailey's been on the podcast. I know we did a joint episode for Fraud Fight Club back in April, but before that I think it was back in 2025. 4 00:00:03,000 --> 00:00:04,000 And if you haven't heard Hailey before, she's been on the community banking side and credit union side of fraud prevention for several years and she very recently, as in the end of last year, started a full time position with Sardine. So welcome, Hailey, to the podcast again. 5 00:00:04,000 --> 00:00:05,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:00:50): Thank you so much. It's always a pleasure to join you on Fraudology. 6 00:00:05,000 --> 00:00:06,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:00:53): Yes, you are. I can't remember the first time you came on the podcast, but was it three years ago at least? 7 00:00:06,000 --> 00:00:07,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:01:01): Yeah, I think it was three years. And I was just a little small town credit union girl who was inspired by you to create her own internal podcast. And there's been a lot of changes, but you've, you've stirred up a lot of inspiration and motivation in me, so I'm always eternally grateful. 8 00:00:07,000 --> 00:00:08,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:01:17): Oh, well, I just love getting to see your growth. It's been so exciting to me. And you had, you were the host of the Banking on Fraudology podcast and now it's called Fraud Forward. 9 00:00:08,000 --> 00:00:09,000 And really the vision for that podcast is similar to Fraudology, but specifically for banks. Let's go ahead and start with what you've been up to. 10 00:00:09,000 --> 00:00:10,000 I mean, I kind of gave a little bit of a overview of what you've been up to since you were last on the podcast. But how is it being at Sardine going from the banking side to the vendor side? 11 00:00:10,000 --> 00:00:11,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:01:50): Well, it's been a whirlwind, but in the best way possible. 12 00:00:11,000 --> 00:00:12,000 Honestly, from the banking practitioner side, I was afraid to come over on this side, you know, afraid of that, thought of, you know, she's a sellout or, you know, she's gone over to the dark side and now we don't want to talk to her. But it hasn't been like that at all. 13 00:00:12,000 --> 00:00:13,000 And mainly one of the main reasons why I joined Sardine was because of that I was told, you know, and since then it's been true. But I was told that we don't want you to try to sell anything. 14 00:00:13,000 --> 00:00:14,000 We just want you to keep doing what you're doing. We want to help give you, help you at scale, right? 15 00:00:14,000 --> 00:00:15,000 Instead of helping one credit union, help multiple. And making sure that we can get the information out. So I'll say, you know, my role is the community lead for banking. 16 00:00:15,000 --> 00:00:16,000 And so I have been focused on, you know, building the resources that are actually useful for fraud practitioners and not just vendors. So it's not just a, hey, this is what's going on in the industry. 17 00:00:16,000 --> 00:00:17,000 Let me sell you something. It's, hey, this is what's going on in the industry. Here's how you can make it operational, here's some practical takeaways for you. 18 00:00:17,000 --> 00:00:18,000 And just leading with knowledge and information first. Versus over, you know, fear tactics, trying to make you think, oh, the next best technology is the answer. 19 00:00:18,000 --> 00:00:19,000 So, you know, obviously the podcast got a facelift, so it's now called Fraud Forward, just a rebranding. But I think the message is pretty clear that fraud isn't static. 20 00:00:19,000 --> 00:00:20,000 Right. It evolves constantly. And, you know, the goal was simple. Still have those practitioner led conversations that help move the industry forward. 21 00:00:20,000 --> 00:00:21,000 So we've had guests from financial institutions, fintechs, law enforcement, even had consumer advocacy organizations. And I think the one thing that I'm really proud of is that we've been able to balance those strategic conversations with operational reality. 22 00:00:21,000 --> 00:00:22,000 So, you know, if someone listens to an episode, I want them to walk away with something they can use tomorrow morning at work. I think that that's very important for any conversation I have. At least that's recorded and other people can hear. 23 00:00:22,000 --> 00:00:23,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:03:47): Well, and you and I are so aligned in so many of those things as far as, you know, giving back to the industry. 24 00:00:23,000 --> 00:00:24,000 I know that you are currently working on promoting a benchmarking survey for credit unions and community banks. You know, right now they're responding to it. You don't have all of the data gathered yet, but you're getting there. 25 00:00:24,000 --> 00:00:25,000 And I think, you know, to my knowledge, there's never been anything like that before. Just like there hadn't been anything like my fraudology benchmarking study for merchants back in, I think it was 2023 now. 26 00:00:25,000 --> 00:00:26,000 It was very unique because it asked the questions that merchants wanted to know, not that vendors wanted to know about merchants. 27 00:00:26,000 --> 00:00:27,000 And I think that's exactly your goal with the banking survey. And I'm really excited for you to get those results and for them to help people move the needle forward within their organization, to share it with their leadership, to say, hey, we're over here, this is where everyone else is, or, hey, we're actually doing really good. 28 00:00:27,000 --> 00:00:28,000 You should give me a raise. Using it for practicality, I think is really exciting when that gets to happen 100%. 29 00:00:28,000 --> 00:00:29,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:04:57): So this is actually the project that I'm most excited about. And one of the things that whenever, you know, Sardine asked Hailey, what's one thing you want to do? 30 00:00:29,000 --> 00:00:30,000 And I was like, I really want a benchmarking report. And so this is another promise they've kept to me. 31 00:00:30,000 --> 00:00:31,000 And so again, we launched this. It's the industry's first practitioner built fraud benchmarking survey. And specifically for community banks and credit unions, we're focusing on 10 billion and under. 32 00:00:31,000 --> 00:00:32,000 The goal is to finally answer questions like how many alerts should an investigator handle, you know, efficiently? What does normal staffing look like? How much are institutions actually losing to scams? 33 00:00:32,000 --> 00:00:33,000 And you know, early data from the benchmarking, it's confirming what we've already known and felt that they're being asked to do more with less. 34 00:00:33,000 --> 00:00:34,000 I will say though, I have to give a shout out to my credit unions right now because 80% of my respondents have been credit unions. So I need my community banks to step it up. 35 00:00:34,000 --> 00:00:35,000 But again, you know, fraud teams, I don't think that they've lacked benchmarks necessarily. There are some that are available that are industry, but it's from my experience they were really vendor led versus practitioner led. 36 00:00:35,000 --> 00:00:36,000 So it was, hey, here's our, here's our current benchmarking on fraud. And it's like, okay, who'd you poll for this? Like, I follow you guys and you didn't poll me for this information, so where did it come from? 37 00:00:36,000 --> 00:00:37,000 You know, that was just one of the things that always bugged me. And then I'll never forget reading one of the industry benchmarks that said, okay, ACH fraud, here's how much they lost. 38 00:00:37,000 --> 00:00:38,000 And I was like, is there not a breakdown of, you know, EFT, you know, transferred external transfers that we sent out or member to member internal transfers? 39 00:00:38,000 --> 00:00:39,000 Like there's not a breakdown of what is actually happening, like online versus origination with ACH. We just categorized it into one that's not helpful. 40 00:00:39,000 --> 00:00:40,000 So I wanted to make sure that I brought some of those, you know, again, just practice practitioner insights into this benchmark so that we could actually take it back and again, use that information tomorrow to help our programs. 41 00:00:40,000 --> 00:00:41,000 And so far, the responses, again, I'd love to have a few more before we close it out officially, but I'm really excited to see the insights we have so far and really look forward to posting that, that full benchmark report that'll come out soon. 42 00:00:41,000 --> 00:00:42,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:07:08): I remember years ago when I was working for a nonprofit organization, a trade association for e-commerce merchants and fraud. One of my friends that was working at Twitter at the time said, Karisse, your job is to help me do my job better. And that has stuck with me. 43 00:00:42,000 --> 00:00:43,000 And even though I don't work for that nonprofit or that, you know, trade association anymore, that's still how I think through things, right? With MFA, coming up with the podcast with those type of things. And I think that's the lens that you look through too, is how can I help my people do their job better. 44 00:00:43,000 --> 00:00:44,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:07:42): I love that you mentioned that, that it also leads me to the other two things that I built since starting at Sardine. 45 00:00:44,000 --> 00:00:45,000 You know, one thing that I think now that I'm really diving into content is that some people like to, you know, receive it a different way. You know, either through video, podcast, or audio. Or maybe it's reading things or just quick little sound bites. 46 00:00:45,000 --> 00:00:46,000 So I've kind of embraced all of it, trying to see, you know, what, what's best received, but also just trying to give back to the industry in the way that they want to receive it. 47 00:00:46,000 --> 00:00:47,000 So I also have a newsletter out now. It's called the Monday Fraud Fix. So again, this just kind of helps practitioners start their week informed. 48 00:00:47,000 --> 00:00:48,000 So I cover, you know, regulatory updates, industry trends, of course, podcast highlights, and any actionable insights that I find. 49 00:00:48,000 --> 00:00:49,000 Again, I just wanted something that was short enough to read with a cup of coffee, but substantive enough to matter. And then on Fridays, I now have five minutes of Fraud, which is just a short form content series. 50 00:00:49,000 --> 00:00:50,000 I try to keep it under five minutes, but you guys know me, I talk a lot. So sometimes 5 minutes and 50 seconds, sometimes. 51 00:00:50,000 --> 00:00:51,000 I got a message from my boss the other day and he said, he circled it, it said five minutes of fraud, but it was 10min and 51 seconds. And I was like, look, I got on a rant, okay? I couldn't help it. 52 00:00:51,000 --> 00:00:52,000 But you know, during that five minutes or less, wink, wink, can't hint, you know, I'll try to break down a, you know, major fraud trend. 53 00:00:52,000 --> 00:00:53,000 Again, just a regulatory update or a scam I'm seeing, you know, the fraud world moves quickly and not everyone has time for that hour long podcast. So why not give, just it something in short form? 54 00:00:53,000 --> 00:00:54,000 You know, fraud fighters are busy. Sometimes you only have five minutes. Again, I try to, I try to meet that goal of five minutes, but sometimes I just get too excited. 55 00:00:54,000 --> 00:00:55,000 But I, I want those short minutes to count for those, so again, just those other two things that, that I felt were ways to give back. And Sardine has fully embraced that and it's given me the platform to do it. 56 00:00:55,000 --> 00:00:56,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:09:39): I love that. Yeah, I, I know that people like short form, but I just can't do short form. I have to do long form conversations. So I'm like, that's what you get. 57 00:00:56,000 --> 00:00:57,000 But, you know, the transcripts are actually about to all be released online for Fraudology, as well as synopsises of every single episode. I think we're at. I think this one is 407. 58 00:00:57,000 --> 00:00:58,000 I actually like completely blazed past the 400 mark and didn't even take time to celebrate it. I didn't notice till it was like 403 and I was like, whoops. Oh, I didn't realize I was close to that. 59 00:00:58,000 --> 00:00:59,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:10:13): Never too late to celebrate what you've done, Karisse. Truly. 60 00:00:59,000 --> 00:01:00,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:10:16): Yeah, I suppose I'm not good at celebrating myself. I'm very. I love celebrating other people and their success, but that's just not my. It's not something I think about. 61 00:01:00,000 --> 00:01:01,000 But so tell me, what you know, because you are so dialed in to community banks and credit unions. What are some of the things that they're worried about? 62 00:01:01,000 --> 00:01:02,000 What are they, what are they working on? What are they worried about? Is it external fraud threats? Is it internal, you know, fraud operations? Is it justifying their job to senior leadership? Like, what are their concerns right now? 63 00:01:02,000 --> 00:01:03,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:10:50): So I'll tell you, the concerns kind of stayed the same from whenever I was a practitioner. I know that I focused heavily on how in the world do I even get them to understand that fraud is important? 64 00:01:03,000 --> 00:01:04,000 But because fraud and scams are just at an all time high, the scams and social engineering aspect is like the number one issue for fraud people right now. 65 00:01:04,000 --> 00:01:05,000 And it's because executives are finally paying attention. You know, the industry has gotten better at detecting stolen credentials and account takeover. 66 00:01:05,000 --> 00:01:06,000 But scams are different because the customer is often, you know, authorizing that transaction themselves. So, you know, fraud teams are asking how, how do we detect scams? How do we educate customers and who ultimately bears the loss? 67 00:01:06,000 --> 00:01:07,000 Because there's the struggle of, and I faced this whenever I was the practitioner, it's, you know, here I have this, this member that came in. They received a call from someone impersonating our organization and eventually had them log on with these codes or said, hey, what's this code that we're about to send to you? 68 00:01:07,000 --> 00:01:08,000 We just want to authenticate to you. But in reality, that was part of the MFA. It was part of them trying to make sure, hey, here's the code was a one time password we've sent out. 69 00:01:08,000 --> 00:01:09,000 And then the fraudsters use that information from that phone call and now they've, you know, accessed the account. 70 00:01:09,000 --> 00:01:10,000 But that person was tricked or social engineered because they were impersonating the financial institution from the mirrored phone number. So it looks like it was a legitimate one, but that person gave access by giving over the code. So who bears that loss and how do we justify those answers? 71 00:01:10,000 --> 00:01:11,000 And then how do we make sure that we are consistently applying it across the board? Because that's where we really mess up in regards to Reg E. If you don't apply it consistently, that's where you have trouble. And so trying to make sure that happy medium or trying to understand how we interpret the regulation is really a big issue. 72 00:01:11,000 --> 00:01:12,000 And which again just early insights from that benchmarking survey did find that scams were overwhelmingly identified as a top threat for community banks and credit unions. 73 00:01:12,000 --> 00:01:13,000 The other thing that I think is top of mind is the AI opportunity and risk. Community bankers are excited about the potential of AI, but they're also pretty cautious. 74 00:01:13,000 --> 00:01:14,000 You know, they're asking how do we deploy AI responsibly, what governance is needed and how do we explain AI decisions to regulators making sure that they are, you know, fully intertwined with whoever their vendor is or their solution provider. 75 00:01:14,000 --> 00:01:15,000 And again, most institutions, they don't want AI replacing the humans, but they do want AI augmenting investigators. 76 00:01:15,000 --> 00:01:16,000 So, you know, how can we use it to help us to, you know, a lot of times we are fraud fighters of one. I need help. So let me, let me automate a few things. And I think that the overall theme that we always see of course is the doing more with less. 77 00:01:16,000 --> 00:01:17,000 You know, because teams are dealing with the growing fraud losses, the faster payments, staffing shortages, budget constraints. 78 00:01:17,000 --> 00:01:18,000 Many fraud teams are at or beyond capacity while expectations continue to rise. So fraud isn't growing linear anymore, it's growing exponentially while our resources aren't. 79 00:01:18,000 --> 00:01:19,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:13:59): Yeah, I think that's something that no matter what side of fraud you're on, whether it's merchant side, banking side, smaller bank, bigger bank, all those things, I think those are challenges that we all face, right, that fraud is growing exponentially and at scale and we don't have new resources, we still have duct tape and bailing wire. 80 00:01:19,000 --> 00:01:20,000 We still have to figure it out. No, those are really good insights and things that I think other types of fraud fighters can really relate to. 81 00:01:20,000 --> 00:01:21,000 Sometimes we get distracted by the shiny things but at the end of the day, the things that really are creating systemic pain points are, you know, the same old, same old things that we just don't fix or haven't found a way yet. 82 00:01:21,000 --> 00:01:22,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:14:43): Very true. I also think that at least from the community banker, credit union side, one thing that I just, I don't know how we get beyond it other than we've got to start pushing back on these core providers, but we are stuck in these legacy cores that won't really integrate well with other solutions that we need and we feel like we can't leave them. Right. 83 00:01:22,000 --> 00:01:23,000 We've, we've been with these cores 20, 30 years and it's like, man, it's so scary getting out of that comfort zone. But we have to, in order to, to stay afloat and to stay in front of this fraud problem, we've got to try to be in that proactive, you know, innovative side of the, of the world and where we could be versus being stuck. 84 00:01:23,000 --> 00:01:24,000 So that's just another call out that I feel I would be remiss if I didn't mention that the legacy core issue is on the infrastructure. I mean, we've got to get that part figured out so that we can have layered controls and bring in more solutions that can help us augment some of these things. 85 00:01:24,000 --> 00:01:25,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:15:41): Yeah, e-commerce companies don't necessarily have legacy cores in the same way that banking does, but they do have legacy systems that just aren't detecting the fraud of today as much as they used to. 86 00:01:25,000 --> 00:01:26,000 They're not able to see behavior biometrics and device intelligence and the signals that they need to be able to identify things like card testing and enumeration or account takeovers, you know, more sophisticated account takeovers and things like that. 87 00:01:26,000 --> 00:01:27,000 So that we can relate to you as well for sure. So one of the things that came out actually as recently as yesterday from when we were recording, but last week from when people are going to listen, is that it was pretty big. 88 00:01:27,000 --> 00:01:28,000 I mean, I remember seeing multiple posts about it just, you know, being like, oh my gosh, I can't believe this happened. That FinCEN came out, you know, so that's in the US came out with updated guidance that seems to have kind of reinvigorated and excited people in banking fraud. 89 00:01:28,000 --> 00:01:29,000 Can you explain what the updated guidance was and kind of what, why it's such a big deal? 90 00:01:29,000 --> 00:01:30,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:16:51): Absolutely. I actually just did a quick little blurb about it in my newsletter and I titled it a little louder for the people in the back. 91 00:01:30,000 --> 00:01:31,000 You know, so it happened on June 12, which was my mom's birthday, by the way, Benson dropped. I figured that was important for everyone to know because my mom thinks it's important, but so on June 12, Benson dropped a new fact sheet clarifying how 314(b) actually works. 92 00:01:31,000 --> 00:01:32,000 And I mean, I'm here to say I want more fraud fighters to know that this exists, if they don't already, and that they can and should use it. So it wasn't just like a minor tweak. 93 00:01:32,000 --> 00:01:33,000 It expands on and replaces the 2020 guidance and directly addresses three things that practitioners have been asking about for years, which are whether real time information sharing is permissible, under what circumstances fraud related information can be shared and how to actually use it. 94 00:01:33,000 --> 00:01:34,000 So, you know, I've sat in enough rooms and I've heard enough calls to know that 314(b) information sharing is wildly underutilized. And it's not because people don't care, but because there's been a real confusion about what's actually permissible. 95 00:01:34,000 --> 00:01:35,000 There's always just been this fear of being burned by the regulators for sharing information when maybe it wasn't the right circumstance. 96 00:01:35,000 --> 00:01:36,000 And I mean, Vincent hurt us, right? So they finally provided that clarity that we've been asking for. And so it's section 314(b) of the USA Patriot Act. It lets financial institutions share information with each other under a liability safe harbor to identify and report potential money laundering and terrorist activity. And now it includes fraud. 97 00:01:36,000 --> 00:01:37,000 So the updated fact sheet is something the industry has needed truly for a long time. Practitioners have been asking for that clearer language, clearer permission, and clearer protection. And so what we got clarified are four different things that I want to highlight. And one is that fraud is explicitly now in the scope. 98 00:01:37,000 --> 00:01:38,000 So information sharing can cover activity tied to specified unlawful activities, which includes fraud against individuals, organizations or governments, and computer fraud. So you don't need a confirmed money laundering case to share. You just need a reasonable basis to believe that activity may involve money laundering or terrorist activity, which is huge for us. Right? 99 00:01:38,000 --> 00:01:39,000 Because again, we've had those scenarios where it's like, man, I just want to call my next door neighbor bank and say, hey, this is what's going on. I know they're 314(b) compliant, but my compliance officer is telling me, hey, they don't share that unless it is for sure following money laundering or has this or that, you know, qualifications. 100 00:01:39,000 --> 00:01:40,000 The other thing that this new guidance addresses is now we don't need certainty to, to participate. So this is one that I think that the institutions definitely have to internalize so you don't have to have it all figured out before you pick up the phone. Reasonable suspicion is enough. Sharing early, even on incomplete information is the point. Right. 101 00:01:40,000 --> 00:01:41,000 Because how else are we going to get in front of it? The third thing is that real time information sharing is permissible. So this is not just written, not just formal verbal. We can use video surveillance footage, IP addresses, you know, attempted transaction. 102 00:01:41,000 --> 00:01:42,000 These are things that are happening in real time that we can utilize in our information sharing to determine, hey, this is kind of suspicion enough, reasonable suspicion enough. All of it is fair game under the safe harbor as long as you've registered and are using the information appropriately. 103 00:01:42,000 --> 00:01:43,000 And then the fourth thing is that non bank entities can form associations too, which is huge. Right? Compliance service providers and industry groups can now organize 314(b) associations, meaning that financial institutions don't have to go at it alone. 104 00:01:43,000 --> 00:01:44,000 I think that the point of this all is that, you know, fraud doesn't stop at one institution. It moves across your network. Your neighboring credit union, the community bank across the street, any merchant name insert here, you know, they share tactics, they test and they pivot and it's time that we do the same. So the 314(b) now gives us a legal framework to collaborate in real time. And the updated guidance, at least for me, it, it removes the excuses. 105 00:01:44,000 --> 00:01:45,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:21:07): Hmm, that's great. Is it real? Is it collaboration through like picking up the phone and calling another financial institution? Or, and, or is it collaboration through technology like you know, sharing negative lists, things like that, like on a bigger scale? 106 00:01:45,000 --> 00:01:46,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:21:26): Yep. So before it was definitely through the technology we could do that. We could, I remember working through different case management solutions where we could go into the 314(b) section and if we had a joint customer or member that maybe was also a member at a neighboring fi, if they participated through this one case management system, we could communicate through there and that, that case management could let us know, hey, there's a potential that you guys have the same person committing fraud against you. 107 00:01:46,000 --> 00:01:47,000 And we would be notified of whenever if say bank A closed an investigation and they closed it for fraud, that's whenever all the other banks, Bank B and C would then get a notification, hey, you've got someone that matches this, that they just had a case that was closed for fraud. Do you want to initiate an information sharing request? 108 00:01:47,000 --> 00:01:48,000 But now it says that we can share in real time, meaning we don't necessarily have to wait. We could, we could definitely call and we could say, hey, and one thing that I think about this is like the check 21 systems that we use or the. I can't remember exactly, but whenever we're onboarding and we're trying to look to see, hey, does this person have, you know, financial institutions or whatever? 109 00:01:48,000 --> 00:01:49,000 And we can see that one was closed. We don't know the reason they were closed, but we could call. So I'm thinking of all these elder people now who've had their accounts closed because they were participating in investment scams. And the FI did all they could, but now the only option was to close them out. 110 00:01:49,000 --> 00:01:50,000 Well, then they go to the next bank. Now the next bank can say, hey, this is a great customer. What happened? Why'd they close? And now it's, you know, we can get that information in real time to know, hey, there was a potential scam and. Or a scam going on, potential fraud. We don't need to, you know, be careful going forward. 111 00:01:50,000 --> 00:01:51,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:23:11): Is that an acceptable reason for closing an account? So if bank A tells bank B, hey, we just closed this account for John Smith due to fraud, and bank B says, oh, John Smith opened an account last week. Now we want to close the account because bank A told us that his account there was fraud. 112 00:01:51,000 --> 00:01:52,000 Are you. Does this guidance give you the ability to cancel if you were bank B to cancel John Smith's account? Or is it more, hey, you have to flag it and then really, you know, scrutinize the behavior and see what it's doing and then close for your own reasons? 113 00:01:52,000 --> 00:01:53,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:23:50): Yeah, so those are different things. So the 314(b) is only giving us the ability to share information where we couldn't before. 114 00:01:53,000 --> 00:01:54,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:23:57): Okay. 115 00:01:54,000 --> 00:01:55,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:23:57): The guide. And so that comes on your own. So the financial institutions or a bank is different from a credit union. The bank can close an account for any reason that they want. It's at their discretion. 116 00:01:55,000 --> 00:01:56,000 But the credit unions, they operate in a different capacity. Every member is a member of that cooperative. So they can't necessarily close the account, but they can limit convenient services. So convenient services could be debit card transactions, wires, ach, credits and debits. 117 00:01:56,000 --> 00:01:57,000 You know, anything that is not necessarily cash in and cash out could be considered a convenient service that the credit union could use. And again, that information sharing is just to let another FI know, hey, we had fraud here. So it just is a way for us to be on high alert for potential suspicious activity. 118 00:01:57,000 --> 00:01:58,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:24:43): Yeah, because I can see if you used that to close an account based on another financial institution's account or, you know, or what their experience, that that could cause blowback, you know, in the form of lawsuits or in the form of other things where, you know, every financial institution and e-commerce merchant for that matter, have their own criteria of what constitutes fraud. 119 00:01:58,000 --> 00:01:59,000 So if you're taking their word for it and you're now shutting down the business, you know, or their access to their accounts because somebody else said that they were done wrong, that would pose more problems than, hey, huge heads up. I think we have this account or this cardholder too. 120 00:01:59,000 --> 00:02:00,000 Here's the information I've pulled, but then also here's the information I've pulled and here's what you can maybe not act on, but ingest and then flag. So, you know, hey, if we start to see suspicious activity on this account, that's there's just one more piece of data saying, well, Bank ABC already closed them down for fraud and hopefully you can mitigate your losses. 121 00:02:00,000 --> 00:02:01,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:25:51): Yep. It's just another piece of data that can help us act in real time to again, just be more proactive and preventative versus reactive and you know, trying to recoup money or mitigate losses that way. 122 00:02:01,000 --> 00:02:02,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:26:02): Interesting. So how do you think this is going to change things? I mean, how do you think this is going to impact the industry? 123 00:02:02,000 --> 00:02:03,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:26:09): Again? I think that the updated guidance just removes the excuses we had before. So basically it was internally we had fraud fighters who wanted to share the information with other fraud fighters in the industry by, you know, either reaching out or by saying, hey, this is fraud. 124 00:02:03,000 --> 00:02:04,000 And now I see that there is other money going to another financial institution like we need to let them know. But in the past it was, hey, this isn't necessarily money laundering, so we can't share this information. 125 00:02:04,000 --> 00:02:05,000 It had to meet those criteria. Now we've got it where fraud is a part of that criteria. And again that just reasonable suspicion is now enough, so we can now share that information, whether it's early or even incomplete, as long as we have reasonable suspicion that it is fraud. 126 00:02:05,000 --> 00:02:06,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:26:55): Interesting. And then as far as, you know, you had mentioned the organizations, you know, trade associations, outside organizations can, can now have these consortiums of sort. Do you think that we'll start seeing some of those pop up as well? 127 00:02:06,000 --> 00:02:07,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:27:10): I think so. I think that we, we definitely already have, have some, you know, one in particular that I can think of off the top of my head obviously being Sonar and Sardine. A piece of Sardine is Sonar where there is that consortium data where we can share. So they are 314(b) compliant. 128 00:02:07,000 --> 00:02:08,000 I know that there are others that exist. But as you know, when we look externally, if we need to be able to share. And we're looking for a vendor that we can again, either receive more data from other FIs that say, hey, yeah, this is following patterns of fraud. 129 00:02:08,000 --> 00:02:09,000 We've got to have those vendors that have, that are 314(b) compliant. So I, I'm, I'm interested to see if there are more that pop up, but I do know that already exist. 130 00:02:09,000 --> 00:02:10,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:27:50): Okay, I see. I was thinking more, I guess of like trade associations or things like that where they might have an email list or might have, you know, something like where you could upload a Google spreadsheet of your top 20 biggest offenders or, or having roundtable calls where, you know, hey, has anybody dealt with Bob Smith at 1:23 Main, you know, Charleston, South Carolina? 131 00:02:10,000 --> 00:02:11,000 Oh yeah, me too. You know, that type of thing. I guess that's what I was picturing. 132 00:02:11,000 --> 00:02:12,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:28:18): Yeah. 133 00:02:12,000 --> 00:02:13,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:28:19): But it's good that, you know, vendors like Sardine are 314(b) compliant so that they can just do it for you so the banks don't have to worry about integrating with each other one by one by one. Because that would be, it would take forever and it just wouldn't be sustainable. It wouldn't be scalable. 134 00:02:13,000 --> 00:02:14,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:28:39): Yeah, so I pulled up that, that piece of it. So it does state who is eligible to participate in this information sharing and associations consisting of the financial institutions listed above. So. 135 00:02:14,000 --> 00:02:15,000 Yeah, you're exactly right. So if we think, you know, ACFE, we think the ACFCs, the IECECI, which I know the IFCI already does information sharing for the 314(a), which is with law enforcement. So being able to expand that with the 314(b) is really cool. 136 00:02:15,000 --> 00:02:16,000 As well as any of the other associations, maybe even the Knoble. That's one that would be really cool to start seeing some information sharing coming from. So. Absolutely. I think it opens it up. 137 00:02:16,000 --> 00:02:17,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:29:20): That's exciting. And I get why everyone was freaking out about it yesterday. 138 00:02:17,000 --> 00:02:18,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:29:24): Yeah. Because it's, it was like finally. 139 00:02:18,000 --> 00:02:19,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:29:26): Yeah, yeah. It kind of came out of the blue and you know, it's six years later and a lot has happened in the world of fraud in the last six years and, and you know, there's just so much going on that it's important that the government catch up. 140 00:02:19,000 --> 00:02:20,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:29:40): You know, I think that you just made another valid point. I think that, you know, there are some nonprofits that we are familiar with as well that I hope that they become more involved in these association type things so that they could share that information too. 141 00:02:20,000 --> 00:02:21,000 I think that'd be one of those things that would just be phenomenal. The one in particular I'm thinking about, of course, is Operation Shamrock, where they are constantly receiving information on accounts, you know, that are, have either, you know, facilitated the money movement or participated in it in some way. 142 00:02:21,000 --> 00:02:22,000 And it'd be great to get some information coming back from organizations like that. So I think that's great. You know, if we could get them involved in some of these associations to then share, that'd be really cool. 143 00:02:22,000 --> 00:02:23,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:30:20): Yeah, that's a good idea. I hadn't actually thought of that, but yeah, it'd be great to get them involved because, you know, they're seeing it on the ground from the victim before it's hit law enforcement or bank, you know, their bank or anything else like that. 144 00:02:23,000 --> 00:02:24,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:30:36): Yeah, I just think about, like the way that they are already communicating and like some of these crypto platforms that are already communicating with law enforcement to say, hey, here's, here's a wallet that was used. Can we get an investigator on it? 145 00:02:24,000 --> 00:02:25,000 Imagine being able to do that as well. For the financial institutions with the information sharing. It's a phenomenal approach. 146 00:02:25,000 --> 00:02:26,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:30:55): Yeah, no, that's. That would be great. 147 00:02:26,000 --> 00:02:27,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:30:57): Yeah. 148 00:02:27,000 --> 00:02:28,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:30:57): Well, that's exciting that they're moving forward. I know that there's been some forward movement from the Department of Justice on, you know, trying to prosecute some of these cases. 149 00:02:28,000 --> 00:02:29,000 I know that Google just filed lawsuits against, I believe it was Chinese nationals that owned a phishing platform called Outsider that was responsible for. Let me look at my notes because it was a crazy number, but it was responsible for the theft of over 3.87 million credit cards. 150 00:02:29,000 --> 00:02:30,000 And it was like over $1.9 billion in losses. And it was this one channel on Telegram that provides all the phishing resources you need. Right. 151 00:02:30,000 --> 00:02:31,000 Like to create a fake website or if you need hundreds of phone lines or, you know, whatever you need, they can provide it. And while law enforcement isn't going after them, Google is. 152 00:02:31,000 --> 00:02:32,000 So, you know, that's a start too. But you know, I was, as I was saying the Department of Justice has been cracking down more on fraud situations and these large scale operations. 153 00:02:32,000 --> 00:02:33,000 And I think the combination of that along with FinCEN saying, okay, fraud's bad enough. Now where we need to clarify this 314(b) and say you guys are good to communicate these things. 154 00:02:33,000 --> 00:02:34,000 And in Europe they have GDPR and one of their exceptions is for fraud as well. You know, hey, you need to keep things, you know, very private. 155 00:02:34,000 --> 00:02:35,000 But if it, when it comes to fraud, you, you can pursue that. So, you know, you can share Information as well is really what, you know, they say gdpr, you can, you can also cancel accounts due to GDPR due to fraud under GDPR as well. 156 00:02:35,000 --> 00:02:36,000 So it's, it's nice to see some of these governments catching up. I mean, I think that there's a long way that we can go, but it's nice to see, you know, them catching up and maybe listening to the industry too, who's just been saying the same thing over and over again. 157 00:02:36,000 --> 00:02:37,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:32:55): Absolutely. I would like to give a bit of clarification on the onboarding piece that I was mentioning earlier. Yeah, I feel like I maybe missed a piece of like the conditional aspect of that. 158 00:02:37,000 --> 00:02:38,000 So I'll give kind of a scenario for it. If you think about like a community bank is onboarding a new business customer and they notice, you know, know, multiple identities that are tied to maybe the same device, suspicious IP addresses, connections to the known mule activity, and that the fraud indicators are kind of suggesting that it's maybe synthetic identity or account abuse. 159 00:02:38,000 --> 00:02:39,000 The bank could potentially contact another FI under 314(b) and ask, you know, we are evaluating whether to establish an account relationship with XYZ llc. Have you observed activity involving this entity that may relate to fraud, money laundering or other specified unlawful activity? 160 00:02:39,000 --> 00:02:40,000 And the, the reason why is to, it's especially relevant because the 314(b) explicitly allows sharing information to determine whether to establish or maintain an account or engage in a transaction. You know, FinCEN has long recognized this use case and the 2026 guidance further clarifies that suspected fraud falls under this scope. 161 00:02:40,000 --> 00:02:41,000 But again, there are the four conditions. One is that both institutions must be registered for 314(b). So you simply, you can't just simply call any bank, right? You need to verify that they're registered participants. There also has to be that reasonable basis for suspicion. 162 00:02:41,000 --> 00:02:42,000 So this is not intended for like routine due diligence or tell me if this customer is good. There should be fraud, AML or illicit activity indicators. 163 00:02:42,000 --> 00:02:43,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:34:36): Okay? 164 00:02:43,000 --> 00:02:44,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:34:36): Fenceland does not require that certainty, but it does require the reasonable basis. The third thing is that the information must be used only for permissible purposes. So, such as identifying illicit activity, whether to establish or maintain an account, and then the supporting of AML compliance. 165 00:02:44,000 --> 00:02:45,000 And then the fourth thing was you still cannot disclose sars or reveal that a SAR was filed. So you can't say, you know, we filed a SAR on this customer. But what you can say is we've observed activity consistent with mule behavior and suspicious transfers. 166 00:02:45,000 --> 00:02:46,000 So again, I think that I suspect that we'll See more formalized 314(b) on boarding request emerge especially for those suspected synthetic identities, business account fraud mule activities, high risk fintech relationships and any kind of like first party fraud rings. 167 00:02:46,000 --> 00:02:47,000 I think historically, right, many FIs were hesitant to make these calls because they viewed 314(b) as strictly AML terrorist financing. But the new June guidance explicitly clarifies that fraud may encourage more proactive collaboration. So I just wanted to make sure that I called that out because I felt like maybe I was a little too broad in that earlier example. 168 00:02:47,000 --> 00:02:48,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:35:52): Yeah, no, it's interesting. It kind of makes my brain go two different directions. So one of them is, you know, we have something similar in the credit card processing world on the acquirer side, which is called the match list. 169 00:02:48,000 --> 00:02:49,000 And whenever a new, but this is more. I mean you had said that it's not to replace, you know, it's not to be in your SOPs, right. It's not supposed to be every single time. But in this case whenever some, an organization or an entity applies for credit card processing, the credit card processors have to go out to the match list and see or it's also called TM math list. 170 00:02:49,000 --> 00:02:50,000 I think that you know, to see if they've been shut down for fraud before, you know, they've had their account, their merchant account closed for suspicious reasons or confirmed reasons. The other thing that made me think of was just how, how it will really be helpful to a lot of companies to be able to, you know, validate themselves. Right. 171 00:02:50,000 --> 00:02:51,000 Like hey, we're seeing this suspicious behavior. Is it really as suspicious as we think? What does the other bank see from the other perspective getting all of that information? But one of the other things I see is do you think this is going to require more manpower on the financial institution side or can it be done with aging? 172 00:02:51,000 --> 00:02:52,000 You know, I mean as far as the manual piece of calling up another bank or sending them an information request or whatever it is. Or are you, are we just talking about using vendors that are 314(b) compliant that would say hey, go to your vendor in these cases, I guess just what's the workload on that like? Or do you know? 173 00:02:52,000 --> 00:02:53,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:37:36): Well, I can just say from my personal experience, I think the workload probably going to be about the same for most fraud fighters because we were, we like to skirt the line because we felt like we needed to be proactive in that and Right. Would just face the repercussions from our compliance team. 174 00:02:53,000 --> 00:02:54,000 So I'll say that. But I do think, you know, you mentioned agents. I don't think that agents will be the ones responding or requesting the information, but I do think that they will be escalating those for review for the investigators to look at. 175 00:02:54,000 --> 00:02:55,000 Like, hey, this one, like, maybe we do onboarding and, you know, we're trying to do the due diligence. And then something just seems odd. 176 00:02:55,000 --> 00:02:56,000 It's flagged as, you know, potential synthetic identity, or, hey, this business was just opened and just established. Like, but we do see that there are other financial institutions attached. 177 00:02:56,000 --> 00:02:57,000 Something seems kind of odd here. Why are they opening up another account at another FI? You may want to reach out. And so just with all the indicators, again, utilizing behavioral biometrics, too, to say, hey, this device just kind of is doing some funky things. 178 00:02:57,000 --> 00:02:58,000 Maybe we just need to reach out and ask the other FI. Hey, we think that something's kind of suspicious going on. Can you confirm? Are we going crazy, or do you see the same thing? And so then it just becomes that collaborative effort that fraud needs anyways in order for us to be effective. 179 00:02:58,000 --> 00:02:59,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:38:54): That's great. Well, thank you for coming on and explaining that in more detail. I think it will be interesting to people in the financial institutions in case they didn't see the update guidance or maybe they didn't fully understand the fine print. But I also think it's interesting for, you know, online merchants or, you know, other sectors of fraud prevention because we're able to say, hey, you gave banks permission to do this, so, you know, I would like to also have permission to do this. 180 00:02:59,000 --> 00:03:00,000 Or, you know, how can we do this in a different way? Now, there are some fraud tools that have consortiums within them. They only will apply to the other merchants that use that same fraud technology. 181 00:03:00,000 --> 00:03:01,000 So there's not, you know, but usually merchants, while they're not regulated and they don't have FinCEN over them, their privacy officers or their legal team will say, no, no, no, don't be sharing any of that information, you know, on a phone call or in an email or anything like that. 182 00:03:01,000 --> 00:03:02,000 So similar issues on both sides as far as, you know, sharing information. And it's always very frustrating that fraudsters have no hoops they have to go through. 183 00:03:02,000 --> 00:03:03,000 They don't have any of these guidelines or, you know, laws or rules or privacy officers or anything else. But it's what we have to do to play by the rules and, you know, that we're given and. And do the best we can. 184 00:03:03,000 --> 00:03:04,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:40:20): I agree completely. I'm so excited, though. I think that we're finally. The industry's finally moving in the right direction. Right. We're finally there where everybody is, starting to pay attention now to fraud, which is why I think, you know, I'll call it back out of the benchmarking, I think is just so important. 185 00:03:04,000 --> 00:03:05,000 But also just the way that you show up in your organization. I think culture's everything. Making sure that you show up consistently. I'm the fraud person. We've gotta, you know, have this, you know, the way that we conduct business. We wanna be consistent and we wanna make sure that when people reach out, they're gonna get the same Hailey that they get all the time. 186 00:03:05,000 --> 00:03:06,000 Otherwise, it's hard to build relationships that way. So I think in fraud, it's super important because you have one time to be too passionate and then you lose the buy-in from executives. So just making sure that you are consistent in your approach to how you have those conversations internally. 187 00:03:06,000 --> 00:03:07,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:41:15): That's a great note to end on. Well, Hailey, thank you again for joining me on the OG Fraudology podcast. 188 00:03:07,000 --> 00:03:08,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:41:23): Always. My favorite podcast. 189 00:03:08,000 --> 00:03:09,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:41:25): Oh, I always enjoy our conversations whether they're on air or off air. But I will, I think everyone knows how to find you. You're most active on LinkedIn, but I will try to remember because I haven't been good about this the last few guests, but I will try to remember to put a link to your LinkedIn in the show notes. 190 00:03:09,000 --> 00:03:10,000 But people can find you just looking up Hailey Windham. I think you're the only one that's in fraud, so you're easy to find. 191 00:03:10,000 --> 00:03:11,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:41:50): Okay, good. Yeah. Thank you again so much for having me on and for letting me talk through this. It was a topic that I was already really excited and geeking out about. So when you reached out, I was like, for sure, we can talk about it. So. Always happy to have a conversation. 192 00:03:11,000 --> 00:03:12,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:42:05): I'm glad I wasn't assigning you a research project like I accidentally did to Frank. 193 00:03:12,000 --> 00:03:13,000 𝗛𝗮𝗶𝗹𝗲𝘆 𝗪𝗶𝗻𝗱𝗵𝗮𝗺 (00:42:09): Oh, no. Well, I'm sure he dove into it anyways. 194 00:03:13,000 --> 00:03:14,000 𝗞𝗮𝗿𝗶𝘀𝘀𝗲 𝗛𝗲𝗻𝗱𝗿𝗶𝗰𝗸 (00:42:13): He did. Head first, but I felt bad. I thought he already knew about it. So I was like, hey, can we talk about it this? And he was like, sure. And then he tells me I did a whole, I researched it all weekend. And I'm like, oh, no, I thought you knew. Oops. All right, well, I will talk to you again soon. 195 00:03:14,000 --> 00:03:15,000 And to everyone else, I will talk to you again next week.