Have you got a warrant?

Somewhere in the United States, a phone rings at a credit union. A compliance officer answers it. The voice on the other end says: “This is agent Doe with the U.S. Secret Service – can you send us everything you have on John Smith?”

The compliance officer is uncertain – sure, she knows about TRID, Regulation CC and model bylaws. But can she refuse a request from a federal agent?

The NAFCU compliance team has received this question more than once in recent weeks. If a purported government agent calls the credit union and makes an oral request for a member’s account information, what is required of the credit union? NAFCU has even heard of one instance in which, when the credit union declined to send the information, a purported secret service agent became angry and said that the credit union was in violation of federal law. No compliance professional wants to be on the wrong side of the law, so what does the law actually say on this topic?

First, credit unions should be cautious. As detailed in a previous post in the Compliance Blog, the Financial Crimes Enforcement Network (FinCEN) recently issued an advisory on “imposter scams.” While imposter scams can take on a few different forms, one type of imposter scam involves the criminal impersonating an organization, such as a government agency, in an attempt to coerce or convince the target to provide valuable information. Given that, receiving a call from someone claiming to be a federal agent, and who makes an oral request for the credit union to send account information, should at least put the credit union on alert that an imposter scam could be afoot. A credit union may want to conduct additional investigation to determine if they are dealing with a real federal agent, such as calling the agency at a phone number listed on its government website.


continue reading »