Community banks and credit unions typically have an older clientele, but few have systematic approaches to detect and prevent financial exploitation of older clients who may be especially vulnerable due to physical or mental decline.
Interagency guidance from the 8 government agencies that oversee the Gramm-Leach-Bliley Act (GLBA) clarified “that reporting suspected financial abuse of older adults to appropriate local, state, or federal agencies does not, in general, violate the privacy provisions of the GLBA or its implementing regulations.” Many states have even implemented laws that require financial institutions to report suspected cases of elder financial exploitation. Regardless, the CFPB encourages all financial institutions to proactively report suspected cases to law enforcement regardless of state law.
1. Improve detection capabilities To meet these requirements, most financial institutions have relied upon staff training to help detect suspected cases. But as consumers are able to complete more types of banking activity outside of the branch, financial institutions need to rethink this strategy. Staff training needs to be coupled with transaction data analysis to flag suspicious activity. A sudden increase of activity on a rarely used account, transactions that are out of line with the typical profile of an older consumer, and large daily ATM withdrawals are all potential indicators of abuse.
2. Allow consumers to have trusted third parties contacted when suspected abuse occurs The GLBA explicitly permits financial institutions to disclose nonpublic personal information with the consent of the consumer. Banks and credit unions can allow consumers to opt-in to have the financial institution reach out to a trusted third party (such as a daughter or son) if abuse is suspected. This should be done at account opening and on a periodic basis afterwards. It is often too late to receive consent once abuse is already suspected since it is often in conjunction with cognitive decline.
3. Allow consumers to give trusted third parties read-only access to online banking Online banking credentials should never be shared with another party even if they are trusted. Instead the bank or credit union should permit the account holder to add a trusted third party to their online banking account via a separate login that provides read-only access. This will permit the trusted third party to oversee activity, and identify harder to detect abuse.
4. File suspicious activity reports (SARs) FinCEN allows financial institutions to designate “elder financial exploitation” on a SAR. Banks and credit unions should use these to report suspected cases of abuse to give law enforcement a better overview of potential exploitation across multiple accounts and institutions.
5. Know your reporting responsibilities In addition to filing SARs, some states require financial institutions to report suspicion of elder financial exploitation to Adult Protective Services, law enforcement, or both. Financial institutions may have the responsibility to make a report even if there is no certainty or proof. Banks and credit unions should leverage their regional trade associations to learn more about their compliance requirements.
