Medicaid

Read this if you are responsible for your bank’s fraud risk management.

Fraud in the banking industry is a persistent and evolving threat that has significant implications for financial institutions and their customers. As technology advances, so do the methods employed by fraudsters, making it crucial for banks to stay vigilant and proactive in their fraud prevention efforts. This article explores the current trends in banking fraud, highlighting traditional schemes, emerging threats, and effective preventive measures.

Introduction to banking fraud

Banking fraud is the illegal act of deceiving a financial institution or its customers for financial gain. This type of fraud has been a significant problem for centuries, impacting the banking sector in various ways. The consequences of banking fraud can be severe, including financial losses, damaged reputations, and legal repercussions. Moreover, it can erode trust in the banking system and affect the overall economy.

Traditional banking fraud schemes

One of the oldest and most common forms of banking fraud is check fraud. Despite the decline in the use of checks, they remain a prevalent payment method, making them a target for fraudsters. Check fraud can take several forms, including forgery, alteration, and counterfeiting. For instance, check washing involves stealing a check, erasing the original details, and altering the payee name and amount before cashing it. Another method is creating counterfeit checks using real account numbers but depositing them under fake identities.

The statistics are alarming. In 2022, there were 680,000 reports of check fraud, nearly double the number reported in 2021. The surge in mail-theft-related check fraud has also been significant, with a 161% increase in mail theft complaints from March 2020 to February 2021. Criminals have even resorted to armed robberies of postal carriers to obtain master keys that open mailboxes, providing easy access to checks.

Emerging banking fraud trends for 2025

As technology evolves, so do the methods employed by fraudsters. Identity theft and synthetic identity fraud are two emerging trends that pose significant threats to the banking industry. Identity theft involves stealing someone's personal information to obtain credit or other financial benefits, while synthetic identity fraud involves creating a fictitious identity using a combination of real and fake information. Both types of fraud can have serious consequences for victims, including financial losses and damage to their credit scores.

Phishing and social engineering attacks are also on the rise. Phishing attacks use email, messaging, or other means to trick individuals into divulging sensitive information, such as passwords or credit card numbers. Spear phishing attacks are more targeted, using personal information to make the attack seem more legitimate. Social engineering attacks manipulate individuals psychologically to obtain sensitive information.

The rise of artificial intelligence (AI) has introduced new dimensions to banking fraud. Fraudsters use AI-driven techniques, such as deep learning and natural language processing, to perpetrate fraud, including phishing and account takeover attacks. For example, deepfakes, a form of AI-generated media, can impersonate individuals and trick employees into transferring funds. In January 2024, a Hong Kong-based firm lost $25 million to fraudsters who used deepfake technology to impersonate the firm's chief financial officer on a video call.

Banking fraud: Preventive measures and detection techniques

Preventing and detecting banking fraud requires a multi-faceted approach. Traditional methods, such as signature verification and positive pay, remain effective in combating check fraud. Positive pay involves companies informing their bank about issued checks ahead of time, allowing the bank to verify the checks before processing them. Fraud detection software, which uses algorithms to analyze check data and identify potential instances of fraud, is also a valuable tool.

For emerging fraud trends, constant training and testing are essential. Periodic self-study trainings and fake phishing emails can help keep fraud red flags front of mind for employees. Acknowledging and celebrating individuals who follow bank policies and prevent fraudulent activity can also reinforce good practices.

AI-powered analytics tools can analyze large amounts of data and identify patterns and anomalies that may indicate fraudulent activity. Some banks are already using AI to automate fraud detection processes and send investigations to the appropriate teams. For instance, JPMorgan uses large language models to detect signs of fraud in email compromises, while Mastercard's Decision Intelligence tool scans a trillion data points to predict if a transaction is genuine.

Banking fraud is a complex and evolving challenge that requires continuous vigilance and adaptation. By understanding traditional fraud schemes and emerging trends, financial institutions can implement effective preventive measures and detection techniques to protect themselves and their customers. As fraudsters become more sophisticated, the banking industry must leverage technology, such as AI, to stay one step ahead and ensure the security and integrity of the financial system. As always, please don’t hesitate to reach out to the BerryDunn financial services team should you have any questions.

Read this if you are a FINOP.

We often see broker-dealers receive 12b-1 fees in the course of ordinary business. With these fees, we often see the broker-dealer acting as a pass-through, retaining these fees on its balance sheet until the ultimate payee requests such funds, typically for payment or reimbursement of expenses that are permissible to be paid from 12b-1 fees, as outlined in the distribution agreement. These fees can often be substantial and result in significant receivables on the broker-dealer’s balance sheet.

These receivables are generally considered unsecured and thus are not allowable assets for the purpose of calculating net capital under the Securities Exchange Act (SEA) Rule 15c3-1. However, in FINRA’s Regulatory Notice 21-27, published July 22, 2021, FINRA made updates to their interpretations of SEA Rule 15c3-1, which included adding an interpretation on unsecured receivables. This interpretation can be found in 15c3-1(c)(2)(iv)(C)/095 of FINRA’s interpretations. Specifically, broker-dealers may include unsecured receivables (such as 12b-1 fee receivables) as an allowable asset for purposes of calculating net capital if the following criteria are met:

1. The receivable is offset by a related payable.

2. A written contract exists between the broker-dealer and the payee, in which:

a. The broker-dealer’s liability for the amount payable is limited solely to the proceeds of the receivable; and
b. The payee waives payment of the amount payable until the broker-dealer has received payment of the related amount receivable; and

3. If the broker-dealer is subject to the Aggregate Indebtedness Standard of paragraph (a)(1)(i) of SEA Rule 15c3-1 and:

a. The portion of the payable due within 12 months is included in aggregate indebtedness; and
b. The broker-dealer’s net capital requirement shall be increased by an amount equal to 1% of the portion of the payable that was not included in aggregate indebtedness.

We often see 2b above being of most significance. It is essential that broker-dealers ensure such language is in their written contracts if they anticipate including 12b-1 fee receivables as an allowable asset in their net capital calculation. Being aware of this interpretation can also be helpful when initially writing distribution agreements, as broker-dealers can ensure such language is included in the original agreement, rather than possibly needing to revisit and amend at a later date.

Although technically a separate exercise, the above guidance can also have implications on revenue recognition. Broker-dealers must recognize revenue from contracts with customers under Accounting Standards Codification (ASC) Topic 606. Among other things, ASC Topic 606 establishes criteria for principal vs. agent considerations. In general, transactions in which the broker-dealer is determined to be acting in a principal capacity are recorded on a gross basis (the revenue and any related expenses are separately recorded on the broker-dealer’s income statement). In those instances where the broker-dealer determines it is acting as agent, the transaction is recorded on a net basis (the revenue and any related expenses are recorded on a net basis, with any residual revenue being recorded on the broker-dealer’s income statement).

Although the principal vs. agent determination is technically a separate exercise from determining if an asset is allowable or non-allowable, there could be some overlap amongst these exercises. For instance, ASC 606-10-55-39 provides various indicators to consider, one of which is “the entity is primarily responsible for fulfilling the promise to provide the specified good or service.” If the entity is primarily responsible, they are acting in a principal capacity. However, it could be determined the entity is not primarily responsible if they do not have a responsibility to make payment to the payee until they are in receipt of the funds.

That being said, even if this fact pattern exists, the other indicators listed in ASC 606-10-55-39 (and any others deemed to be relevant) still need to be considered in making the principal vs. agent determination. Furthermore, even if the broker-dealer is not obligated to pay the payee until they are in receipt of the 12b-1 fees, there may be other evidence that, when used in conjunction with this evidence, still makes the broker-dealer conclude it is acting in a principal capacity.

12b-1 fee receivables can be a significant portion of a broker-dealer’s assets. If determined to be non-allowable, this could have significant implications on a broker-dealer’s net capital compliance. However, as noted in 15c3-1(c)(2)(iv)(C)/095, such receivables can be considered allowable if certain criteria are met. It is important for broker-dealers who plan to include such receivables as allowable assets to closely review their 12b-1 fee arrangements to ensure these criteria are met. As always, if you have any questions, please don’t hesitate to reach out to the BerryDunn broker-dealer team.

Enterprise Resource Planning (ERP) systems provide a shared platform for people in your organization to work together––and the benefits can be game changing. That said, an effective strategy involves more than simply choosing the right software platform. Integrating your systems will change the way people in your organization work, and change can be challenging! For that reason, change management should be a key component of your ERP implementation project.

Here are eight key success factors to help guide your organization through an ERP implementation.

ERP implementation: The planning phase

ERP implementations rely on collaboration and communication across departments. So, from the start, set up your organization for success.

1. Stakeholder buy-in

Before you plunge in, you need everyone on board. That means helping employees understand the need for change and gaining buy-in from key stakeholders across departments who will help implement and later use the system. It’s critical to have senior management's sponsorship to reinforce decisions made along the way.

2. Strong project management

Establish your project management team right away. Create clearly defined roles and responsibilities, protocols for team collaboration, and project governance structures for decision-making. Senior management’s role is to set the tone and direction of the project and provide visible and active executive sponsorship throughout the process.

ERP implementation: The platform and vendor selection phase

The next milestone is to choose your ERP solution through an RFP process. The RFP should clearly define the functional and technical requirements of the ideal solution and also describe your organization’s business process.

3. Early vendor engagement

Engage vendors through pre-RFP activities such as vendor outreach sessions. This gives your team the opportunity to familiarize themselves with potential partners, explore options, and assess vendor compatibility issues.

4. Partner with the vendor

Plan the ERP implementation with your vendor. Based on the scope of work, set realistic expectations and timelines that take into consideration the staff involved and other responsibilities they may have. As soon as possible, work with the vendor to begin data conversion, interface planning, training, and testing.

ERP implementation: Launch phase

Organizations are often challenged during the ERP implementation process by their staff’s reluctance to accept new roles and responsibilities. An internal change management focus can help maintain staff confidence and keep stakeholders engaged.

5. Prepare your organization for change

Consistent communication is vital. Keep your employees engaged and empowered to do their best by providing regular updates, reaffirming confidence in your staff and empathy for their challenges, and showing active, visible executive support.

6. Test, test, test

In the course of an ERP implementation, you can expect crashes and bugs––even with the most well-designed software. Test at the early stages and continue throughout the implementation to ensure your ERP system functions properly and any issues are identified and fixed before going live.

7. Train, train, train

It’s easy to underestimate the time it takes to train people on new systems and processes. Discuss a plan for customized training with your vendor early on. To make end-user training successful, training should begin before the implementation phase and continue beyond it. Customize your training programs and materials and hold regular cross-functional team meetings.

ERP implementation: Stabilization phase

Stabilization is a process of optimizing your ERP system so that your organization can get the most out of its investment. This includes identifying post-go-live assistance, developing a plan for further training and support, and confirming roles and responsibilities for IT and key users of the system.

8. Reinforce the change

Continue to communicate with your staff about the reasons you began your ERP journey in the first place––the benefits of sticking with the plan. Embed the ERP system within your culture and practices, beware of backsliding, and develop a plan for maintenance and continuous improvement.

BerryDunn’s local government team partners with municipal, county, regional, and quasi-governmental entities to meet the most critical needs of your community. Whether we’re helping clients with strategic planning, economic development, public safety, or organizational excellence, we take pride in tailoring our projects to fit your unique needs, either at the enterprise level or within and across departments. We care about what we do, and we care about the people impacted by our work.  

BerryDunn provides ERP consulting to local and state governments, higher education institutions, and for-profit organizations. Learn more about our ERP consulting services. 

Read this if you administer a 401(k) or 403(b) plan.

On December 20, 2019, the Setting Every Community Up for Retirement Enhancement (SECURE) Act was signed into law, with SECURE Act. 2.0 signed into law December 23, 2022 (the SECURE Acts). The SECURE Acts made several changes to 401(k) and 403(b) plan requirements. Among those changes is a change to the permissible minimum service requirements.

Many 401(k) retirement plan sponsors have elected to set up minimum service requirements for their plan. Such requirements help eliminate the administrative burden of offering participation to part-time employees who may then participate in the plan for a short period of time and then keep their balance within the plan. Although plan sponsors do have the ability to process force-out distributions for smaller account balances, a minimum service requirement, such as one year of service, can help eliminate this situation altogether.

Although 403(b) plans are required to offer universal eligibility, plans may exclude employees who are expected to work less than 20 hours a week from the plan. Such employees are often excluded for the same administrative burden reason mentioned above.

The SECURE Acts will require “long-term part-time employees” to be offered participation in 401(k) and 403(b) plans (subject to ERISA) if they are over the age of 21. The idea behind the requirement is that 401(k) and 403(b) plans are responsible for an increasingly larger amount of employees’ retirement income. Therefore, it is essential that part-time employees, some of whom may not have a full-time job, have the ability to save for retirement.

Under the SECURE Act, ”long-term part-time” is defined as any employee who works three consecutive years with 500 or more hours worked each year. This new secondary service requirement became effective January 1, 2021. The SECURE Act 2.0 then reduced the three-year period to two years for plan years beginning after December 31, 2024. Previous employment prior to January 1, 2021, will not count toward the three-year requirement. Therefore, the earliest a long-term part-time employee may have become eligible to participate in a plan under the secondary service requirement was January 1, 2024. These employees also earn vesting service for years with 500 hours of service.

The Internal Revenue Service (IRS) issued proposed regulations in 2023 covering the new long-term part-time service requirement and, on October 3, 2024, issued IRS Notice 2024-73, which, among other things, indicates that the final regulation the Treasury Department and IRS intend to issue related to this matter will apply no earlier than to plan years that begin on or after January 1, 2026. The IRS Notice also clarifies that 403(b) plans that exclude students from plan eligibility will not be required to make the plan available to such students if they meet the long-term part-time rules. This is because the student employee exclusion is a statutory exclusion based on a classification rather than on service.

Originally, this provision was only applicable to 401(k) plans; however, SECURE Act 2.0 expanded this provision’s reach to 403(b) plans as well. Furthermore, although long-term part-time employees will be allowed to make elective deferrals into 401(k) and 403(b) plans, management may choose whether to provide non-elective or matching contributions to such participants. These participants also may be excluded from nondiscrimination and top-heavy requirements.

This requirement will create unique tracking challenges as plans will need to track hours worked for recurring part-time employees over multiple years. For instance, seasonal employees who elect to work multiple seasons may inadvertently become eligible. We recommend plans work with their recordkeepers and/or third-party administrators to implement a tracking system to ensure participation is offered to those who meet this new secondary service requirement. If a feasible tracking solution does not exist, or plans do not want to deal with the burden of tracking such information, plans may also consider amending their minimum service requirements by reducing the hours of service requirement from 1,000 hours to 500 hours or less. Or, in the case of 403(b) plans, plans may consider allowing those employees who are expected to work less than 20 hours per week the opportunity to participate in the plan. However, this may allow more employees to participate than under the two-year, 500-hour requirement and may increase the employer contributions each year if there is not a different service requirement for employer contributions.

If you have questions regarding your particular situation, please contact our Employee Benefit Audits team. We’re here to help.

Read this if you work for a healthcare organization in a patient access or revenue cycle leadership or optimization role.  

We’ve written before about the importance of the patient access check-in process in your revenue cycle. One of the key strategies to making the check-in process a good experience for patients, while also gathering the most important information for billing, is to have clear scripts for your patient access staff to leverage. 

Five steps to creating an effective patient access script 

1. Consider what information you need to collect and when 

The best practice is to proactively collect and/or confirm insurance and patient demographic information at each encounter. If a patient carries more than one insurance, be sure to clarify which insurance should be primary. Doing this correctly up front will save time and prevent denials and associated workload and revenue loss. 

2. Be clear about the information you need and don’t make assumptions 

When you ask a patient if any information has changed since the last time they were in, they likely don’t remember. Instead, it is critical to ask the patient to confirm or provide their information each time.  

Example: When proactively collecting patient information  

Instead of "Have there been any changes to your information since you were last seen here?" 

Say this: "To ensure your account is as accurate as possible, we require all patients to present a minimum amount of information."  

3. Be direct about payments 

Many patient access team members may try to soften the language about making payments in an effort to be polite and create a good experience. Providing scripting around this can help. Scripting should be polite but direct.  

Example: When collecting co-pays  

Instead of "You have a $20 co-pay today. Would you like to pay it?"

Say this: "You have a $20 co-pay today. How would you like to pay it: Cash, credit card, or check?"   

4. Provide context 

The majority of patients don’t completely understand the healthcare system in general, or your systems in particular. If the patient is required to do something, provide context so they understand. Always help patients understand the "why." 

Example: When connecting a self-pay patient to a Financial Counselor  

Instead of: "We can’t schedule you until you speak with someone in finance."

Say this: "Before scheduling your appointment, I will connect you with a financial counselor who can determine if you qualify for assistance and help you understand your financial obligations."

 5. Stay positive 

Changes to the patient check-in process can be frustrating to staff. Change is hard. If you’re implementing new workflows or processes that the staff is still learning, providing scripting can help them explain, in a positive way, to patients why the process is slower than usual. 

Example: When establishing a new patient culture  

Instead of: "I’m sorry, I have to do these new workflows."

Say this: "Our healthcare system has recently implemented improved processes to ensure that you are receiving the highest level of care. "

Communicating clearly, consistently, and positively is important to put patients at ease, and to make sure that you collect the most accurate and up-to-date information from patients. Once you’ve created scripting to support your processes, the next step is to train staff on the scripting provided. Providing ongoing support and feedback to patient access staff will help them feel more confident in their day-to-day communications.  

Get more patient check-in tips to help your revenue cycle.  

BerryDunn's audit, tax, clinical, and consulting professionals, focused on specific healthcare industry areas, understand the biggest challenges facing healthcare leaders, and are committed to helping you meet and exceed regulatory requirements, maximize your revenue, minimize your risk, improve your operations—and most importantly—facilitate positive outcomes. Learn more about our healthcare consulting team.