eNews October 1

In the News

October 1, 2020

	I. HEROES Act Collections Provision Troublesome for Creditors
	II. NACM’s Credit Managers’ Index Growth Pulls Back Slightly in September, Still Positive

	III. Business Email Compromise Scams: What You Should Know to Protect Your Company
	IV. Stepping into Leadership: Organization Means Setting a Rhythm

Last week, Speaker Pelosi and Secretary of the Treasury Mnuchin resumed discussion in an attempt to reach a deal on another COVID-19 response package. In an attempt to meet Republicans halfway, the Speaker promised to introduce a revised HEROES Act with a roughly $2.2 trillion price tag. While talks have not significantly progressed since last week, the Speaker revealed the updated HEROES Act earlier this week.

Contrary to expectations, the bill did not represent a compromise position, but simply changed a few topline spending numbers while keeping many of the original partisan provisions of the original bill. Republicans have largely ignored the introduction of the bill, and it is unlikely to see a vote in the Senate as-is. Meanwhile, Speaker Pelosi and Secretary Mnuchin are continuing talks on what an actual compromise package could include, but most Members of Congress are pessimistic about the chances of reaching a deal before the election.

Collections Provision in the Updated HEROES Act

The updated HEROES Act is roughly 80-90% identical to the version introduced earlier in the summer, but with a few updated numbers to reduce the price tag. The troublesome collections provision that was included before which prohibited many collections activities for consumer, small business, and nonprofit creditors remains in the new HEROES Act. These provisions would prevent collectors from taking the following collections actions:

1. enforce a security interest securing a debt through repossession, limitation of use, or foreclosure
2. take or threaten to take any action to deprive an individual of their liberty as a result of nonpayment of or nonappearance at any hearing relating to an obligation owed by a small business or nonprofit organization;
3. collect any debt, by way of garnishment, attachment, assignment, deduction, offset, or other seizure, from—
   1. wages, income, benefits, bank, prepaid or other asset accounts; or
   2. any assets of, or other amounts due to, a small business or nonprofit organization;
4. commence or continue an action to evict a small business or nonprofit organization from real or personal property for nonpayment;
5. disconnect or terminate service from a utility service, including electricity, natural gas, telecommunications or broadband, water, or sewer, for nonpayment; or
6. threaten to take any of the foregoing actions.

Additionally, the provision would provide these debtors with a forbearance period at the conclusion of the state of emergency, allowing them to repay past-due debts over 12 to 36 months.

Expectations Moving Forward

Overall, our expectations are that this provision will ultimately be removed during negotiations, but we encourage NACM members to continue contacting their representatives in Congress to express concern about expanding the provision in a way that would prevent collections on business-to-business debt. Click here to access our sample letter.

PACE Companies LLP is NACM’s Washington Representative.

Although still in positive territory, the September Credit Managers’ Index (CMI) from the National Association of Credit Management (NACM) remains above levels recorded last September. However, September marks the first CMI decline since April, landing at an even 56. The half-point fall from August brings the CMI score slightly under February’s U.S. pre-pandemic data. Like many other indicators, and despite the slight decline in September, the CMI is still trending positively in expansion territory.

“When there is a collapse as complete and dramatic as the one experienced in the second quarter of this year it becomes nearly impossible to make sense of the data that comes in afterward,” said Chris Kuehl, Ph. D., NACM economist. “The truth is that data will be hard to interpret for a while as we wait for some sense of normalcy to return.”

The combined favorable factors improved from 62.9 to 63.3, despite the decline in amount of credit extended, which slipped from 61.3 to 60.8. Sales was down slightly to 65.5, which is still higher than it was a year ago. New credit applications increased slightly to 63.6. Dollar collections was the big winner of the month, increasing more than two points to 63.3—better than September 2019.

Overall, the unfavorable factors slipped from 52.2 to 51.1 in September. Accounts placed for collections and disputes, sank into contraction territory, with scores under 50. While still in expansion territory, dollar amount beyond terms tumbled from 58.2 to 54.6. Rejections of credit applications improved slightly to 51.6, and dollar amount of customer deductions dropped to 51.1 from 52.2. Surprisingly, filings for bankruptcies improved from 47.7 to 51.3.

“There was a dramatic fall in the favorable factors as the crisis emerged, but the unfavorables didn’t respond as negatively at first,” Kuehl said. “Now, the unfavorable factors are becoming the problem and the favorables are carrying the load. The initial impact of the shutdown was felt in every category from sales to applications, but issues like bankruptcies and collections took a little longer to develop.”

On the manufacturing side, five of the six unfavorables saw a decline in September. The manufacturing favorables improved half a point to 62.5. In total, the manufacturing sector declined from 56 to 55.3. “The manufacturing sector has been far less affected and, in some respects, has been benefiting from the shift in consumption from paying for services to spending on goods,” said Kuehl.

The combined service sector index dipped two-tenths of a point to 56.7. The service sector’s unfavorables saw two factors slip back into contraction territory. The unfavorables as a group dropped to 51.8 from 52.2.

“The service sector remains the most stressed and vulnerable,” said Kuehl. “Travel and tourism have not recovered to the levels set at the first of the year, and there continues to be severe contraction in the hospitality segment. Retailers are seeing progress, but they continue to worry about the chances for another lockdown.”

Business Email Compromise (BEC) scams have become increasingly commonplace and financially destructive. According to the FBI, 2019 was the worst year on record for BEC scams—both in terms of the number of attacks and the financial losses incurred because of the scams. 2020 figures to be even worse, as businesses have increasingly been victimized by attackers seeking to exploit companies whose employees are working remotely due to the COVID-19 pandemic. As the risk and harm associated with BEC scams becomes more pronounced, businesses must work to understand how the scams work, who is responsible for the financial losses, and what steps to take to prevent victimization.

Introduction to Business Email Compromise Schemes

Businesses are typically victimized by one of two variants of fraudulent BEC schemes, both of which involve spoofed or compromised electronic communications. In some BEC schemes, attackers purporting to be company executives use spoofed email addresses and direct the victim companies’ finance personnel to make large wire transfers to third-party bank accounts. In other BEC schemes, attackers impersonate the victim companies’ customers or vendors and request that the victim companies initiate changes to the customers’ or vendors’ bank account information and then make large wire transfers to the new bank accounts.

While there are different forms of BEC schemes, the basic premise is that attackers attempt to target employees with access to a company’s finances and then trick them into making wire transfers to bank accounts that are purportedly controlled by trusted business partners, but in reality are controlled by the attackers. The typical BEC scheme has a simple and effective timeline:

• The attacker identifies a target at the victim business.
• The attacker “grooms” the potential target by using social engineering techniques with the most popular being “phishing” attacks.
• The attacker attempts to convince the target to engage in an exchange of information whereby the victim is convinced that he/she is conducting a legitimate business transaction.
• The attacker prompts the victim to execute a wire transfer to a bank account controlled by the attacker.

Criminals have increasingly exploited vulnerable business processes with BEC schemes—with losses from such schemes totaling over $3 billion since 2014. Not surprisingly, reports to the FBI’s Internet Crime Complaint Center (IC3) of BEC schemes have risen significantly in the past few years. Indeed, in 2014 — the first year that IC3 began to compile statistics on BEC schemes—there were just under 1,500 BEC complaints reported to IC3, with corresponding financial losses of approximately $60.3 million. However, by 2019, those figures had grown exponentially, with approximately 23,775 BEC complaints and corresponding financial losses of approximately $1.7 billion. Companies across almost every industry sector have been targeted and victimized by these scams.

As the number and severity of BEC scams has increased, law enforcement has expended significant resources in an effort to prevent and thwart these attacks. By way of example, in 2019, the FBI created a Recovery Asset Team (RAT) to assist BEC victims in stopping fraudulent wire transfers and recovering financial losses.

Who Bears the Loss?

The threats inherent in BEC scams are compounded by the unsettled nature of the law governing loss allocation among victims of such schemes. Consider the scenario in Arrow Truck Sales, Inc. v. Top Quality Truck & Equip., Inc., Case No. 8:14-CV-2052-T-30TGW, 2015 WL 4936272, at *5 (M.D. Fla. Aug. 18, 2015). In that case, a buyer contracted to purchase a dozen trucks in a transaction conducted entirely over email, consistent with industry practice. A third party impersonating the seller provided wire information by email directing the purchaser to wire funds to an account unconnected to the actual seller. When the actual seller did not receive payment, it refused to turn over title to the trucks and instead sold the trucks to another party. The buyer sued, asserting breach of contract and negligence claims.

Prior to trial, the court asked for briefing on similar cases, but the parties and the court were unable to find cases on point. Accordingly, the court looked to case law involving forged checks as the most analogous and held that “the party who was in the best position to prevent the forgery by exercising reasonable care suffers the loss.” After finding that neither party acted negligently in handling its email account, the court concluded that the buyer should have attempted to verify the fraudulent wire instructions, which differed from past instructions from the actual seller and differed from instructions printed on the actual seller’s invoice, and therefore must bear the loss of the misdirected payment.

The court in Bile v. RREMC, LLC, Case No. 3:15CV051, 2016 WL 4487864, at *2 (E.D. Va. Aug. 24, 2016) applied similar reasoning, but reached a different result. In that case, the parties reached terms on a settlement agreement to resolve an underlying employment litigation. An imposter impersonating the plaintiff wrote to plaintiff’s attorney and requested that he send the settlement funds to the imposter’s account. Plaintiff’s counsel called plaintiff, determined that the email was fraudulent, and deleted the email. Days later, the imposter gained access to the plaintiff’s counsel’s email and wrote to defendant’s counsel, directing him to send the settlement payment to the imposter’s account. Defendant’s counsel did not verify the account information, but sent the wire to the imposter’s account. Here, despite defendant’s failure to verify the wire transfer, the court concluded that plaintiff should bear the loss because plaintiff’s counsel failed to use ordinary care when he did not inform defendant’s counsel that an imposter had “targeted” the settlement in the initial email scam.

As these cases demonstrate, loss allocation among BEC victims is fact-specific and disputes are often not amenable to dispositive motions, including summary judgment, because it is often difficult to determine fault. The adoption of BEC deterrence measures, as discussed below, can help a company in that regard not only by lowering the risk of the company falling victim to a BEC scam, but also by providing a factual basis to demonstrate that the company acted proactively and prudently to avoid fraud and therefore should not bear the loss if one of its business partners falls victim to a BEC scheme.

Steps to Take to Avoid Victimization by BEC Scams

Almost every law enforcement and regulatory authority expects that BEC perpetrators will continue to refine their methodologies and strategies in order to evade detection by victims and ensure continued financial success.

However, there are effective policies and procedures that businesses can put into place in order to minimize, or even eliminate, the risk of victimization from BEC scams. Specifically, companies should consider how they enhance their payment authorization procedures and verification requirements for vendor information changes. In addition, companies should examine their account reconciliation procedures and outgoing payment notification processes to ensure that they detect and stop payments resulting from fraud. Companies must also look to enhance their training of employees about BECs and other cyber-related threats, as well as the relevant internal policies and procedures governing issues such as payment authorization and verification.

Specifically, companies should consider taking the following actions:

• Employ two-factor or multi-factor authentication.
• Disable older, legacy email protocols—this will greatly limit the ability of an attacker to successfully infiltrate and/or spoof a company’s email system.
• Enable appropriate system logging to ensure that, if an attack occurs, it can be tracked and the culprit and exploit can be identified in a timely manner.
• Institute email integrity policies such as Domain-Based Message Authentication Reporting and Conformance (DMARC), Domain Key Identification Mail (DKIM) and/or Sender Policy Framework (SPF).
• Scrutinize all emails, especially if an email requests payment.
• Train employees to use common sense and diligence when conducting financial transactions — especially those prompted by email.
• Verify any changes in vendor and customer payment accounts by using a secondary “sign off” by vendor or customer personnel.
• Carefully monitor vendor and customer payment habits.

Steps like those noted above are critical because once a party wires money to an account controlled by the attackers, it is very difficult to recover the funds. In addition, it is crucial to take steps to prevent BEC attacks because various federal and state law enforcement agencies and regulators have shown a willingness to investigate and bring enforcement actions against BEC “victims” that are perceived to have been negligent or reckless in failing to adequately address BEC and other cyberattack risks.

Vigilance is critical to defeat BEC attackers. However, with some basic social awareness and common-sense training, many of the losses associated with these attacks can be successfully avoided.

Peter Baldwin draws on his experience as a former federal prosecutor to counsel clients facing government investigations, cybersecurity issues, and complex litigation. Pete counsels clients facing cybersecurity incidents and offers valuable insight at the investigatory and remediation stages of these matters. Pete also advises businesses, executives and boards on responding to government inquiries, and he provides guidance in situations involving grand jury subpoenas, search warrants, requests for interviews and witness testimony.

Mark Sosnowsky is a commercial litigator resident in Faegre Drinker’s Washington, D.C. office. Mark represents individuals and businesses in complex commercial disputes. Mark regularly advises clients on mitigation and litigation avoidance strategies, and has an established track record of success in arbitration and state and federal court litigation.

Jason G. Weiss leverages a past career as a cybersecurity and computer forensics professional with more than 22 years of decorated service at the Federal Bureau of Investigation (FBI) to guide clients through the complex and high-stakes issues associated with cybersecurity incident preparedness and response, the Cybersecurity Maturity Model Certification (CMMC) and other cybersecurity standards and frameworks, data analytics, investigations, and e-discovery.

What do I have to do? When do I have to do it?

The STS Lien Navigator has the answers and will guide you through the entire process!

Credit professionals can rely on the Navigator to determine when and how action needs to be taken to protect lien rights across the 50 states, DC and Canada. The real-time Navigator ensures that you’ll always have the current information.

Specific questions are also answered for subscribers through the Navigator Answer Line. The Navigator is a web-based service, accessed through our website and available from any computer with internet access.

Navigating the Way—On Time, Every Time

For more information, call Chris Ring at 410-302-0767 or visit www.nacmsts.com.

“For every minute spent in organizing, an hour is earned.” To this day, Benjamin Franklin’s quote rings true, proving that organization is a contributing factor in accomplishing goals. Whereas an organized person establishes a process of structure and efficiency to reach a desired outcome, a disorganized person becomes lost in the clutter and is unable to reach their destination. Leadership and organization go hand in hand, as one cannot lead without having a clear direction of where to go.

A common attribute among all effective leaders is sharing their knowledge and experience with others. Yet, this requires leaders to have an organized thought process as well as a set of small goals for themselves that are both personal and professional. Organization is a timely process not learned at the flip of a switch, but rather a constant development of personal and professional experiences, growth and networking.

“It’s really important in your organizational process to be able to categorize what your vision is and how you can realistically get there one step at a time,” said Brett Hanft, CBA, a credit manager at American International Forest Products. “Otherwise, it becomes very overwhelming and that’s where disorganization takes place because you don’t know where to start or how to get there.”

There is no wrong way to organize because what may work for one credit professional may hinder another. Some credit professionals believe organization means creating a to-do list at the start of each day, establishing a list of goals they want to accomplish over the course of the work day as well as those that can be completed later down the line. Although a to-do list is certainly beneficial, both up-and-coming and veteran leaders must both develop and maintain the mindset of knowing they may not accomplish anything on the list on any given day. Interruptions are bound to occur, including previously forgotten tasks or work-related emergencies.

One of the most challenging aspects of organization is time management, which Hanft deemed “very underrated from a leadership perspective.” The credit professional said there never seems to be enough hours in the day for what someone always wants to accomplish; therefore, it is helpful to write down how goals can be realistic, so they’re achievable. OrePac Building Products Corporate Credit Manager Eve Sahnow, CCE, agreed, adding that time management is a constant battle for any organization because change is constant, leaving credit professionals to act on their feet.

“You might have a set rhythm, but there’s always something that’s going to upset that rhythm, which might take precedence,” she said. “In that case, it’s worth prioritizing your time by re-prioritizing the items on your schedule. As technology, processes and improvements evolve, you have to change the way in which you’re organized.”

Sahnow said organization is also essential for leaders in credit who strive to set expectations for the department.

“Being organized starts at the top,” Sahnow said. “You just have to keep asking yourself, ‘How can I be better organized for the people who count on me?’ This will set the tone for the entire department.”