Activity
-
NAFA Administrator posted an articleUpdate from NAFA’s Transaction Integrity Committee Member see more
As I am sure that you are aware, wire fraud is prevalent in our industry – probably due to the monetary size of the transactions that we work on, which are typically in the millions and tens of millions of dollars.
IATS is very careful in developing and following policies in an effort to prevent fraud from occurring in transactions, most of which involved wire fraud. Even with our efforts to prevent wire fraud, the “fraudsters” seem to keep finding new ways to attempt “wire around” (no pun intended) the issues that we have seen in the past and have developed new fraud tactics.
I wanted to give all of you a few examples of some of the fraud we have seen here at IATS.
One of the most terrifying incidents happened personally to me mid-December, which of course was a very busy time for all of us. On the 1st of December I had sent an email to a buyer of an airplane asking for their wire transfer instructions so we could return a deposit. There were quite a few people in their organization copied on the email as well as their counsel and aircraft broker. On December 13th I received an email purportedly from their CFO with wire transfer instructions. All of the email addresses on the email had been spoofed with a 1 letter difference in each one from their actual emails, but in less than 2 weeks they had actually opened up a bank account in what appeared to be the name of the company that had sent the funds to us, however, the name on the account was missing 1 letter. The email even had their logo on it and looked exactly like the ones I had received previously from him. I figured the name on the account with one letter missing (which I noticed right away) was simply a typo. Of course, we would not have wired to that account without verbally verifying the wiring instructions with the CFO but in fact, we had already returned the funds a couple of weeks earlier. I called the CFO and told him I was confused by his email because we had already returned the funds and he said “what email?”. Of course, he had not sent me any email and we then discovered that it was all fictitious. Fortunately, I called the phone number that I knew for this gentleman and not the phone number that the bad guy had put on the email.
Another example of attempted fraud we experienced earlier in the year was that someone was trying to sell an airplane that they did not in fact own. I am not exactly sure what the scam was going to be but I happened to know who owned this aircraft and that it was not for sale. I reached out to them to verify the plane was not for sale and was able to let the potential buyer know that this aircraft was not for sale.
I am sure some of you have gotten emails purportedly from me (spoofed with again 1 letter changed or added) stating that we had purchased another title company and therefore our wire transfer instructions changed. I can’t tell you how many people either came up to me personally at industry events or emailed me to tell me congratulations! Of course, we have not purchased any other title company and our wire transfer instructions have not changed. Even one of the organizations we belong to had been communicating with this fictitious person (through the spoofed email address) and when I got a news blast from that organization announcing the purchase of the new title company by IATS, I immediately picked up the phone and called to say where did you get this information and why would you send this out without my approval? She told me I had emailed her approval on such and such a date. She then realized that the email address was incorrect, but the changes are so slight, it is very difficult to see sometimes.
In an effort to try to thwart some of this mischievousness, we have filed UDRP disputes, which is an online arbitration process with domain registrars of the fictitious domain names. We have been successful with our disputes and the domain hosts have turned many of these fictitious domains over to us. It seems that it slowed down the traffic for a bit, but the bad guys are back at it again.
If any of you are interested in pursuing this type of remedy, I will give you a link so you can read more about it:
https://www.icann.org/resources/pages/help/dndr/udrp-en
Be vigilant everyone ~ You cannot be too careful. See you in Key Largo!
Joan Roberts
Vice President
Insured Aircraft Title Service LLC -
NAFA Administrator posted an article3 Facts Relating to Business Email Compromise (BEC) Attacks see more
David Vandenberg, Chair of the NAFA Transactional Integrity Working Group, discusses cybercrime and Business Email Compromise (BEC).
Be careful not to fall victim.
Fraud involving wire transfers is frightening and possibly more common than you think. Business email compromise (BEC) is the common name for this type of cybercrime, which is exceedingly difficult to halt with technical measures and frequently impossible to undo should an attacker successfully fool a target into sending money.
Employee and customer vigilance is essential for stopping these attacks. The following three details will outline the magnitude of the issue and assist you in avoiding becoming a target of these attacks.
Fact #1: Since 2013, There Have Been Massive Financial Losses.Since October 2013, BEC, also known as email fraud and email account compromise (EAC), is being monitored both domestically and internationally by the U.S. Federal Bureau of Investigation (FBI). The following current fraudulent wire transfer patterns are concerning:
• Tens of thousands of complaints are made concerning BEC fraud each year, with billions of dollars in losses as a result.
• More than 150 nations and all 50 states in the United States have received reports of BEC frauds.
• Consumers may also be impacted by these attacks, which don't just target businesses and organizations. Examples include BEC schemes that target all parties involved in a real estate transaction, including buyers, sellers, and agents, according to the FBI.
Furthermore, it's critical to understand that BEC attacks involve more than just wire fraud. In order to commit tax fraud and other crimes, for instance, cybercriminals exploit illicitly obtained tax information (such as W-2 statements of American workers). In a different kind of BEC fraud, fraudster impersonate employees in an effort to deceive payroll offices and payroll service providers into diverting direct deposits so they can steal workers' wages.
In conclusion, BEC attacks are pervasive and have an impact on both individuals and enterprises. And while though billions of dollars in damages are now estimated annually, the actual amounts are probably higher because BEC attacks sometimes go unreported. Don't fall into the trap of believing it won't happen to you; cybercriminals target consumers as well as employees and search up, down, and across org charts to discover their targets.
Fact #2: BEC Attacks Use the Comfortable to Trick You into Making Poor Choices.
Since BEC attacks are designed in such a way, technical tools are frequently ineffectual against them. Typically, emails don't contain malicious links or attachments, two characteristics of phishing attacks that email monitoring technologies can spot and reject.
BEC attacks, in contrast, make an effort to "glide under the radar," using well-known identities and details to pass for secure, authorized communications. Attackers may use social media and other public information sources to learn more about their targets. They may also establish rapport across several contacts—by phone and email—to make the target think they are speaking with a reliable person. The attacker won't request a wire transfer (or data) until they are certain the target is at ease enough to comply.
Attackers may occasionally use the "spoofing" technique to make messages appear to have originated from a well-known source; in these cases, the sender address resembles a contact you can trust (though a hover over that address will reveal something different). In some situations, fraudsters are able to obtain email login information and send messages from a valid account, making it very challenging for an email receiver to recognise a fraudulent request.
Conclusion: Nothing should be taken at face value when it comes to a wire transfer or payment request (or an email requesting sensitive personal data). Any solicitation of this kind should be viewed critically, especially if the requestor asks for an exception to previously established banking procedures or account information.
Fact #3: You Have the Ability to Thwart BEC Attacks.To preventing various forms of fraud and safeguarding personal and company data, cybersecurity awareness and a knowledge of email best practices are essential. When it comes to BEC attacks, a few comparatively easy steps can make all the difference:
• Set up a confidential, "need to know" procedure for people to get face-to-face or voice-to-voice confirmation that the request is legitimate if you frequently ask for wire transfers or tax-related information. Make sure to share that procedure with others outside of email, through a reliable method.
• If you frequently process payments or data,
you need to safeguard your organization’s finances and data as well as your reputation. Acting on a request requires both confirmation of the request and authorization to carry it out. This is especially important if you're under pressure to respond quickly or disobey established protocol. Ask your supervisor to implement non-email-based approvals for these types of requests if there aren't any procedures in place to help avoid fraudulent transfers.
• If you routinely approve fund or data transfers, make sure that you are not the only person who can give approval. Working with additional stakeholders to make sure that your process does not have a single point of failure can help you ensure that approvals take place through a channel (or channels) other than email. Never jeopardize the approval chain by permitting transfers to occur outside of the approved protocol. Be ready to be contacted by phone or in-person meetings for approvals.
Conclusion: Parties in the “chain of command” for either funding aircraft transactions or the supporting data need to be aware that email fraud is prevalent and there are steps you can take to ensure the prevention of fraud. It is vital that people are aware of the risks and safety precautions. Remember that you could suffer a BEC attack in your personal life even if you don't frequently engage in these activities at work. Any request for a wire transfer or data transfer should be carefully examined before you act on it, regardless of when it occurs or where it appears to originate from. It is possible for a fraudulent email to appear legitimate. Therefore, putting in place a secondary (non-email) based means of confirmation for events like aircraft closing wire instructions should be considered as a standard (best) practice.
This article was originally published on February 15, 2023.
-
NAFA Administrator posted an articleSolairus' John King and Jeff Ritzinger discuss critical steps required to keep your data safe. see more
NAFA member and Solairus' President John King and IT Director Jeff Ritzinger discuss some of the critical steps required to keep those data out of sight – and away from hackers’ prying eyes.
Today, aviation safety concerns aren’t confined only to flight operations. Internet security also is an issue – the need to keep your as well as your passengers’ and clients’ profile information safe and secure.
And that requires staying one step ahead of hackers and phisher-men from anywhere in the world – whether their intent is using that information to grab a competitive edge, to hold your data for ransom … or to seek revenge.
When there’s more to be said than space and copy deadlines allow, you can rely on the Business Aviation Advisor Above and Beyond podcast series to get you the information you need, enabling you to make the most of your aviation investments.
This podcast was originally published by Business Aviation Advisor on October 12, 2021.
-
NAFA Administrator posted an articleNAFA Webinar - CARES Act and Digital Signatures - Full Version see more
NAFA shares its recent CARES Act and Digital Signatures Webinar.
This NAFA webinar originally aired on September 1, 2021
-
NAFA Administrator posted an articleNAFA Webinar - CARES Act and Digital Signatures - Part 2 see more
NAFA presents Part 2 of the CARES Act and Digital Signatures webinar.
This NAFA webinar originally aired on September 1, 2021.
-
NAFA Administrator posted an articleNAFA Webinar - CARES Act and Digital Signatures - Part 1 see more
NAFA presents Part 1 of the CARES Act and Digital Signatures Webinar.
This NAFA webinar originally aired on September 1, 2021.
-
NAFA Administrator posted an articleUpcoming Financial Reporting Requirements Will Apply to LLCs see more
NAFA member, National Business Aviation Association (NBAA) shares the latest aviation industry news.
Operators of business aircraft owned in limited liability companies (LLCs) and similar entities will soon be required to comply with the Corporate Transparency Act (CTA), which mandates additional reporting to government agencies in an effort to combat domestic and international financial crimes.
For many business aircraft owners, LLCs are utilized to establish leases under which companies may share aircraft for FAA compliance and a host of other business reasons. However, in passing the CTA, Congress noted that LLCs and other ownership structures may also be used to shield illicit financial transactions.
This article was originally appeared in Business Aviation Insider July/August 2021 Issue.
-
NAFA Administrator posted an articleBeware - Hack Attack! Preventing aviation transaction fraud see more
Cyber fraud, already at an all-time high, continues to rise. In 2020, the FBI’s Internet Crime Complaint Center received 792,000 reports of cyber crime (a 69% increase from 2019), with losses exceeding $4.1 billion.
Why do aircraft transactions present outsized opportunities for fraud, and what can you do to detect and prevent it?
Billions of dollars are exchanged on aircraft transactions each year, from title and escrow companies to law firms. Coupled with the fact that most communication takes place via email, you get the perfect combination for cyber criminals: lucrative opportunities and an easy target.
In the pre-digital age, fraud came in the form of check scams. Scammers would issue counterfeit checks with a name that wasn’t identical to that of your company, but close enough to be missed easily. They would then use the codes on the check to issue money for the payment and acquisition of goods and services.
Today, fraud looks a bit different, but no less dangerous. Cyber criminals can hack into emails to monitor communication between transaction parties (e.g. escrow agents and either sellers or lenders). They can set up a fake email address that’s one or two characters off from yours to provide false wiring instructions and divert funds.
First-time buyers and sellers of aircraft are most at risk since they’re less familiar with the process. Seasoned industry professionals, who’ve been doing things the same way for the past 20 years, also are at risk if they haven’t yet invested in upgrading systems and security processes. Perhaps you’re storing wiring information on an unprotected iPhone, or you haven’t gotten around to installing malware software. These types of oversights put you at risk.
How To Prevent Fraud
- “Know Your Customer” (KYC). Originally implemented in the financial industry, KYC has expanded to non-financial institutions and the process by which stakeholders identify and verify the companies and persons they do business with, to prevent fraud and mitigate financial crimes (e.g., money laundering and terrorist financing). Most KYC processes today start with an extensive online restricted party screening to rule out companies placed on a government list due to their involvement with organized crime, history of corrupt business practices, or threat to national security. Sometimes, just a simple Google search can be valuable.
- Invest in updated technology. Ensure your computer has a proper security system with updated firewalls that will flag suspicious emails.
- When you see an update alert on your phone, do it! Those iPhone/Android updates often entail security fixes in response to hacking attempts, so it’s worth taking the time to process the update in a timely manner.
- Don’t sacrifice accuracy for speed. When it comes to classified documents such as wiring instructions (or any changes thereto), a layered verification system is essential. One person drafts, another proofs, and a third verifies.
How To Detect Fraud
- Triple check email addresses. Sometimes it’s just one character off, making it difficult to spot.
- Be wary of Gmail or Yahoo accounts. In the corporate aviation world, email addresses from those servers may be a red flag.
- Question any eleventh-hour changes, especially when it comes to wiring instructions.
- Trust your gut. If something feels “off,” pump the breaks. It’s better to delay a transaction than to risk losing a large sum of money.
What To Do If You Suspect Fraud
- Immediately hit pause. This is a fast-paced industry, but sometimes you need to stop, do additional due diligence, and verify information so you’re comfortable proceeding. Don’t give way to pressure to close a transaction.
- Report it to the FBI via its Internet Crime Complaint Center: www.ic3.gov.
Scammers will always pose a threat. As the industry evolves, so do they. However, these techniques are effective at preventing and detecting fraud in order to mitigate risk for all parties involved.
This article by Tracey Cheek originally appeared in Business Aviation Advisor on July 1, 2021.
-
NAFA Administrator posted an articleAINsight: How Dry Leases Can Prevent Illegal Charter see more
NAFA member, David G. Mayer, Partner at Shackelford, Bowen, McKinley & Norton, LLP, discusses how dry leases can prevent illegal charter.
Is it possible that a subtle shift is occurring away from the pervasive and persistent menace of illegal charter operations? Anecdotally, and perhaps for me just hopefully, I am seeing more aircraft owners, operators, lessees, and lessors asking whether they need some type of leasing or other structure to avoid FAA scrutiny or personal liability.
Leasing enables a lessee, which may be an individual or entity (person), to lawfully “operate” and thereby exercise “operational control” over an aircraft under the FARs. Only one person has operational control. Leasing offers a broad array of benefits and structures to direct cash flow from lessees to lessors and vendors, manage risk, minimize certain taxes, share aircraft use and cost among unrelated and affiliated parties, and facilitate commercial operations under FAR Part 135.
But leasing is not an incidental subject, as explained in the General Aviation Dry Leasing Guide developed by NBAA and several other aviation alphabet groups. This 17-page publication informs aircraft buyers, owners, lessors, lessees, lenders, brokers, lawyers, and other advisors about the flexibility, utility, regulatory aspects, and complexity of leasing.
Key FAA Leases: Dry and Wet
It is essential first to understand that a “lease” under the Uniform Commercial Code in part means a transfer by a “lessor” to a “lessee” of the right to possession and use of an aircraft for a term in return for consideration—usually hourly, fixed, and/or variable rent payments.
In contrast, a true lease might exist when the lessor retains residual value risk—the remaining value of the aircraft at the end of the lease term. Sellers do not take this risk. Finally, a charter is not a lease; it is a service, with no change of aircraft possession.
Under FAR 91.23, “a lease means any agreement by a person to furnish an aircraft to another person for “compensation or hire, with or without flight crewmembers, that is not a contract of conditional sale.” In this context, the FAA identifies two extremely important categories of leases in Order 8900.1: dry leases and wet leases.
Dry lease refers to an aircraft transaction in which the lessor provides the aircraft, the lessee independently supplies the crewmembers, and the lessee retains operational control of the flight. FAR 1.1 defines a core regulatory concept of operational control with respect to a flight as “the exercise of authority over initiating, conducting, or terminating a flight.”
Illegal or unsafe operations may occur when leases or other contracts do not specify who is responsible for operational control of the aircraft and in other circumstances. As such, the FAA focuses on operational control in assessing whether a flight operation is an illegal charter or valid Part 91 operation.
Operational control under Part 91 does not mean the traveler must fly the aircraft personally. An aircraft owner or lessee typically delegates that responsibility to pilots under Part 91 or charter operator under Part 135. I sometimes refer to the one person that exercises operational control as having the liability target on the person’s back.
For example, in one of the most common uses of dry leases, an owner enters into a dry lease between a limited liability company (LLC), as the single-purpose aircraft owner entity, to put operational control of flight operations into the hands of one person as the lessee in compliance with Part 91.
A major business enterprise for profit may be an appropriate dry lessee if the aircraft serves the business of the enterprise whose operations generate substantially more revenue than the operating costs of the aircraft. The LLC owner/member may also agree to an “exclusive dry lease,” with one lessee/operator or “non-exclusive leases” with multiple aircraft lessees/operators under their separate non-exclusive leases.
The finance world routinely uses exclusive dry leases of various types to enable a lessor to buy an aircraft and lease it to a lessee without crew under a long-term lease. Here, the lessee similarly supplies the crew and assumes all obligations under the lease for the care, custody, and control of the aircraft during the term, including for its maintenance, crewing, operations, cost payments, insurance, and taxes.
Despite the availability of leasing, new and current aircraft owners still frequently violate the FARs when their LLCs operate the aircraft but have no business other than to own and operate their aircraft, converting the LLCs into illegal “flight department companies.” Such a single-purpose LLC cannot lawfully conduct these operations, share the aircraft for any compensation (anything of value), or offer the aircraft for hire to others unless the LLC obtains an air carrier certificate under Part 119 and operates the aircraft under Part 135. It is quite feasible to use non-exclusive or exclusive dry leases to rectify or avoid these violations.
In contrast to a dry lease, the FAA defines a wet lease in FAR 110.2 as an aircraft lease whereby the lessor provides both an entire aircraft and at least one crewmember to a lessee. The lessor retains operational control of the flight, unlike a dry lease where the dry lessee supplies its own crew, directs many aspects of flight operations, and retains operational control.
Another significant distinction exists between Part 91 private operations and Part 135 commercial operations conducted by the air carrier that influences lease structuring. The air carrier (charterer) has the liability target on its back instead of the person that would otherwise exercise operational control under Part 91. This feature appeals to risk-averse Part 91 lessees or owners that want to mitigate the risk of liability for accidents involving their aircraft under their operational control of the aircraft.
When the Rubber Hits the Runway
When the conduct of flights blurs the line in determining whether one lessee/passenger has operational control or the lessor/aircraft provider has operational control under Part 91, illegal charter operations may be occurring. Lessees normally must understand and accept operational control and related obligations.
Although the FAA has no specific criteria to determine when Part 91 dry leases morph into illegal wet leases, lessees should be wary of lessors that offer leases to multiple unrelated parties, induce the parties to hire the lessor’s pilots, and usurp the lessee’s independence in exercising operational control.
Importantly, the lease parties of large civil aircraft (over 12,500 pounds mtow) must comply with FAR 91.23, the Truth-in-Leasing rules. These rules, which protect and inform lessees, require the filing with the FAA of a copy of the lease within 24 hours of signing and notice to the local FAA Flight Standards office at least 48 hours before the first flight under the lease.
Conclusion
There is no excuse for operating an aircraft as an illegal charter, especially when leasing aircraft provides a reasonable way to transfer rights to lessees to possess and use an aircraft under the lessee’s operational control. With the guidance of knowledgeable aviation counsel, individuals and entities can operate safely, lawfully, and knowledgeably under the FARs using leases and other related documentation that will survive FAA scrutiny.
This article was originally published on AINonline on January 15, 2021.
-
NAFA Administrator posted an articleInsights From An FAA Illegal Charter Investigation see more
NAFA member, Greg Reigel, Partner at Shackelford, Bowen, McKinley & Norton, shares insights from an FAA illegal charter investigation.
Recent FAA press releases have publicized the enforcement actions the agency is taking against those involved in illegal charter. However, what is not publicized is how the FAA is investigating these cases. A recent case in the U.S. District Court for the Southern District of Indiana provides an interesting glimpse into one such investigation.
The Case
In Elwell v. Bade et al., the FAA received complaints regarding alleged illegal charter activity. In response, the FAA opened what has turned out to be a six year investigation.
During its investigation, the FAA issued three sets of subpoenas over a three year period. The last set asked for production of all documents related to agreements associated with use, ownership, and/or leasehold interest in certain aircraft under investigation for a specified period of time. The recipients of the subpoenas (the “Respondents”) objected and refused to produce any documents.
The FAA filed a petition with the U.S. District Court requesting enforcement of the subpoenas. The Respondents objected to the subpoena by filing a motion to quash the subpoenas. The Court refused to quash the FAA’s administrative subpoenas and ordered their enforcement.
The Court concluded that “(a) the matter under investigation is within the authority of the issuing agency, (b) the information sought is reasonably relevant to that inquiry, and (c) the requests are not too indefinite.” However, the Court’s analysis and rationale also provide insight into some of the things the FAA can do, and when it can do them, in an illegal charter investigation.
Here are some of the key takeaways:
The FAA Has Authority To Issue Subpoenas In Connection With An Investigation
Under 49 U.S.C. § 46101(a), the FAA may investigate violations as long as the agency has “reasonable grounds.” Neither an enforcement action nor a lawsuit is necessary. When a court reviews an agency’s subpoena requests, the court must make sure the agency does not exceed its authority. And the threshold for the relevance of the documents/information requested by the administrative subpoenas is relatively low. The court must also confirm that the requests are not for an illegitimate purpose.
In illegal charter investigations such as the Bade case, the FAA typically asks for
- aircraft flight logs
- flight summaries
- aircraft lease agreements
- operating agreements
- interchange agreements
- pilot services agreements
- pilot payrolls
- operating invoices
- receipts etc.
And, as in Bade, a court will likely hold that such requests are proper and do not exceed the FAA’s authority.
Stale Complaint Rules Do Not Bar Subpoenas During An Investigation
As you may know, stale complaint rules act to bar the FAA from acting in certain situations after a period of time. For example, in certificate actions heard before a National Transportation Safety Board Administrative Law Judge, 49 C.F.R. § 821.33 may prevent the FAA from acting if it does not initiate the case within six months of advising the respondent of the reasons for the proposed action. Similarly, in a civil penalty case, a case may be dismissed under 14 C.F.R Part 13.208(d) if the FAA does not initiate action within two years.
However, these stale complaint rules do not apply to ongoing investigations where no action has been initiated. According to the Bade court, the “FAA may conduct an investigation to assure itself that its regulations are being followed, regardless if it ultimately determines civil enforcement or formal charges are not warranted.”
Similarly, the FAA may investigate a target who is “engaged in a continuing violation of [FAA’s] safety regulations.” In Bade, the FAA argued it was not investigating stale claims. Rather, it believed the respondents were engaged in continuing violations where “the statute of limitations restarts every day.” And the Court agreed.
(Interestingly, the Court did not address whether this analysis, and its decision, would have changed if the aircraft involved had been sold and/or the flight operations had ceased. As a result, it is unclear whether the investigation would have been moot if applicable stale complaint rules prohibited enforcement action.)
The FAA Does Not Have To Tell The Target Of An Investigation About Subpoenas
Under 49 U.S.C. § 46104(c), an agency must only give notice to “the opposing party or the attorney of record of that party.” However, an investigation has no “record.” As a result, since the target of the investigation is not the one being deposed nor is counsel to those targets being deposed, the target does not have a statutory right to receive notice of third-party depositions.
The Bade court also noted that “’failing to receive notice of one or more depositions does not prove that the FAA’s investigation is a sham,’ and has ‘nothing to do with the enforceability of the Subpoenas or the motive of the FAA in conducting this investigation.’”
So, potential respondents do not get to participate at third-party depositions or receive copies of documents produced in response to subpoenas. This certainly makes defending against an illegal charter investigation a more difficult task.
The FAA’s Order 2150.3C Is Only “Guidance”
In Bade the Respondents argued that the FAA had not followed its own policies when conducting the investigation. Specifically, they argued the FAA failed to follow FAA Order 2150.3 – FAA’s Compliance and Enforcement Program. However, the Court rejected the argument. It observed that Order 2150.3 is not regulatory.
Rather, Order 2150.3 merely provides guidelines to FAA personnel for performing their duties. Thus, the Court concluded that the FAA’s failure to strictly adhere to Order 2150.3’s “guidance” did not negate its authority to investigate. Nor did it mean the FAA was pursuing the investigation for an improper purpose.
Conclusion
Illegal charter is a high priority for the FAA at the moment, and will be for the foreseeable future. As a result, the agency will continue to investigate complaints of illegal charter. It is important to understand how the FAA conducts these investigations and the extent of its authority.
And it is imperative for aircraft owner or operator who is the target of an illegal charter investigation to know its rights. If you believe you are the target of an illegal charter investigation, contact us now so we can help you navigate the investigation and protect your rights.
This article was originally published by Shackelford, Bowen, McKinley & Norton, LLP on June 23, 2020.
-
NAFA Administrator posted an articleBeware of phishing schemes relating to aviation escrow matters see more
NAFA member, Scott McCreary, Vice President at McAfee & Taft, warns of aviation escrow phishing schemes.
The McAfee & Taft Aviation Group has recently seen an increase in the number of phishing schemes relating to aviation escrow matters. Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing, instant messaging, and text messaging, phishing often directs users to enter personal information at a fake website that matches the look and feel of the legitimate site.
You may have recently received a phishing email purportedly from McAfee & Taft regarding our banking instructions. We wanted to advise you that McAfee & Taft has not and would never send out an email blast stating that its banking instructions have changed. All communication from McAfee & Taft will always come directly from an attorney or legal assistant with our group. Also, in responding to any emails, please be sure to check email address domains, as we have seen an uptick in email spoofs using similar email domain names (look for extra letters in domain names).
At McAfee & Taft, we take our role very seriously in providing best practices for any transaction, including ones involving funds. For any transaction involving funds, we suggest the following to help keep fraudsters out of the mix:
- Always have a written escrow agreement or escrow addendum to your purchase agreement that contains the contact names of all relevant parties, with address, phone numbers and email addresses, so that you can always confirm that the parties on any email traffic are legitimate.
- Always include wire transfer instructions in the escrow agreement or escrow addendum. Providing wire instructions for the seller on or immediately prior to the day of closing or changing wire instructions for the seller could cause a delay in closing the transaction due to additional verification required.
- Verify wire instructions by phone for any wire transfers, whether going into escrow or being disbursed out of escrow. Locate a telephone number for the person receiving the funds from an independent source, such as an email from that person from a totally unrelated deal, or from LinkedIn, or from a website. Do not use the phone number from the email containing the wire instructions.
We greatly appreciate the folks in the industry with whom we work, and we strive to do everything possible to protect the deals that we all work on to continue to make the world go round!
This article was originally published in McAfee & Taft Aviation Alert | October 19, 2020.
-
NAFA Administrator posted an articleGAO Report: FAA Needs to Better Prevent, Detect, and Respond to Fraud and Abuse Risks in Aircraft Re see more
NAFA member, Scott McCreary, Vice President at McAfee & Taft, shares the GAO Report.
Today the U.S Government Accountability Office issued its long awaited report regarding the audit of the FAA Aircraft Registry. The report, titled "Aviation: FAA Needs to Better Prevent, Detect, and Respond to Fraud and Abuse Risks in Aircraft Registration" and can be found at www.gao.gov/products/GAO-20-164. The audit was extensive and ultimately provides the following recommendations:
- The Administrator of FAA should conduct and document a risk assessment that considers inherent and residual fraud and abuse risks that may enable criminal, national security, or safety risks. (Recommendation 1)
- The Administrator of FAA should determine impact, likelihood, and risk tolerance as part of a risk assessment. (Recommendation 2)
- The Administrator of FAA should develop a strategy that outlines specific actions to address analyzed risks, including periodic assessments to evaluate continuing effectiveness of the risk response. (Recommendation 3)
- The Administrator of FAA should collect and record information on individual registrants, initially including name, address, date of birth, and driver's license or pilot's license, or both, with subsequent PII elements informed by the risk assessment, once completed. (Recommendation 4)
- The Administrator of FAA should collect and record information on legal entities not traded publicly—on each individual and entity that owns more than 25 percent of the aircraft; for individuals: name, date of birth, physical address, and driver's license or pilot's license, or both; and for entities: name, physical address, state of residence, and taxpayer identification number. (Recommendation 5)
- The Administrator of FAA should verify aircraft registration applicants' and dealers' eligibility and information. (Recommendation 6)
- The Administrator of FAA should increase aircraft registration and dealer fees to ensure the fees are sufficient to cover the costs of FAA efforts to collect and verify applicant information while keeping pace with inflation. (Recommendation 7)
- The Administrator of FAA should ensure, as part of aircraft registry IT modernization, that information currently collected in ancillary files or in PDF format on (1) owners and related individuals and entities with potentially significant responsibilities for aircraft ownership (e.g., beneficial owners, trustors, trustees, beneficiaries, stockholders, directors, and managers) and (2) declarations of international operations is recorded in an electronic format that facilitates data analytics by FAA and its stakeholders. (Recommendation 8)
- The Administrator of FAA should link information on owners and related individuals and entities with significant responsibilities for aircraft ownership through a common identifier. (Recommendation 9)
- The Administrator of FAA should, as part of IT modernization, develop an approach to check OFAC sanctions data on owners and related individuals and entities with potentially significant responsibilities for aircraft ownership for coordination with OFAC and to flag sanctioned individuals and entities across aircraft registration and dealer systems. (Recommendation 10)
- The Administrator of FAA should use data collected as part of IT modernization as well as current data sources to identify and analyze patterns of activity indicative of fraud or abuse, based on information from declarations of international operations, postal addresses, sanctions listings, and other sources, and information on dealers, noncitizen corporations, and individuals and entities with significant responsibilities for aircraft ownership. (Recommendation 11)
- The Administrator of FAA should develop and implement risk-based mitigation actions to address potential fraud and abuse identified through data analyses. (Recommendation 12)
- The Administrator of FAA should develop mechanisms, including regulations if necessary, for dealer suspension and revocation. (Recommendation 13)
- The Administrator of FAA, in coordination with relevant law-enforcement agencies, should enhance coordination within the Aircraft Registry Task Force through collaborative mechanisms such as written agreements and use of liaison positions. (Recommendation 14)
- The Administrator of FAA, in coordination with relevant law-enforcement agencies, should develop a mechanism to provide declarations of international operations for law-enforcement purposes. (Recommendation 15)
If implemented, these changes will clearly affect many individuals and companies that own and operate aircraft. The lawyers in the McAfee & Taft Aviation Group will continue to provide updates as the industry digests this information.
This article was originally published by McAfee & Taft on March 25, 2020.
-
NAFA Administrator posted an articleNAFA Webinar - Final Comments on Fraud see more
NAFA Webinar - Final Comments on Fraud
Meet our Moderator, Guest Speaker and Panelists:
Merrick Benn, Partner, Womble, Bond, Dickinson
Jim Simpson, Managing Director, First Republic Bank (Moderator)
Stephen Friedrich, Chief Commercial Officer, Embraer Executive Jets
Bruce Marshall, EVP and General Counsel, AIC Title Service
Joe Carfagna, President, Leading Edge Aviation Solutions
Luci Johnson, Operations, Documentation & Servicing Manager, PNC Aviation Finance
This NAFA webinar originally aired on September 15, 2020.
-
NAFA Administrator posted an articleNAFA Webinar - Money Laundering see more
NAFA Webinar - Money Laundering
Meet our Moderator, Guest Speaker and Panelists:
Merrick Benn, Partner, Womble, Bond, Dickinson
Jim Simpson, Managing Director, First Republic Bank (Moderator)
Stephen Friedrich, Chief Commercial Officer, Embraer Executive Jets
Bruce Marshall, EVP and General Counsel, AIC Title Service
Joe Carfagna, President, Leading Edge Aviation Solutions
Luci Johnson, Operations, Documentation & Servicing Manager, PNC Aviation Finance
This NAFA webinar originally aired on September 15, 2020.
-
NAFA Administrator posted an articleNAFA Webinar - Overview of Fraud see more
NAFA Webinar: Overview of Fraud
Guest Speaker: Merrick Benn, Partner, Womble, Bond, Dickinson
This NAFA webinar originally aired on September 15, 2020.