R Street Institute
Explainers Cybersecurity Policy

Cybersecurity Score – Guarding Unprotected Aging Retirees from Deception (GUARD) Act

by Haiman Wong
July 21, 2025
Print

Authors

Haiman Wong
Resident Fellow, Cybersecurity and Emerging Threats

Table of Contents

Media Contact

For general and media inquiries and to book our experts, please contact: pr@rstreet.org

Bill Summary

This proposed rule authorizes and encourages the use of existing federal grant funds by various levels of law enforcement to investigate elder financial fraud, pig butchering scams, and other forms of financial fraud. Eligible uses include deploying blockchain and other emerging technologies, improving real-time intelligence sharing, and strengthening interagency coordination.

Cybersecurity Score Rating

Cybersecurity Score RatingRating: Cyber Positive. The GUARD Act has the potential to support cybercrime prevention by promoting the use  of emerging technologies and boosting investigative capabilities at the state, local, tribal, and federal levels—all without introducing new mandates or federal spending.

Status

Referred to the House Judiciary and Financial Services committees on April 21, 2025. (Last updated: July 14, 2025)

Key Provisions

  • Expands how existing Department of Justice (DOJ) grants may be used to support investigations into elder fraud and related scams, including funding for personnel, forensic tools, and specialized training
  • Supports multi-jurisdictional collaboration through tabletop exercises and regional fusion centers across agencies
  • Encourages the designation of a financial-sector liaison to coordinate real-time intelligence exchange between financial institutions and law enforcement agencies
  • Directs federal reporting and stakeholder engagement to monitor fraud trends and improve enforcement strategies, including joint reports to Congress and a public comment process involving financial and telecommunications firms

Background

Financial fraud in the United States is accelerating in speed, scale, and sophistication, posing growing risks to consumers—particularly older Americans. In 2024 alone, the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center received 147,127 fraud complaints from individuals older than 60—a 46 percent increase from 2023. However, despite the increasing impact and scale of these evolving threats, the majority of fraud cases go unreported. According to a recent survey conducted by the American Association of Retired Persons (AARP), while 42 percent of American adults have personally experienced fraud, 78 percent do not report it to local law enforcement or the FBI, and 89 percent do not notify the Federal Trade Commission.  

This persistent underreporting stems from a combination of victim embarrassment, shame, and fear of blame or disbelief, as well as the difficulty of prosecuting scams that often cross legal jurisdictions. These factors make financial fraud an appealing low-risk, high-reward crime for bad actors.

Exacerbating the challenge, transnational organized crime syndicates increasingly target elderly Americans due to perceptions of stable income from Social Security benefits, accumulated retirement savings, diminished digital literacy, and greater vulnerability to coercion or deception. Victims of elder financial exploitation (EFE) often face long-term consequences beyond financial loss—research links EFE to “increased hospitalizations, admittance to skilled nursing facilities, and lower 5-year all-cause mortality survival rates.”

As of 2025, the most common scams targeting older Americans include:

  • Grandparent scams, in which fraudsters impersonate a family member in distress and demand urgent payment.
  • Financial services scams, including phishing and fake investment schemes.
  • Tech support scams, where scammers pose as a customer service agent to gain remote access to victims’ devices and accounts.

Emerging technologies further complicate this threat landscape. Recent nationwide SMS-based phishing (smishing) campaigns—like those impersonating toll authorities—are now more widespread and harder to spot quickly. “Pig butchering” scams, in which victims are “fattened up” with fake investment returns before being defrauded or “butchered,” have become especially costly. Despite the potential for exploitation and misuse, emerging technologies can also serve as force multipliers for law enforcement efforts. For example, U.S. authorities—including the Secret Service and the FBI—began investigating a global pig butchering romance scam in Southeast Asia in late 2023 using blockchain analysis. With voluntary cooperation and aid from Chainalysis, Coinbase, Tether, OKX, and TRM Labs, investigators were able to successfully trace, identify, and freeze the stolen funds. In June 2025, the U.S. Attorney’s Office filed a civil forfeiture and successfully seized over $225 million, marking the largest-ever recovery of assets linked to crypto confidence scams.

To address these evolving threats and rising public concern, policymakers have demonstrated growing interest in combating fraud against older Americans. In the 118th Congress, lawmakers introduced more than a dozen bills focused on financial fraud prevention. While none passed, the GUARD Act builds on these prior efforts, including a nearly identical bill introduced in late 2024. Although that earlier version failed to advance, the continued bipartisan momentum behind the GUARD Act in the 119th Congress—along with public backing from groups like the AARP, the Iowa State Police Association, the Financial Technology Association, and others—reflects a deepening consensus that financial fraud demands urgent attention, particularly when it targets vulnerable populations.

Key Takeaways

  • The proposed rule is scored as “cyber positive” because it reflects a light-touch, tech-agnostic, and permissive approach to building cybersecurity capacity. If enacted, the GUARD Act could also improve cybercrime attribution and deterrence—especially for crimes targeting vulnerable populations—without risk of overregulation, mission creep, or increased government spending.
  • The bill facilitates stronger multi-jurisdictional coordination through support for regional fusion centers and interagency tabletop exercises, helping to overcome common investigative barriers in cybercrime cases that span state or even national boundaries.
  • The bill’s broad inclusion of emerging technologies under “general financial fraud” gives law enforcement flexibility to pursue evolving threats, such as deepfake impersonations or crypto-based scams, without regular statutory updates or new definitions.

Cybersecurity Analysis

FactorsAnalysis
Access provisionsThe proposed bill expands the range of activities state, local, and tribal law enforcement agencies can fund via existing DOJ grants. Specifically, it would authorize these agencies to use grant dollars to investigate elder financial fraud and other forms of financially motivated cybercrime, including hiring investigative personnel and deploying emerging technical tools, such as blockchain analytics software.

This bill also encourages greater technical assistance from federal agencies to support these investigative efforts, including expanded collaboration with regional fusion centers to enhance decentralized access to cybersecurity expertise and investigative capacity across jurisdictions.
ApplicabilityThis bill applies only to existing eligible recipients of one of five DOJ grants, including the Internet of Things National Training and Technical Assistance Program and the Information Sharing and Technical Assistance Program. It does not impose new obligations; rather, it expands the range of eligible activities to include fraud-related investigations involving EFE, pig butchering scams, general financial fraud, and other scams.

The statutory language clarifies that “general financial fraud” includes schemes facilitated through emerging technologies, allowing flexible interpretation to cover deepfakes, spoofed communications, and crypto-based scams—among other potential emerging tactics, techniques, and procedures—without the need for legislative amendments or new definitions.
Impact on cyber actionsThe proposed bill directly supports cybercrime mitigation through authorized funding for:

• Investigative staffing
• Deployment of advanced forensic tools (including blockchain analysis)
• Tabletop exercises and training

By facilitating these investments, the GUARD Act helps close technical and human capacity gaps in prosecuting financially motivated cybercrime at the local level.
Business impactWhile the GUARD Act does not impose mandates on financial institutions or financial technology firms, it encourages closer cooperation with law enforcement through the designation of a financial-sector liaison to facilitate intelligence exchange.

This could inadvertently lead to informal expectations for expanded private-sector reporting, though the bill’s current language is careful not to create new compliance requirements.
Data privacy and securityThe bill does not alter existing data privacy laws or introduce new data collection mandates. However, its provisions for increased data sharing and intelligence exchange between local, tribal, and federal law enforcement—along with the authorized use of forensic technology—carry implications for privacy and data protection practices.

Although the bill is not prescriptive, future iterations could be strengthened by articulating voluntary best practices for data handling, including guidelines on retention, security, and interagency data transfers.
Rulemaking or update mechanismsThe bill does not grant any rulemaking authority; however, it does require:

• An annual report from DOJ grant recipients detailing expenditure, investigative efforts, tools used, and coordination efforts
• A joint report from the attorney general and treasury secretary analyzing scam trends and identifying enforcement gaps
• A public comment process to solicit feedback from stakeholders, including financial institutions and telecommunications providers

These mechanisms provide information scaffolding for potential further action without initiating immediate  or direct regulatory changes.
Exemptions, exceptions, and defensesBecause the bill is designed as a permissive statute expanding eligible uses of DOJ grants, it does not introduce mandates or require exceptions or defenses.
Enforcement mechanismsWhile the bill does not include new enforcement provisions, it does require grant recipients to submit annual reports summarizing investigative activities, training and tools used, and coordination efforts. These reporting requirements function as oversight conditions tied to funding rather than as formal legal enforcement mechanisms.
Other notesThe GUARD Act recognizes the essential role of financial institutions, financial technology platforms, and telecom providers in addressing financial fraud. However, the lack of clear guidance on the extent to which private-sector stakeholders should regularly engage with law enforcement agencies could be clarified through follow-on, complementary playbooks or in future proposals.

As blockchain analytics and artificial intelligence-based investigative tools become more central, further clarity may be needed on acceptable use cases and data privacy practices, especially when investigations involve metadata, transaction tracking, or facial recognition technologies.