On October 13, the Financial Crimes Enforcement Network (“FinCEN”) issued a COVID-19-related Advisory “to alert financial institutions to unemployment insurance (“UI”) fraud observed during the COVID-19 pandemic.” It is the fourth in a series of Advisories related to financial crimes arising from the pandemic (we covered previous Advisories on medical scams, imposter and money mule schemes, and cyber-enabled crime). This latest Advisory “contains descriptions of COVID-19-related UI fraud, associated financial red flags indicators, and information on reporting suspicious activity.”
COVID-19-Related UI Fraud
Not surprisingly, as the level of UI claims has surged in light of the pandemic and the ensuing economic stress, FinCEN reports that it and financial institutions have detected “numerous instances” of UI fraud. The Advisory lists several representative types of UI fraud: UI applicants claiming to have worked for fictitious companies or creating fictitious work records, collusion between employers and employees to enable an employee to receive simultaneously a UI payment and a paycheck, and applicants inflating wages to receive a higher UI payment.
Two additional types of fraud described in the Advisory warrant mention. First, the Advisory warns that state employees may use their credentials to alter UI claims, approve otherwise unqualified UI applicants, direct UI payments to accounts not on the UI application, or increase the approved UI payment amount. However, the Advisory’s red flags provide little guidance to financial institutions on how to identify or distinguish “insider” UI fraud from its ilk.
Second, the Advisory warns that UI applicants may submit to the state stolen or forged identification documents in their UI application to take over an account eligible for UI payments. The Advisory’s reference to FinCEN’s July 30th Advisory on pandemic-enabled cybercrime complicates a financial institution’s obligations to detect these schemes. As we previously commented, detecting cybercrime perpetrated during COVID-19 is “perhaps easier said than done.” That is particularly true in the UI fraud setting, where the perpetrator has already fooled state authorities into making UI payments, which are only a portion of hundreds of thousands of weekly UI claims.
UI Fraud Red Flags
Nevertheless, the Advisory, in keeping with FinCEN’s risk-based approach towards BSA compliance, lists red flags for financial institutions to consider along with “all surrounding facts and circumstances before determining if a transaction is suspicious or otherwise indicative of potentially fraudulent activities related to COVID-19.”
- Accounts held at the financial institution show suspicious UI payment and withdrawal signs, including: out-of-state UI payments; multiple UI payments within a single disbursement window; UI payments to someone other than the accountholder; UI payments collecting at the same time as regular work earnings; numerous deposits that indicate they are UI payments made to someone other than the accountholder; and UI payments made with greater frequency than similarly situated customers.
- The customer withdraws UI funds in a lump sum by cashier’s checks, by purchasing a prepaid debit card, or by transferring the funds to out-of-state accounts.
- The customer’s UI payments are quickly wired to foreign accounts, particularly to countries with weak anti-money laundering controls.
- The customer receives or sends UI payments to a peer-to-peer (P2P) application or app. The funds are subsequently transferred to an overseas account in a manner inconsistent with the spending patterns of similarly situated customers.
- Individuals quickly withdraw disbursed UI funds for “bill payments” to individuals instead of businesses, with some individual payees receiving multiple online bill paychecks over a short time period.
- The IP address associated with logins for an account conducting suspected UI-fraud activities is geographically distant from the customer’s address or where the UI payment originated.
- Individuals transfer UI funds into suspected shell/front company accounts.
- A single, web-based email account is associated with multiple accounts receiving UI payments at one or more financial institutions.
- A newly opened account, or an account that has been inactive for more than thirty days, starts to receive numerous UI deposits. After a financial institution requests documents to verify customer’s identity, the customer provides incorrect or forged documents.
- A financial institution’s due diligence investigation reveals that the customer does not have a history of living at, or being associated with, the address to which the UI check or UI debit card is sent, or within the geographical area in which the UI debit card is being used.
Consistent with prior Advisories relating to fraud exacerbated by COVID-19, the Advisory provides specific instructions for filing a Suspicious Activity Report (“SAR”) when financial institutions suspect UI fraud.
- SARs should include the key term “COVID19 UNEMPLOYMENT INSURANCE FRAUD FIN-2020-A007” in SAR field 2 and in the narrative.
- Financial institutions should select SAR field 34(z) (Fraud-other) when reporting such fraud and specifically denote whether the same is an “unemployment fraud.”