The Financial Crimes Enforcement Network (“FinCEN”) issued on February 24, 2021 “an [A]dvisory to alert financial institutions to fraud and other financial crimes related to Economic Impact Payments (EIPs), authorized by the Coronavirus Aid, Relief, and Economic Security (CARES) Act, and the Coronavirus Response and Relief Supplemental Appropriations Act of 2021.” The Advisory describes EIP fraud, associated red flags, and information on filing related Suspicious Activity Reports (“SARs”). Once again, something intended for good – economic relief payments issued by the government to ease the pain of the pandemic – has given fraudsters another way to take advantage of the chaos created by the pandemic.
This Advisory was accompanied by a Notice, Consolidated COVID-19 Suspicious Activity Report Key Terms and Filing Instructions, which seeks to consolidate FinCEN’s “filing instructions and key terms for fraudulent activities, crimes, and cyber and ransomware attacks related to Coronavirus Disease 2019 (COVID-19)” for the purposes of SAR filings, and to “remind financial institutions of recent updates to FinCEN guidance” regarding Section 314(b) information sharing.
Stating that “U.S. authorities have detected a wide range of EIP-related fraud and theft involving a variety of criminal actors,” the Advisory provides a non-exhaustive list of such activity, including fraudulent checks; altered checks; counterfeit checks; theft of EIP; and phishing schemes using EIP as a lure. The Advisory then provides a list of potential red flags intended to alert financial institutions to potential fraud and thefts related to EIPs as well as to assist financial institutions in detecting, preventing, and reporting suspicious transactions related to such activities. As an example, one red flag is when “[a]n existing account receives an excessive number of EIPs via U.S. Treasury check or deposits related to a prepaid debit card linked to the same address (e.g., an account receiving more checks than expected relative to the customer’s profile and financial institution’s customer due diligence).”
This most recent Advisory and Notice follow and refer back to many similar publications issued by FinCEN regarding scams and cyber-attacks relating to COVID-19 vaccines; other medical scams relating to COVID-19; cybercrimes relating to COVID-19; unemployment insurance fraud relating to COVID-19; imposter and money mule schemes relating to COVID-19; and the use of the financial system to facilitate cybercrime and ransomware payments. FinCEN now has a Coronavirus Updates webpage, listing these publications and other resources.
As suggested by this stream of FinCEN publications, COVID-19 has presented a severe challenge to many financial institutions, and to their BSA/AML compliance departments in particular. In addition to the sheer increase since 2020 in the volume of transactions which may alert as potentially suspicious, financial institutions must struggle to adjust their transaction monitoring systems in light of the onslaught of novel scenarios relating to COVID-19 to avoid their systems alerting to false positives or, conversely, missing problematic transactions. Moreover, AML compliance staff have been on a steep learning curve in regards to being able to analyze these new threats and appreciate fully connections and trends – while simultaneously having to deal with the professional and personal stressors associated with COVID-19. Although FinCEN has stated in certain publications that financial institutions will receive some leeway due to the challenges created by COVID-19, only time will reveal if examiners demonstrate flexibility in practice.