On November 22, 2023, the Financial Crimes Enforcement Network (“FinCEN”), in close coordination with the Internal Revenue Service (“IRS”) Criminal Investigation (“CI”), issued an alert (“Alert”) regarding the COVID-19 Employee Retention Credit (“ERC”). The Alert echoes the FinCEN’s previous Notice on payroll tax evasion and workers’ compensation fraud in the construction sector, which was similarly issued by FinCEN in coordination with IRS CI, which has established itself as one of the primary “consumers” of Bank Secrecy Act (“BSA”) reports filed with FinCEN.

Since 2020, IRS CI has investigated more than $2.8 billion of potentially fraudulent ERC claims. The Alert indicates that ERC fraud occurs when fraudulent claims are filed using shell companies or existing but ineligible businesses to pay for personal expenses upon receipt of the credit. The fraud also occurs when businesses are “duped” into filing for the ERC by a third-party, who often provides the business with misinformation about program qualifications and takes a fee to help the business file a claim for the ERC.

During the pandemic, and up through 2021, FinCEN issued many alerts and advisories related to various types of fraud relating to COVID-19, but none specifically addressed the ERC. We blogged on these FinCEN alerts and advisories here, here, here here, here, here, here, here and here.

The Coronavirus Aid, Relief, and Economic Security (“CARES”) Act authorized the ERC, which is a tax credit to businesses to help keep employees on payrolls during the pandemic. In September, the IRS placed a moratorium through the remainder of 2023 on processing any new ERC claims. The IRS noted that the moratorium was due, in part, to the agency’s investigation of promotors and businesses filing “dubious claims” and indicated that the agency was working hundreds of criminal cases and thousands of ERC claims have been referred for audit. The IRS also has provided businesses who have received the credit but not yet cashed or deposited a refund check the opportunity to withdraw their ERC claim if they believe they were misled into filing a claim.

FinCEN notes that the information contained in the Alert is derived from an “analysis of BSA data, open-source reporting, and information provided by law enforcement partners.” The Alert asserts that ERC fraud falls within the national priorities, which specifically lists both tax fraud and COVID-19 fraud under the broader “fraud” umbrella.

The Alert provides the following typologies to assist financial institutions in identifying and reporting ERC fraud:

Filing of Fraudulent Claims

  • Use of Fabricated and Dormant Entities: IRS CI has observed dormant entities that typically have an EIN but did not have any activity but then filed taxes for at least one tax period during the ERC claim period;
  • Ineligible Businesses: Business owners may knowingly apply for the ERC hoping that they will receive a tax credit that they are not eligible to receive;
  • Third-Party Promoters: Third-party promoters are also known as “ERC Mills” that deploy aggressive marketing tactics, including mailing notices designed to look like official IRS communications and advertisements. Promoters hold themselves out as “ERC experts” or tax professionals. Promotion scams are likely to target established businesses to avoid IRS scrutiny. ERC Mills neglect to inform businesses of eligibility requirements and avoid signing the ERC return prepared. Promotors typically charge an upfront fee (sometimes 30 to 40% of the expected ERC) or a contingent fee depending on the amount of the tax credit. Promoters may submit claims on behalf of businesses without their knowledge or use stolen information, or use the taxpayer’s personal information to use in other identity theft schemes.

Fraudulent Receipt and Use of ERC Funds

The Alert highlights the following trends related to fraudulent receipt and use of ERC funds:

  • Funds are deposited into a business account that is funded solely by the ERC or to an account with limited transactions;
  • Fraudsters have used the ill-gotten funds for personal purposes including the purchase of luxury goods and vacations;
  • Fraudsters may attempt to conceal receipt of the funds by transferring the funds using a peer-to-peer (“P2P) service;
  • Recipients may attempt to deposit an altered check, closely resembling an ERC Treasury-issued check.

Red Flags

The Alert references these “red flags” to determine if a transaction is indicative of ERC fraud:

  • A business account receives more than one ERC check deposit over multiple days;
  • Small business accounts receive an ERC check deposit that is not commensurate with the size of the business, the number of employees, and the volume of transactions;
  • A large ERC is deposited into a business account and is subsequently transferred using P2P services or to an online banking institution, or withdrawn as cash at an ATM. Funds may be subsequently transferred from the account into separate accounts or payments may be made to new businesses that a customer has not had transactions with prior to receiving an ERC check deposit;
  • The account receiving an ERC check deposit has no deposits other than Treasury-issued checks, or the account has no regular business transactions;
  • A customer attempts to deposit an altered Treasury ERC check, or financial institutions are unable to verify the validity of the checks that customers attempt to deposit;
  • The ERC check is deposited into a new business account that did not exist in 2020 or 2021;
  • A new business account is created for an established business, but no other business activity occurs in the account except the deposit of the ERC. This may be indicative of identity theft, where the established business was used as a fraudulent front to file for the ERC;
  • A dormant business account suddenly receives an ERC check deposit;
  • An ERC is deposited into a business account with no payroll history;
  • A customer reports or provide documents indicating that their ERC was obtained by a third-party firm whose credentials cannot be verified or is the subject of adverse media.

Not for the first time, we will observe that these proposed “red flags” assume a high degree of knowledge by financial institutions regarding the activity by their customers.

Finally, the Alert reminds financial institutions of their Suspicious Activity Report (“SAR”) filing obligations, and that activities highlighted in the Alert should be reported in SARs by including the key term “FIN-2023-ERC” in SAR Field 2. The Alert also indicates that third-party ERC schemes may be reported to the IRS by submitting an IRS Form 14242 Report of Suspected Abusive Tax Promotions or Preparers.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.