It’s All About the Fraud

Senior Compliance Advisor, Rachelle Dekker, recaps the guidance the Financial Crimes Enforcement Network (FinCEN) has issued within the last four latest advisories.

Rachelle Dekker
Rachelle Dekker – Senior Compliance Advisor

As we gear up for the upcoming holiday season, retailers continue to blast their subscribers with emails filled with announcements of their latest deals. Following suit on the email notifications is FinCEN. For those of you who subscribe to FinCEN’s updates, you may have noticed an increase in communication from them, which comes to no surprise based on the publications found within the “Newsroom” located on FinCEN’s website.

From October 1, 2020 to November 24, 2020, FinCEN has issued thirteen News publications, two Federal Register Notices, four Advisories, and one Enforcement Action. I won’t go through the details on all of FinCEN’s news, notices and enforcement actions in this article, but you may find that information on their website here. However, I would like to recap the guidance FinCEN issued within the four latest Advisories.

On October 1, 2020, FinCEN issued FIN-2020-A006, which is an Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments. The purpose of the advisory was to alert institutions to the trends, typologies and indicators of ransomware and related money laundering activities.

The concerns of ransomware attacks continue to grow as financial institutions play a critical role in the collection of ransom payments. This typically involves a depository financial institution and one or more money service business (MSB) as the ransomware schemes tend to involve convertible virtual currency (CVC).

Included in the Advisory are ten red flag indicators of ransomware and associated payments to assist financial institutions in detecting, preventing and reporting suspicious transactions associated with ransomware attacks. Some of the applicable red flags to consider include a customer providing information in response to a ransomware incident when opening a new account or during other interactions with the customer. In addition, if the customer appears to have limited knowledge of CVC during onboarding – yet inquires about purchases of CVC. If a customer has not identified as a CVC exchanger or registered with FinCEN as a money transmitter, but are conducting CVC exchanges, they may be acting as an unregistered MSB.

In the event that a financial institution files an SAR on ransomware or related cyber activity, the SAR should include the key term, “CYBER-FIN-2020-A006” in SAR field 2 and within the narrative. The financial institution should also consider selecting SAR field 42 (Cyber event) as well as 42z (Cyber event –other) and including the key word, “ransomware” in the free form box.

Almost a week and a half later on October 13, 2020, FinCEN issued FIN-2020-A007, which is an Advisory on Unemployment Insurance Fraud During the Coronavirus Disease 2019 (COVID-19) Pandemic. Along with the financial impact of the pandemic, comes an increase in illicit actors and fraudulent schemes. Included in those schemes is fraud related to unemployment insurance. The Advisory provided five representative types of this activity and ten financial red flag indicators related to unemployment insurance fraud associated with COVID-19 relief. The representative types include fictitious employer-employee fraud, employer-employee collusion fraud, misrepresentation of income fraud, inside fraud, and identity-related fraud.

In addition, some of the red flag key indicators highlighted in the Advisory include suspicious activity conducted within an account such as when a customer receives UI (Unemployment Insurance) payments from another state. Additional red flags highlighted include when the customer receives multiple state UI payments, UI payments in the name of an individual than the account owner, or UI payments and regular work-related earnings via direct deposit.

The Advisory includes more red flags that I recommend reviewing and utilizing for training material.  When filing a SAR related to unemployment insurance fraud, financial institutions should reference the key term, “COVID19 UNEMPLOYMENT INSURANCE FRAUD FIN-2020-A007” in SAR field 2 and within the narrative. The SAR field 34(z) “Fraud- other” should also be selected with the key words “unemployment fraud” documented in the free form box available on the SAR form. 

Shortly following the issuance of the Unemployment Insurance Advisory, FinCEN issued FIN-2020-A008 on October 15, 2020, which is a Supplemental Advisory on Identifying and Reporting Human Trafficking and Related Activity. The Advisory was issued as a supplement to FIN-2014-A008 issued back in 2014. FinCEN recognized that the pandemic impacts the conditions that contribute to human trafficking and since 2014 they have collaborated with law enforcement to identify 20 new financial and behavioral indicators of human trafficking and four additional typologies.

The four typologies include Front Companies, Exploitative Employment Practices, Funnel Accounts, and Alternative Payment Methods. In the event that a financial institution determines to file a SAR on this type of activity, SAR field 2 should state, “HUMAN TRAFFICKING FIN-2020-A008.” In addition, that key term should be referenced within the SAR narrative and SAR field 38(h) (human trafficking) should be selected.

The most recent Advisory issued by FinCEN was FIN-2020-A009 on November 6, 2020. This is the Advisory on the Financial Action Task Force-Identified Jurisdictions with Anti-Money Laundering, Combating the Financing of Terrorism, and Proliferation Deficiencies. In October 2020, FAFT met and released the list of “Jurisdictions under Increased Monitoring.” This prompted FinCEN to issue the Advisory reminding financial institutions to consider the FAFT’s statements as it relates to their own BSA Program. In addition, the Advisory mentions that U.S. financial institutions should consider the risk associated with anti-money laundering and counter-proliferation financing deficiencies of the jurisdictions identified within the countries included on the list. Correspondent accounts maintained for foreign financial institutions should be established with due diligence, including enhanced risk-bask procedures, policies and controls that are designed to detect and report suspicious activity. In the event that an SAR is filed on AML/CFT, activity as it relates to this guidance, in SAR field 2 the statement, “October 2020 FATF FIN-2020-A009” should be included and referenced within the narrative.

Overall, FinCEN is staying busy with keeping their “subscribers” informed. With all of the information they are issuing, you don’t want to overlook how it relates to your institution’s BSA Program. If you have specific questions related to FinCEN’s latest Advisories and you subscribe to our services, submit your questions and we will be happy to help.   If you do not subscribe to our services, we invite you to consider it.  The Temenos Compliance Advisory Services team is always ready to assist.  

Filed under:

Rachelle Dekker
Rachelle Dekker – Senior Compliance Advisor