In response to this guidance, financial institutions (FI) should consider assessing certain elements of their BSA compliance programs, including fraudulent account application and account takeover detection models and rulesets, review and updating of fraud and money laundering investigation and SAR filing written procedures, forms and templates, refreshing training materials to review activity, and updating of management information to identify trends and to proactively manage fraud risk. Treliant has the experience and the knowledge to help FIs meet these requirements. We are here to help.
On October 13, 2020, FinCEN issued FIN-2020-A007 “Advisory on Unemployment Insurance Fraud During the Coronavirus Disease 2019 (COVID-19) Pandemic” to alert financial institutions to unemployment insurance (UI) fraud observed during the COVID-19 pandemic. The advisory contains descriptions of COVID-19-related UI fraud, associated financial red flag indicators, and information on reporting suspicious activity.
Previously, FinCEN has issued related Advisories including FIN-2020-A005, “Advisory on Cybercrime and Cyber-Enabled Crime Exploiting the Coronavirus Disease 2019 (COVID-19) Pandemic” (July 30, 2020) and Advisory FIN-2011-A016, “Account Takeover Activity” (December 19, 2011)
The recent advisory provides detailed descriptions of fraud typologies and financial red flag indicators. Fraud typologies include fictitious employer-employee fraud, employer-employee collusion fraud, mis-representation of income fraud, insider fraud and identity-related fraud include false application and account takeover. The advisory outlines numerous financial red flag indicators of UI fraud based on certain transaction patterns including geographic discrepancies in physical, IP and email addresses, velocity, high transaction volume, lump sum withdrawals (“draining”), many-to-one incoming transfers, peer-to-peer payments, and outgoing transfers to foreign accounts.
Finally, the advisory also provides guidance on filing of COVID-19-related fraud Suspicious Activity Reports (SARs). Financial institutions are reminded to provide all pertinent and available information in the SAR and narrative including entry of the key term “COVID19 UNEMPLOYMENT INSURANCE FRAUD FIN-2020-A007” in SAR field 2, entering the keywords “unemployment fraud” in SAR field 34(z) (Fraud – other) as the associated suspicious activity type to indicate a connection between the suspicious activity being reported and COVID-19, and providing relevant email addresses, IP addresses with their respective timestamps, login information with location and timestamps, cyber-related information and technical indicators, virtual currency wallet addresses, mobile device information (such as device International Mobile Equipment Identity (IMEI)), phone numbers, monikers, and description and timing of suspicious electronic communications. This detailed information is highly valuable to law enforcement in conducting effective forensic investigations to identify fraudsters and transnational criminal fraud rings.
This guidance supplements FinCEN’s Notice Related to the Coronavirus Disease 2019 (COVID-19) which contains information regarding reporting COVID-19-related crime under certain BSA obligations.