How you can help with BSA/AML and COVID-19-related fraud

Most of us probably have no desire to review the first three quarters of 2020, but I thought it would be useful to summarize how things are going in the Bank Secrecy Act (BSA)/Anti-Money Laundering (AML)  space relating to COVID-19 and the challenges it has presented and continues to present.

The passage of the CARES Act undoubtedly brought much welcome relief to a lot of your members. Most of you were probably just recovering from the rush of PPP applications when you started to see the sadly predictable COVID-19-related fraud scams pop up. 

Many of you have probably had an uptick in SAR filings over the last few months and presumably have probably not had much follow-up, if any, from FinCEN or others related to your filings on common fraud schemes. While this is not uncommon, it is probably frustrating not knowing what is happening behind the scenes. Even though you may not hear back, it is ever important to be detailed in your reporting. 

Recently, FinCEN Director Kenneth Blanco spoke at the ACAMS AML Conference and highlighted the ways these scams are being investigated. Notably, FinCEN has expanded its Rapid Response Program, which facilitates the collaboration among U.S. law enforcement, the financial industry and an international network of Financial Intelligence Units. This program has helped in the recovery of over $300 million in COVID-19-related fraud.

The two common fraud schemes are:

• State unemployment program fraud. Here, fraudsters use the dark web forums to sell previously hacked personally identifiable information (PII) and instructions on using it to obtain unemployment and other benefits. Law enforcement also has noted fake websites that appear legitimate to trick victims into making fraudulent donations or entering PII and confidential banking data. Fraud actors harvest and exploit this data to apply for unemployment benefits under the victims’ names.
• Cyber threat actors also are leveraging business email compromise attacks to defraud businesses and redirect small business loan stimulus disbursements to bank accounts belonging to the attackers.

Because of the multiple types of fraud and the specialized response teams investigating them, being increasingly diligent in your reporting is as important as ever. FinCEN has released three separate COVID-19-related fraud advisories that you can download:

• FIN-2020-A002 (May 18) Advisory on Medical Scams Related to Coronavirus Disease 2019
• FIN-2020-A003 (July 7) Advisory on Imposter Scams and Money Mule Schemes Related to Coronavirus Disease 2019
• FIN-2020-A005 (Advisory on Cybercrime and Cyber-Enable Crime Exploiting the Coronavirus Disease 2019

Each of these PDFs has good details on how to identify and report on the various fraudulent scams being seen today. All advisories include details on exactly what information should be included in your SARs to help FinCEN and law enforcement ensure the information is given to the correct team of investigators.

While most of you have probably already read the advisories, it would also be prudent to summarize and distribute them to officers and frontline retail staff to ensure they can distinguish the various types of COVID-19-related fraud schemes. 

It is important to remember that even though you may not hear back directly regarding your filings, the data you provide is aggregated with other filings and used in the fight against the fraudsters who are causing you and your members time, money and headaches.