The Financial Crimes Enforcement Network (“FinCEN”) just issued another Advisory pertaining to two consumer fraud schemes exacerbated by the COVID-19 pandemic. This Advisory focuses on “imposter schemes” and “money mule schemes, ”which we discuss below.
This most recent Advisory is the latest in a string of pronouncements relating to the pandemic by FinCEN, which has stated that it regularly will issue such documents. As we have blogged, FinCEN issued an Advisory on May 18 regarding medical scams related to the pandemic, and issued a companion Notice that “provides detailed filing instructions for financial institutions, which will serve as a reference for future COVID-19 advisories.” On April 3, 2020, FinCEN also updated its March 16, 2020 COVID-19 Notice in order to assist “financial institutions in complying with their Bank Secrecy Act (“BSA”) obligations during the COVID-19 pandemic, and announc[ing] a direct contact mechanism for urgent COVID-19-related issues.”
The most recent Advisory again provides a list of potential red flags that FinCEN believes that financial institutions should be monitoring for, in order to detect, prevent, and report such suspicious activity. As we previously have commented: although such lists can be helpful to financial institutions, they ultimately may impose de facto heightened due diligence requirements. The risk is that, further in time, after memories of the stressors currently imposed by COVID-19 have faded, some regulators may focus only on perceived historical BSA/AML compliance failures and will invoke these lists not merely as efforts by FinCEN to assist financial institutions in deterring crime, but as instances in which FinCEN was putting financial institutions on notice.
Further, the most recent Advisory suffers from the fact that its list of red flags for imposter schemes is best directed at consumers themselves, rather than at financial institutions offering services to consumers: many of the red flags pertain to anomalies in the communications sent directly by fraudsters to targeted consumer victims – information that financial institutions rarely possess.
FinCEN describes imposter schemes as follows:
In imposter scams, criminal impersonate organizations such as government agencies, non-profit groups, universities, or charities to offer fraudulent services or otherwise defraud victims. While imposter scams can take multiple forms, the basic methodology involves an actor (1) contracting a target under the false pretense of representing an official organization, and (2) coercing or convicting the target to provide funds or valuable information, engage in behavior that causes the target’s computer to be infected with malware, or spread disinformation. In the case of schemes connected to COVID-19, imposters may pose as officials or representatives from the Internal Revenue Service, the Centers for Disease Control and Prevention, the World Health Organization, other healthcare or non-profit groups, and academic institutions.
As noted, the seven listed red flags – although accurate – presumably will provide limited help to financial institutions, because they tend to focus on the nature of the reach-out by fraudsters to their intended victims. For example, one red flag urges caution as to “[u]nsolicited communications [to consumers] from purported trusted sources or government programs related to COVID-19, instructing readers to open embedded links or files or to provide personal or financial information, including account credentials (e.g., usernames and passwords).” FinCEN concedes as much, and states that “many scammers may be targeting customers as opposed to financial institutions directly[.]” Nonetheless, FinCEN advises financial institutions to remain on the alert for the listed red flags when interacting with their customers. This assumed level of interaction may not be realistic, particularly because most duped consumers will not raise issues with their financial institutions. If they have been duped, by definition, they already have accepted the deception. As a service to both their customers and themselves, financial institutions may consider sending a communication to their customers, warning them of imposter scams and setting forth the red flags listed by FinCEN.
Money Mule Schemes
FinCEN describes a money mule as “a person who transfers illegally acquired money on behalf of or at the direction of another.” Mules may be “unwitting,” “witting” (defined as someone who “choses to ignore obvious red flags or acts willfully blind to his/her money movement activity”). and “complicit” (defined as someone who knows that they are a mule in a criminal scheme). According to FinCEN, “[d]uring the COVID-19 pandemic, U.S. authorities have detected recruiters using money mule schemes, such as good-Samaritan, romance, and work-from-home schemes. U.S. authorities also have identified criminals using money mules to exploit unemployment insurance programs during the COVID-19 pandemic.”
Here, the eleven red flags listed by FinCEN are generally more appropriately directed to financial institutions, because they focus more on account activity subject to monitoring by the institution, rather than the nature of communications between a consumer victim and a fraudster. For example, the first red flag – clearly envisioning a “witting” or “complicit” mule – provides:
The customer’s personal bank account starts to receive transactions that do not fit his or her transactional history profile, including overseas transactions, the purchase of large sums of convertible virtual currency, or transactions in large fiat amounts, or the accounts generally had a low balance until the customer became involved in a money mule scheme. When asked about the changes in transactions, the customer declines requests for “know your customer” documents or inquiries regarding sources of funds, and may mention COVID-19, relief work, or a “work-from-home” opportunity as the source of the income.
Of course, most of these red flags are not necessarily dependent upon the COVID-19 pandemic. Rather, they pertain to these sorts of scams in general, which have and will occur regardless of the pandemic – the main point being that COVID-19 has made such scams more common.
Suspicious Activity Reporting Instructions
Finally, the Advisory sets forth brief instructions on how to report potential imposter or money mule schemes on a Suspicious Activity Report, or SAR, including a request to specifically reference this Advisory within the SAR narrative, and to identify the type of suspected scam in certain fields provided in the SAR form.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.