The advisory, published Tuesday, aims to “aid financial institutions in detecting, preventing, and reporting potential COVID19-related criminal activity.”
FinCEN recommends that financial institutions should be alert for scams in which criminal imposters pose as agents of legitimate government agencies in an attempt to fool victims into wiring them money to pay off a government debt or to hand over their banking passwords or other personal information in order to receive government stimulus money. FinCEN says imposters are most often posing as agents of the Internal Revenue Service (IRS), the Centers for Disease Control and Prevention (CDC), and the World Health Organization (WHO), as well as other healthcare or non-profit groups and academic institutions.
Financial institutions should also be on the lookout for money mule schemes, in which a person “transfers illegally acquired money on behalf of or at the direction of another.” In some cases, the money mule is an unwitting participant in the money mule scheme, tricked into participating by trusting the fraudster’s tale of romance, a job position, or other proposition. In others, the mule knows the money is coming from an illegal source and willingly participates in transferring it elsewhere.
FinCEN recommends financial institutions that discover these coronavirus-related scams and schemes among their financial transactions file a Suspicious Activity Report and place the term “COVID19 MM FIN-2020-A003” in SAR field 2. They should also indicate in the narrative “a connection between the suspicious activity being reported and the activities highlighted in this advisory.”
Financial institutions would do well to adjust their risk-based approach to compliance with the Bank Secrecy Act to consider multiple factors, like “a customer’s historical financial activity, whether the transactions are in line with prevailing business practices, and whether the customer exhibits multiple indicators, before determining if a transaction is suspicious or otherwise indicative of potentially fraudulent COVID-19-related activities.”