Compliance Update — Insights and Highlights March 2023
In response to the rapid increase in check fraud, the Financial Crimes Enforcement Network (FinCEN) issued on February 27, 2023, its FinCEN Alert on Nationwide Surge in Mail Theft-Related Check Fraud Schemes Targeting the U.S. Mail (FinCEN Alert). FinCEN partnered with the US Postal Inspection Service (USPIS) on the alert, numbered FIN-2023-Alert003, and together the organizations developed a list of 10 red flags to consider when attempting to identify, stop, or report check fraud-related suspicious activity.
The FinCEN Alert was issued to financial institutions asking them to “be vigilant in identifying and reporting” mail theft-related check fraud “[i]n light of a nationwide surge in check fraud schemes targeting the U.S. Mail.” According to the FinCEN Alert, despite the declining use of checks throughout the country, criminals have increasingly targeted the US mail to commit check fraud since the COVID-19 pandemic. From March 2020 through February 2021, the US Postal Service (USPS) received 299,020 mail theft complaints, which was an increase of 161% compared to the same period the prior year. The FinCEN Alert also points out that Bank Secrecy Act (BSA) reporting for check fraud increased in the past three years, with financial institutions filing more than 350,000 Suspicious Activity Reports (SARs) to report potential check fraud, a 23% increase over the number of check fraud-related SARs filed in 2020, and in 2022 the number of check fraud-related SARs nearly doubled to over 680,000. This number is expected to continue to increase this year.
The FinCEN Alert noted that criminals will generally steal all types of checks in the USPS mail as part of a mail theft scheme, but business checks may be more valuable because business accounts are often well-funded and it may take longer for the victim to notice the fraud. The FinCEN Alert advised that there have been cases of USPS employees stealing checks at sorting and distribution facilities, but mail theft-related check fraud is increasingly committed by non-USPS employees, including check washers and money mules. A “check washer” is defined in the FinCEN Alert as someone who uses chemicals to remove the original ink on a check to replace the payee and often the dollar amount, and may also copy and print multiple washed checks for future use or to sell to third-party criminals. A “money mule” is defined by the FinCEN Alert as a person (whether witting or unwitting) who transfers or moves illicit funds at the direction of or on behalf of another.
According to FinCEN, criminals located throughout the country target USPS blue collection boxes, unsecured residential mailboxes, and privately owned cluster box units at apartment complexes, in planned neighborhoods, and in high-density commercial buildings. The theft can occur through forced entry or the use of makeshift “fishing” devices (i.e., devices that are usually made with an adhesive substance for the purpose of adhering to mail in order to remove it from the box), and increasingly involves the use of authentic or counterfeit USPS master keys, known as “arrow keys,” which may be provided by USPS personnel unlawfully or in response to violent threats. The FinCEN Alert says that fraudsters may also copy and sell stolen arrow keys over the dark web in exchange for virtual currency.
The FinCEN Alert states that after stealing checks from the USPS mail, fraudsters and organized criminal groups may alter or “wash” the checks, replacing the payee information with their own or fraudulent identities or with business accounts that the criminals control, and often increasing the dollar amount on the check, sometimes by hundreds or thousands of dollars. However, criminals may also copy, print, and sell washed checks to third-party fraudsters on the dark web in exchange for virtual currency, and in some cases counterfeit checks using routing and account information from the original stolen check. The FinCEN Alert notes that these fraudulent checks may be cashed or deposited in person at financial institutions, through ATMs, or through remote deposit into accounts controlled by criminals and often opened specifically for the check fraud scheme. The FinCEN Alert also provides that criminals may rely on money mules and their pre-existing accounts to deposit these fraudulent checks. Once the checks are deposited, the criminals usually withdraw the funds through an ATM or by wire quickly to further hide the fraud.
The red flags identified in the FinCEN Alert include unusual large check withdrawals to a new payee; consumer complaints of stolen checks or checks mailed and not received; checks used against a customer’s account that are visibly different than the bank’s check stock; uncharacteristic increase of check activity and funds transfers; a newly opened account used primarily for the deposit of checks with frequent withdrawals and transfers; and a suspicious-acting noncustomer attempting to cash a large check or multiple checks. The FinCEN Alert provides that no single red flag is determinative of criminal or suspicious activities, and before determining that a behavior or a transaction is suspicious, financial institutions should consider the surrounding facts and circumstances, such as a customer’s historical financial activity, prevailing business practices, or multiple red flags. In line with a financial institution’s risk-based approach to compliance with the BSA, banks are also encouraged to perform additional due diligence where appropriate.
FinCEN provided additional SAR filing instructions for financial institutions filing a SAR related to check fraud. The term “FIN-2023-MAILTHEFT” should be included in SAR Field 2 (Filing Institution Note to FinCEN) and the SAR narrative. Additionally, the bank should select SAR Field 3(d) (check fraud). Financial institutions are also encouraged to refer victims of check fraud to the USPIS at 1-877-876-2455 or United States Postal Inspection Service website to report the incident.