On February 24, 2021, the Financial Crimes Enforcement Network (FinCEN) issued an advisory alerting financial institutions to the potential for fraud and other financial crimes related to Economic Impact Payments (EIPs) and a Notice on COVID-19 Suspicious Activity Report Key Terms and Filing Instructions. The EIP was authorized by the Coronavirus Aid, Relief, and Economic Security (CARES) Act¹ and the Coronavirus Response and Relief Supplemental Appropriations Act of 2021.² The new advisory provides descriptions of EIP fraud, red flag indicators, and other information on reporting suspicious activity. This advisory describes the major fraudulent and criminal activity companies should watch.

In the advisory, FinCEN provides a non-exhaustive list of EIP-related fraud and criminal activity:

• Fraudulent Checks

• Altered Checks

• Counterfeit Checks

• Theft of EIP

• Phishing Schemes Using EIP as a Lure

• Inappropriate Seizure of EIP

The FinCEN advisory also discusses “red flag” indicators of financial crimes related to EIPs and provided exemplars of such crimes. The categories outlined are:

• Fraudulent, altered, counterfeit, or stolen EIP checks and automated clearing house (ACH) deposits, and prepaid debit cards:

  • Depositing one or more checks seemingly issued by U.S. Treasury

  • Multiple EIP-related deposits for individuals other than the account holder, and the individuals named on the checks live outside the area and have no history with the bank

  • Multiple EIPs related to a prepaid debit card linked to the same address

  • Customer opens a new account with an EIP check or debit card, and the potential account holder is different than the depositor

  • EIP check is deposited into dormant accounts with minimal activity

• Theft of multiple EIPs:

  • Individual accounts opened after EIP program was announced, and receiving relevant checks or direct depositions

  • Account holder is under age 17 and received numerous EIPs

  • Rapid transfer of multiple EIPs into one account

  • Account receives several EIP-related deposits and quickly spends the money at places where cash back on return is an option, or has funds transferred onto debit or gift card

  • Deposits of one or more EIP Treasury checks, or deposits into a retail business account or personal account of a business owner that is not the payee/endorser

  • IP address is used to transfer funds from several EIP debit cards to a bank account

• Other frauds and thefts occurring in an account receiving EIPs:

  • Account receives numerous deposits linked to EIPs and unemployment insurance payments from one or more states that do not match the account holders

  • Account with several EIP depositions and tax refunds from federal and state governments for individuals other than the account holders

  • Deposits of one or more EIP checks or electronic depositions are made into a nursing home or assisted living facility’s business account and not returned to the resident

The advisory further provides information on how to report suspicious activity (suspicious activity reports, or “SAR”). FinCEN requests that financial institutions reference this advisory by the key term “FIN-2021-A002,” to alert FinCEN to a possible connection between the suspicious activity and the activities outlined in the advisory. When reporting on behavior that includes counterfeit checks, money mule activity, or identity theft, FinCEN requests that the report include the terms “economic impact payment” and other program-specific terms. By selecting SAR field 34(z) (Fraud-other), financial institutions are indicating to FinCEN that this is related to COVID-19. FinCEN also asks that the name of the potential victim of an EIP fraud be included in the narrative portion, not the subject of the SAR.

Additionally, as noted above, on February 24, 2021, FinCEN released a Notice on Consolidated COVID-19 Suspicious Activity Report Key Terms and Filing Instructions. By issuing this Notice, FinCEN consolidates the filing instructions and key terms for fraudulent activities, crimes, and cyber and ransomware attacks related to COVID-19, and to remind financial institutions of the recent updates to Section 314(b). Table 1 of the Notice defines key terms and instructions regarding or relating to government programs, where Table 2 defines the key terms and instructions not tied to a specific government program. Table 3 provides a list of FinCEN’s COVID-19-related publications.

What Does This Mean for Me?

Banks and other financial institutions should be on high alert to potential abuse of EIPs and other related financial crimes. Companies may consider implementing new compliance policies around these transactions and engaging in regular system checks to make sure red flag transactions are caught. If any reporting issue arises, we recommend you consult with legal counsel and draft such a report with FinCEN’s recommended reporting words.

¹ Pub. L. 116-136.

² Pub. L. 116-260.