FinCEN provides several examples of red flags that may indicate the presence of an imposter scam or money mule scheme. The advisory encourages financial institutions to make additional inquiries and investigations with their customers where appropriate. FinCEN’s focus on consumer fraud is not new. It has previously highlighted what banks can do to prevent consumer fraud targeted at the elderly,3 consumer fraud following natural disasters,4 and fraud associated with third-party payment processors.5 As a result, many banks already have compliance policies and procedures in place to mitigate fraud risks to the public.
Banks should use the same playbook when confronting COVID-19 consumer fraud risks. For example, financial institutions should update their training for customer-facing employees so that they can spot red flags when they are speaking with customers. Bank employees should also be trained to ask additional questions and require additional information when red flags are present. Financial institutions should consider providing proactive warnings to customers about the prevalence of imposter scams and money mule schemes through either direct communications or their websites.
Consumer fraud during the pandemic
The United States is currently facing an unprecedented amount of consumer fraud linked to COVID-19. FinCEN’s advisory underscores an ongoing multi-agency commitment to combatting consumer abuse, including recent consumer fraud announcements by several other federal agencies including the DOJ, the FBI, and the FTC.6 Regulators understand the benefits of requiring banks to get to know their customers and better understand the purposes of their customers’ transactions. This is true more than ever during the COVID-19 pandemic.
1. Imposter scams
The first type of consumer fraud linked to COVID-19 is the classic imposter scam where criminals impersonate government agencies, organizations, or healthcare workers, including the IRS, CDC, and even fake “contact tracers,” to defraud victims. FinCEN’s advisory gives several examples of such imposter scams, including:
(1) Persons claiming to be government officials coercing victims into providing personal information, or making payments, allegedly in order to receive COVID-19-related stimulus payments or benefits.
(2) Persons posing as contact tracers who insist they provide personal or financial information as part of contact tracing efforts.
(3) Phony charities that take advantage of the public’s generosity and embezzle donations intended for COVID-19 response efforts.
The advisory describes seven red flags that may suggest an imposter scam. The red flags reflect common, yet subtle, irregularities that may suggest an imposter scam is afoot. These include, for example, customers receiving unsolicited communications from purported trusted sources instructing them to open embedded links, customers receiving what appear to be COVID-19 stimulus checks from the U.S. Treasury for less than the expected amounts, and customers receiving communications from purported governmental agencies or charities with the corresponding web domains “.com” or “.biz” rather than the expected “.gov” or “.org.”
Significantly, six out of the seven red flags indicating the presence of an imposter scam are unlikely to come to the attention of financial institutions unless their customers first file a complaint or make an inquiry.7 The fraudsters in an imposter scam are not targeting banks directly; they are targeting their customers directly. This presents a catch-22 for banks. FinCEN expects them to detect and prevent imposter scams, but they are learning about them from customers only after they have already happened.
As with elder fraud, imposter scams are difficult for banks to mitigate without active and thoughtful engagement with their customers. In 2011, FinCEN alerted financial institutions to “become aware of such scams through their direct interactions with elderly customers who are being financially exploited.”8 Banks can use the same playbook when confronting COVID-19 consumer fraud risks. Financial institutions can implement targeted trainings for their customer service representatives, and should consider proactive communications with their customers to warn them of red flags associated with imposter scams.
2. Money mule schemes
The second type of COVID-19 consumer fraud, the money mule scheme, occurs when a person transfers illegally acquired funds on behalf of or at the direction of another. A prominent example of a money mule scheme is a “work-from-home” ruse whereby a recruiter, disguised as a legitimate charity or organization, approaches a target with an employment offer. Once the target accepts itbegins receiving instructions to move funds through accounts and earns money by taking a percentage of the funds transferred at the instruction of the recruiter. Other examples involve individuals claiming to work abroad or to represent charities who ask a target to send or receive money on their behalf for a loved one battling COVID-19. Unlike imposter scams, where the bank’s customers are considered victims, money mule schemes include the possibility of customers acting as either unwitting, witting, or complicit movers of illegal money.
Unlike an imposter scam, which may generally be uncovered only via the bank’s post hoc review of consumer complaints or inquiries, a money mule scheme may be detected or interrupted by a financial institution’s proactive interventions in the first instance.
Some of the red flags associated with this type of fraud include customer account activity that is inconsistent with the customer’s transactional history profile, including receiving virtual currency or engaging in overseas transactions, and opening a new bank account in the name of a business and transferring funds shortly thereafter. There is nothing necessarily suspicious in those instances, as the advisory acknowledges; but if the customer declines to provide essential “know your customer” documents or “mentions COVID-19, relief work, or ‘work-from-home’ opportunities,”9 the financial institution should consider that a red flag. Likewise, where a customer makes an atypical transaction involving an overseas account and, when questioned about the transaction, indicates it is for a “person located oversea who is in need of financial assistance because of the COVID-19 pandemic,” then the bank should likewise consider filing a SAR.
Conclusion
FinCEN is relying on financial institutions to be the “first line of defense” to prevent, detect, and report consumer fraud linked to the COVID-19 pandemic. The agency contemplates that financial institutions aggressively question their customers and carefully review consumer complaints and inquiries. Mitigation of consumer fraud in the era of COVID-19 requires financial institutions to be aware of the red flag indicators highlighted in the advisory, train their customer-facing employees to carefully listen for COVID-19-related cues, and ask tactful questions during interactions with customers, including the circumstances and purpose behind each transaction.
Our Reed Smith Coronavirus team includes multidisciplinary lawyers from Asia, EME and the United States who stand ready to advise you on the issues above or others you may face related to COVID-19.
For more information on the legal and business implications of COVID-19, visit the Reed Smith Coronavirus (COVID-19) Resource Center or contact us at COVID-19@reedsmith.com
- FinCEN Advisory FIN-2020-A003, “Imposter Scams and Money Mule Schemes Related to Coronavirus Disease 2019 (COVID-19),” (July 7, 2020).
- “Banks May Need to Update Policies To Fight COVID-19 Fraud,” by Jennifer Achilles and Alejo Cabranes, Law360 (June 16, 2020).
- See, e.g., FinCEN Advisory FIN-2011-A003, “Advisory to Financial Institutions on Filing Suspicious Activity Reports Regarding Elder Financial Exploitation,” (February 22, 2011); FinCEN Strategic Analysis, “BSA Reports Files by Financial Institutions Help Protect Elders from Fraud and Theft of Assets,” (December 4, 2019).
- FinCEN Advisory FIN-2017-A007, “Financial Institutions should be aware of potential fraudulent activity related to disaster relief efforts,” (October 31, 2017).
- FinCEN Advisory FIN-2012-A010, “Risk Associated with Third-Party Payment Processors,” (Oct. 22, 2012) (in the context of guidance on the money laundering risks associated with payment processors, FinCEN observed the high incidence of consumer fraud connected to these activities and called on financial institutions to monitor customer complaints to mitigate the increased risk).
- See, e.g., Department of Justice (DOJ) Press Release “U.S. Attorney Warns Public of COVID-19 Contact Tracing Frauds,” (May 28, 2020); Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) Public Service Announcement “FBI Sees Rise in Fraud Schemes Related to the Coronavirus (COVID-19) Pandemic,” (March 20, 2020); and Federal Trade Commission (FTC) Press Release, “FTC and FCC Send Joint Letters to Additional VoIP Providers Warning against ‘Routing and Transmitting’ Illegal Coronavirus-related Robocalls,” (May 20, 2020); FTC Blog, “Want to Get Your Coronavirus Relief Check? Scammers do too,” (April 1, 2020).
- On the other hand, at least one red flag indicating an imposter scam can be readily policed by financial institutions without the intervention of a consumer complaint or inquiry, which is the agency’s warning about charities without an in-depth history, IRS annual returns, documentation of tax-exempt status, or charities that simply cannot be verified through internet-based resources.
- FinCEN Advisory FIN-2011-A003.
- Advisory at 6.
Client Alert 2020-461