Kenneth A. Blanco
Financial Crimes Enforcement Network
ACAMS AML Conference (Virtual)
September 29, 2020
Good morning. It is a pleasure to be joining you all and I would like to thank Kieran Beer for inviting me to be a part of today’s virtual event. In our time together today, I would like to:
- Discuss FinCEN’s response to the global health crisis;
- Share the latest trends that we are seeing related to COVID-19 and related frauds; and
- Update some of FinCEN’s efforts in other key areas, to include combatting cyber threats, our work in the virtual currency space, and our recent rulemakings.
As the pandemic began to unfold earlier this year, we all had to pivot, and quickly. I know all of you are working hard to serve your customers and keep your workforce safe in the unprecedented environment in which we are all operating. At FinCEN, we are doing the same.
At the same time, we have an incredibly important mission—one that profoundly impacts people’s lives, and we cannot stop in the face of crisis or challenges. We remain laser-focused on the effects COVID-19 has had on a range of illicit finance threats across the world. With businesses and individuals in our country and across the globe facing new and challenging circumstances, the entire AML community has had to adapt in real time.
Immediately, FinCEN aligned several strategic efforts to assist financial institutions impacted by the pandemic. On our regulatory side, FinCEN issued Notices to financial institutions—one on March 16, one on April 3, and another on May 18—advising them to remain alert to fraudulent, COVID-19 related transactions, and providing instructions on Bank Secrecy Act (BSA) filing requirements.
FinCEN’s Regulatory Support Section has responded to hundreds of inquiries relating to BSA obligations during COVID-19 and the Paycheck Protection Program (PPP) under the Coronavirus Aid, Relief, and Economic Security Act (CARES Act).
FinCEN worked hard on the CARES Act with other Treasury components as it relates to our area, the BSA, and we are committed to promoting the success of the CARES Act, including the need to facilitate expeditious disbursal of CARES Act funds. The mission for all of us in the financial space is to get funds to the intended recipients—many who badly need it for their financial survival—not to exploitive criminals and fraudsters.
Related to that, FinCEN immediately started tracking and publishing trends in COVID-19 fraud and financial crime based on BSA data, while working with our law enforcement partners. Since May, we have published multiple advisories related to COVID-19 medical fraud, imposter scams, and cyber-enabled crime. Let me mention them briefly, as they are very important.
- Our first advisory, issued May 18, described medical fraud in the wake of the pandemic —criminals selling fake vaccines and cures, price gouging on medical equipment, and the fraudulent collection of medical donations that criminals divert to their personal use, among other typologies.
- On July 7, FinCEN issued its second advisory, alerting financial institutions to financial red flags of imposter scams and money mules, two forms of consumer fraud against state unemployment programs. Soon after publication, financial institutions and law enforcement reported significant unemployment benefit fraud.
- And most recently, on July 30, FinCEN issued a third advisory to help financial institutions identify cybercrime and cyber-enabled crime exploiting the COVID pandemic.
You should read these advisories. The most common trend we see in COVID-19 related SARs involves fraudsters targeting multiple COVID-19 related government stimulus programs, employing money mules and cyber techniques. The largest share of COVID-19 SARs addresses fraud against federal or state COVID-19 stimulus programs. Stimulus programs intended to benefit both individual taxpayers and small businesses have been targeted for fraud, with multiple Automated Clearinghouse (ACH) payments disbursed to a single account representing the most common financial pattern reported in SARs. Specifically:
Fraudsters use cyber platforms such as the dark web, social media, and email to recruit money mules, obtain fraudulent beneficiary information, and share government program information. The following are a few representative examples:
- FinCEN is observing fraudsters coordinate plans against various state unemployment programs on dark web forums, and discuss direct attacks on states with weaker controls. Fraudsters also use dark web forums to sell previously hacked personally identifiable information (PII) and instructions on using it to obtain unemployment and other benefits. Law enforcement also has noted fake websites that appear legitimate to trick victims into making fraudulent donations or entering PII and confidential banking data. Fraud actors harvest and exploit this data to apply for unemployment benefits under the victims’ names.
- Fraudsters are advertising services instructing individuals on how to apply for unemployment insurance, the PPP, and the Small Business Administration’s Economic Injury Disaster Loan (EIDL) program on social media platforms such as Telegram and SnapChat, often for a fee. Dark web vendors are selling similar data, instructions, and complete packages of PII to apply for PPP and EIDL funds.
- Cyber threat actors also are leveraging Business Email Compromise (BEC) attacks to defraud businesses and redirect small business loan stimulus disbursements to bank accounts belonging to the attackers.
The more specific you are in describing the activity in your SAR, the more useful they are for our law enforcement partners, and the easier and faster it will be to get your SARs to the right investigative team.
- For medical scams described in our advisory—like fake test kits, non-delivery of goods, and price gouging—those SARs go to a specialized team of attorneys and investigators across the government. Specificity in the SAR about the fraudulent or suspicious medical aspects, both in the narrative and by checking box 34z, will get your SAR to this team more quickly.
- For consumer related fraud, especially targeting the elderly or other vulnerable individuals with a COVID-19 related scam, such as a fake COVID relief charity or bogus person-in-need scam, specificity in SARs is encouraged. Using the SAR check box 38d for elder financial exploitation will expedite getting the SAR to the right team. Include details of the scam in the SAR narrative, such as how the elderly victim was contacted, so financial institution personnel can deter elderly customers from sending money to obvious scammers, and can reach out to local authorities like Adult Protective Services, if warranted, for the benefit of the elderly customer.
Additionally, FinCEN has expanded its Rapid Response Program, a collaborative effort among U.S. law enforcement, the financial industry, and an international network of Financial Intelligence Units (FIUs) that allows for quick dissemination of information regarding suspected financial fraud tied to BEC scams. These efforts now support law enforcement and financial institutions in the recovery of funds stolen via fraud, theft, and other financial crimes related to COVID-19. Since the beginning of the pandemic, FinCEN has supported several dozen requests from federal, state, and even international law enforcement agencies, and our contributions have aided in the successful recovery of almost $325 million in COVID-19 related fraud.
We also are supporting law enforcement investigations into COVID-19 related cybercrime, scams, fraud, and more, and we have tailored our training program to focus on COVID-19 specific criminal activity. Since March alone, we have trained more than 5,000 law enforcement colleagues on the effective use of BSA data in COVID-19 investigations.
COVID-19 Related BSA Reporting
I now would like to share the latest trends that we are seeing regarding COVID-19 and related fraud, which is an urgent priority for all of us.
From February 1 to September 12, 2020, financial institutions have filed with FinCEN over 91,000 SARs referencing COVID-19 and the stimulus programs. Breaking this figure down by financial industry:
- Depository Institutions (Banks) filed over 64,000 of these SARs, accounting for about 71 percent of all COVID related SAR filings.
- Credit Unions filed over 14,000 of these SARs, accounting for about 17 percent of all COVID related SAR filings.
- The Money Services Business (MSB) industry filed over 4,000 SARs, accounting for 5 percent of all COVID related SAR filings.
- The Securities/Futures industry filed over 1,500 SARs, accounting for 2 percent of all COVID related SAR filings.
- The Casino/Card Club (Casinos) industry filed almost 600 SARs, accounting for less than 1 percent of all COVID related SAR filings.
So what does all of this mean?
First, I want to thank you and encourage you to keep up the great work with your reporting. It is making a difference.
Second, what I said earlier about the specificity of the SARs also applies here. If your SARs address fraud against any COVID-19 government stimulus program or the CARES Act, please be as specific as possible in naming the program when you file your SAR to expedite getting the SAR to the right investigative team.
Different law enforcement teams are investigating fraud in the different government programs, and vague references to “stimulus” or “CARES Act” or “benefit” in SARs hinder our ability to get the information into the hands of the right team. The more specific you are in your SAR narrative, the faster it will get to the right investigators. For example:
- If the suspicious activity is related to an ACH payment from a state unemployment insurance program, please clearly mention COVID19 UNEMPLOYMENT INSURANCE FRAUD in field 2 of the SAR (Filing Institution Note to FinCEN) as well as in the narrative. This will make it much easier for your SAR to get to law enforcement teams working with the states on unemployment fraud.
- Or if the activity involves a counterfeit check or ACH payment for the EIDL program, please also clearly mention COVID19 EIDL FUNDS FRAUD in field 2 of the SAR (Filing Institution Note to FinCEN) and state this in the narrative, as there are specific prosecutorial teams working on EIDL fraud.
Lastly, I would like to remind you that all of the advisories and guidance I mentioned today are housed prominently on a dedicated COVID-19 page on FinCEN’s website.
In addition to our response to the global health crisis, FinCEN continues to focus its efforts on a number of priority areas, including cyber threats and the virtual currency space. FinCEN is always looking for ways to increase communication with financial institutions, whether they handle convertible virtual currencies (CVCs) or not. In May 2019, FinCEN launched its “Innovation Hours Program,” encouraging FinTech and RegTech companies, as well as financial institutions, to present to FinCEN new and innovative products and services being adopted within or planned for the financial sector.
We have continued to hold these sessions remotely and uninterrupted during the pandemic, meeting over the past 13 months with 38 different firms. These sessions have allowed us to hear directly from many CVC financial institutions doing innovative work in the AML space.
One issue that continues to come up during these discussions relates to mitigating risks associated with emerging payment systems, including virtual currency. To be clear, exchanges are not the only ones with crypto risk exposure. These risks are not unique to money services businesses or virtual currency exchangers; banks must be thinking about their crypto exposure as well. These are areas your examiners, and FinCEN, will ask you about when assessing the effectiveness of your AML program.
So banks also need to be asking themselves, “What baseline controls do we have in place to identify customers? Do we have institutional or peer-to-peer virtual currency customers? How does our financial institution interact with emerging payment systems? Do we have the tools we need to identify and report potentially suspicious activity occurring through our financial institution?” All of these questions go back to the policies and procedures in place to mitigate risk.
If banks are not thinking about these issues, it will be apparent when examiners visit.
Lastly, I want to discuss two of FinCEN’s recent rulemakings. FinCEN published its Final Rule on September 15, 2020, requiring minimum standards for banks lacking a federal functional regulator. Known as the “Gap rule,” this rulemaking closes a regulatory gap in AML coverage that presented a vulnerability to the U.S. financial system that could be exploited by bad actors. The rulemaking requires AML standards for (1) state-chartered, non-depository trust companies, (2) non-federally insured credit unions; (3) private banks; (4) non-federally insured state banks and savings associations; and (5) international banking entities.
This rulemaking will help reduce the temptation for criminals to seek out and exploit banks subject to less rigorous AML requirements and will help keep our nation, communities, and families safe from harm.
Finally, I would like to spend some time talking about the Advance Notice of Proposed Rulemaking (ANPRM) that we issued less than two weeks ago on September 17. I am really excited about this ANPRM, and I hope you are too. I strongly encourage you to read it and think about it.
The ANPRM embodies a partnership that we are really proud of, and it folds a diversity of voices into one document. It publicly recognizes a conversation that many of you know has been taking place behind the scenes, behind closed doors, at conferences like this one, for years. How do we achieve, and measure, and examine for, effectiveness in our AML regime? How do we work together to adequately provide the flexibility industry needs to allocate resources according to risk and priorities to help law enforcement and others with actionable information? How do we communicate our needs and information to each other and feel confident that something will come of it? With this ANPRM, we are issuing a meaningful, public invitation to all of you to weigh in, provide your perspectives, your experience, and your insights.
If you have had a chance to read it, you will know that the components of the ANPRM are straightforward. Does it help our collective mission if we provide an explicit definition of effectiveness? Maybe it will assist us in determining what might not be effective? We know many of you here already conduct risk assessments on a regular basis—but is it significant if we make it an explicit requirement?
Will it help you if FinCEN provides you with national AML priorities? Will it help you allocate your resources? What is the burden to your institution, if any, or how will it make you more effective and efficient? Our intention is not to impose additional burden. What considerations are specific to your institution or your industry? Should we build in flexibility—why, and how do we do that?
But beyond these formal questions at the end of the ANPRM, I also am inviting you to think about the modernization of the AML regime in general and provide us with that feedback too. As we clearly lay out in this document, there is a lot of ongoing work, and this ANPRM is but one component. We talk about developing and focusing on priorities, reallocating compliance resources, modernizing and streamlining monitoring and reporting practices, enhancing information sharing, and advancing and maximizing regulatory and technological innovations.
While I cannot say at this time that there are regulatory initiatives underway for this entire range of issues, I can say that we have been hard at work this year to address these issues. Things that you have already seen published, like the joint statement on innovation, the joint statement on the sharing of resources, updates to the FFIEC manual, the PEP statement—all with our regulatory partners. We also have been working with industry through our Innovation Hours, FinCEN Exchange, our enforcement statement issued just last month, the CDD FAQs, and other ongoing initiatives. And there will be more to come. But I invite you to think about these issues as well and provide us with your comments and feedback.
So as you can see, the effectiveness ANPRM is just the beginning. It is a national conversation starter. Much more work needs to be done and we all know that it will be challenging. These things are not easy. But we need your insight and thoughtful consideration.
We all want the same thing at the end of the day: to be effective, to be efficient, to confront and address risk, to prioritize, to protect our national security, our families and communities from harm.
I ask you to do your part and participate. Join in the conversation and help us find the path toward common understanding and common ground. Let us know what you think. Because it matters to all of us, particularly the most vulnerable in our society.
As I conclude my remarks, I want to thank you again for your time today and for your hard work every day.
The financial services that you provide to communities across our country, and the integrity that you contribute to our financial system through your diligent monitoring and reporting, has never been more important to the lives of so many. Thank you for your commitment, and for all you do.