Compliance Blog

The American Rescue Plan Act of 2021 provided for an additional round of economic impact payments, and the Department of the Treasury has been sending these payments for a little over a week. As more and more payments are received and deposited into member accounts, credit unions may be concerned about the threat of fraud or other financial crimes targeting these payments. Luckily, the Financial Crimes Enforcement Network (FinCEN) issued an Advisory on Financial Crimes Targeting COVID-19 Economic Impact Payments last month.

Like the previous COVID-19-related advisories issued by FinCEN, the recent advisory described examples of the types of fraud and crime that had been observed as well as certain red flags that might alert a credit union about illegal or suspicious activity related to economic impact payments.

FinCEN noted that examples of economic impact payments fraud and theft included, among other things:

• Using fraudulent checks to trick individuals into providing personal or banking information that provides the fraudsters with unauthorized access to the victims’ accounts;
• Altering the payee information for economic impact payment checks and depositing them through an ATM or mobile device;
• Depositing counterfeit economic impact payment checks through an ATM or mobile device;
• Stealing economic impact payments from the mail or improperly requesting another individual’s payment without the victim’s knowledge or consent (e.g., using stolen personally identifiable information to claim another person’s economic impact payment); and
• Using economic impact payments as bait in online phishing schemes with the intent to steal personally identifiable information, account numbers, and passwords to compromise victims’ accounts.

The red flag indicators of financial crimes related to economic impact payments were split into three distinct categories: (1) those payments procured through fraud, theft, or altered or counterfeit checks; (2) situations that might involve the theft of multiple economic impact payments; and (3) other types of frauds and thefts that might involve economic impact payments.  Some of those red flag indicators included the following:

• A member depositing fraudulent or counterfeit economic impact payment checks;
• A member’s account receiving multiple economic impact payment deposits for people other than the account holder and these people either live in a different geographic area or lack any kind of transaction history at the account holder’s address;
• A member’s account receiving what seems like an excessive number of economic payment deposits based on the member’s risk profile;
• A member opening a new account with an economic impact payment made payable to someone other than the member;
• Economic impact payments being deposited or transferred into dormant accounts;
• The receipt of multiple economic impact payments by an individual account opened after the federal government began issuing the payments;
• Multiple economic impact payments received by an account holder under the age of 17;
• Quickfire transfers of multiple economic impact payments into a single account that may suggest that fraudsters are combining the funds to quickly disburse them;
• A member’s account receiving multiple economic impact payments and atypical cash back purchases or fund transfers to prepaid debit or gift cards follow immediately after the deposits;
• Deposits of economic impact payments into a business account—a transaction that may suggest that the business or someone affiliated with the business (e.g., an owner) might be improperly colleting economic impact payments that are designed to go to the business’s customers or employees;
• Transfers from economic impact payment debit cards to an account occur using the same IP address, especially when the IP address is not in the United States or it is for a business;
• A member’s account receiving several deposits or electronic fund transfers related to economic impact payments and unemployment insurance benefits for beneficiaries other than the account holder;
• A member’s account receiving multiple economic impact payments and other federal and state tax refunds for individuals other than the account holder; and
• Deposits of economic impact payments into a nursing home or assisted living facility’s business account, suggesting that the business is improperly holding those funds for its residents.

The advisory also provided instructions about how to file suspicious activity reports (SARs) for suspicious activity related to economic impact payments. Both NCUA’s regulations and FinCEN’s regulations require filing SARs when certain thresholds are satisfied and certain types of conduct occurs. For example, section 748.1(c)(1)(iv)(C) of NCUA’s rules and regulations requires filing a SAR for transactions of $5,000 or more for which the transactions have “no business or apparent lawful purpose or is not the sort of transaction in which the particular member would normally be expected to engage, and the credit union knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.” This requirement can also be found in section 1020.320(a)(2)(iii) of FinCEN’s rules and regulations. This is just one of several criteria that might call for the filing of a SAR.

FinCEN requested that SARs related to the activities covered in the advisory include “FIN-2021-A002” in SAR field 2. FinCEN advised that credit unions filing economic impact payment-related SARS should select SAR field 34(z) to indicate the relationship between the suspicious activity and COVID-19 and “should include the type of fraud and/or name of the scam or product (e.g., economic impact payment) in SAR field 34(z).” FinCEN noted that SARs covered by activities described in the advisory should use the term “economic impact payment” in the SAR narrative in addition to including other relevant information, “such as counterfeit checks, money mule activity, or identity theft, to indicate a connection between those activities and [economic impact payment] frauds and thefts.” FinCEN admonished credit unions against reporting the potential victim of the economic impact payment fraud as the subject of the SAR. Instead, information about the victim should be included in the SAR narrative.