On July 30, 2020, the Financial Crimes Enforcement Network (FinCEN) issued an advisory alerting financial institutions to potential indicators of cybercrime and cyber-enabled crime observed during the COVID-19 pandemic. The advisory – based on FinCEN’s analysis of Bank Secrecy Act (BSA) data, open source reporting, and law enforcement reports – describes COVID-19-related malicious cyber activity and scams, red flag indicators, and directions for reporting suspicious activity. The purpose of the advisory is to help financial institutions and their customers protect legitimate relief efforts for the COVID-19 pandemic against cyber criminals and malicious state actors.
With the increase in fraudulent schemes and cybercrime related to the COVID-19 pandemic, this is a good time to evaluate your AML/BSA and fraud-related compliance programs – including internal due diligence processes, training materials, and reporting procedures – to verify that your program is up to date and takes into account the risks and red flags identified in the advisory. Government agencies repeatedly have warned since March that now is not the time to throttle back on compliance and, when it comes to proprietary data, all companies should tailor their compliance efforts and resources to implement or upgrade proactive protection measures.
FinCEN’s advisory identifies the primary means by which cybercriminals and malicious state actors are exploiting the current COVID-19 pandemic. These include:
The advisory lists 20 red flag indicators across these three risk areas and instructs financial institutions to consider these red flags in addition to the context and factual circumstances of a specific transaction, prior to determining whether a transaction is suspicious or indicative of a potential fraudulent-related COVID-19 transaction. These factors include a customer’s historical financial activity, whether the transaction is in line with prevailing business practice, and whether a customer exhibits multiple red flag indicators. The advisory covers a wide range of red flag indicators, including, but not limited to, name changes between government-issued identification and customer account opening information, issues with images on government-issued identification, customer login irregularities, and changes to known customer email addresses. A full list of red flag indicators, per risk area, is included in the FinCen advisory.
Lastly, the advisory provides information on how to properly file a Suspicious Activity Report (SAR) identifying potential cybercrime and cyber-enabled crime related to the COVID-19 pandemic. The advisory instructs the following: