FinCEN Advisory and Notice on Financial Crimes Targeting COVID-19 Economic Impact Payments

15 March 2021 Coronavirus Resource Center:Back to Business Blog
Author(s): Pamela L. Johnston Lisa M. Noller David W. Simon Jenlain A. C. Scott

On February 24, 2021, the Financial Crimes Enforcement Network (FinCEN) issued an advisory alerting financial institutions to the potential for fraud and other financial crimes related to Economic Impact Payments (EIPs) and a Notice on COVID-19 Suspicious Activity Report Key Terms and Filing Instructions. The EIP was authorized by the Coronavirus Aid, Relief, and Economic Security (CARES) Actand the Coronavirus Response and Relief Supplemental Appropriations Act of 2021.The new advisory provides descriptions of EIP fraud, red flag indicators, and other information on reporting suspicious activity. This advisory describes the major fraudulent and criminal activity companies should watch.

In the advisory, FinCEN provides a non-exhaustive list of EIP-related fraud and criminal activity:

  • Fraudulent Checks
  • Altered Checks
  • Counterfeit Checks
  • Theft of EIP
  • Phishing Schemes Using EIP as a Lure
  • Inappropriate Seizure of EIP

The FinCEN advisory also discusses “red flag” indicators of financial crimes related to EIPs and provided exemplars of such crimes. The categories outlined are:

  • Fraudulent, altered, counterfeit, or stolen EIP checks and automated clearing house (ACH) deposits, and prepaid debit cards:
    • Depositing one or more checks seemingly issued by U.S. Treasury
    • Multiple EIP-related deposits for individuals other than the account holder, and the individuals named on the checks live outside the area and have no history with the bank
    • Multiple EIPs related to a prepaid debit card linked to the same address
    • Customer opens a new account with an EIP check or debit card, and the potential account holder is different than the depositor
    • EIP check is deposited into dormant accounts with minimal activity
  • Theft of multiple EIPs:
    • Individual accounts opened after EIP program was announced, and receiving relevant checks or direct depositions
    • Account holder is under age 17 and received numerous EIPs
    • Rapid transfer of multiple EIPs into one account
    • Account receives several EIP-related deposits and quickly spends the money at places where cash back on return is an option, or has funds transferred onto debit or gift card
    • Deposits of one or more EIP Treasury checks, or deposits into a retail business account or personal account of a business owner that is not the payee/endorser
    • IP address is used to transfer funds from several EIP debit cards to a bank account
  • Other frauds and thefts occurring in an account receiving EIPs:
    • Account receives numerous deposits linked to EIPs and unemployment insurance payments from one or more states that do not match the account holders
    • Account with several EIP depositions and tax refunds from federal and state governments for individuals other than the account holders
    • Deposits of one or more EIP checks or electronic depositions are made into a nursing home or assisted living facility’s business account and not returned to the resident

The advisory further provides information on how to report suspicious activity (suspicious activity reports, or “SAR”). FinCEN requests that financial institutions reference this advisory by the key term “FIN-2021-A002,” to alert FinCEN to a possible connection between the suspicious activity and the activities outlined in the advisory. When reporting on behavior that includes counterfeit checks, money mule activity, or identity theft, FinCEN requests that the report include the terms “economic impact payment” and other program-specific terms. By selecting SAR field 34(z) (Fraud-other), financial institutions are indicating to FinCEN that this is related to COVID-19. FinCEN also asks that the name of the potential victim of an EIP fraud be included in the narrative portion, not the subject of the SAR.

Additionally, as noted above, on February 24, 2021, FinCEN released a Notice on Consolidated COVID-19 Suspicious Activity Report Key Terms and Filing Instructions. By issuing this Notice, FinCEN consolidates the filing instructions and key terms for fraudulent activities, crimes, and cyber and ransomware attacks related to COVID-19, and to remind financial institutions of the recent updates to Section 314(b). Table 1 of the Notice defines key terms and instructions regarding or relating to government programs, where Table 2 defines the key terms and instructions not tied to a specific government program. Table 3 provides a list of FinCEN’s COVID-19-related publications.

What Does This Mean for Me?

Banks and other financial institutions should be on high alert to potential abuse of EIPs and other related financial crimes. Companies may consider implementing new compliance policies around these transactions and engaging in regular system checks to make sure red flag transactions are caught. If any reporting issue arises, we recommend you consult with legal counsel and draft such a report with FinCEN’s recommended reporting words.

COVID-19 continues to impact companies in all sectors of the economy.  Foley is here to help our clients effectively address the short-term and long-term impacts on their business interests, operations, and objectives. Foley provides insights and strategies across multiple industries and disciplines to provide timely perspective on the wide range of legal and business challenges that companies face conducting business while dealing with the impact of the coronavirus. Click here to stay up to date and ahead of the curve with our key publications addressing today’s challenges and tomorrow’s opportunities. To receive this content directly in your inbox, click here and submit the form. 


1 Pub. L. 116-136.

2 Pub. L. 116-260.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.