skip to main content

FinCEN Releases First Advisory on COVID-19 Illicit Activity, Including New Red Flags for Potential COVID-19 Fraud and Scams

On May 18, 2020, the Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) released its first advisory to financial institutions about detecting and preventing COVID-19 fraud. The guidance provides financial institutions with 22 red flag indicators to help identify potential illicit activity related to the pandemic, such as price gouging and hoarding medical supplies; fraudulent cures, tests, and vaccines; and non-delivery scams. FinCEN plans to issue additional advisories about financial crimes related to the pandemic in the future.

Red Flags of Potential COVID-19 Fraud

FinCEN’s guidance offers red flags for several different types of COVID-19-related illegal activity, drawing on information gathered by multiple federal agencies. The guidance stresses that these red flags are meant to aid financial institutions in their decision-making and that no one red flag is necessarily indicative of illicit or suspicious activity. Additionally, financial institutions should, consistent with their risk-based compliance programs, seek additional information and consider customer-specific facts and circumstances before flagging a transaction as suspicious.

Medical-Related Fraud Red Flags

These red flags are designed to help financial institutions spot customers selling fake or illegal COVID-19 tests, cures, treatments, and services.

  1. U.S. authorities, such as the Federal Trade Commission (FTC), the Food and Drug Administration (FDA), or the DOJ, have identified the company, merchant, or business owners as selling fraudulent products.
  2. A web-based search or review of advertisements indicates that a merchant is selling at-home COVID-19 tests, vaccines, treatments, or cures.
  3. The customer engages in transactions to or through personal accounts related to the sale of medical supplies, which could indicate that the selling merchant is an unregistered or unlicensed business or is conducting fraudulent medical-related transactions.
  4. The customer has a website with one or more indicia of suspicion, including a name/web address similar to real and well-known companies, a limited internet presence, a location outside of the United States, and/or the ability to purchase pharmaceuticals without a prescription when one is usually required.
  5. The product’s branding images found in an online marketplace appear to be slightly different from the legitimate product’s images, which may indicate a counterfeit product.
  6. The merchant is advertising the sale of highly sought-after goods related to the COVID-19 pandemic and response at either deeply discounted or highly inflated prices.
  7. The merchant is requesting payments that are unusual for the type of transaction or unusual for the industry’s pattern of behavior. For example, instead of a credit card payment, the merchant requires a pre-paid card, the use of a money services business, convertible virtual currency, or that the buyer send funds via an electronic funds transfer to a high-risk jurisdiction.
  8. Financial institutions might detect patterns of high chargebacks and return rates in their customer’s accounts. These patterns can be indicative of merchant fraud in general.

Non-Delivery Fraud Red Flags

These red flags are designed to help financial institutions spot scams where a criminal defrauds customers by obtaining payment for goods that the customer will never receive. These schemes involve advertisement and sale of test kits, masks, drugs, and other goods that the seller never intends to deliver or never possesses. As these red flags demonstrate, following established Customer Due Diligence (CDD) and Know Your Customer (KYC) policies and protocols is critical in detecting this illegal activity.

  1. The merchant does not appear to have a lengthy corporate history (e.g., the business was established within the last few months), lacks physical presence or address, or lacks an Employer Identification Number. Additionally, if the merchant has an address, there are noticeable discrepancies between the address and a public record search for the company or the street address, multiple businesses at the same address, or the merchant is located in a high-risk jurisdiction or a region that is not usually associated with the merchandise they are selling.
  2. Searches in corporate databases reveal that the merchant’s listing contains a vague or inappropriate company name, multiple unrelated names, a suspicious number of name variations, multiple “doing business as” (DBA) names, or does not align with its business model.
  3. Merchants are reluctant to provide the customer or financial institution that is processing the transactions with invoices or other documentation supporting the stated purpose of payments.
  4. The financial institution does not understand the merchant’s business model, and has difficulty determining the true nature of the company and its operations.
  5. The merchant cannot provide shipment-tracking numbers to the customer or proof of shipment to a financial institution so it may process related financial transactions.
  6. The merchant claims several last minute and suspicious delays in shipment or receipt of goods. For example, the merchant claims that the equipment was seized at port or by authorities, that customs has not released the shipment, or that the shipment is delayed on a vessel and cannot provide any additional information about the vessel to the customer or their financial institution.
  7. The merchant cannot explain the source of the goods or how the merchant acquired bulk supplies of highly sought-after goods related to the COVID-19 pandemic.
  8. Domestic or foreign governments have identified the merchant or its owners/incorporates as being associated with fraudulent and criminal activities.
  9. A newly-opened account receives a large wire transaction that the accountholder failed to mention during the account opening process.

Price Gouging and Hoarding of Medical-Related Items

These red flags are designed to help financial institutions identify customers who likely are hoarding and price gouging medical and other supplies needed during the COVID-19 pandemic, such as masks, disposable gloves, toilet paper, and hand sanitizer.

  1. A customer begins using personal accounts for business-related transactions and sets up a medical supply company or is selling highly sought-after COVID-19-related goods online, such as hand sanitizer, toilet paper, masks, and disinfecting cleaning supplies.
  2. The customer begins using their money services or bank account differently. For example, prior to January 2020, the customer never linked their account to the sale of goods on the internet. Since the COVID-19 pandemic began, however, the customer is receiving deposits with payment messages indicating that they are for the sale of medical goods, disinfectants, sanitizers, and paper products sold on the internet.
  3. The customer’s accounts are receiving or sending electronic fund transfers (EFT) to/from a newly-established company that has no known physical or internet presence.
  4. The customer’s account is used in transactions for COVID-19-related goods, such as masks and gloves, with a company that is not a medical supply distributor, is involved in other non-medical-related industries, or is not known to have repurposed its manufacturing to create medical-related goods. For example, the company is currently selling medical and sanitary supplies, and prior to January 2020, the company was listed as an automotive shop, a lumberyard, or a restaurant.
  5. The customer makes unusually large deposits that are inconsistent with the customer’s profile or account history. Upon further investigation, the customer states, or open-source research indicates, that the customer was selling COVID-19-related goods not usually sold by the customer.

Reporting Suspected COVID-19-Related Illicit Activity

Financial institutions are obligated by the Bank Secrecy Act to report known or suspected criminal and fraudulent activity by filing Suspicious Activity Reports (SARs) with FinCEN. FinCEN’s advisory instructs financial institutions to report suspected COVID-19-related illicit activity and potential scams by filing SARs and to reference the advisory in the SAR by noting “COVID 19 FIN-2020-A002” in SAR field 2 (Filing Institution Note to FinCEN) and in the narrative portion. This designation will help law enforcement focus in on potential COVID-19-related crime in the increasing number of filed SARs.

Practice Pointers

  • The advisory reinforces the importance of financial institutions continuing to closely follow CDD and KYC protocols, even when dealing with potential shortages of staff and remote work arrangements. Understanding a customer’s business operations, especially for new customers, is critical to making an informed and accurate risk assessment.
  • Independent assessment and research is critical to determining whether a customer is likely engaged in COVID-19-related or any merchant fraud. In addition to using online search engines and reviewing customer websites and product listings, financial institutions should also review current COVID-19-related warning letters and lists of fraudulent products from the FDA (“Fraudulent Coronavirus Disease 2019 (COVID-19) Products”) and FTC (“FTC Coronavirus Warning Letters to Companies”). For information pertaining to COVID-19-related actions by DOJ, visit: “Coronavirus Fraud News.”
  • FinCEN’s red flags point to difficulties that likely will be faced by some entrepreneurs looking to become involved in the COVID-19 supply chain for the first time or business owners who shift to new industries and markets as their normal operations are shut down or harmed by the pandemic. For example, a business that previously was a car repair shop and starts selling personal protective equipment or other supplies should be viewed as potentially suspicious and subject to additional scrutiny. (Red Flag 21). However, the car repair shop owner, faced with a decline in revenue, may have already had access to the supply chain for protective equipment like disposable gloves and plastic face shields, and decided to begin a new line of business. While there is nothing inherently wrong with this, customers engaged in these activities need to be prepared for additional scrutiny from financial institutions and consider proactively providing assurances that they are conducting a lawful business.
  • Entrepreneurs and owners of new businesses (post-January 2020) should take the time to ensure all business formalities and rules are followed, even in the fast-paced environment of responding to the pandemic, including, for example, obtaining an EIN.
  • These red flags are also helpful for businesses considering whether to purchase PPE and other supplies from new vendors with whom they do not have established relationships.
  • Financial institutions are increasingly asked by FinCEN to report more than suspected federal crimes, Bank Secrecy Act violations, money laundering, and terrorist financing by filing SARs, including elder financial abuse and, now, COVID-19-related scams and price gouging. Complying with these additional obligations requires reevaluating existing automated transaction screening processes and investing more resources in human monitoring and intelligence gathering.

Disclaimer: This post does not offer specific legal advice, nor does it create an attorney-client relationship. You should not reach any legal conclusions based on the information contained in this post without first seeking the advice of counsel.

About the Author

Carolyn H. Kendall is a Principal in the Firm's Internal Investigations & White Collar Defense and Health Care Practice Groups. She conducts internal investigations and defends corporations, officers, and other individuals facing criminal and civil investigation. 

Read more >