Fostering Data Fluency: Building a Strong Data…
FinCEN has issued several advisory warnings over the past year about a growing variety of scams related to the COVID-19 pandemic. With the acceleration of the vaccine rollout, financial institutions must remain vigilant against vaccine-related financial crimes.
On December 28, 2020, the Financial Crimes Enforcement Network (FinCEN) issued a Notice to alert financial institutions about the potential for fraud, ransomware attacks, or similar types of criminal activity related to COVID-19 vaccines and their distribution. As the vaccine rollout accelerates, it is all the more crucial to revisit FinCEN’s December Notice regarding vaccine-related financial crime.
FinCEN has issued several advisory warnings over the past year about a growing variety of scams related to the COVID-19 pandemic.
The publication of these advisory notices serves to provide financial institutions with a framework to identify suspicious activity related to the pandemic. FinCEN details red flag indicators of COVID-related fraud and provides instructions on how to report potentially fraudulent activities related to the pandemic.
FinCEN’s December Notice urges Financial Institutions to stay alert to vaccine-related scams and cyberattacks.
The vaccine provides a unique angle and opportunity for fraudulent activity. Even at the very initial rollout, when only two vaccinations had been approved for a very small subset of the population, fraudsters were already promising special or expedited access to vaccines.
FinCEN cites that COVID vaccine fraud may include the sale of unapproved and illegally marketed vaccines, the sale of counterfeit versions of approved vaccines, and promises to provide the vaccine sooner than permitted under the applicable vaccine distribution plan. In addition, we have seen evidence of the illegal diversion of legitimate vaccines.
Furthermore, cybercriminals have been reported to target research institutions and exploit the development, distribution, and administration of the vaccine. This includes the use of malware and phishing schemes, extortion, business email compromise (BEC) fraud, and exploitation of remote applications.
Although this trend developed as early as December, during the initial rollout to medical workers, financial institutions may still anticipate more vaccine-related criminal activity.
The notice on financial crimes related to COVID-19 vaccine distribution is not a standalone issue. FinCEN has identified other red flag indicators to help reporting on COVID-19 related scams, schemes, and criminal activity. The following section details identified instances and the corresponding red flag indicator published by FinCEN.
Most recently, FinCEN identified financial crimes connected to COVID-19 Economic Impact Payments (EIP). U.S. authorities detected a wide range of EIP-related fraud and theft involving a variety of criminal actors.
Now, financial institutions must monitor for fraudulent, altered, or counterfeit checks:
(i) was sent a partial payment, and needed to verify his or her PII or financial information before receiving the full EIP; or
(ii) received the check purportedly from a current or former employer with instructions that the check was the customer’s “stimulus payment” and that he or she was to buy prepaid cards and send them to another individual.
Some other crimes reported include outright stealing of checks from mail:
Financial institutions and their customers must be cautious of imposter scams, phishing schemes luring victims with fraudulent information about COVID-19 vaccines, and money mule schemes.
In the case of imposter scams, criminals impersonate officials or representatives from organizations, such as the Internal Revenue Service (IRS), the Centers for Disease Control and Prevention (CDC), the World Health Organization (WHO), other healthcare or non-profit groups, and academic institutions.
Multiple examples include phishing schemes mimicking legitimate charities and non-profits to offer services to victims or solicit information from the vulnerable (like the elderly or unemployed):
Crimes also included money mule schemes, which involve a person who, either as unwitting, witting, or complicit individual, transfers illegally acquired money on behalf of or at the direction of another:
As noted, cybercriminals exploit legitimate efforts to develop, distribute and administer vaccines. There are reported instances of ransomware attacking institutions focused on vaccine research. Malicious state actors have also exploited the COVID-19 pandemic through malware and phishing schemes, extortion, business email compromise fraud.
Some schemes targeted financial and healthcare systems to steal sensitive information and disrupt business operations. These cybercriminals exploited the virtual environments and the remote applications used. Criminals could undermine online identity verification processes with digitally manipulated or altered documents:
In other cases, cybercriminals can leverage compromised or stolen credentials across multiple accounts. They may attempt numerous account takeovers via methods like “credential stuffing attacks” – using lists of stolen account credentials and automating login attempts to gain unauthorized access to victim accounts:
There have also been significant increases in broad-based and targeted phishing campaigns. These scammers often targeted individuals by referencing the Coronavirus Aid, Relief, and Economic Security (CARES) Act payments, with malicious websites and downloads, domain name system hijacking or spoofing attacks, and fraudulent mobile applications:
Cybercriminals have also used business email compromise (BEC) schemes, targeting municipalities and the healthcare industry supply chain by impersonating critical players in a particular transaction or business relationship. For example, a cybercriminal could convince companies to redirect payments to a new account due to pandemic-related changes in business operations:
These advisories and notices are based on FinCEN’s analysis of COVID-19-related reports obtained through public statements, data from the Bank Secrecy Act (BSA), and their law enforcement partners.
As reiterated in each of the notices, filing Suspicious Activity Reports (SAR) reporting and effective implementation of Bank Secrecy Act (BSA) compliance requirements by financial institutions is crucial to identifying and stopping fraud, cybercrime, and cyber-enabled crime, especially those related to the COVID-19 vaccine.
At the September 29, 2020 virtual ACAMS AML Conference, FinCEN’s Director Kenneth Blanco prepared remarks sharing trends on COVID-19 Related BSA Reporting.
SARs are a crucial component to safeguard the financial system. Along with the effective implementation of due diligence and BSA requirements, SARs help identify and stop financial crimes.
Financial institutions should provide all pertinent information in the SAR to help FinCEN address any fraud and expedite the Report to the right investigative teams. FinCEN included a consolidated list of specific instructions for filing COVID-19 SARs.
Banks and other financial institutions must continue being on high alert to COVID-19-related financial crimes. Monitoring these transactions may require new compliance policies and regular system checks to ensure that red flag transactions are properly caught. Financial institutions are encouraged to perform additional inquiries and investigations in line with their risk-based approach to BSA compliance.
With our extensive abilities in compliance including former U.S. regulators on staff, Sia Partners is ready to assist you in managing all your compliance needs. Sia Partners consultants can provide the expertise to best shape and align your compliance solutions with your business plans and strategy.