Breaking Down the Fraud Section of the AML Priorities – Some old, some new

On June 30, FinCEN issued the first National AML/CFT Priorities and Accompanying Statements (the Priorities).  The document results from FinCEN’s consultation with the Departments of Justice and Treasury as well as Federal and State agencies with an interest in law enforcement, national security and financial regulation.  The Priorities is intended to set out the most significant AML and terrorist financing threats in order to assist institutions in approaching those threats.

According to the Priorities, the category of Fraud is thought to generate the largest share of illicit proceeds in the United States.  That’s a lot of fraud to wrap your head around.  Fraud ranks ahead of other significant and well publicized risks – domestic and international terrorist financing, cybercrime and drug trafficking, for instance.

The Priorities weren’t published to get AML professionals to set aside their current strategy and focus on the Priorities instead; however, this would be a good time to start for AML professionals thinking about how to blend these Priorities into their existing strategy.  Let’s break down the Fraud section of the Priorities below.

Healthcare Fraud:

Looming large in the Fraud category is healthcare fraud – especially Medicare Fraud – which has been making headlines for decades.  To an AML professional, however, a fraudulent Medicare payment to a healthcare provider looks no different from a bona-fide payment. It’s very difficult to spot this type of fraud via bank transactions unless one is closely investigating the individual doctor (or another Medicare biller) .  Signs of Medicare Fraud are revealed through an extra-extravagant lifestyle, above that which a medical professional would normally enjoy.  For additional information on Medicare Fraud, see this publication from January 2021:  https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/Downloads/Fraud-Abuse-MLN4649244.pdf

Everything Else:

The other types of Fraud mentioned in the Priorities initially appear to be “more of the same.”  They include Romance Scams, Synthetic ID Fraud, ID Theft, BEC (business email compromise), and the entire gamut of Pandemic-related Fraud such as Unemployment Insurance fraud, COVID supplies fraud, counterfeit vaccine fraud, and cyber-enabled fraud and ransomware schemes related to COVID.  So far, nothing new.  However, it’s the last paragraph of the Fraud section in the Priorities that probably made a few people do a double-take.

That last paragraph reads, “Also of concern are foreign intelligence entities and their proxies, which employ illicit financial practices to fund influence campaigns and facilitate a range of espionage activity by establishing front companies, and conducting targeted investments to gain access to sensitive U.S. individuals, information, technology and intellectual property.”  Wait…. what?  AML professionals don’t read about that last part often in AML publications.  They definitely see and report front companies and unusual investments, but they don’t normally have a line-of-sight on espionage and the type of corporate infiltration required to steal intellectual property.  That last paragraph in the Fraud section of the Priorities seems to be nestled in there almost as an afterthought, but it packs a punch.

How to respond to this Fraud section of the Priorities?

The response part of the Fraud section is where AML professionals can have a big impact because they are best-positioned to spot these types of transactions – even more so if the institution they work in has brought AML and fraud together under one Financial Intelligence Unit.  (Now there’s a potential strategy to think about if you haven’t already done so!)  And while AML professionals are superstars to begin with, their special powers are amplified by fraud tools that ferret out Synthetic ID Fraud.  It’s a type of fraud that is nearly impossible to spot without the right ID authentication tools, so don’t forget to add a tools section to your strategy.

Aside from that, here are some approaches for other types of non-Medicare Fraud:

• Romance Scams are spotted by observing the behavior of vulnerable customers. An officer might notice Mrs. Jones, who has never sent a wire in the 22 years she’s been a customer, suddenly started sending wires.  An investigation might reveal that she’s a romance scam victim.   Strategy = internal training, procedures, and tweaking of fraud alerts for anomalies.
• General ID Theft is spotted by disparate transactions that make no sense based on your customer’s prior activity. These transactions are typically wires or ACHs.  Perhaps your customer’s account has been compromised and linked to a Fintech type of account, which it funded.  Strategy = mostly tweaking of fraud alerts.
• Business Email Compromise is sometimes spotted in the AML department before the customer spots it. Typically the customer never spots it until their creditor calls to tell them they are behind on their payments, even though they’ve never missed a payment. Instead, they’ve been duped into sending their payments to a fraudster at a fraudulent email address.  Strategy = external awareness and training of customers.
• Pandemic Fraud is still occurring despite the pandemic’s waning. Many an AML professional will rejoice when the level of Unemployment Insurance fraud alerts dies down.  Pandemic fraud is an all-encompassing type of fraud and will require every arrow in the quiver to bring down.  Like other types of fraud, it is spotted by anomalies in a customer’s transactions.  The anomalies include those on accounts of customers who are victims of the fraud, as well as of customers who are perpetuating the fraud.  Although AML professionals don’t like to think about it, sometimes it is their bank’s customer who is the fraudster.  FinCEN’s concern continues to be including the right trigger words in SARs to inform FinCEN that the underlying activity is COVID related.  As a refresher, for FinCEN’s guidance see:  https://www.fincen.gov/sites/default/files/advisory/2021-02-24/Advisory%20EIP%20FINAL%20508.pdf

Because of that, the primary strategy for pandemic fraud is likely internal training.   Strategy = internal training, procedures, and tweaking of fraud alerts.

• Cyber Fraud is another broad category, and it goes beyond Cyber Fraud associated with the pandemic to include all types of Cyber Fraud. As a refresher, for FinCEN’s guidance see  https://www.fincen.gov/sites/default/files/shared/COVID-19%20Vaccine%20Notice%20508.pdf   and  https://www.fincen.gov/sites/default/files/advisory/2020-07-30/FinCEN%20Advisory%20Covid%20Cybercrime%20508%20FINAL.pdf

The strategy for cyber fraud is different from the other categories above and centers around the AML professional’s relationship with the institution’s InfoSec, Cyber, and IT departments.  Cyber events, even unsuccessful ones, must be reported to the AML professional.   Strategy = Communication, internal training, and procedures.

And now… that last paragraph mentioned above.

• Foreign Intelligence Entities & Proxies is a newer Fraud type and the first strategy for AML professionals is to learn as much about this area as they can. At first glance, this type of fraud appears to include politically exposed persons, but could also include nonresident aliens.  It could be a good time to update programs for both, as that’s always a good strategy.  Also consider updating procedures for negative news screening and good ol’ old-fashioned KYC. Think about all the times AML professionals ask themselves “gosh, this customer is from way outside our footprint, and even outside our country, why in tarnation do they want a checking account at our bank?”  Hence, update policies around banking foreign customers, including businesses and individuals.  One could even update policies around banking domestic customers who are simply way outside the institution’s footprint.  The last strategy is a bit “out there,” but important.Update policies around referral sources.  Bad actors tend to hang out with bad actors, and many times if an institution has a relationship with bad actor (whether they’re aware of it or not) that bad actor will refer more and more sketchy customers to the institution.  Often times those sketchy customers will transact in unison as they perpetrate their frauds, and this could escape many AML systems.  Consider capturing the name of a referral source at onboarding and making this a required field for customers outside the institution’s footprint and for foreign customers.  Determine if the AML system can somehow flag customers by referral source.  The flagging will help monitor aggregate activity related to a particular referral source.  Strategies = significant updating of policies and procedures surrounding foreign customers and those outside of the institution’s footprint, investment in KYC and negative news tools, and training.

The Priorities aren’t part of an examination protocol . . . . for now:

FinCEN informed AML professionals that responding to the Priorities isn’t a requirement until regulations surrounding the Priorities are published.  There’s so much in the Priorities, however, that proactive AML professionals may want to start to ponder how to incorporate the Priorities into their existing strategy.  The suggestions provided above should help with that!