FinCEN Issues Notice on Reporting COVID-19 Criminal and Suspicious Activities, Companion Advisory on COVID-19-Related Medical Scams

On May 18, 2020, the Financial Crimes Enforcement Network (FinCEN), as part of its COVID-19-related response, issued a Notice Related to the Coronavirus Disease 2019 (COVID-19) reminding financial institutions of certain Bank Secrecy Act (BSA) obligations and pertinent information regarding reporting COVID-19-related criminal and suspicious activity (the Notice). Contemporaneously, FinCEN issued an Advisory on Medical Scams Related to the Coronavirus Disease 2019 (COVID-19) (the Advisory).

In light of the Notice and Advisory, firms should (a) continue to comply with their BSA obligations; (b) include COVID-19 detail only when that detail relates to the reported suspicious activity; (c) review policies and procedures to notify and to provide COVID-19 information to government agencies, including verification of the requesting agency; (d) review the Advisory red flags related to medical scams; and (e) consider revising policies and procedures as appropriate.

COVID-19-related frauds are a special emphasis for law enforcement and regulatory agencies, so failing to detect and report those issues could be viewed as a significant flaw in a firm’s anti-money laundering (AML) program.

SAR Filing Instructions — Avoid COVID-19 Disclaimers/Statements Related to Challenges in Filing

As FinCEN has stated, compliance with the BSA remains crucial. FinCEN expects financial institutions to continue to follow a risk-based approach and to diligently adhere to their BSA obligations. Despite its recognition that challenges with respect to certain BSA obligations, including timely filing requirements, may exist due to the COVID-19 pandemic, the Notice makes clear that financial institutions should not include in their suspicious activity report (SAR) narratives the financial institution’s challenges during the pandemic, nor put in COVID-19 disclaimer statements. Instead, financial institutions should include COVID-19 only when it is tied to suspicious activity. Where a financial institution has made disclaimers or set forth its challenges in past SAR filings, FinCEN is not requiring the financial institution to correct those reports.

Providing Supporting Documentation to Law Enforcement and FinCEN Timely When Requested

The Notice reminds financial institutions that law enforcement and FinCEN require full details related to SAR filings, including supporting documentation, as quickly as possible in order to effectively respond to and combat fraud schemes that may include those related to the exploitation of the pandemic.1 As a result, financial institutions that file COVID-19-related SAR filings should have a process in place to promptly provide the requested SAR and supporting documentation upon requests by FinCEN or an appropriate law enforcement or supervisory agency. Importantly, when such requests are made, the Notice reminds financial institutions to verify that a requestor of such information is, in fact, a representative of FinCEN, law enforcement or supervisory agency.

Reporting COVID-19-Related Criminal Activity to Both FinCEN and U.S. Government Agencies — Whom to Contact

While financial institutions often have procedures related to outreach to law enforcement agencies for certain SAR filings, the Notice suggests that financial institutions and their customers should consider reporting COVID-19-related crimes to certain government agencies, including the Department of Justice (DOJ), the FBI, Federal Trade Commission and the Department of the Treasury Inspector General for Tax Administration. For suspected COVID-19 related crimes, the Notice suggests financial institutions should consider contacting the following government agencies:

  • Suspected fraud schemes related to COVID-19: Contact National Center for Disaster Fraud (NCDF) hotline (+1 866 720 5721).2
  • Coronavirus Aid, Relief and Economic Security Act-related fraud or other COVID-19-related financial crime: Contact local U.S. Secret Service field office.
  • Cyber- and internet-related crime: Contact FBI Crime Compliant Center. See (, the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency National Cybersecurity Communications and Integration Center and HIS’s Operation Stolen Promise fraud intake. See (

Financial Institutions Should Review Policies and Procedures Related to Law Enforcement Notifications

While the Notice uses the phrase “should consider” when reporting COVID-19-related crimes to law enforcement, financial institutions should review their current policies and procedures. In that review, the financial institutions should determine if they should implement specific policies and procedures around any notifications to the agencies in the Notice in the event they identify and file COVID-19-related crimes and/or suspicious activity. Indeed, financial institutions should consider adding to their procedures the specific agencies mentioned in the Notice as well as the circumstances when the financial institution will contact the particular law enforcement agency upon discovery of suspected COVID-19-related financial crimes and/or suspicious activities.

Rapid Response and Recovery of Funds

FinCEN has temporarily expanded its Rapid Response Program to support law enforcement and financial institutions in the recovery of funds stolen via fraud, theft and other financial crimes related to COVID-19. The Notice informs financial institutions requesting immediate assistance in recovering cybercrime- and COVID-19-related stolen funds that they should file a complaint with the FBI’s IC3, contact their local FBI office or contact the nearest U.S. Secret Service field office. Financial institutions are reminded that contacting law enforcement for fund recovery assistance does not relieve them of their SAR filing obligations.

FinCEN Medical Scam Advisory — Red Flag Indicators

In conjunction with the Notice, FinCEN also issued an advisory to financial institutions regarding medical scams related to COVID-19. The Advisory provides a number of red flag indicators to help financial institutions identify COVID-19-related medical scams and to assist financial institutions in detecting, preventing and reporting suspicious activity associated with the pandemic. Specifically, the Advisory sets forth red flags associated with:

  • Medical-related frauds (fraudulent cures, tests, vaccines and services).
  • Price gouging and hoarding of medical-related items.
  • Nondelivery fraud of medical-related goods.

Financial institutions should look closely at the red flags provided in the Advisory. For financial services institutions such as banks and/or broker-dealers, some of the red flag indicators to consider are these:

  • Customer engages in transactions to or through personal accounts related to the sale of medical supplies, an indicator that the selling merchant is an unregistered or unlicensed business or is conducting fraudulent medical-related transactions.
  • The merchant is requesting payments that are unusual for the type of transaction or unusual for the industry’s pattern of behavior. For example, instead of a credit card payment, the merchant requires a prepaid card, the use of a money services business, convertible virtual currency or that the buyer send funds via electronic funds transfer to a high-risk jurisdiction.
  • A newly opened account receives a large wire transaction that the accountholder failed to mention during the account opening process.
  • Customer begins to use its personal accounts for business-related transactions after January 2020 and sets up a medical supply company or is selling highly sought-after COVID-19-related goods online.
  • Customer accounts are receiving or sending electronic fund transfers to/from a newly established company that has no known physical or internet presence.
  • Customer makes unusually large deposits that are inconsistent with the customer’s profile or account history. Upon further investigation, the customer states, or open-source research indicates, that the customer was selling COVID-19-related goods not usually sold by the customer.

Prescriptive SAR Filing Instructions for COVID-19-Related Financial Crimes

In the Advisory, FinCEN also provided guidance on its expectations when financial institutions are filing COVID-19-related cases that arise out of the red flags associated with the Advisory. In their SAR filings, financial institutions should:

  • Include the key term “COVID19 FIN-2020-A002” in SAR field 2 (Filing Institution Note to FinCEN), and the narrative should indicate a connection between the suspicious activity being reporting and the activities highlighted in the advisory.
  • Select SAR field 34(z) (Fraud – other) as the associated suspicious activity type to indicate a connection between the suspicious activity being reported and COVID-19.
  • Include the type of fraud and/or name of the scam or product in SAR field 34(z).

1 The Notice reminds financial institutions that disclosures of SARs and supporting documentation to appropriate law enforcement and supervisory agencies is protected by the safe harbor provisions applicable to both voluntary and mandatory suspicious activity reporting by financial institutions. See 31 U.S.C. § 5318(g)(3).

2 The NCDF can receive and enter complaints into a centralized system that all U.S. Attorney Offices as well as DOJ law enforcement components can access. Moreover, NCDF coordinates complaints with 16 additional federal law enforcement agencies as well as state Attorneys General and local authorities.