FinCEN Alert on COVID-19 Employee Retention Credit Fraud

On November 22, 2023, the Financial Crimes Enforcement Network (FinCEN) along with the IRS Criminal Investigation (CI) released an alert warning financial institutions about potential fraud schemes linked to the so-called COVID-19 Employee Retention Credit (ERC). This credit is/was part of the relief measures provided to businesses affected by the pandemic and involves the provision of tax credit to those businesses that decide(d) not to lay-off staff members during the pandemic. The IRS thereby issues a check to affected firms.
The alert now aims to highlight the risks associated with fraudulent activities targeting this credit program by providing some common typologies associated with such fraud scheme (typical ways how the fraud is being conducted), issuing corresponding red flags, and reminding financial institutions of their suspicious activity reporting (SAR) obligations under the Bank Secrecy Act in this context.
#### Notable typologies include the following:
– The use of shell companies or inactive companies that file for an ERC where the IRS check is subsequently mailed to some ominous business address;
– Non-eligible businesses file for the ERC; and
– Third-parties offer to file for the ERC on behalf of an (in)eligible company and charge an upfront fee of up to 30% or 40% of the „expected“ credit.
The following indicators (red flags) from FinCEN and IRS CI are key signals that financial institutions should look out for to detect potential fraud related to the COVID-19 Employee Retention Credit. Each red flag on its own might not definitively indicate illicit activity, but collectively, they could suggest suspicious behavior, so the agencies.
#### Red Flags:
– A business account receives more than one ERC check deposit over several days;
– Small business accounts receive ERC deposits that don’t match the size of the business, its employee count, or typical transaction volume;
– Large ERC deposits are followed by transfers using peer-to-peer services, online banking institutions, or cash withdrawals, especially if funds move to unfamiliar accounts or businesses;
– An account is receiving only Treasury-issued checks without otherwise regular business transactions;
– There are attempts to deposit altered ERC checks or issues with validating the legitimacy of deposited checks;
– ERC checks are deposited into newly created business accounts or otherwise dormant accounts;
– The ERC deposits into business accounts are lacking any payroll history in such account; and
– Customers are claiming ERC obtained through unverifiable third-party firms.
#### Reporting of illicit activities:
FinCEN is reminding institutions to report any suspicious account activities in this context. To do so, institutions should insert the term “FIN-2023-ERC” in the SAR field 2 and select SAR field 34(z) (FRAUD-Other) on the corresponding filing form. Also, other fields may be used, if applicable, such as SAR Fields 36 (Money Laundering) and 38 (Other Suspicious Activities).
To conclude, FinCEN reminds of the fact that financial institutions have various reporting requirements under the Bank Secrecy Act (BSA) that might apply to transactions related to the COVID-19 Employee Retention Credit or potential fraud associated with it as well, including the filing of the „Currency Transaction Report“, the „Report of Foreign Bank and Financial Accounts“, or the „Report of International Transportation of Currency or Monetary Instruments“. In the end, it is up to institutions to determine the type and scope of reporting.