FinCEN Advisory for Unemployment Insurance Fraud SARs
We have previously blogged on the rise in fraud amid the COVID-19 pandemic, with one of the most prevalent types of fraud being unemployment insurance fraud. On October 13, FinCEN issued an advisory on how credit unions can detect, prevent, and properly report cases of unemployment insurance fraud.
The advisory sets out the five main types of unemployment insurance fraud that has occurred during the COVID-19 pandemic that credit unions should be aware of. These include fictitious employer (a filer falsely claims to work for a company), employer-employee collusion (employee receives unemployment insurance payments and unreported wages), misrepresentation of income (filer claims higher wages than previously earned), insider (state employees approving unqualified applications or improper payment amounts), and identity-related (filers submit application using stolen identification information).
FinCEN provides ten red flags that may indicate unemployment insurance fraud, but reminds credit unions that no single red flag is necessarily indicative of suspicious activity. These red flags are similar to the ones issued in NCUA Risk Alert 20-RISK-02, but FinCEN provides more detailed and operational indicators that may be helpful to credit unions in detecting unemployment insurance fraud. Here are some red flags that credit unions should be aware of when a member receives unemployment insurance payments:
1. Unemployment insurance payments are received from a state different from the one the member resides in
2. Unemployment insurance payments are received multiple times within the same disbursement period
3. Unemployment insurance payments are received in a name different from the member’s
4. Unemployment insurance payments are received while the member is also receiving work-related earnings
5. Unemployment insurance payments are received that are greater in value than similarly situated members
There are also member action red flags that credit unions should be aware of such as the member withdrawing the unemployment insurance payments in a lump sum by cashier’s check, transferring the funds to out of state accounts, or wiring the funds to foreign accounts. Another red flag is when a newly opened or inactive account starts to receive many unemployment insurance payments.
Credit unions should consider all the facts before determining if a transaction is potentially an unemployment insurance fraud related transaction. This could be accomplished by requesting additional identification documentation from the member, determining if the member has a history of living at the address where the unemployment insurance check or card was mailed to, or tracking IP addresses for an online banking login.
If a credit union determines that the transaction is suspicious, section 748.1(c) requires the credit union to file a suspicious activity report (SAR). For SARs filed due to suspicion of unemployment insurance fraud, the advisory asks for credit unions to include the term “COVID19 UNEMPLOYMENT INSURANCE FRAUD FIN-2020-A007” in SAR field 2 and in the narrative. FinCEN also advises credit unions to select SAR field 34(z) (Fraud- other) as the SAR type and include the term “unemployment fraud” in SAR field 34(z). The advisory states credit unions should include as much information as possible, including email addresses, IP addresses with timestamps, login timestamps, mobile device information such as International Mobile Equipment Identity (IMEI), and virtual currency wallet addresses.
In addition to filing a SAR, the credit union may also report fraud suspected in unemployment insurance benefits to the Department of Labor Office of the Inspector General or to their state’s unemployment insurance office.