The Financial Crimes Enforcement Network (“FinCEN”) recently released a Financial Trend Analysis (“FTA”) focusing on identity-related suspicious activity.  The FTA was issued pursuant to section 6206 of the Anti-Money Laundering Act of 2020, which requires FinCEN to periodically publish threat pattern and trend information derived from BSA filings.

FinCEN examined information from Bank Secrecy Act (“BSA”) filings submitted in the 2021 calendar year.  According to FinCEN’s analysis, 1.6 million “BSA filings” – presumably, the vast majority of which constituted Suspicious Activity Reports (“SARs”) – were identity-related, representing a total of $212 billion in suspicious activity.  These filings constituted 42% of filings for that year, thereby meaning that approximately 3.8 million SARs were filed in 2021.

The descriptions and the explanations in the FTA necessarily turn on how the SAR filings chose to describe the suspicious activity at issue.  This is presumably why most of the activity falls into the vague category of “general fraud” – because, apparently, this is the particular box on the SAR form which most of the SAR filers happened to choose.  However, and we will describe, the activity in fact animating the vast majority of these SARs is some form of identity theft.

Key highlights from the analysis include:

• In sixty-nine percent of identity-related BSA reports, attackers were found to have impersonated others.
• General fraud is the most reported typology, with 1.2 million BSA reports totaling $149 billion in suspicious amounts. The next two most reported typologies were false records and identity theft, respectively.
• Depository institutions account for the highest percentage of BSA reports at fifty-four percent, followed by money services businesses at twenty-one percent.
• There is a significant number of identity-related abuses based on BSA report volumes and dollar values.

Tactics: Impersonation, Circumvention, and Compromising Authentication

FinCEN identified three ways fraudsters exploit identity processes, they: (i) impersonate others to avoid validation; (ii) circumvent or exploit inadequate verification processes; and (iii) use compromised credentials to gain unauthorized access during authentication.  The following graphic summarizes how “[a]ttackers target vulnerabilities in virtual and physical environments to steal sensitive information, compromise financial activity, and disrupt business operations.”

According to the analysis, sixty-nine percent of BSA reports indicate fraudsters impersonated others as part of their efforts to defraud victims.  Eighteen percent of reports described instances of bad actors using compromised credentials to gain unauthorized access, while thirteen percent cited exploitation of weak or insufficient verification processes. 

The report found that most financial institutions in the identity-related BSA dataset reported impersonation as their top identity exploitation, money services businesses most often reported circumvention of verification. 

Fraud is the Leading Form of Identity-Related Suspicious Activity

FinCEN identified over 14 typologies employed by bad actors to manipulate the validation, verification, and authentication processes used by financial institutions.  The top five, including fraud, false records, identity theft, third-party money laundering, and circumventing standards, represent 88% of such reports and 74% of total suspicious activity amount during the review period. 

General fraud was the most frequently reported suspicious activity, according to the analysis, both in terms of the number of BSA reports and the total suspicious activity amount.  Filers reported fraud in 1.2 million identity-related BSA reports, amounting to $149 billion in suspicious activity.  Various types of fraud reported include bust-out schemes, check fraud, credit and debit card fraud, and COVID-19 fraud.

Other commonly reported typologies include:

• False Records: altering, counterfeiting, or forging documentation, records, or forms of payment; documented in approximately 423,000 identity-related BSA reports, involving $45 billion in suspicious activity
• Identity Theft: using identifying information unique to the rightful owner without the rightful owner’s permission; documented in more than 222,000 identity-related BSA reports, representing $36 billion in suspicious activity
• Third Party Money-Laundering: laundering of illicit proceeds by a person who was not involved in the commission of the predicate offense; identified in 154,000 identity-related BSA reports, totaling $18 billion
• Circumventing Standards: lack of adherence to standards or acceptable practices, knowingly or unknowingly; reported in 110,000 identity-related BSA reports, totaling $12 billion

Less common typologies include: account takeover, misuse of access, non-cooperation, cyber incidents, and general scams for a combined total of $82 billion.

Depository institutions filed the greatest number of identity-related BSA reports in 2021 (1.3 million), reporting $201 billion in suspicious activity, according to FinCEN.  Money services businesses were the second largest category with 501,000 BSA reports, and securities/futures firms filed 103,000 BSA reports.  

The report also found that compromised credentials were disproportionately costly, accounting for 32% of the total suspicious activity amount or $112 billion.

In the effort to combat identity compromise, FinCEN states that it has collaborated with other governmental agencies to establish best practices, and explore ways in which innovations, such as digital identity, artificial intelligence, and privacy-enhancing technologies, can mitigate customer identity abuses. 

In the press release accompanying the analysis, FinCEN encouraged financial institutions to work across their internal departments to address these schemes and noted, “Robust customer identity processes are foundational to the security of the U.S. financial system, and critical to the effectiveness of financial institutions’ programs to combat money laundering and counter the financing of terrorism.”

[View source.]