FinCEN ·

FinCEN issues joint advisory with 18 red flags and a SAR key term for payroll-fraud and identity-theft schemes involving unauthorized workers

Financial institutions' AML and suspicious-activity-monitoring teams must incorporate FinCEN's 18 red flag indicators for payroll-fraud and identity-theft schemes involving unauthorized workers, apply enhanced due diligence to ITIN-based account and credit applications, and file SARs using the key term 'FINANCIALINTEGRITY-2026-A002'.

Change
On 5 June 2026, FinCEN — jointly with the FDIC, OCC and NCUA and in coordination with the IRS — issued an advisory providing 18 red flag indicators to help financial institutions detect and report payroll-fraud and identity-theft schemes connected to the unlawful employment of non-work-authorized individuals, encouraging enhanced due diligence on Individual Taxpayer Identification Number (ITIN) use and requesting that related Suspicious Activity Reports carry the key term 'FINANCIALINTEGRITY-2026-A002'.
Why it matters
The advisory translates a specified set of typologies — labor brokers operating shell companies and unregistered money services businesses, ITIN- or foreign-document-based account opening, and untaxed wage disbursement via cash couriers, checks and peer-to-peer platforms — into 18 red flag indicators that financial institutions are expected to fold into transaction monitoring and suspicious-activity detection. Because it is a joint advisory issued with the banking regulators and carries a designated SAR key term, it functions as a monitoring and reporting expectation against which institutions' AML/CFT programs can be examined, not merely informational guidance. It also directs banks to treat ITIN use, when presented in place of a Social Security number or valid employment authorization for account opening or credit, as a potential risk factor within risk-based customer due diligence.
Implications
  • Financial institutions' AML and suspicious-activity-monitoring teams must incorporate the 18 red flag indicators into transaction-monitoring and detection logic to identify payroll-fraud, shell-company and identity-theft typologies described in the advisory, and file Suspicious Activity Reports using the key term 'FINANCIALINTEGRITY-2026-A002' in SAR field 2 and the narrative.
  • Customer due diligence and onboarding functions must treat the use of an Individual Taxpayer Identification Number in place of a Social Security number or valid employment authorization, when opening an account or obtaining credit, as a potential risk factor within risk-based CDD, alongside other available information.
  • AML/CFT programs across the covered institution types — depository institutions, money services businesses, casinos, insurers, mortgage companies and brokers, precious-metals and jewelry dealers, and securities and futures firms — must reflect these typologies in their monitoring and escalation, given the advisory was issued jointly with the FDIC, OCC and NCUA and is subject to supervisory examination.
Who is affected
  • AML and suspicious-activity-monitoring teams at depository institutions, money services businesses and other covered financial institutions
  • Customer due diligence and onboarding functions assessing ITIN-based account and credit applications
  • Financial-crime compliance functions at casinos, insurers, mortgage companies and brokers, precious-metals and jewelry dealers, and securities and futures firms
View on FinCEN
Got Questions?

Ask what this change means — grounded in this brief. Source linked for final checks.

Clarify™ · Grounded, not generic

Why not a general AI assistant?

A general assistant will answer almost anything — including beyond what it actually knows, which is where drift and hallucination come from. Ask it the same question twice and you can get two different answers — no good when you need a record you can stand behind.

Clarify™ works differently. It answers only from the specific brief in front of you and its cited primary source. Ask something the brief doesn’t cover and it says so, rather than inventing an answer — and the same question returns a consistent, grounded answer every time. The trade-off is deliberate: narrower, but defensible enough to act on.

Clarify with AI — Pro only

You asked:

Clarify turns any brief into answers specific to your role and exposure.

Pro includes

Implications — what this change may force you to review
Who is affected — which people, workflows, or obligations are touched
What to watch — dates, deadlines, and triggers that matter next
Real-time alerts — delivered when a decision-forcing change is published
Clarify with AI — ask what this change means for you

$29/month · Founding rate, locked for life. Cancel anytime.

Create a free account to keep clarifying

You asked:

You've used your free guest questions for now. A free account gives you more every month and saves your history — or start a Pro trial for unlimited Clarify and real-time alerts.

Pro includes

Implications — what this change may force you to review
Who is affected — which people, workflows, or obligations are touched
What to watch — dates, deadlines, and triggers that matter next
Real-time alerts — delivered when a decision-forcing change is published
Clarify with AI — ask what this change means for you

Free account: no card, ever. Pro trial: $29/month after 14 days, no card to start, cancel anytime.

Awareness was never the problem. Translation is.

Your team doesn't miss the change — it loses hours turning a 60-page regulator notice into “what do we actually do.” OwlBrief delivers that as a sourced, decision-ready brief the moment a change publishes.

Get the next brief free →
Similar briefs