FinCEN issues joint advisory with 18 red flags and a SAR key term for payroll-fraud and identity-theft schemes involving unauthorized workers
Financial institutions' AML and suspicious-activity-monitoring teams must incorporate FinCEN's 18 red flag indicators for payroll-fraud and identity-theft schemes involving unauthorized workers, apply enhanced due diligence to ITIN-based account and credit applications, and file SARs using the key term 'FINANCIALINTEGRITY-2026-A002'.
- — Financial institutions' AML and suspicious-activity-monitoring teams must incorporate the 18 red flag indicators into transaction-monitoring and detection logic to identify payroll-fraud, shell-company and identity-theft typologies described in the advisory, and file Suspicious Activity Reports using the key term 'FINANCIALINTEGRITY-2026-A002' in SAR field 2 and the narrative.
- — Customer due diligence and onboarding functions must treat the use of an Individual Taxpayer Identification Number in place of a Social Security number or valid employment authorization, when opening an account or obtaining credit, as a potential risk factor within risk-based CDD, alongside other available information.
- — AML/CFT programs across the covered institution types — depository institutions, money services businesses, casinos, insurers, mortgage companies and brokers, precious-metals and jewelry dealers, and securities and futures firms — must reflect these typologies in their monitoring and escalation, given the advisory was issued jointly with the FDIC, OCC and NCUA and is subject to supervisory examination.
- — AML and suspicious-activity-monitoring teams at depository institutions, money services businesses and other covered financial institutions
- — Customer due diligence and onboarding functions assessing ITIN-based account and credit applications
- — Financial-crime compliance functions at casinos, insurers, mortgage companies and brokers, precious-metals and jewelry dealers, and securities and futures firms