The Treasury’s Financial Crimes Enforcement Network (FinCEN) released a financial trend analysis (FTA) indicating 42 percent of Bank Secrecy Act (BSA) reports filed in one calendar year involved identity-related suspicious activity.
The FTA, compiled as part of FinCEN’s Identity Project, found that approximately 1.6 million of 3.8 million reports related to identity and equated to $212 billion in suspicious activity.
“This report reveals the existence of significant identity-related exploitations through a large variety of schemes,” FinCEN Director Andrea Gacki said. “Robust customer identity processes are foundational to the security of the U.S. financial system and critical to the effectiveness of financial institutions’ programs to combat money laundering and counter the financing of terrorism. Financial institutions are encouraged to work across their internal departments to address these schemes.”
The FinCEN Identity Project investigates how malicious actors exploit other people’s identities to open and gain access to accounts and process transactions under their names.
The agency identified 14 common types in identity-related BSA reports. The top five are fraud, false records, identity theft, third-party money laundering and circumvention of verification standards. These constituted 88 percent of all identity-related BSA reports and contributed to 74 percent of the total identity-related suspicious activity reported in 2021. Fraud was the most reported type, encompassing 1.2 million reports.
The FTA also revealed the following:
- Depository institutions accounted for about 54 percent of all identity-related BSA reports. Money services businesses (MSBs) recorded the second-most filings, accounting for 21 percent of identity-related BSA reports.
- MSBs reported circumvention of verification as their top identity-related BSA dataset whereas impersonation was the most commonly reported among other institutions.
- Compromised credentials have a disproportionate financial impact compared to other types of identity exploitation.
The approximately 1.3 million filings by depository entities equated to $201 billion in suspicious activity in 2021, according to the report.
Attackers most frequently use impersonation tactics, the report notes. The second-most common tactic is compromising accounts during authentication with the third being circumventing verification to evade detection. Compromised credentials have a disproportionally large monetary impact compared to impersonation and circumvention, the report notes.
FinCEN’s FTAs are created using information filed by financial institutions in accordance with the BSA.