FinCEN Releases New Advisory for Financial Institutions Regarding the Fentanyl Epidemic

Terri Luttrell, CAMS-Audit
August 26, 2019
Read Time: min

In response to the nation-wide opioid crisis that has led to unprecedented addiction and death, FinCEN has issued guidance to alert financial institutions to the financial schemes and typologies related to the trafficking of fentanyl and other synthetic opioids. According to the Centers for Disease Control and Prevention (CDC), 130 people die each day in the United States from an opioid-related overdose.

Bad actors continue to profit by trafficking these deadly drugs. Financial institutions must work together with government agencies and law enforcement to end this deadly epidemic. This new advisory aims to assist financial institutions in detecting and reporting suspicious activity by providing typologies and red flags derived from the reporting and analysis of sensitive data.


Fentanyl trafficking in the United States generally follows one of two pathways:

  • Direct purchase of fentanyl from China for personal consumption or distribution
  • Cross border trafficking of fentanyl from Mexican Transnational Criminal Organizations (TCOs) and smaller criminal organizations

Within these two typologies, the source of funding for trafficking include:

  • Purchases from a foreign supply using money services businesses (MSBs), bank transfers, or online payment processors
  • Purchases from a foreign supply using convertible virtual currency (CVC) such as bitcoin, bitcoin cash, ethereum, or monero
  • Purchases from a U.S. source with typical money laundering typologies for drug trafficking

The guidance goes into thorough detail for each of these typologies in addition to case studies which financial institutions may use for staff training and additions to their internal suspicious activity monitoring procedures. The emphasis to note from these typologies is to watch foreign activity to and from China and Mexico with a suspicious eye during investigations.

Find out how we can work together to better protect your institution from financial crime.
Learn more

Red Flag Indicators for Fentanyl-Related Activity

Within the guidance, FinCEN provides certain red flags noted below which may help financial institutions in identifying schemes related to illicit fentanyl trafficking. Many of these red flags may also be indicative of other illicit drug trafficking or other money laundering activities but could be related to fentanyl. It is important to remember that red flags should be looked at as a part of an investigation rather than standalone indicators of illicit activity.

Depository Institutions:

Funnel account activity and rapid movement of funds:

  • Account owners or third parties structure cash deposits at bank branches in multiple locations into the same account, which funds outgoing transactions including cash withdrawals or wire transfers to Mexico
  • The depository institutions have a suspicion concerning the physical condition of deposited cash (the smell of drugs, detergent, or are excessively worn)
  • The source of funds cannot be determined or does not make sense for that customer
  • Multiple transactions below the currency transaction report (CTR) threshold, which may involve:
    • Suspicious use of multiple locations,
    • Multiple individuals working together, or
    • Suspicious use of multiple accounts
  • A transaction out of pattern for the customer or line of business
  • A transaction with no apparent business purpose

Shell Companies:

There are a handful of red flags financial institutions should be aware of when dealing with potentially illicit shell companies and the purchase or distribution of fentanyl, including:  

  • An unclear business model:
    • The company’s NAICS code(s) is/are in a different industry than the business name indicates
    • Commercial databases reveal the company is associated with multiple businesses in unrelated industries
    • Open-source information reveals that the company lacks or has vague company websites
  • Company address or location discrepancy:
    • Online or other open-source searches on the address reveal a business with a different name, or an operating location inconsistent with the business model, such as a residence
    • Commercial databases associate the company with multiple active addresses or operating locations but reveal few indications the company has franchises or multiple branches, subsidiaries, or agents
  • Company name discrepancy:
    • The company’s name is vague, non-descriptive, or does not align with its business model
    • Commercial databases reveal the company has three or more name variations or has multiple “doing business as” dba names
  • Employer Identification Number (EIN) discrepancy:
    • Commercial databases reveal the company is a small business with fewer than 500 employees but has multiple EINs or shares EINs with other businesses.
  • Direct or indirect transactions with Darknet marketplaces or CVC mixing services (anonymizers). The names of several current popular Darknet marketplaces include:
    • Empire
    • Tochka/Point
    • Valhalla
    • Rapture
    • Berlusconi
  • Customer with past criminal histories for drug-related offenses
  • Customers discussing drug purchases in the transaction notes field available on the exchange, including referencing drugs or weight measurements like grams (e.g., “1 gram fent”)
  • Use of virtual private network (VPN) service or Tor to access CVC exchange accounts

Other significant guidance to note within this advisory are:

  • Messages embedded in online payment systems or CVC exchangers that reference internet purchases of illegal drugs are beneficial in an investigation
  • Within suspicious CVC transactions, the following are very useful to law enforcement, if available, when filing a SAR:
    • Virtual currency wallet addresses
    • Account information
    • Transaction details (including virtual currency transaction hash)
    • Relevant transaction history
    • IP addresses
    • Mobile device information
    • Information obtained from an analysis of the customer public, online profile and communications
  • FinCEN requests referencing this guidance in the narrative of a SAR filed for suspected fentanyl or another synthetic opioid trafficking: “FENTANLY FIN-2019-A006”
  • The advisory also provides a DEA keyword list of current drug slang terms that may be used to scan against your customer base

Financial institutions should have suspicious activity monitoring policies and procedures in place as well as an automated solution with scenarios readily available to detect these typologies. Additionally, institutions need the flexibility to lower their parameters to the red flag level to detect certain illicit transactions that are killing our citizens. FinCEN concludes its advisory by stressing the importance of SAR reporting and due diligence requirements that should be included in updated investigation procedures. The advisory reminds financial institutions that SAR information “is consistently beneficial and critical to FinCEN and U.S. law enforcement analytical and investigative efforts, OFAC designation efforts, and the overall security and stability of the U.S. financial system.”

If you need further guidance on these red flags or adjusting your AML transaction monitoring system parameters to meet the red flag detection level, our team of advisory services professionals can help. Contact us today. 

About the Author

Terri Luttrell, CAMS-Audit

Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size. She has successfully worked with institutions in developing BSA/OFAC programs, optimizing various automated solutions, and streamlining processes while ensuring all regulatory requirements are met. As the Compliance and Engagement Director at Abrigo, Terri provides insights that contribute and support long-term banking strategies based on analysis of market and industry trends, competitor developments, and financial and regulatory technology changes. She is an audit-certified anti-money laundering specialist and a board member of the Central Texas chapter of the Association of Certified Anti-Money Laundering Specialists (ACAMS). Terri earned her bachelor’s degree in business administration, specializing in business and finance, from the University of North Texas.

Full Bio

About Abrigo

Abrigo is a leading technology provider of compliance, credit risk, and lending solutions that community financial institutions use to manage risk and drive growth. Our software automates key processes — from anti-money laundering to fraud detection to lending solutions — empowering our customers by addressing their Enterprise Risk Management needs.

Make Big Things Happen.


Looking for Banker’s Toolbox? You are in the Right Place!

Banker’s Toolbox is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to Banker’s Toolbox Community Online.

Make yourself at home!