FinCEN Releases New Advisory for Financial Institutions Regarding the Fentanyl Epidemic

Red Flag Indicators for Fentanyl-Related Activity

Within the guidance, FinCEN provides certain red flags noted below which may help financial institutions in identifying schemes related to illicit fentanyl trafficking. Many of these red flags may also be indicative of other illicit drug trafficking or other money laundering activities but could be related to fentanyl. It is important to remember that red flags should be looked at as a part of an investigation rather than standalone indicators of illicit activity.

Depository Institutions:

Funnel account activity and rapid movement of funds:

• Account owners or third parties structure cash deposits at bank branches in multiple locations into the same account, which funds outgoing transactions including cash withdrawals or wire transfers to Mexico
• The depository institutions have a suspicion concerning the physical condition of deposited cash (the smell of drugs, detergent, or are excessively worn)
• The source of funds cannot be determined or does not make sense for that customer
• Multiple transactions below the currency transaction report (CTR) threshold, which may involve:
  • Suspicious use of multiple locations,
  • Multiple individuals working together, or
  • Suspicious use of multiple accounts
• A transaction out of pattern for the customer or line of business
• A transaction with no apparent business purpose

Shell Companies:

There are a handful of red flags financial institutions should be aware of when dealing with potentially illicit shell companies and the purchase or distribution of fentanyl, including:  

• An unclear business model:
  • The company’s NAICS code(s) is/are in a different industry than the business name indicates
  • Commercial databases reveal the company is associated with multiple businesses in unrelated industries
  • Open-source information reveals that the company lacks or has vague company websites
• Company address or location discrepancy:
  • Online or other open-source searches on the address reveal a business with a different name, or an operating location inconsistent with the business model, such as a residence
  • Commercial databases associate the company with multiple active addresses or operating locations but reveal few indications the company has franchises or multiple branches, subsidiaries, or agents
• Company name discrepancy:
  • The company’s name is vague, non-descriptive, or does not align with its business model
  • Commercial databases reveal the company has three or more name variations or has multiple “doing business as” dba names
• Employer Identification Number (EIN) discrepancy:
  • Commercial databases reveal the company is a small business with fewer than 500 employees but has multiple EINs or shares EINs with other businesses.
• Direct or indirect transactions with Darknet marketplaces or CVC mixing services (anonymizers). The names of several current popular Darknet marketplaces include:
  • Empire
  • Tochka/Point
  • Valhalla
  • Rapture
  • Berlusconi
• Customer with past criminal histories for drug-related offenses
• Customers discussing drug purchases in the transaction notes field available on the exchange, including referencing drugs or weight measurements like grams (e.g., “1 gram fent”)
• Use of virtual private network (VPN) service or Tor to access CVC exchange accounts

Other significant guidance to note within this advisory are:

• Messages embedded in online payment systems or CVC exchangers that reference internet purchases of illegal drugs are beneficial in an investigation
• Within suspicious CVC transactions, the following are very useful to law enforcement, if available, when filing a SAR:
  • Virtual currency wallet addresses
  • Account information
  • Transaction details (including virtual currency transaction hash)
  • Relevant transaction history
  • IP addresses
  • Mobile device information
  • Information obtained from an analysis of the customer public, online profile and communications
• FinCEN requests referencing this guidance in the narrative of a SAR filed for suspected fentanyl or another synthetic opioid trafficking: “FENTANLY FIN-2019-A006”
• The advisory also provides a DEA keyword list of current drug slang terms that may be used to scan against your customer base

Financial institutions should have suspicious activity monitoring policies and procedures in place as well as an automated solution with scenarios readily available to detect these typologies. Additionally, institutions need the flexibility to lower their parameters to the red flag level to detect certain illicit transactions that are killing our citizens. FinCEN concludes its advisory by stressing the importance of SAR reporting and due diligence requirements that should be included in updated investigation procedures. The advisory reminds financial institutions that SAR information “is consistently beneficial and critical to FinCEN and U.S. law enforcement analytical and investigative efforts, OFAC designation efforts, and the overall security and stability of the U.S. financial system.”

If you need further guidance on these red flags or adjusting your AML transaction monitoring system parameters to meet the red flag detection level, our team of advisory services professionals can help. Contact us today.