Thomson Reuters Institute
Suspicious Activity
Reports Surge: 2023
Filings Expected to Set
Another Record
A deeper dive into the data
Contents
Introduction 3
Background: SARs and FinCEN 6
High-Level Findings and Trends 8
Seasonality 14
2023 SAR Prediction 16
Human Exploitation 17
Online Child Exploitation 21
Fraud 22
Supporting Criminal Data 27
Elder Financial Exploitation 29
Pandemic-related Fraud and
Suspicious Receipt of Government Payments. 32
Selected Industries and Terror Financing 33
International Comparisons 39
Takeaways and Closing Thoughts 40
© Thomson Reuters 2023
Suspicious Activity Reports 2023 3
Introduction
Financial institutions in the United States have reported soaring volumes of suspicious
nancial activity to U.S. anti-money laundering (AML) authorities over the past
three years.
Disruptions from the global pandemic created unique opportunities for nancial crime,
particularly fraud schemes involving checks, government benet payments, and investment
accounts. Vulnerable populations have grown in both size and susceptibility, especially
among migrants and the elderly, forming a target-rich environment for
threat actors.
In 2022, Financial institutions submitted more than 3.6 million Suspicious Activity Reports
(SARs) to the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN). SAR lings in
March 2023 set a monthly record, with more than 351,000 reports.
Based on data from the rst quarter of 2023, this year is likely to set additional records.
Since suspicious activity reporting became fully electronic in 2012, total SAR volumes had
increased modestly but steadily until approximately 2019, before spiking dramatically in
2020, 2021, and 2022.
Potential non-criminal drivers
Accelerated SAR lings may not necessarily correlate to symmetrical increases in actual illicit
activity. Rather, as the name implies, suspicious activity reports indicate that a nancial rm
detected and alerted authorities to customer activities known to suggest links to crime. A
rapid SAR-ling tempo may be driven by a variety of potential factors.
Several causes likely explain the surge in SAR lings, including heightened regulatory
pressure, enhanced threat awareness or detections by rms, and pandemic-related changes
such as proliferation of government programs and the rapid, widespread adoption of
mobile banking.
‘Defensive’ SAR ling
Additionally, the spike in reporting could be attributed to defensive ling, a widely recognized
practice in which rms apply overly broad detection criteria to minimize their own risk. While
© Thomson Reuters 2023
Suspicious Activity Reports 2023 4
aiming to preempt regulatory scrutiny, however, defensive ling produces a higher proportion
of SAR lings that unhelpfully point to legitimate activity.
Firms see a clear cost-benet equation here: Submitting a thinly substantiated SAR carries
no regulatory risk – whereas failing to report suspicious activity can attract signicant
enforcement action and painful penalties.
Key trends
While the sharp rise in SAR lings spanned virtually all categories of illegal activity, this
special report highlights key trends, which are supported with additional data.
Growth in suspected fraud linked to government programs likely stemmed from the
extensive, documented abuse of pandemic relief programs. Increases in suspected human
exploitation appear to reect heightened awareness by nancial institutions, owing to
recent alerts from the U.S. Treasury Department and outreach from non-governmental
organizations. Additionally, elder nancial abuse gured prominently in SARs data, also likely
reecting pandemic-era societal shifts that exposed seniors to new threats.
Correlation to crime
Considerable evidence, backed by expert consensus, indicates that elevated suspicious
activity reporting does reect a genuine increase in certain types of criminal activity.
Technological developments and documented increases in certain crime categories, including
identity theft and online fraud, are also likely contributors.
SARs related to check fraud have soared over the past three years, FinCEN data shows.
Contemporaneous statistics from the Federal Bureau of Investigation (FBI) demonstrate a
similar increase in reported fraud cases, particularly in the online domain, which suggests
that fraud is rising at an alarming rate.
The following report provides a user-friendly analysis of SAR-ling trends in critically
important areas, such as check fraud, human exploitation, and elder abuse. Data is presented
showing important annual and monthly trends.
SAR program background
Between 2000 and 2013, FinCEN published semi-annual SARs activity reviews, each
containing a detailed analysis of suspicious activity patterns and other nancial intelligence
insights, including from investigations by federal, state, and local law enforcement agencies.
Those reviews ended in 2013. Since 2017, FinCEN has maintained a comprehensive SAR
database on its public website
1
, which is updated monthly and includes tools for
data interrogation.
1
FinCEN’s SARs Database is available at https://www.ncen.gov/reports/sar-stats.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 5
SAR ling requirements became even more granular when Congress passed the Anti-Money
Laundering Act of 2020, requiring rms to report emergent threat typologies, such as money
laundering and terrorism nancing patterns and trends.
In January 2021, FinCEN began publishing Semi-Annual Trend Analyses, ve of which have
been issued to date
2
. Each analysis covers a single issue in detail, unlike the 2000-2013 SAR
Activity Reviews, which covered multiple issues in less detail. The new trend reports examine
unique threats such as ransomware, wildlife trafcking, Russian oligarchs, and business
e-mail compromise.
Methodology
This report relies on data from January 2014 through March 2023, obtained from FinCEN’s
online SAR stats database. All suspicious activity categories were included in our analysis,
as were all products, relationships, and specic regulators. To assess the broadest possible
dataset, no categories were omitted.
Monthly and annual SAR data was ltered by industry, suspicious activity designation, and
ling volume for specic periods.
To simplify data presentation and enhance relevancy, this report aggregates depository
institutions, money service businesses, and loan/nance companies into a single “nancial
institutions” group. Firms in the securities and futures sector, however, were segregated into
a separate group, because their regulatory regimes are sufciently unique to justify their
own category.
Additionally, all four gambling-related categories were combined into a generic “casino
industry” group. SARs originating from FinCEN’s “other” industry category were included in
the aggregate data but were not subject to additional analysis.
With regards to the total number of SARs led, it should be noted that an individual SAR
may describe multiple, separate suspicious activities. This report examines those underlying
designations to maximize granularity and context.Additionally, this document includes
information on threat indicators (or “red ags”) derived from ofcial alerts and warnings. Red
ags help rms better identify and report suspicious transactions.
The data and ndings presented throughout this report can be used for budgeting and
planning purposes. For example, monthly data reveals seasonal ling trends. Such
information is a valuable resource for corporate compliance, risk, and legal departments.
It may also be useful for AML, sanctions, and nancial crime units within nancial rms,
particularly for comparison purposes and presentations to senior management or boards
of directors.
2
FinCEN’s Financial Trend Analysis is available at https://www.ncen.gov/resources/nancial-trend-analyses.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 6
Background: SARs and FinCEN
SARs led with FinCEN are important tools to help monitor nancial activity that is unusual,
may reect a precursor or derivative of illegal activity, or might threaten public safety.
FinCEN collects and analyzes information about nancial transactions to combat domestic
and international money laundering, terrorism nancing, and other nancial crimes. It is
the single ling point for SARs and is responsible for distributing that information within
the government. FinCEN is also responsible for analyzing this information and producing
intelligence products useful to investigators, regulators, and the banking industry.
The suspicious activity reporting system was established to help authorities and nancial
institutions ght nancial crime by producing a continuous ow of data about potentially
serious activity between depository institutions and federal nancial supervisory agencies,
such as the Federal Reserve Board, Ofce of the Comptroller of the Currency, Federal Deposit
Insurance Corporation, National Credit Union Administration, FinCEN, and law enforcement
agencies throughout the United States.
Financial institutions are obligated to le a SAR when they detect a suspicious transaction
or activity by an identiable, individual involving at least $5,000, and lacking an apparent
lawful purpose, or when there is reason to suspect the funds were derived from
illegal activities.
SARs are a tool provided under the Bank Secrecy Act (BSA) of 1970. Originally called a
“criminal referral form,” SARs became the standard vehicle for reporting suspicious activity
in 1996. The USA PATRIOT Act of 2001 expanded SAR-ling requirements to help combat
domestic and global terrorism.
Failure to detect and report suspicious nancial activity can result in signicant enforcement
action and penalties.
The ow of such information can have life-and-death implications. SARs enable law
enforcement agencies to uncover and prosecute signicant money laundering, fraud,
terrorism, and other illegal operations.
When are SARs required?
Most commonly, FinCEN requires rms to le a SAR within 30 days of detecting customer
transactions featuring details that indicate potential money laundering, terrorism nancing,
Failure to detect and report suspicious nancial activity can result in signicant
enforcement action and penalties
© Thomson Reuters 2023
Suspicious Activity Reports 2023 7
or violations of the BSA. If more evidence is needed – such as the identities of transacting
parties – an extension not exceeding 60 days is available. Firms must retain SARs for ve
years after the date of ling.
What institutions must le SARs?
Many types of nancial rms are subject to SAR-ling requirements, including banks and
credit unions, stock and mutual fund brokers, and various money service businesses, such as
check-cashing companies and money-order providers. However, casinos, dealers of precious
metals and gems, insurance companies, and mortgage businesses are also subject to the
BSA, and thus are required to le SARs.
Condentiality is key
The effectiveness of reporting suspicious activity relies in part on condentiality. At no time
may a person under investigation be notied about a SAR ling. Additionally, it is a federal
criminal offense to disclose SAR contents to outside parties, such as news organizations.
When a bank or nancial institution reports suspicious activity, they are required to ensure
the information provided is reviewed at multiple stages by internal investigators, company
management, and legal counsel before nalizing the SAR. Special privileges protect
those who submit SARs, whether on a company’s behalf or as a private individual. The
submitting party is not required to disclose their identity, and they are immune to legal
discovery processes.
All reporting entities receive immunity for statements made in the SAR.
How are SARs Filed?
SARs are submitted through FinCEN’s electronic ling portal. The digital system facilitates
data standardization and increased efciency which are critical in situations involving public
safety concerns.
Figure 1: SAR Filings Must include Five Sections of information:
•
I
dentifying information: Names, addresses, social security numbers, birth dates,
driver license or passport numbers, occupations, and phone numbers of all
parties involved.
•
I
ncident data: Dates and suspicious activity codes.
•
I
nstitution name: The rm where the suspicious activity occurred.
•
I
nstitution contact: Contact details for the reporting rm.
•
I
ncident narrative: A written description of the suspicious activity, providing a
narrative to the data.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 8
High-level Findings and Trends
FinCEN received reports from more than 260,000 registered nancial institutions and other
e-lers in 2022, according to its latest annual review
3
. The review provides valuable insight
into the data cited in this report, and it should be noted that apparent differences between
this report and FinCEN’s annual publication stem from our consolidation of ling entities by
industry, as well as our disaggregation of suspicious activity designations in SARs containing
multiple entries.
We have attempted to present the data in a reader-friendly manner. In most cases, the
infographics tell much of the story, but in some areas, we have included additional analysis
and context.
FinCEN’s Year in Review for 2022 revealed some astonishing statistics, which we have
highlighted below. Note that FinCEN’s statistics differ slightly from ours, due to FinCEN
operating on a governmental scal-year basis rather than our calendar-year methodology.
3
Financial Crimes Enforcement Network (FinCEN) Year in Review for FY 2022; April 2023. Available at https://www.ncen.gov/sites/default/les/shared/
FinCEN_Infographic_Public_2023_April_21_FINAL.pdf
Figure
2: Total SARs Filed (all industries)
0
500,000
2014 2015 2016 2017 2018 2019 2020 2021 2022 2023
1,659,123
1,812,665
1,975,638
2,034,406
2,171,173
2,301,163
2,504,509
3,069,450
3,616,450
938,444
1,000,000
1,500,000
2,000,000
2,500,000
3,000,000
3,500,000
4,000,000
0
* 2023 Stats include Jan-March filings
Figure 2: Total SARs Filed (all industries)
© Thomson Reuters 2023
Suspicious Activity Reports 2023 9
Figure 3: Notable SAR stats:
• Approximately 3.6 million SAR forms were submitted in 2022, or almost 10,000
reports per day
• The top-10 SAR lers submitted approximately 52% of all SARs in scal 2022
• Depository institutions and money services businesses (MSBs) led the vast
majority (85%) of all SARs
• Law Enforcement and other authorized users conducted more than 2.3 million
queries of FinCEN data in 2022
• More than 14,800 nancial institutions shared data with law enforcement agencies
• More than 7,600 nancial institutions participate in 314(b) information sharing
(bank to bank)
© Thomson Reuters 2023
Suspicious Activity Reports 2023 10
Growing volume of SARs
More than 3.6 million SARs were led in 2022, an 18% increase over 2021. The 3.1 million
SARs led in 2021 represented a 22.5% increase over 2020.
The graph below, Figure 4, below shows the total annual volume of suspicious activity
designations, or “ags,” reported across all lings. For those unfamiliar with the SAR form,
numerous check-box options are available when describing the suspicious activity being
reported. It is widespread practice to select multiple suspicion ags because some activities
straddle multiple categories.
Both datasets – i.e., total SARs and total suspicious activity designations – are important.
Aggregated annual ling data provides a broad, holistic view and is valuable for forecasting.
The designation-specic data provides granular visibility of specic threat vectors, such as
fraud or money laundering, targeted by illicit actors.
In general, since data became available in 2014, there has been steady growth in reported
suspicious activity. This is partly due to increasing sophistication in corporate anti-money
laundering and anti-fraud programs, as well as advances in detection technology, evolving
regulatory priorities, and enhanced scrutiny by enforcement bodies.
However, the notable surge in SAR volumes between 2020 and 2023, where the number of
suspicion designations grew from 6.3 million to 9.3 million, represents an increase of 46%.
Figure 4: Total Suspicious Activity Designations (all industries)
1,000,000
2014 2015 2016 2017 2018 2019 2020 2021 2022 2023
3,992,945
4,312,258
4,782,217
4,976,592
5,241,847
5,596,620
6,395,818
8,068,757
9,356,155
2,493,523
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000
7,000,000
8,000,000
9,000,000
10,000,000
0
* 2023 Stats include Jan-March filings
© Thomson Reuters 2023
Suspicious Activity Reports 2023 11
Figure 5: Top 10 Suspicious Activity Flags (Overall)
Suspicious Activity 2019 2020 2021 2022 2023
Transaction with no apparent economic,
business, or lawful purpose
313,124 430,669 686,481 780,057 213,281
Check 285,716 284,888 350,372 683,541 185,584
Suspicion concerning the source of funds 391,650 445,874 594,713 608,043 173,618
Transaction(s) below currency
reporting threshold
306,324 426,664 552,640 573,057 139,429
Suspicious use of multiple transaction locations 401,922 429,501 480,224 521,028 141,559
Transaction(s) below BSA recordkeeping
threshold
479,496 494,076 564,264 493,287 119,608
Other suspicious activities 262,987 277,074 346,811 477,336 110,027
Two or more individuals working together 244,922 287,023 355,253 467,448 130,493
Suspicious electronic transfers 244,814 356,958 467,053 450,754 112,662
Transaction out of pattern for customer(s) 231,967 307,971 402,180 420,854 107,817
* 2023 Stats include Jan-March lings
Pandemic response-related fraud
Since 2020, all industries have seen signicant growth in fraud of all types, from simple check
fraud and scam activity to business email compromises and electronic intrusions resulting in
nancial losses. We investigate the pandemic’s role in fraud growth later in this report.
Digital-rst banking
With digital-rst banking, customer interactions occur primarily through digital channels,
such as websites and mobile device applications. Adopting this approach has been a priority
for national and regional banks for several years, as it allows them to reach more customers
outside traditional community branches by offering around-the-clock access to bank accounts
and services. That exibility became a crucial selling feature when pandemic mitigation
measures disrupted daily life in 2020.
Pivoting to the digital-rst paradigm required nancial rms to balance the competing
priorities of maximizing security while minimizing customer friction. Fraudsters took
advantage of the built-in incentives driving banks to streamline customer-facing processes,
and the result was fraud on a massive scale
© Thomson Reuters 2023
Suspicious Activity Reports 2023 12
4
FinCEN Alerts/Advisories/Notices/Bulletins/Fact Sheets, available at https://www.ncen.gov/resources/advisoriesbulletinsfact-sheets.
Regulatory pressure
FinCEN has issued dozens of advisories, alerts, and notices since July 2020
4
, highlighting its
focus on emergent AML concerns ranging from cryptocurrency abuse to human trafcking,
elder nancial exploitation, ransomware, sanctions evasions, mail-theft-related check fraud,
and illicit real estate activity.
Regulators have consistently reminded nancial institutions of their suspicious-activity
reporting obligations, while providing additional direction on how to make SARs more
informative and actionable for authorities. FinCEN also compiles and shares threat typologies
and red-ag indicators to help nancial institutions detect and report suspicious activity. We
have reiterated many of these red ags throughout the report.
Defensive lings
While most individual SAR lings never lead to criminal convictions, the cumulative ow of
data is of immense value to nancial intelligence and law enforcement agencies. Regulators
are therefore unlikely to ever discourage rms from reporting grey-area transactions that,
while appearing unusual, do not meet the technical criteria for raising suspicion.
Suspected money laundering and general suspicious activity account for most SARs lings,
followed closely by fraud. The data also shows many rms consider incomplete customer
information as sufcient grounds to report a money laundering concern.
Three of the 10 most reported suspicious activities relate to information gaps about a
customer or out-of-pattern transactions that raised red ags. Many SARs are led when
analysts and investigators cannot determine funding sources, cannot nd legitimate reasons
for unusually large deposits or withdrawals, or cannot identify relationships between parties
that could explain out-of-pattern activity.
Suspicious Activity 2019 2020 2021 2022 2023
Transaction with No Apparent Economic,
Business, or Lawful Purpose
313,124 430,669 686,481 780,057 213,281
Suspicion Concerning the Source of Funds 391,650 445,874 594,713 608,043 173,618
Transaction Out of Pattern for Customer(s) 231,967 307,97 1 402,180 420,854 107,817
Total: 936,741 1,184,514 1,683,374 1,808,954 301,675
* 2023 Stats include Jan-March lings
Figure 6: Designations Commonly Used in Defensive SAR Filings
© Thomson Reuters 2023
Suspicious Activity Reports 2023 13
If AML analysts and investigators as a group had sufcient time, resources, and data, they
likely could remediate or avoid a statistically signicant portion of the suspicious transactions
listed in the chart below. These grey-area reports account for approximately 20% of all
SAR lings.
Indeed, with the right combination of public records, transactional insights, and relevant
input from customers, nancial institutions can signicantly reduce the volume of extraneous
SAR lings.
Figure 7: Year-Over-Year SAR Filings by Financial Institutions
0
500,000
2014 2015 2016 2017 2018 2019 2020 2021 2022 2023
1,545,879
1,680,784
1,832,080
1,794,625
1,872,323
1,995,250
2,154,397
2,605,935
3,080,947
812,395
1,000,000
1,500,000
2,000,000
2,500,000
3,000,000
3,500,000
4,000,000
0
* 2023 Stats include Jan-March filings
The financial institution group consists of depository institutions, money service businesses (MSBs), and
loan or finance companies. This industry category files more than 85% of all SARs. According to FinCEN,
the 10 most prolific SAR filers in fiscal 2022 produced 52% of all reports.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 14
* 2023 Stats include Jan-March lings
Monthly SAR Filings - All Industries
2014 2015 2016 2017 2018 2019 2020 2021 2022 2023
January 130,342 167,693 151,620 166,854 177,537 182,655 189,304 207,953 293,320 295,760
February 122,452 130,716 145,716 144,296 160,132 176,363 190,438 211,130 271,374 291,595
March 126,754 150,211 163,943 186,042 192,786 196,876 199,904 246,411 325,378 351,089
April 145,226 152,984 163,668 156,667 179,171 183,080 202,120 256,745 292,621
May 140,813 141,306 157,010 177,677 188,204 209,066 166,229 258,017 286,702
June 143,585 152,593 191,516 17 7,625 181,926 184,782 183,527 277,334 309,408
July 142,908 155,932 164,103 157,952 174,018 196,480 223,788 263,780 291,870
August 134,718 140,574 171,970 187,391 209,468 198,579 220,348 264,122 330,581
September 144,651 157,882 177,329 175,763 167,193 187,609 238,884 268,224 312,379
October 150,304 147,031 153,958 168,882 186,616 210,507 225,608 268,224 286,721
November 138,539 157,894 164,246 168,116 182,276 190,188 223,849 267,052 310,487
December 138,831 157,849 170,559 167,141 171,846 184,978 240,510 280,458 305,609
Monthly
Average
138,260 151,055 164,637 169,534 180,931 191,764 208,709 255,788 301,371 312,815
Key: <Average >Average > 1 σ
Seasonality
Monthly SAR loads tend to vary year to year, as economic and societal factors likely play
a role in periods featuring high reporting volumes. Pre-pandemic, anti-fraud and AML
specialists typically observed a spike in lings during the spring and tax-return season, as
well as the end-of-summer and back-to-school period. The monthly SAR chart highlights
in red any month where SAR lings exceeded that year’s average by at least one standard
deviation. Orange highlights indicate ling volumes that were above the annual average but
still typically within range. White months had average or below-average volumes.
The monthly SARs chart conrms that for the last nine years, January and February typically
showed below-average SAR volumes, while late spring and late summer were often
particularly busy. These ndings align tightly with observations by AML experts.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 15
January and February typically showed below-average SAR
volumes, while late spring and late summer were often
particularly busy.
Figure 8: Takeaways from Monthly SAR Volumes Include:
• 2022 saw exceptionally high SAR volumes in March and August, with moderately
above-average levels in June, September, November and December
• Every month in 2022 showed more SAR-ling activity than corresponding months
in 2021
• 2020-2021 saw heightened caseloads during the back-to-school and winter-holiday
shopping seasons.
• 2017-2019 saw below-average caseloads between November and February.
• Consistently lower caseloads between January and April of each year.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 16
2023 SAR Prediction:
A Record Year in Volume
Based on monthly data, we can project that approximately 3.75 million SARs will be led
in 2023, representing another record year in volume. This projection also considers current
regulatory trends, which suggest that SAR-ling requirements will only increase in the
near- to medium-term. Additionally, data from the rst quarter of 2023 is consistent with the
overall growth trend in SARs lings.
Figure 9: 2023 End-Of-Year Projected SAR Filings
0
500,000
2019 2020 2021 2022 2023
1,000,000
SARs Filed
1,500,000
2,000,000
2,500,000
3,000,000
3,500,000
4,000,000
0
* 2023 Stats include Jan-March filings
** Projections subject to change based on overall market
Projection
Financial institutions led an average of 312,815 SARs per month in the rst quarter of 2023,
reecting a 4% increase from the previous year’s rst-quarter monthly average. That increase
was slightly less than in 2019. In 2018 and 2019, however, monthly average SAR growth in
the rst quarter roughly matched the average rate of increase for the entire year, so we have
chosen to incorporate that pattern into our projection for 2023.
Risk leaders should plan for a normal busy season at the beginning and end of summer.
It should be noted that annual SAR volumes are largely driven by a combination of factors,
including consumer spending velocity, regulatory guidance, and technological or
process innovations.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 17
Human Exploitation
FinCEN data showed a 373% increase in human smuggling related SAR lings from 2020 to
2021, followed by a subsequent 173% increase from 2021 to 2022. In the rst quarter of 2023,
FinCEN received 4,776 human-smuggling SARs, compared to 6,461 such reports for all
of 2021.
SARs related to human trafcking increased by 32% from 2020 to 2021, followed by a further
42% increase from 2021 to 2022. The rst quarter of 2023 saw 2,237 human-trafcking
SARs led.
FinCEN distinguishes between two types of human exploitation – smuggling and trafcking –
according to the following criteria:
• Human smuggling: Facilitation, transportation, or attempted transportation of persons
across national borders, in violation of immigration laws. Smuggling is typically conducted
for prot, with the individuals being smuggled often voluntarily paying smugglers to help
them enter another country illegally. Subjects of human smuggling can often become
victims of human trafcking.
• Human trafcking: Modern-day slavery, involving the use of force, fraud, or coercion
to exploit individuals for labor or commercial sex purposes. Trafcking in people often
involves physical violence, psychological manipulation, or debt bondage. Victims can
include men, women, and children. Victims can be trafcked across local, state, and
national borders.
Figure 10: Human Exploitation SAR Filings
0
2,000
2018 2019 2020 2021 2022 2023
4,000
Human Smugling
6,000
8,000
10,000
12,000
14,000
16,000
18,000
0
* 2023 Stats include Jan-March filings
Human Trafficking
6,461
4,092
4,776
2,237
3,096
1,581
3,384
2,432
177
336
17,646
5,798
© Thomson Reuters 2023
Suspicious Activity Reports 2023 18
FinCEN issued an alert in January 2023
5
addressing human-trafcking trends, typologies,
and red ags to help nancial institutions better identify and report suspicious transactions
related to the multi-billion dollar criminal enterprise.
“Illicit actors, including transnational criminal organizations, engage in human smuggling
activity at the U.S. southwest border to reap illicit nancial gains, and they do so without
regard for the well-being or physical safety of those involved,” said FinCEN Acting Director
Himamauli Das. “Financial institutions need to know that their vigilance and prompt
Bank Secrecy Act reporting matters – it aids investigations tied to human smuggling and
transnational organized crime and can ultimately save lives.”
Human trafcking is one of FinCEN’s eight national priorities related to anti-money
laundering and countering the nancing of terrorism, as mandated by the Anti-Money
Laundering Act of 2020.
Human smugglers operating across the southwest border of the United States have exploited
a period of surging migration to generate an estimated $2 billion to $6 billion in yearly
organized crime revenue, according to the U.S. Department of Homeland Security. These
networks are often associated with transnational criminal organizations, including drug
cartels, which control the territories through which smuggling operations take place.
The increase in SAR lings has been largely driven by renewed FinCEN guidance on
identifying and reporting human trafcking activity in October 2020
6
. In response,
organisations started awareness and education efforts, as well as making more lings.
Government programs and organizations such as The Knoble
7
have also driven reporting and
law enforcement action.
5
FinCEN Alert on Human Smuggling along the Southwest Border of the United States; (FIN-2023-Alert001) January 13, 2023; available at
https://www.ncen.gov/sites/default/les/shared/FinCEN%20Alert%20Human%20Smuggling%20FINAL_508.pdf.
6
https://www.ncen.gov/sites/default/les/advisory/2020-10-15/Advisory%20Human%20Trafcking%20508%20FINAL_0.pdf
7
See The Knoble, at https://www.theknoble.com/.
“Recent events involving the death of migrants attempting to cross into the
United States illustrate the dangers associated with human smuggling and
how smuggling networks exploit human beings for prot,” FinCEN stated.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 19
Laundering the proceeds of human exploitation
Human smuggling is often tied to larger criminal groups whose money laundering methods
overlap signicantly with those of drug cartels and similar organizations.
Smuggling fees are often paid by migrants’ U.S.-based family members using transfers
disguised as common remittances. Funds are sent to “funnel accounts” at nancial
institutions with branches along both sides of the southwest border where they are
subsequently withdrawn as cash to pay smugglers. Migrants primarily pay smugglers in cash
which requires the criminals to move cash in bulk and use it to purchase high-value assets
such as real estate and businesses.
Human smugglers also use mobile payment applications and other peer-to-peer networks to
transfer funds, albeit less frequently.
Bank Secrecy Act obligations
FinCEN’s human exploitation alert advised rms that SARs related to human smuggling
should be included in the narrative the key term, “FIN-2023- HUMANSMUGGLING” in SAR
eld 2 (Filing Institution Note to FinCEN), as well as in the narrative, and be selecting SAR
eld 38(g) (human smuggling).
FinCEN noted that potential victims of human trafcking should not be reported as the
subject of a SAR. “Rather, all available information on the victim should be included in the
narrative portion of the SAR.” FinCEN further requests that nancial institutions reference
the advisory by including the key term: “HUMAN TRAFFICKING FIN-2020-A008” in SAR eld
2 (Filing Institution Note to FinCEN) to indicate a connection between the suspicious activity
being reported and the activities highlighted in the advisory. Additional information to report
includes behavioral indicators, email addresses, phone numbers, and IP addresses, when
possible, to aid law enforcement investigations.
Smuggling fees are often paid by migrants’ U.S.-based family
members using transfers disguised as common remittances.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 20
Indicators of human trafcking
• Customers frequently appear to move through, and
transact from, different geographic locations in the
United States. These transactions can be combined
with travel in foreign countries known to be signicant
conduits for
human trafcking.
• Transactions are inconsistent with a customer’s
expected activity or line of business and reect an
apparent effort to cover trafcking victims’ living costs
including housing, transportation, medical expenses,
pharmacies, clothing, grocery stores, and restaurants.
• Transactional activity that occurs largely outside of
normal business hours (e.g., a business that operates
during the
day but conducts many transactions at night), almost
always in cash, with deposits that are larger than
expected for
the business.
• An individual frequently purchases and uses prepaid
access cards.
• A customer’s account shares common identiers such
as a telephone number, email, social media handle,
or address associated with escort agencies and
commercial sex advertisements.
• Frequent transactions with online classied sites based
in foreign jurisdictions.
• A customer frequently sends or receives funds via
cryptocurrency to or from dark net markets or services
with known links to illicit activity. This may include
services that host advertising content for illicit services,
sell illicit content, or nancial institutions that allow
prepaid cards to pay for cryptocurrencies without
appropriate risk mitigation controls.
• Frequent transactions using third-party payment
processors that conceal transaction originators or
beneciaries.
• A customer avoids transactions that require
identication documents or that trigger reporting
requirements.
Indicators of human smuggling
• Transactions involving multiple wire transfers, cash
deposits, or peer-to-peer payments from multiple
originators in different locations either across the
United States, or Mexico and Central America, to one
beneciary located on or near the southwest border,
with no apparent business purpose.
• Deposits by multiple individuals from multiple locations
into a single account. The depositors are not afliated
with the account holder’s work or area of residence, and
the transfers lack an apparent economic purpose.
• Unexplained currency deposits into U.S. accounts,
followed by rapid wire transfers to countries with high
migrant ows, such as Mexico and Central America.
The transfers are inconsistent with expected customer
activity.
• Frequent conversion of small-denomination bills to
larger denominations by customers outside
cash-intensive industries.
• Multiple customers sending wire transfers to a single
beneciary, where the senders are not relatives but may
be located in the sender’s home country. The transfers
are inconsistent with the recipient customer’s usual
account activity and reported occupation.
• A customer depositing signicantly larger amounts
than expected of peers in similar professions or lines of
business.
• A customer making cash deposits that are inconsistent
with the customer’s line of business.
• Extensive use of cash to conduct transactions and
purchase assets such as real estate.
Source: www.ncen.gov/sites/default/les/advisory/2020-10-15/Advisory%20Human%20Trafcking%20508%20FINAL_0.pdf
Figure 11: Important FinCEN Trafcking and Smuggling Red Flags
© Thomson Reuters 2023
Suspicious Activity Reports 2023 21
Online Child Exploitation
FinCEN issued a notice in September 2021 alerting rms to increasing rates of online
child sexual exploitation
8
. It gave nancial institutions specic SAR-ling instructions
and highlighted related nancial trends. Unfortunately, the SARs data for children is not
separated into its own category.
The FinCEN alert provided direction for nancial institutions and their handling of online
child sexual exploitation (OCSE). The notice provided SAR ling instructions requesting that
nancial institutions reference the notice in SAR eld 2 (Filing Institution Note to FinCEN)
using the keyword “OCSE-FIN-2021-NTC3.” Financial institutions were also instructed to
select SAR Field 38(z) (Other) as the associated suspicious activity type. If human trafcking
or human smuggling are suspected in addition to OCSE activity, nancial institutions were
instructed to also select the respective categories.
International standard-setters have also launched initiatives targeting online child
exploitation. The United Nations partnered with the Association of Certied Anti-Money
Laundering Specialists (ACAMS) in March 2023 to create a no-cost certication program to
help AML professionals and law enforcement authorities better detect nancial transactions
linked to child sexual abuse. The move followed growing concern about the online sale of
visually recorded abuse material.
The ACAMS training program – Preventing Online Child Exploitation with Financial
Intelligence – teaches the use of cryptocurrency blockchain analytics and compliance data
to identify and track the billions of dollars in illicit proceeds generated by online child sexual
abuse materials (CSAM). It is supported by the Finance Against Slavery & Trafcking (FAST)
initiative from the U.N. University Centre for Policy Research.
‘The extent of organized, for-prot child abuse is only getting worse’, FAST Project Director
Daniel Thelesklaf said, echoing senior ofcials at ACAMS who designed the program.
Global events have exacerbated the threat. The COVID-19 pandemic forced at-risk children to
isolate at home with their abusers, and Russia’s February 2022 invasion of Ukraine displaced
millions of people, including thousands of Ukrainian children forcibly relocated to
Russian territory.
8
https://www.ncen.gov/sites/default/les/shared/FinCEN%20OCSE%20Notice%20508C.pdf.
Reports of suspected child exploitation rose 35% in 2021,
compared to the previous year, according to the National
Center for Missing and Exploited Children.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 22
Fraud
Fraud rates in general have exploded over recent years, targeting both public and private
sectors. As with other threats, the COVID-19 pandemic accelerated the proliferation of
fraudulent activity, as criminals leveraged lockdowns, technological shifts, and
demographic changes.
American consumers reported an
average of 2.6 million fraud cases
annually during the pandemic’s
three-year emergency phase
(2020-2022), according to Federal
Trade Commission data. While
fraud reporting volumes were
relatively stable during that period,
total reported annual fraud losses
increased dramatically.
Overall, nancial institutions
and other entities have reported
signicant year-over-year increases
across nine of the 10 most-
reported fraud categories.
Figure 12: FBI Internet Crime
Reporting by the Numbers
$10.3 Billion
Victim losses in 2022
2,175+
Average complaints recieved daily
651,800+
Average complaints recieved per year (last 5 years)
Over 7.3 Million
Complaints reported since inception
Figure 13: Top 10 Federal Trade Commission (FTC) Fraud Report Categories
Rank Category # of Reports % Reporting $ Loss Total $ Loss Median $ Loss
1 Imposter Scams 761,600 21% $2,731.5M $1,000
3 Online Shopping and Negative Reviews 359,706 43% $358.7M $179
3 Prizes, Sweepstakes and Lotteries 148,161 12% $308.6M $950
4 Internet Services 113,548 4% $28.5M $300
5 Investment Related 107,205 74% $3,907.6M $5,000
6 Business and Job Opportunities 94,129 32% $373.5M $2,000
7 Telephone and Mobile Services 91,220 9% $20.9M $200
8 Health Care 74,031 6% $16.7M $260
9 Travel, Vacations and Timeshare Plans 65,135 16% $105.1M $1,266
10 Foreign Money Offers and Fake Check Scams 41,159 32% $123.8M $2,000
Source: https://public.tableau.com/app/prole/federal.trade.commission/viz/FraudReports/FraudLosses
© Thomson Reuters 2023
Suspicious Activity Reports 2023 23
Source: FTC Public Data for 2022
Figue 14: Identity Theft Types
Figue 15: Top 10 SAR Fraud Flags
Rank Theft Type # of Reports
1 Credit Card Fraud 440,631
3 Other Identity Theft 326,468
3 Bank Fraud 156,116
4 Loan or Lease Fraud 153,569
5 Employment or Tax-Rlated Fraud 103,409
6 Phone or Utilities Fraud 77,308
7 Government Documents or Benets Fraud 57,898
Suspicious Activity 2019 2020 2021 2022 2023
Check 285,716 284,888 350,372 683,541 185,584
Other Fraud (Type) 201,222 262,530 382,037 390,238 110,702
Credit/Debit Card 214,682 189,470 220,586 349,439 100,369
Counterfeit Instrument 129,972 135,432 159,475 327,413 89,128
ACH 121,290 203,635 276,093 291,583 80,942
Wire 123,664 120,025 122,562 136,695 41,153
Consumer Loan (see instructions) 98,209 80,009 76,438 106,966 27,351
Mass-Marketing 13,462 20,996 22,229 33,225 12,707
Business Loan 3,440 16,386 49,008 29,417 9,899
Application Fraud 12,683 16,357 18,875 22,088 5,264
Source: https://public.tableau.com/app/prole/federal.trade.commission/viz/FraudReports/FraudLosses
Source: https://public.tableau.com/app/prole/federal.trade.commission/viz/FraudReports/FraudLosses
Filtering FinCEN’s suspicious activity data by fraud type (as coded in SAR forms) reveals
sharp increases in particular categories between 2019 and 2022, including a 140% increase
in reported check fraud, an 84% increase in credit/debit card fraud, and a 142% increase in
counterfeit currency.
Check fraud, analyzed in more detail below, was by far the most prevalent fraud type
reported in 2022, with over 680,000 SAR lings. It was the second largest of all SAR
categories that year. While rms have responded by reinforcing their anti-fraud organizations
overall, they have focused particular attention on check fraud. While rms have responded by
reinforcing their anti-fraud organizations overall, they have focused particular attention on
check fraud.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 24
Figure 16: Check Fraud (All Industry)
0
100,000
2014 2015 2016 2017 2018 2019 2020 2021 2022 2023
106,264
118,869
160,742
173,056
211,621
285,716
284,888
350,373
683,541
185,584
200,000
300,000
400,000
500,000
600,000
700,000
800,000
0
* 2023 Stats include Jan-March filings
Check Fraud
Suspicious activity reporting about check fraud nearly doubled in 2022. Financial institutions
led over 680,000 check fraud SARs last year, a 95% increase over the 350,000 led in 2021.
Figure 17: Fraud SAR Filing Trends
0 100,000 200,000 300,000 400,000
Other Fraud (Type)
Identity Theft
Credit/Debit Card
Counterfeit Instrument
ACH
* 2023 Stats include Jan-March filings
2019 2020 2021 2022 2023
A previous alert from 2021 warned rms that fraud, including check fraud, was “the largest
source of illicit proceeds in the United States” and was among the country’s top anti-money
laundering priorities.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 25
Figure18: Check Fraud Indicators Include:
• Uncharacteristically large withdrawals from a customer’s account via check to a
new payee.
• Customer complaints about checks stolen from the mail and deposited into
unknown accounts.
• Complaints about mailed checks never reaching intended recipients.
• Checks used to withdraw funds appear to be made of a noticeably different
paper stock than that used by the issuing bank or other stock used for known,
legitimate transactions.
• Existing customer with no history of check deposits has new, sudden check deposits
and withdrawals or transfers.
• Non-characteristic, sudden, abnormal deposit of checks, often electronically, followed
by rapid withdrawal or transfer.
• Examination of suspect checks reveals faded handwriting underneath darker
handwriting, suggesting that the original handwriting was overwritten.
• Suspect accounts may exhibit indicators of other suspicious activity, such as
pandemic-related fraud.
• New customer opens an account that is seemingly used only for the deposit of checks
followed by frequent withdrawals and transfers.
• A non-customer who attempts to cash a large check or multiple large checks in
person and, when questioned by the nancial institution, provides an explanation that
is suspicious or potentially indicative of money mule activity.
FinCEN warned nancial institutions in February 2023 of a nationwide surge in check fraud
schemes targeting the U.S. Postal Service
10
.
Criminals increasingly targeted U.S. mail carriers during the COVID-19 pandemic, regulators
said. This type of crime typically involves stealing personal checks, business checks, tax
refund checks, and checks related to government assistance such as Social Security and
unemployment benets.
10
https://www.ncen.gov/sites/default/les/shared/FinCEN%20Alert%20Mail%20Theft-Related%20Check%20Fraud%20FINAL%20508.pdf
Source: https://www.ncen.gov/sites/default/les/shared/FinCEN%20Alert%20Mail%20Theft-Related%20Check%20Fraud%20FINAL%20508.pdf
© Thomson Reuters 2023
Suspicious Activity Reports 2023 26
Fraudsters and organized criminal groups may alter or wash stolen checks, substituting
legitimate payee information with new personal or business accounts controlled by the
criminals, FinCEN said. In addition to check washers, the alert outlined the role of so-called
money mules, which it described as people who transfer or move illicit funds at the direction
of others.
FinCEN requested that nancial institutions indicate a connection between the suspicious
activity being reported and the activities highlighted in its alert by including the term “FIN-
2023-MAILTHEFT” in SAR eld 2, as well as in the narrative and by selecting SAR Field 34(d)
(check fraud).
Indicators of Check fraud
FinCEN advised nancial institutions to consider the surrounding facts and circumstances
before escalating suspicion, such as whether transactions are consistent with prevailing
business practices and whether a customer raises multiple red ags.
Financial institutions are obligated to le a SAR when they detect a suspicious
transaction or activity by a identiable, individual involving at least $5,000, and
lacking an apparent lawful purpose, or when there is reason to suspect the funds
were derived from illegal activities.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 27
Supporting Criminal Data
SAR and FBI Data Paint Bleak Picture
Data from the U.S. Federal Bureau of Investigations (FBI) validates the rising fraud trend
apparent in FinCEN’s SAR database.
FBI Internet Crime Complaint Center (IC3) data for 2022 showed:
• 127% increase in reported investment fraud, amounting to $3.3 billion in reported losses.
• Call center fraud affected more than 44,000 victims, accounting for over $1 billion
in losses.
• 2,385 complaints of ransomware targeting critical infrastructure, with reported losses
totaling over $34 million.
Figure 19: Complaints and Losses over the Last Five Years
3.26 Million Total Complaints
$27.6 Billion Total Losses
351,937
467,361
791,790
847,376
800,944
$3.5 Billion
$4.2 Billion
$6.9 Billion
$10.3 Billion
$2.7 Billion
202 2
2021
2020
2019
2018
Complaints Losses
Source: https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf (FBI’s IC3 Annual Report for 2022)
© Thomson Reuters 2023
Suspicious Activity Reports 2023 28
FBI Internet Crime Complaint Center (IC3)
Supporting Data
Takeaways:
• Exponential growth in victims and nancial losses.
• Exacerbated by the pandemic.
• Domestic and international organized crime as well as state-sponsored criminal
enterprises are all active in nancial crimes.
• Fraudulent events create devastating losses to victims.
• Major business opportunities for scam perpetrators.
• Signicant amounts of elder fraud go un-reported due to embarrassment, nancial
problems, and familial abuse.
Source: IC3 FBI’s IC3 Annual Report for 2022
Figure 20: FBI IC3's Top Five Internet Crime Types
2018 2019 2020 2021 2022
32,538
23,903
15,421
13,633
14,408
39,416
39,360
76,741
43,101
51,146
51,679
82,478
108,869
61 ,832
65,116
58,859
51,829
45,330
38,218
50,642
300,497
323,972
241,342
114,702
26,379
Tech support
Extortion
Non-Payment/
Non-Delivery
Personal
Data Breach
Phishing
number of reports to IC3
© Thomson Reuters 2023
Suspicious Activity Reports 2023 29
Elder Financial Exploitation
SAR data shows a dramatic increase in suspected elder nancial abuse. FinCEN recorded
nearly 107,000 SARs related to elder abuse in 2022. That gure’s correlation to incidents
of crime is supported by the FBI’s Internet Crime Complaint Center (IC3), which recorded
88,000 cases of online fraud targeting seniors. Losses by elder victims increased by 84% in
2022, FBI data showed.
Senior vulnerability to online fraud
was exacerbated by the COVID-19
pandemic which forced many
seniors to transition from in-branch
service to mobile banking. Instances
of phishing, identity theft, and other
cybercrime targeting the elderly
population became much
more prevalent.
Such scams are often perpetrated
through popular online services, such as the practice of “catshing,” in which fraudsters use
ctitious social-media proles to ensnare seniors in false romantic relationships resulting in
nancial abuse. Another tactic involves SMS-phishing – or smishing – whereby scammers
send text messages purporting to be from reputable companies in order to manipulate
targets into revealing personal information including passwords or credit card numbers.
Figure 20: Elder Financial Exploitation SAR Filings
0
20,000
2014 2015 2016 2017 2018 2019 2020 2021 2022 2023
21,656
25,566
52,633
62,807
53,924
62,298
62,014
72,173
106,754
36,911
40,000
60,000
80,000
100,000
120,000
0
* 2023 Stats include Jan-March filings
Figure 21: IC3 Victims Over 60 by the numbers
Sourced (FBI's IC3 Annual Report for 2022)
88,262
Total Victims Over 60
$3.1 Billion
Total Losses
84%
Increase in losses from 2021
$35,101
Average Losses Per Victim
5,465
Victims losing more then $100K
© Thomson Reuters 2023
Suspicious Activity Reports 2023 30
Source: FBI Elder Fraud Report 2022 (https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3ElderFraudReport.pdf)
Source: FBI Elder Fraud Report 2022 (https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3ElderFraudReport.pdf)
0
5,000
2018 2019 2020 2021 202 2
10,000
15,000
20,000
25,000
0
$100,000,000
$200,000,000
$300,000,000
$400,000,000
$500,000,000
$600,000,000
$700,000,000
$800,000,000
$0
Figure 22: Call Center Frauds - Victims Over 60
Losses Losses
0
$200,000,000
2020 2021 2022
$400,000,000
$600,000,000
$800,000,000
$1,000,000,000
$1,200,000,000
0
Figure 23: Investment Scam
Losses by Victims Over 60
© Thomson Reuters 2023
Suspicious Activity Reports 2023 31
A 2022 FinCEN alert about elder abuse included both behavioral and nancial red ags
indicating suspicious activity
9
.
FinCEN requested that nancial institutions ling SARs on such activity mark the check box
for Elder Financial Exploitation and include the key term “EFE FIN-2022-A002” in SAR eld 2
and to ensure the narrative section describes a connection between the reported suspicious
activity and the specic indicators highlighted in the advisory.
9
https://www.ncen.gov/sites/default/les/advisory/2022-06-15/FinCEN%20Advisory%20Elder%20Financial%20Exploitation%20FINAL%20508.pdf.
Source: FBI Elder Fraud Report 2022 (https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3ElderFraudReport.pdf)
Figure 24: Confidence/Romance Scam Losses by Victims Over 60
2020
2021
202 2
0 $100,000,000 $200,000,000 $300,000,000 $400,000,000
© Thomson Reuters 2023
Suspicious Activity Reports 2023 32
Pandemic-related Fraud and Suspicious
Receipt of Government Payments
The chart above shows a dramatic spike in SAR lings related to public support programs
in 2020 and 2021, almost certainly driven by pandemic-related U.S. government spending
through the Paycheck Protection Program (PPP), Economic Injury Disaster Loans (EIDL), and
other state and federal unemployment benets.
Unemployment insurance fraud reached $60 billion
during the pandemic; the U.S. General Accounting
Ofce estimated in a February 2023 report
14
.
Investigations by the Department of Labor’s inspector
general, opened at a rate of 100 per week, resulted in
1,200 indictments or initial charges from April 2020
through January 2023.
Like other nancial institutions and government
agencies, federal housing programs have seen a surge
in SAR lings.
Government-sponsored enterprises (GSEs), which bring
capital to the housing market, include Fannie Mae,
Freddie Mac, and the Federal Home Loan Banks.
Figure 26:
Housing Government Sponsored Enterprises
0
1,000
2014 2015 2016 2017 2018 2019 2020 2021 2022 2023
160
1,267
2,285
2,127
2,553
3,106
3,054
5,476
7,877
2,146
2,000
3,000
4,000
5,000
6,000
7,000
8,000
9,000
0
* 2023 Stats include Jan-March filings
Total SARs
Figure 25: Suspicious Receipt of Government Payments/Benefits
0
20,000
2014 2015 2016 2017 2018 2019 2020 2021 2022 2023
5,631
4,980
3,998
2,906
2,957
2,873
75,271
143,215
42,223
5,393
40,000
60,000
80,000
100,000
120,000
140,000
160,000
0
* 2023 Stats include Jan-March filings
14
https://www.gao.gov/assets/gao-23-106586.pdf
© Thomson Reuters 2023
Suspicious Activity Reports 2023 33
Specic Industries and Terror Financing
Financial Institutions: Securities/Futures
Financial markets are also experiencing a sharp uptick in suspicious activity lings that
often overlap with other crime trends such as elder nancial exploitation. Although check,
credit card, and wire frauds occur at traditional nancial service rms such as banks, more
advanced frauds occur in the securities and futures markets.
Figure 27: Securities/Futures Industry SAR Filings - Steady Fraud Uptick
0 5,000 10,000 15,00 0 20,000 25,000 30,000
Credit/Debit Card
Identity Theft
Other Fraud (Type)
Suspicious EFT/
Wire Transfers
Wire
* 2023 Stats include Jan-March filings
Check
ACH
Account Takeover
2019 2020 2021 2022 2023
Sophisticated criminals have been raiding brokerage accounts by fraudulently transferring
assets through the Automated Customer Account Transfer Service (ACATS). ACATS frauds
could likely fall under several of the threat designations covered in this report.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 34
10
https://www.nra.org/rules-guidance/notices/23-06.
11
https://www.nra.org/rules-guidance/notices/22-21.
12
https://www.nra.org/rules-guidance/notices/21-18.
13
https://www.nra.org/rules-guidance/notices/20-13.
The Financial Industry Regulatory Authority (FINRA) issued Regulatory Notice 23-06
10
in
March 2023, highlighting effective practices for mitigating the risk of criminal actors abusing
ACATS. FINRA’s warning followed Regulatory Notice 22-21
11
, published in October 2022,
which highlighted a rising trend of fraud perpetrated through ACATS. It also outlined relevant
regulatory obligations and provided information for reporting fraud.
ACATS enables eligible participants to enter, review, and settle the transfer of customer
accounts. It facilitates the transfers of many different asset types, including equities,
corporate and municipal bonds, unit investment trusts, mutual funds, options, annuities,
and cash.
Criminal actors abuse the system by opening an online brokerage account using the stolen
personally identiable information of a legitimate client from another member rm.
“The bad actor may then engage receiving and/or carrying members to conduct a transfer
of the account of the legitimate customer at the carrying member into the new brokerage
account at the receiving member,” FINRA said.
“When that transfer is complete, the bad actor may then proceed with moving the ill-gotten
assets out of the newly established brokerage account to another external account or
nancial institution.”
Some of the safeguards rms employ resemble those for preventing identity theft and
phishing attacks. Firms should be on the lookout for grammatical and spelling errors, as well
as writing that changes in style from previous email communications. Additionally, some
of the practices are consistent with precautions outlined in Regulatory Notice 21-18
12
on
preventing online account takeovers and Regulatory Notice 20-13
13
, which warned rms about
fraud risk during the COVID-19 pandemic.
FINRA urged rms to evaluate their supervisory systems related to ACATS transfers and
fraud mitigation.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 35
Figure 29: Indicators of ACATS Fraud:
• Repeated transfer rejections due to incomplete or inaccurate information. Errors
might relate to account type or other basic information, including a carrying
member’s rejection of a receiving member’s account transfer request for the same
customer on multiple occasions.
• Rapid asset transfers following account creation. Soon after assets have been moved
into a new brokerage account, a bad actor sends instructions to quickly move those
assets to another external account or nancial institution.
• Changes in communication patterns. Customers who usually communicate by
telephone may suddenly prefer to communicating only by email, and when the
rm contacts the customer by usual means, the customer conrms that the email
communication did not come from the customer.
Source: https://www.ncen.gov/sites/default/les/advisory/2022-06-15/FinCEN%20
Advisory%20Elder%20Financial%20Exploitation%20FINAL%20508.pdf
Figure 28: Securities Industry SAR Filings
0
10,000
2014 2015 2016 2017 2018 2019 2020 2021 2022 2023
22,081
20,436
18,938
23,832
26,776
33,222
38,236
58,951
61,783
14,249
20,000
30,000
40,000
50,000
60,000
70,000
0
* 2023 Stats include Jan-March filings
© Thomson Reuters 2023
Suspicious Activity Reports 2023 36
Terror Financing
Suspicious transaction reporting related to terrorism nancing has declined in recent years,
a deviation from overall increases in other nancial crimes. The aggregate volume of
terrorism related SAR lings has, however, always been relatively low in absolute terms,
an ironic twist considering the landmark USA PATRIOT Act of 2001 created a host of new
AML/CFT obligations following the September 11 terrorist attacks in New York City and
Washington, D.C.
In addition to funding from wealthy sympathizers and rogue nations, terrorist organizations
rely on a variety of criminal activities to nance their operations, including fraud and drug
trafcking. As a result, nancial institutions may identify a suspicious transaction but lack
sufcient awareness to ascertain its indirect connection to terrorism, unless the named
originator or beneciary was ofcially sanctioned as a designated terrorist.
Firms may therefore le a fraud SAR, including the names of involved parties, and leave it to
law enforcement authorities with specialized intelligence to determine whether the activity is
linked to terrorism.
Furthermore, there has been some criticism of FinCEN over its apparent lack of focus on
alerts and advisories providing updated guidance and red ags with regards to terror nance.
Some experts believe a lack of recent, major terrorist attacks has allowed regulatory focus
to shift.
Figure 30: Terrorism Financing Related SARs
0
200
400
600
800
1000
1200
1400
1600
1800
0
* 2023 Stats include Jan-March filings
Known or Suspected Terrorist/Terrorist Organization Other Terrorist
2014 2015 2016 2017 2018 2019 2020 2021 2022 2023
© Thomson Reuters 2023
Suspicious Activity Reports 2023 37
Casino Industry
Casino-relate suspicious activity reporting saw a notable decline in 2020, due to pandemic
measures that closed many casinos, followed by a signicant drop in attendance after
gradual reopening.
The casino sector has, however, faced increasing regulatory pressure over
money-laundering concerns.
* 2023 Stats include Q1 lings
**Casino Industry consists of: Casino/Card Club – Other, Casino/Card Club, Casino/Card Club - State Licensed
Casino and Casino/Card Club - Tribal Authorized Casino
Figure 31: Casino Industry SARs
0
10,000
2014 2015 2016 2017 2018 2019 2020 2021 2022 2023
45,013
49,559
57,120
59,098
53,591
51,275
39,480
54,937
62,003
16,068
20,000
30,000
40,000
50,000
60,000
70,000
0
Total SARs Filed
© Thomson Reuters 2023
Suspicious Activity Reports 2023 38
Figure 32: Insurance Industry SARs
0
500
2014 2015 2016 2017 2018 2019 2020 2021 2022 2023
2,738
2,307
2,389
2,687
2,523
2,697
2,556
2,597
2,654
698
1,000
1,500
2,000
2,500
3,000
0
Total SARs Filed
* 2023 Stats include Jan-March filings
Healthcare and Insurance Industry
The U.S. Department of Justice (DOJ) announced criminal charges in April 2023 against 18
defendants for their alleged role in healthcare fraud schemes that exploited the COVID-19
pandemic, resulting in over $490 million in false billings to federal programs and theft from
publicly funded pandemic programs.
Monitoring medical providers and other recipients of government health insurance payments
for fraudulent activity has always been difcult because it depends on an institution’s
ability to segment its clients. That challenge has escalated with the surge in COVID-related
programs such as the Health Resources and Services Administration’s program to help
the uninsured.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 39
International Comparisons
The quantity of SAR lings – called suspicious transaction reports internationally – varies
widely between countries, owing to differences in economic size and intensity. Their purpose,
however, remains the same: to detect and prevent illegal activity. These statistics reect
signicant annual growth in suspicious transaction lings internationally.
4,000,000
3,500,000
3,000,000
2,500,000
2,000,000
1,500,000
1,000,000
500,000
Fig 33: International SAR Filing Comparison
Country 2018 2019 2020 2021 2022
USA 2,171,173 2,301,163 2,504,509 3,069,450 3,616,450
United Kingdom 463,938 478,437 573,085 742,317 901,255
Canada 179,172 235,661 386,102 468,079 585,853
Source: United Kingdom Financial Intelligence Unit Annual Report:
https://nationalcrimeagency.gov.uk/who-we-are/publications/632-2022-sars-annual-report-1/le
Source: Canada Data: FINTRAC ANNUAL REPORT - https://ntrac-canafe.canada.ca/publications/ar/2022/1-eng
© Thomson Reuters 2023
Suspicious Activity Reports 2023 40
Closing Thoughts: Increasing Fraudulent
Activity, Increasing Surveillance Tools
The data presented in this report highlights signicant trends and changes in SAR lings.
Disruptions inherent to the COVID-19 pandemic created new opportunities for criminal
abuse, reected in broad reporting surges in nearly all types of nancial crime. Additionally,
increased regulatory pressure, warnings, and defensive ling practices have provided a
steady and growing momentum to ling volumes. Fraud has increased to unprecedented
levels as validated by data from the FBI and Federal Trade Commission.
Suspicious Activity Reports are an essential tool in law enforcement’s effort to ght crime.
They have also become a critical challenge for corporate compliance, anti-fraud, and risk
departments across virtually all nancial services rms.
Risk, BSA, compliance, and anti-fraud leaders should continuously monitor this data as it
provides insight into developments affecting industry peers.
Organizations should contrast the granular, publicly available data with their own internal
sources to benchmark themselves against the broader market. Bank leaders can use such
comparisons to identify strengths and weaknesses in their compliance programs and nd
potential blind-spots for illegal activity within their customer base. By taking the most recent
SAR statistics into account, nancial institutions and other businesses should reasonably be
able to identify the most prevalent fraud and money laundering threats.
Law enforcement agencies and professionals have repeatedly voiced concern over increases
in defensive lings, while urging rms to include more specic information in SAR lings.
Institutions should also be working to reduce unproductive alerts and working to leverage
technology to combat fraud proactively. Additionally, there is a growing need for qualied
subject-matter experts to examine trending fraud practices.
© Thomson Reuters 2023
Suspicious Activity Reports 2023 41
Thomson Reuters Institute
The Thomson Reuters Institute brings together people from across the legal, corporate, tax&
accounting and government communities to ignite conversation and debate, make sense
of the latest events and trends and provide essential guidance on the opportunities and
challenges facing their world today. As the dedicated thought leadership arm of Thomson
Reuters, our content spans blog commentaries, industry-leading data sets, informed
analyses, interviews with industry leaders, videos, podcasts and world-class events that
deliver keen insight into a dynamic business landscape.
Visit thomsonreuters.com/institute for more details.
About the authors
SUSANNAH HAMMOND
Susannah Hammond is Senior Regulatory Intelligence Expert for Thomson Reuters
Regulatory Intelligence with more than 25 years of wide-ranging compliance, regulatory and
risk experience in international and UK nancial services. She is co-author of “Conduct and
Accountability in Financial Services: A Practical Guide” published by Bloomsbury Professional.
TODD EHRET
Todd Ehret is a Senior Regulatory Intelligence Expert for Thomson Reuters Regulatory
Intelligence. He has more than 25 years’ experience in the nancial industry where he held key
positions in trading, operations, accounting, audit, and compliance for broker-dealers, asset
managers, private equity, and hedge funds. Before joining Thomson Reuters he served as a
Chief Compliance Ofcer and Chief Operating Ofcer at a Registered Investment Adviser/
Hedge Fund for nearly a decade.
Explore Regulatory Intelligence, the regulatory compliance solution from Thomson Reuters.
rs 2022
About the authors
JACOB DENMAN
With more than a decade of experience in nancial crime investigations, nancial crime
leadership roles, and law enforcement, Jacob has a wealth of knowledge and expertise in
risk, nancial crime, and fraud. As a Risk, Fraud & Compliance Manager at Thomson Reuters,
Jacob is responsible for developing and executing creative strategies to grow the risk and
fraud product lines by driving customer engagement and adoption of our products. He
collaborates closely with sales, product management, and other key business stakeholders to
ensure Thomson Reuters products are aligned with customer needs. Prior to joining Thomson
Reuters, Jacob was a lead investigator in nancial crimes at Wells Fargo, and TCF Bank. Jacob
also has more than seven years of experience in law enforcement.
BRETT WOLF
Brett Wolf is a Senior Anti-Money Laundering Correspondent for Thomson Reuters. For more
than two decades, Brett has been on the AML beat, producing daily regulatory intelligence
news and analysis to aid AML and sanctions compliance professionals. A proven investigative
journalist for Thomson Reuters, Brett also has experience reporting on Justice Department
efforts to combat money laundering, terrorist nancing, corruption, and offshore tax evasion
and non-compliance with the Bank Secrecy Act (BSA).
TODD EHRET
Todd Ehret is a Senior Regulatory Intelligence Expert for Thomson Reuters Regulatory
Intelligence. At Thomson Reuters he has authored numerous articles and white-papers, and
frequently presents at industry conferences, events, and seminars on a myriad of nancial
regulatory topics including ntech and crypto-assets. Todd has an enormous breadth of
experience gained from more than 25 years on Wall Street at nancial services rms dealing
with both institutional and retail clients. Before joining Thomson Reuters, he served as a
Chief Compliance Ofcer and Chief Operating Ofcer at a registered investment adviser/
hedge fund for nearly a decade.
Contributors
Rabihah Butler — Enterprise Content Manager – Thomson Reuters Institute
Alex Robson — Managing Editor - Thomson Reuters Regulatory Intelligence
Daniel Seleanu — Commissioning Editor - Thomson Reuters Regulatory Intelligence
Gregg Wirth — Content Manager - Thomson Reuters Institute
© Thomson Reuters 2023
Suspicious Activity Reports 2023 42
Thomson Reuters
Thomson Reuters is a leading provider of business information services. Our products
include highly specialized information-enabled software and tools for legal, tax, accounting
and compliance professionals combined with the world’s most global news service –
Reuters. For more information on Thomson Reuters, visit tr.com and for the latest world
news, reuters.com.
Thomson Reuters Regulatory Intelligence
Thomson Reuters® Regulatory Intelligence is a market leading solution that empowers you
to make well-informed decisions to condently manage regulatory risk, while providing the
tools to make proactive decisions and action change within your organization. It has been
developed with a full understanding of your compliance needs – locally and globally, today
and in the future.
Thomson Reuters Institute
The Thomson Reuters Institute brings together people from across the legal, corporate, tax
& accounting and government communities to ignite conversation and debate, make sense
of the latest events and trends and provide essential guidance on the opportunities and
challenges facing their world today. As the dedicated thought leadership arm of Thomson
Reuters, our content spans blog commentaries, industry-leading data sets, informed
analyses, interviews with industry leaders, videos, podcasts and world-class events that
deliver keen insight into a dynamic business landscape.
Visit thomsonreuters.com/institue for more details.
© Thomson Reuters 2023 TR3460290 / 5-2023
