The Financial Crimes Enforcement Network (FinCEN), in coordination with the IRS Criminal Investigation Division (CI), has issued an alert[1] to financial institutions concerning fraud schemes associated with the Employee Retention Credit (ERC). This alert includes a list of 10 red flags for financial institutions to identify, prevent, and report suspicious transactions that may indicate ERC fraud.

Background on the Fraud

The Alert details the characteristics of the frauds uncovered by the Criminal Investigation Division (CI):

CI has identified ongoing fraud and scams related to the ERC that, to date, have resulted in 323 investigations involving more than $2.8 billion of potentially fraudulent ERC claims throughout tax years 2020, 2021, 2022, and 2023. Further, these fraudulent claims added to, and disrupted, the IRS’s ERC claim review process, which created a significant backlog and caused delays in the processing of legitimate ERC claims filed by eligible businesses. While portions of that backlog have cleared, the IRS has shifted its attention to investigating questionable ERC claims and has placed a moratorium on the filing of any new claims.[2]

The Alert addresses FinCEN's commitment to combating fraud, particularly financial crimes associated with the COVID-19 pandemic.

Fraud, including financial crimes related to the COVID-19 pandemic, is the largest source of illicit proceeds in the United States, and represents one of the most significant money laundering threats to the United States, as highlighted in the U.S. Department of the Treasury’s most recent National Money Laundering Risk Assessment, National Strategy for Combatting Terrorist and other Illicit Financing, and Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) National Priorities.[3]

The Alert also details its purpose and the sources of the information it contains.

This alert provides an overview of typologies associated with ERC fraud and scams, highlights select red flags to assist financial institutions in identifying and reporting suspicious activity and reminds financial institutions of their reporting requirements under the Bank Secrecy Act (BSA).

The information contained in this alert is derived from FinCEN’s analysis of BSA data, open-source reporting, and information provided by law enforcement partners.[4]

Trends and Types of ERC-Related Financial Crimes

The Alert highlights that certain instances of fraud include individuals deliberately submitting fraudulent claims.

Individuals and businesses have fraudulently abused several COVID-19-related assistance programs intended to support eligible businesses. The ERC has become a popular target for such fraud as identified by CI and other law enforcement agencies. Individuals have been known to file fraudulent ERC claims using shell companies or existing but ineligible businesses and, in some cases, have abused the taxpayer-funded program to pay for lavish purchases and personal expenses upon receipt of the credit.[5]

In footnote 13, a series of specific government documents that outline various COVID-19 related fraud cases are listed.

Treasury, “National Money Laundering Risk Assessment” (Feb. 2022), pp. 8-11; see also Government Accountability Office (GAO), “COVID Relief: Fraud Schemes and Indicators in SBA Pandemic Programs” (May 18, 2023); GAO, Report to Congressional Committees, “Fraud Schemes and Indicators in SBA Pandemic Programs” (May 18, 2023); Department of Justice (DOJ), U.S. Attorney’s Office, Northern District of Georgia, Press Release, “Stonecrest man sentenced to jail for defrauding the USDA COVID-19 relief program” (Aug. 3, 2021); DOJ, U.S. Attorney’s Office, Northern District of Georgia, Press Release, “Hampton man pleads guilty to seeking fraudulent IRS COVID relief” (Dec. 16, 2021); DOJ, U.S. Attorney’s Office, Middle District of Georgia, Press Release, “Business Owner Sentenced to Prison, Ordered to Pay Restitution, for CARES Act PPP Fraud” (Mar. 17, 2022).[6]

The Alert goes on to give a long discussion of issues the IRS has discovered related to promoters who are attempting to deceive existing businesses about their qualification for the ERC.

As described further below, the IRS has also been made aware of scams related to the ERC in which many businesses have been duped into filing ERC claims by third parties. During the 2023 tax season, the IRS noted various scammers appeared throughout the United States using the false pretense of being tax credit experts to convince businesses to file for the ERC. These third-party ERC promoters provided taxpayers with misinformation about the program and their business’ ability to meet the qualification criteria. However, these promoters did not have the basis to make such claims, as they did not evaluate the business’ eligibility and merely saw an opportunity to file additional ERC claims and turn a profit by charging fees related to those claims. Promoters have used witting and unwitting businesses as part of these schemes, and ERC fraud victims are at risk of having their claims denied or facing scenarios where they must repay the credit while scammers profit from the claim regardless of its outcome.[7]

The Alert goes on to discuss specific types of ERC fraudulent claims that are being filed.

Use of Fabricated or Dormant Entities

The Alert begins by addressing the most blatant form of fraud, involving applicants who are almost certainly aware of their ineligibility for the program.

Some individuals have fraudulently filed ERC claims with the IRS using fabricated and dormant entities. For ERC schemes, CI has observed that dormant entities typically had an EIN but did not have any activity and then filed taxes for at least one tax period during the claim period.[8]

Ineligible Businesses Where the Owner is Aware the Business Does Not Qualify

Even if a business is operational, there are instances where the owner, fully aware of their ineligibility for the ERC, may still file for a refund, possibly in the hope that the IRS will issue the refund without conducting a thorough examination of their claim.

As noted previously, there are specific requirements that a business must meet to qualify to receive the ERC. Still, business owners may knowingly apply for the ERC hoping that they will obtain an ERC they are not eligible to receive. For example, businesses that received a Paycheck Protection Program (PPP) loan through the IRS during the pandemic cannot use the same wages they counted in the PPP loan to apply for the ERC. Despite this, some businesses may file amended tax returns that misrepresent the businesses’ eligibility for the ERC, including falsifying staff wages during the pandemic or their status as a business that had operations fully or partially suspended by government orders during the pandemic.[9]

Aggressive Third-Party Promoters

Aggressive marketing by third-party promoters, suggesting that virtually every business—particularly those on their marketing lists—qualifies for a substantial ERC credit, has led to frustration among many tax professionals. These professionals often find their clients, who fail to meet the necessary criteria, being persuaded by promoters to file for the claim, swayed by the promoters' purported (and often illusory) “expertise.” The Alert delves into these operations, beginning with a discussion of how businesses are targeted.

Third-party promoters, known as “ERC mills,” have been deploying aggressive marketing tactics such as mail notices designed to look like official IRS communications and advertisements on radio, social media, and television to convince businesses to use the promoters’ services to apply for the ERC. Promoters may also directly contact businesses through mail, phone, or walk-ins, indicating that they are “ERC experts” or tax professionals who have determined the business is missing out on COVID relief funds they are entitled to receive. Promotion scams are likely to target established businesses in an attempt to avoid IRS scrutiny in the claim.[10]

The Alert then elaborates on the frequently inadequate practices employed by these entities, often conducting minimal or no due diligence on the claims while charging substantial, frequently contingent fees.

After convincing the business to apply for the ERC through dishonest tactics, ERC mills will file an ERC claim on behalf of the business, neglecting to inform the business of the eligibility requirements. These third-party scammers may refuse to provide detailed information to business owners on how the businesses’ eligibility determination was made and the computations used to determine the ERC amount. As a tactic to mitigate liability, the promoters may also avoid signing the ERC return they prepared for the business. Promoters typically charge a business a large upfront fee, sometimes upwards of 30-40 percent of the expected ERC, or a fee that is contingent on the amount of the credit. Since these promoters are profit-driven, businesses for whom they file may receive an extremely large ERC that is not commensurate with the size of the business.[11]

The Alert also addresses the actions of promoters who escalate their fraudulent activities, either by filing claims without the business's consent or by using data obtained from businesses they entice into their programs for identity theft schemes.

Promoters may also submit claims on behalf of businesses without their knowledge or using stolen information. ERC mills may also steal the taxpayer’s personal information from an ERC claim to use in other identity theft schemes.[12]

Fraudulent Receipt and Use of ERC Funds

The Alert also identifies the efforts to conceal the receipt of ERC refunds as problematic, noting cases where recipients use bank accounts not typically associated with the business or other methods to hide these funds.

Individuals who fraudulently file an ERC claim may deposit the credit into a business account that is funded solely by the ERC, or into an account with limited prior transactions. Some fraudsters may also deposit the ERC into a personal account as opposed to a business account. Once the ERC is deposited, individuals may use the ill-gotten funds to support lavish vacations or purchase luxury goods. Alternatively, fraudsters may attempt to conceal receipt of these funds upon deposit by transferring the funds elsewhere using peer-to-peer (P2P) services, moving the funds into an online banking institution, or withdrawing the funds as cash through an ATM. Other recipients may attempt to deposit an altered check which closely resembles an ERC Treasury-issued check.[13]

Red Flag Indicators of ERC Fraud

The Alert provides financial institutions with ten red flag indicators of ERC fraud that the institutions are to use in helping to identify and report possible ERC fraud.  The Alert outlines how these indicators should be used by the financial institutions.

FinCEN, in coordination with CI, has identified the following financial red flag indicators to assist financial institutions in detecting, preventing, and reporting suspicious transactions associated with ERC fraud, many of which overlap with red flags of financial crimes related to Economic Impact Payments authorized under the CARES Act. Because no single financial red flag indicator is determinative of illicit or suspicious activity, financial institutions should consider the surrounding facts and circumstances, such as a customer’s historical financial activity, whether the transactions are in line with prevailing business practices, and whether the customer exhibits multiple red flags, before determining if a transaction is indicative of ERC fraud or is otherwise suspicious.[14]

The ten red flags are:

1. A business account receives more than one ERC check deposit over multiple days.

2. Small business accounts receive an ERC check deposit that is not commensurate with the size of the business, the number of employees, and the volume of transactions.

3. A large ERC is deposited into a business account and is subsequently transferred using P2P services or to an online banking institution, or withdrawn as cash at an ATM. Funds may be subsequently transferred from the account into separate accounts or payments may be made to new businesses that a customer has not had transactions with prior to receiving an ERC check deposit.

4. The account receiving an ERC check deposit has no deposits other than Treasury-issued checks, or the account has no regular business transactions.

5. A customer attempts to deposit an altered Treasury ERC check, or financial institutions are unable to verify the validity of the checks that customers attempt to deposit.

6. The ERC check is deposited into a new business account that did not exist in 2020 or 2021.

7. A new business account is created for an established business, but no other business activity occurs in the account except the deposit of the ERC. This may be indicative of identity theft, where the established business was used as a fraudulent front to file for the ERC.

8. A dormant business account suddenly receives an ERC check deposit.

9. An ERC is deposited into a business account with no payroll history.

10. A customer reports or provides documents indicating that their ERC was obtained by a third-party firm whose credentials cannot be verified or is the subject of adverse media.

The Alert also reminds financial institutions of their obligation to file a suspicious activity report (SAR) under certain circumstances.

A financial institution is required to file a SAR if it knows, su spects, or has reason to suspect a transaction conducted or attempted by, at, or through the financial institution involves funds derived from illegal activity; is intended or conducted to disguise funds derived from illegal activity; is designed to evade regulations promulgated under the BSA; lacks a business or apparent lawful purpose; or involves the use of the financial institution to facilitate criminal activity. All statutorily defined financial institutions may voluntarily report suspicious transactions under the existing suspicious activity reporting safe harbor.[15]

[1] “FinCEN Alert on COVID-19 Employee Retention Credit Fraud,” FIN-2023-Alert007, November 22, 2023, https://www.fincen.gov/sites/default/files/shared/FinCEN_ERC_Fraud_Alert_FINAL508.pdf (retrieved November 22, 2023)

[2] “FinCEN Alert on COVID-19 Employee Retention Credit Fraud,” FIN-2023-Alert007, November 22, 2023

[3] “FinCEN Alert on COVID-19 Employee Retention Credit Fraud,” FIN-2023-Alert007, November 22, 2023

[4] “FinCEN Alert on COVID-19 Employee Retention Credit Fraud,” FIN-2023-Alert007, November 22, 2023

[5] “FinCEN Alert on COVID-19 Employee Retention Credit Fraud,” FIN-2023-Alert007, November 22, 2023

[6] “FinCEN Alert on COVID-19 Employee Retention Credit Fraud,” FIN-2023-Alert007, November 22, 2023

[7] “FinCEN Alert on COVID-19 Employee Retention Credit Fraud,” FIN-2023-Alert007, November 22, 2023

[8] “FinCEN Alert on COVID-19 Employee Retention Credit Fraud,” FIN-2023-Alert007, November 22, 2023

[9] “FinCEN Alert on COVID-19 Employee Retention Credit Fraud,” FIN-2023-Alert007, November 22, 2023

[10] “FinCEN Alert on COVID-19 Employee Retention Credit Fraud,” FIN-2023-Alert007, November 22, 2023

[11] “FinCEN Alert on COVID-19 Employee Retention Credit Fraud,” FIN-2023-Alert007, November 22, 2023

[12] “FinCEN Alert on COVID-19 Employee Retention Credit Fraud,” FIN-2023-Alert007, November 22, 2023

[13] “FinCEN Alert on COVID-19 Employee Retention Credit Fraud,” FIN-2023-Alert007, November 22, 2023

[14] “FinCEN Alert on COVID-19 Employee Retention Credit Fraud,” FIN-2023-Alert007, November 22, 2023

[15] “FinCEN Alert on COVID-19 Employee Retention Credit Fraud,” FIN-2023-Alert007, November 22, 2023