FinCEN: 42% of BSA reports in 2021 indicated ID-related ‘exploitations’

An analysis of identity-related suspicious activity reported in 2021 pointed to some $212 billion in associated suspicious activity, according to a report released Tuesday by Treasury’s financial crimes enforcement unit.

The Financial Crimes Enforcement Network (FinCEN) said its analysis showed about 1.6 million Bank Secrecy Act (BSA) reports of identity-related “exploitations” during 2021; that’s 42% of the 3.8 million BSA reports filed that year, it said.

Previously called the Identity Project, the Financial Trend Analysis (FTA) released Tuesday focuses on bad actors’ exploitation of identity-related processes involved in processing transactions, and opening and accessing accounts, FinCEN said.

The network said it identified over 14 typologies commonly indicated in identity-related BSA reports. The most frequently reported were fraud, false records, identity theft, third-party money laundering, and circumvention of verification standards. “These top five typologies accounted for 88% of identity-related BSA reports and 74% of the total identity-related suspicious activity amount reported during calendar year 2021,” it said.

FinCEN’s FTA report noted the following trends found:

  • Most attackers have impersonated others to defraud victims: 69% of identity-related BSA reports (approximately 1.7 million filings) indicate that attackers impersonated others as part of efforts to defraud victims; 18% of identity-related BSA reports (approximately 446,000 filings) describe attackers using compromised credentials to gain unauthorized access to legitimate customers’ accounts; 13% of identity-related BSA reports (approximately 323,000 filings) report attackers exploiting insufficient verification processes to advance their schemes.
  • Depository institutions have filed the greatest number of identity-related BSA reports: 54% of identity- related BSA reports (approximately 1.3 million filings) were filed by depository institutions, reporting $201 billion in suspicious activity. Money services businesses (MSBs) are the next largest category of filer, filing 21% of identity-related BSA reports.
  • Fraud was the most reported typology: Of 14 commonly reported typologies, the most reported were general fraud (approximately 1.2 million), false records (approximately 423,000), identity theft (approximately 222,000), third-party money laundering (approximately 154,000), and circumventing standards (approximately 110,000).
  • The impact of identity-related exploitations by BSA report volumes and cited U.S. dollar values are significant and vary by type: Attackers most frequently use impersonation tactics, followed by compromise during authentication, and finally, circumventing verification to evade detection. In contrast, compromise has a disproportionally large monetary impact compared to impersonation and circumvention.

FinCEN Issues Analysis of Identity-Related Suspicious Activity