Department of the Treasury’s (Treasury) Financial Crimes Enforcement Network (FinCEN), in close coordination with Internal Revenue Service Criminal Investigation (CI), issued an alert to financial institutions on fraud schemes related to the COVID-19 Employee Retention Credit (ERC) and is urging vigilance in identifying and reporting related suspicious activity.
Article continues below
>
The ERC was authorized by the Coronavirus Aid, Relief, and Economic Security (CARES) Act as a tax credit to encourage businesses to keep employees on payroll during the COVID-19 pandemic and was subsequently extended and amended three times.
Individuals and businesses have fraudulently abused several COVID-19-related assistance programs intended to support eligible businesses.13 The ERC has become a popular target for such fraud as identified by CI and other law enforcement agencies.
Individuals have been known to file fraudulent ERC claims using shell companies or existing but ineligible businesses and, in some cases, have abused the taxpayer funded program to pay for lavish purchases and personal expenses upon receipt of the credit.
During the 2023 tax season, the IRS noted various scammers appeared throughout the United States using the false pretense of being tax credit experts to convince businesses to file for the ERC.
These third-party ERC promoters provided taxpayers with misinformation about the program and their business’ ability to meet the qualification criteria.
However, these promoters did not have the basis to make such claims, as they did not evaluate the business’ eligibility and merely saw an opportunity to file additional ERC claims and turn a profit by charging fees related to those claims.
Promoters have used witting and unwitting businesses as part of these schemes, and ERC fraud victims are at risk of having their claims denied or facing scenarios where they must repay the credit while scammers profit from the claim regardless of its outcome.
The IRS has provided businesses that have not yet received the credit or those who have received the credit but have not cashed nor deposited their refund check with the opportunity to withdraw their filed ERC claims if they assess that they were pressured or misled into filing a claim.
Some individuals have fraudulently filed ERC claims with the IRS using fabricated and dormant entities.19 For ERC schemes, CI has observed that dormant entities typically had an EIN20 but did not have any activity and then filed taxes for at least one tax period during the claim period.
Third-party promoters, known as “ERC mills,†have been deploying aggressive marketing tactics such as mail notices designed to look like official IRS communications and advertisements on radio, social media, and television to convince businesses to use the promoters’ services to apply for the ERC.
Promoters may also directly contact businesses through mail, phone, or walk-ins, indicating that they are “ERC experts†or tax professionals who have determined the business is missing out on COVID relief funds they are entitled to receive.
Promotion scams are likely to target established businesses in an attempt to avoid IRS scrutiny in the claim.
After convincing the business to apply for the ERC through dishonest tactics, ERC mills will file an ERC claim on behalf of the business, neglecting to inform the business of the eligibility requirements.
These third-party scammers may refuse to provide detailed information to business owners on how the businesses’ eligibility determination was made and the computations used to determine the ERC amount.
As a tactic to mitigate liability, the promoters may also avoid signing the ERC return they prepared for the business.
Promoters typically charge a business a large upfront fee, sometimes upwards of 30-40 percent of the expected ERC, or a fee that is contingent on the amount of the credit.
Since these promoters are profit-driven, businesses for whom they file may receive an extremely large ERC that is not commensurate with the size of the business.
Promoters may also submit claims on behalf of businesses without their knowledge or using stolen information.
ERC mills may also steal the taxpayer’s personal information from an ERC claim to use in other identity theft schemes.
FinCEN, in coordination with CI, has identified the following financial red flag indicators to assist financial institutions in detecting, preventing, and reporting suspicious transactions associated with ERC fraud, many of which overlap with red flags of financial crimes related to Economic Impact Payments authorized under the CARES Act.
Because no single financial red flag indicator is determinative of illicit or suspicious activity, financial institutions should consider the surrounding facts and circumstances, such as a customer’s historical financial activity, whether the transactions are in line with prevailing business practices, and whether the customer exhibits multiple red flags, before determining if a transaction is indicative of ERC fraud or is otherwise suspicious.
A business account receives more than one ERC check deposit over multiple days.
Small business accounts receive an ERC check deposit that is not commensurate with the size
of the business, the number of employees, and the volume of transactions.
A large ERC is deposited into a business account and is subsequently transferred using P2P services or to an online banking institution, or withdrawn as cash at an ATM. Funds may be subsequently transferred from the account into separate accounts or payments may be made to new businesses that a customer has not had transactions with prior to receiving an ERC check deposit.
The account receiving an ERC check deposit has no deposits other than Treasury-
ssued
checks, or the account has no regular business transactions.
A customer attempts to deposit an altered Treasury ERC check, or financial institutions are unable to verify the validity of the checks that customers attempt to deposit.
The ERC check is deposited into a new business account that did not exist in 2020 or 2021.
A new business account is created for an established business, but no other business activity occurs in the account except the deposit of the ERC. This may be indicative of identity theft, where the established business was used as a fraudulent front to file for the ERC.
A dormant business account suddenly receives an ERC check deposit.
An ERC is deposited into a business account with no payroll history. ■