FinCEN Issues Alert to Financial Institutions on 'Pig Butchering' Scams | Practical Law

FinCEN Issues Alert to Financial Institutions on 'Pig Butchering' Scams | Practical Law

The US Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) issued an alert warning US financial institutions of a prominent virtual currency investment scam known as "pig butchering."

FinCEN Issues Alert to Financial Institutions on 'Pig Butchering' Scams

Practical Law Legal Update w-041-0638 (Approx. 4 pages)

FinCEN Issues Alert to Financial Institutions on 'Pig Butchering' Scams

by Practical Law Finance
Published on 17 Oct 2023USA (National/Federal)
The US Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) issued an alert warning US financial institutions of a prominent virtual currency investment scam known as "pig butchering."
On September 8, 2023, the US Department of the Treasury's Financial Crimes Enforcement Network (FinCEN)) issued an alert warning US financial institutions and the general public of a prominent virtual currency (VC) investment scam known as "pig butchering." According to the alert, pig butchering scams are perpetrated primarily by criminal organizations based in Southeast Asia, and US law enforcement services estimate victims in the US have lost billions of dollars to these scams.
The alert explains that victims of the scam are referred to as "pigs" by scammers who use fake identities to create a relationship of trust. The scammers communicate with victims using instant messaging services or text messages, professional networking sites, social media, and dating sites. Once the scammers have established a relationship, they butcher/slaughter the victim by stealing their assets. Scammers do so by introducing the victim to a supposedly lucrative investment opportunity in VC and direct the victim to use VC investment websites or apps that look legitimate but are ultimately controlled or manipulated by the scammer. Once the victim has invested with the scammer, the scammer will show the victim returns to urge them to invest more.
The alert lists examples of 15 red flags to help financial institutions detect, prevent, and report potential suspicious activity related to pig butchering. The red flags are broken up into the following three categories:
  • Behavioral red flags. These include instances where customers:
    • with no history of VC interactions attempt to exchange high amounts of fiat currency for VC;
    • mention an investment opportunity leveraging VC with significant returns or instructions to exchange fiat currency for VC; or
    • appear distressed or anxious to access funds for a VC investment opportunity.
  • Financial red flags. These include uncharacteristic financial actions that a customer takes such as:
    • liquidating savings accounts prior to maturation;
    • taking out loans to use the proceeds to purchase VC; or
    • sudden, uncharacteristic, or abnormally frequent withdrawals from previously dormant accounts being exchanged for VC;
  • Technical red flags. These include instances where:
    • system monitoring and logs shows that a customer's account has been accessed repeatedly by unique IP addresses, device IDs or geographies inconsistent with prior access patterns;
    • red flags are spotted either in the service or application that a customer is attempting to use for VC transactions, including spelling and grammar errors, misleading misspelling, amateurish site design, or a download directly from a third-party website; or
    • a customer receives a large amount of VC at an exchange and subsequently converts the VC into a VC with lower transactions fees, then abruptly sends it out of the exchange.
The alert advises financial institutions to remain alert and vigilant for these red flags and reminds financial institutions of the requirement to file a suspicious activity report (SAR) if they know, suspect, or have reason to suspect a transaction conducted or attempted by, at, or through the financial institution involves the use of the financial institution to facilitate criminal activity, including pig butchering. When filing a SAR in response to this alert, FinCEN requests that financial institutions include the term "FIN-2023-PIGBUTCHERING" in the SAR field 2 and select "Fraud-Other" under SAR field 34(z) with the description "Pig Butchering."
Financial institutions may also have other relevant reporting obligations in connection with suspicious transactions that are highlighted in the alert, including a Report of Cash Payments Over $10,000 Received in a Trade of Business (Form 8300). If a Form 8300 needs to be filed in connection with the matter, FinCEN requests that the filer select Box 1b and include the key term "Fin-2023-PIGBUTCHERING" in the comments. Additionally, financial institutions are encouraged to refer customers who may be victims of pig butchering to the FBI's IC3.
The alert mentions a November 2022 case involving pig butchering in which the US Attorney's Office for the Eastern District of Virginia announced the seizure of seven domain names used in a pig butchering scam. In that case, scammers preyed on five victims in the US by using seven seized domains, which were all spoofed domains of the Singapore International Monetary Exchange. The victims lost over $10 million in total.