Tax Refund Fraud Prevention Reminder


As members begin filing their annual tax returns, it is a good time to review tips for identifying and preventing tax fraud.

Identity theft and other tax fraud scams trend higher during the tax filing season, and with the recent large-scale data breaches, the possibility of these forms of fraud has increased.

One of the steps the IRS has recently taken to reduce tax refund fraud is to limit the number of electronic refunds that can be deposited into a single financial account or pre-paid debit card to three. Taxpayers who exceed the limit will receive an IRS notice and a paper refund.

Credit unions may also wish to take note of guidance FinCEN issued in 2013. FIN-2013-A001 contains useful tips for identifying tax refund fraud. See below for the full advisory.

Update on Tax Refund Fraud and Related Identity Theft

The Financial Crimes Enforcement Network (FinCEN) is issuing this Advisory to remind financial institutions of previously-published information concerning tax refund fraud and the subsequent reporting of such activity through the filing of Suspicious Activity Reports (SARs).

Identity theft can be a precursor to tax-refund fraud because individual income tax returns filed in the United States are tracked and processed by Taxpayer Identification Numbers (TIN), and the individual taxpayer names associated with these numbers. Criminals can obtain TINs through various methods of identity theft, including phishing schemes and the establishment of fraudulent tax preparation businesses.

In response to this problem, the Internal Revenue Service (IRS) has developed a comprehensive strategy focused on preventing, detecting, and resolving instances of tax-related identity theft crimes. FinCEN worked closely with the IRS to identify the following indicators of tax refund fraud.

Identifying Tax Refund Fraud

Financial institutions are critical in identifying tax refund fraud because the methods for tax refund distribution — issuance of paper checks, and direct deposit into demand deposit or prepaid access card accounts – often involve various financial services providers.

The number of tax refunds being distributed via direct deposit has increased significantly over the past several years and continues to increase annually. In direct correlation, financial institutions may see tax refund fraud activity increase and related suspicious activity may be connected to direct deposit transactions. To assist financial institutions with identifying potential tax fraud, FinCEN, in consultation with the IRS and law enforcement, has identified the following red flags.

  • Multiple direct deposit tax refund payments, directed to different individuals, from the United States Department of the Treasury (Treasury) or state or local revenue offices are made to a demand deposit or prepaid access account held in the name of a single accountholder.
  • Suspicious or authorized account opening at a depository institution, on behalf of individuals who are not present, with the absent individuals being accorded signatory authority over the account. The subsequent deposits are comprised solely of tax refund payments. This activity often occurs with fraudulent returns for the elderly, minors, prisoners, the disabled, or recently deceased.
  • A single individual opening multiple prepaid card accounts in different names, using valid TINs for each of the supplied names and having the cards mailed to the same address. Shortly after card activation, Automated Clearing House (ACH) credit(s) from Treasury, state or local revenue offices, representing tax refunds, occur. This is followed quickly by ATM cash withdrawals and/or point-of-sale purchases.
  • Business accountholders processing third-party tax refund checks in a manner inconsistent with their stated business model or at a volume inconsistent with expected activity. Similarly, individuals processing third-party tax refund checks through a personal account with no business or apparent lawful purpose.
  • Business accountholders processing third-party tax refund checks and conducting transactions inconsistent with normal business practices, which may include:
    • A large volume of Treasury refund checks or bank checks being deposited, in contrast to other checks, such as payroll checks;
    • A large volume of refund checks bearing addresses of customers who reside in another state;
    • Multiple refund checks for the same or almost the same dollar amount;
    • Treasury refund checks or bank checks representing electronic refunds with sequential or close to sequential numbers;
    • The dollar amount of checks being deposited is not commensurate with the amount of currency being withdrawn to cover the cashing of these refund checks.
  • Multiple prepaid cards that are associated with 1) the same physical address [individuals involved in criminal activity may also contact the customer service department requesting to change their address for their permanent prepaid card shortly after opening their temporary prepaid card account on-line]; 2) the same telephone number; 3) the same e-mail address; or 4) the same Internet Protocol (IP) address, which receive tax refunds as the primary or sole source of funds.
  • The opening of a business account for a check cashing business at a financial institution, which subsequently processed a high volume of tax refund checks issued to individuals from other states.
  • A sudden increase in volume involving the cashing of tax refund checks issued to individuals from across the United States, moving through the account of an existing check cashing service.
  • Individuals using bank accounts where the majority of the transactions are ACH federal tax refunds or refund anticipation loans.
  • Individuals attempting to negotiate double endorsed Treasury tax refund checks with questionable identification.
  • Individuals accompanying multiple parties to the bank to negotiate Treasury tax refund checks. Such items may or may not be double endorsed checks.
  • The freezing or closure of a personal or business account due to suspicious activity involving either Treasury tax refund checks or ACH Treasury deposits.
  • The signature/endorsement on the back of the check(s) does not match the identification of the individual conducting the transaction.
  • The same signature/endorsement is used on multiple checks, with multiple names.
  • Employees of financial institutions may also facilitate tax refund fraud by conducting transactions inconsistent with normal activity through the following practices:
    • Tellers who regularly process large quantities of Treasury tax refund checks. This may include one or more tellers during a specific time frame.
    • Bank employees who open multiple bank accounts that received a large quantity of Treasury tax refund checks.
    • Bank employees who did not follow proper identification procedures or accepted apparent fraudulent identification when opening an account.
Suspicious Activity Reporting

If a financial institution knows, suspects, or has reason to suspect that a transaction conducted or attempted by, at, or through the financial institution involves funds derived from illegal activity or an attempt to disguise funds derived from illegal activity, is designed to evade regulations promulgated under the Bank Secrecy Act (BSA), or lacks a business or apparent lawful purpose, the financial institution may be required to file a SAR.

When completing SARs on suspected tax refund fraud, financial institutions should use the term “tax refund fraud” in the narrative section of the SAR and provide a detailed description of the activity. Due to the time sensitive nature of these transactions, a financial institution may also wish to contact their local IRS Criminal Investigation Field Office to alert them that a SAR has been filed related to tax refund fraud. In order to obtain contact information for your local IRS Criminal Investigation Field Office, financial institutions can call the FinCEN Regulatory Helpline.

Compliance Question of the Week

What do credit unions need to know about mailing 1099-INT Forms to members?

If a member qualifies for a 1099-INT, a credit union must use the official IRS Form 1099-INT or an acceptable substitute. Additionally, the statement may also contain the following information:

  • Form W-2, W-8, W-9, or other Forms 1098, 1099, and 5498 statements;
  • A check from the account being reported;
  • A letter explaining why no check is enclosed;
  • A statement of the person’s account that is shown on the 1099-INT; and
  • A letter explaining the tax consequences of the information shown on the statement.

No additional enclosures, such as advertising, promotional material, or a quarterly or annual report, are permitted. Even a sentence or two on the year-end statement describing new services offered by the payer is not permitted. Logos are permitted on the envelope and on any nontax enclosures.

A recipient statement may be perforated to a check or to a statement of the recipient’s specific account. The check or account statement to which the recipient statement is perforated must contain, in bold and conspicuous type, the legend “Important Tax Return Document Attached.”

The legend “Important Tax Return Document Enclosed” must appear in a bold and conspicuous manner on the outside of the envelope and on each letter explaining why no check is enclosed, or on each check or account statement that is not perforated to the recipient statement. The legend is not required on any tax form, tax statement, or permitted letter of tax consequences included in a statement mailing. Further, you need not pluralize the word “document” in the legend simply because more than one recipient statement is enclosed.

Related Links:

IRS General Instructions for Certain Information Returns

Legal Briefs

National Credit Union Administration (NCUA)

The NCUA announced that it will remain open and funds on deposit will remain insured during the government shutdown. In its announcement, the NCUA encouraged credit unions to prepare for their members’ needs in case the federal shutdown impacts credit union members.

The NCUA issued a final rule that increases its civil monetary penalties (CMPs) to account for inflation.

Consumer Financial Protection Bureau (CFPB)

CFPB Director Mulvaney announced a call for evidence regarding CFPB functions. The call for evidence will include a series of Requests for Information in the Federal Register that seek comments on enforcement, supervision, rulemaking, market monitoring, and education activities.

The CFPB issued a statement on its Payday Lending Rule, stating that it may reconsider the Payday Rule.

Federal Reserve Board (FRB)

The FRB, FDIC, and OCC issued interagency guidance related to the new tax law that helps banks regulated by the agencies comply with the new reporting and accounting requirements.

The January edition of the FRB’s Beige Book is now available.

The FRB released its latest issue of Fed 360. This issue features articles on the FRB’s payments study, new ACH reporting for same day ACH, and security for the U.S. payments system.

The Financial Stability Oversight Council released its 2017 annual report. The report provides information on the financial market, regulatory developments, potential emerging threats to the U.S. financial stability and recommendations to promote financial stability.

Federal Housing Finance Agency (FHFA)

The FHFA issued a notice that it increased its cap on average assets that it uses to define a community financial institution. The new cap is $1,173,000,000.

Office of the Comptroller of the Currency (OCC)

The OCC issued its Fall 2017 Semiannual Risk Perspective which addresses safety and soundness threats and compliance requirements for its regulated institutions.

Office of Foreign Assets Control (OFAC)

OFAC has updated the SDN list as of January 12, 2018. The last update prior to this was January 5, 2018

Questions? Contact the Compliance Hotline: 1.800.546.4465,

Posted in Compliance News, Compliance News.