Tag Archives: department of the treasury

Government Anti-Fraud Efforts: They’re Still Siloed

When the United States was attacked on September 11, 2001—an attack that caused NATO to invoke Article 5, but I digress—Congress and the President decided that the proper response was to reorganize the government and place homeland security efforts under a single Cabinet secretary. While we may question the practical wisdom of that move, the intent was to ensure that the U.S. Government mounted a coordinated response to that specific threat.

Today Americans face the threat of fraud. Granted it isn’t as showy as burning buildings, but fraud clearly impacts many if not most of us. My financial identity has been compromised multiple times in the last several years, and yours probably has also.

But don’t expect Congress and the President to create a single Department of Anti-Fraud any time soon.

Stop Identity Fraud and Identity Theft Bill

As Biometric Update reported, Congresspeople Bill Foster (D-IL) and Pete Sessions (R-TX) recently introduced H.R. 7270, “To establish a government-wide approach to stopping identity fraud and theft in the financial services industry, and for other purposes.”

Because this is government-wide and necessarily complex, the bill will be referred to at least THREE House Committees:

“Referred to the Committee on Oversight and Government Reform, and in addition to the Committees on Financial Services, and Energy and Commerce, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.”

Why? As I type this the bill text is not available at congress.gov, but Foster’s press release links to a preliminary (un-numbered) copy of the bill. Here are some excerpts:

“9 (9) The National Institute of Standards and
10 Technology (NIST) was directed in the CHIPS and
11 Science Act of 2022 to launch new work to develop
12 a framework of common definitions and voluntary
13 guidance for digital identity management systems,
14 including identity and attribute validation services
15 provided by Federal, State, and local governments,
16 and work is underway at NIST to create this guid
17 ance. However, State and local agencies lack re
18 sources to implement this new guidance, and if this
19 does not change, it will take decades to harden defi
20 ciencies in identity infrastructure.”

Even in the preamble the bill mentions NIST, part of the U.S. Department of Commerce, and the individual states, after mentioning the U.S. Department of the Treasury (FinCEN) earlier in the bill.

But let’s get to the meat of the bill:

“3 SEC. 3. IDENTITY FRAUD PREVENTION INNOVATION
4 GRANTS.
5 (a) IN GENERAL.—The Secretary of the Treasury
6 shall, not later than 1 year after the date of the enactment
7 of this section, establish a grant program to provide iden
8 tity fraud prevention innovation grants to States.”

The specifics:

  • The states can use the grants to develop mobile driver’s licenses “and other identity credentials.”
  • They can also use the grants to protect individuals from deepfake attacks.
  • Another purpose is to develop “interoperable solutions.”
  • A fourth is to replace vulnerable legacy systems.
  • The final uses are to make sure the federal government gets its money, because that’s the important thing to Congress.

But there are some limitations in how the funds are spent.

  • They can’t be used to require mDLs or eliminate physical driver’s licenses.
  • They can’t be used to “support the issuance of drivers licenses or
    identity credentials to unauthorized immigrants.” (I could go off on a complete tangent here, but for now I’ll just say that this prevents a STATE from issuing such an identity credential.)

The bill is completely silent on REAL ID, therefore not mandating that everyone HAS to get a REAL ID.

And everything else

So although the bill claims to implement a government-wide solution, the only legislative changes to the federal government involve a single department, Treasury.

But Treasury (FinCEN plus IRS) and the tangentially-mentioned Commerce (NIST) aren’t the only Cabinet departments and independent agencies involved in anti-fraud efforts. Others include:

  • The Department of Justice, through the Federal Bureau of Investigation and the new Division for National Fraud Enforcement.
  • The Department of Homeland Security, through the Secret Service and every enforcement agency that checks identities at U.S. borders and other locations.
  • The Federal Trade Commission (FTC).
  • The Social Security Admistration. Not that SSNs are a national ID…but they de facto are.
  • The U.S. Postal Inspection Service.
  • The Consumer Financial Protection Bureau.

These agencies are not ignored, but are funded under mandates separate from H.R. 7270. Or maybe not; there’s an effort to move Consumer Financial Protection Bureau work to the Department of Justice so that the CFPB can be shut down.

And that’s just one example of how anti-fraud efforts are siloed. Much of this is unavoidable in our governmental system (regardless of political parties), in which states and federal government agencies constantly war against each other.

  • What happens, for example, if the Secret Service decides that the states (funded by Treasury) or the FBI (part of Justice) are impeding its anti-fraud efforts?
  • Or if someone complains about NIST listing evil Commie Chinese facial recognition algorithms that COULD fight fraud?

Despite what Biometric Update and the Congresspeople say, we do NOT have a government-wide anti-fraud solution.

(And yes, I know that the Capitol is not north of the Washington Monument…yet.)

Google Gemini. Results may not be accurate.

What is the Proper Identity Assurance Level (IAL) for Employer Identification Number (EIN) Assignment?

(Imagen 4)

In the latest Know Your Business brouhaha, the Treasury Inspector General for Tax Administration (TIGTA) has questioned some potential gaps in the assignment of an Employer Identification Number, or EIN.

It seems that some so-called “businesses” are using an EIN as a facade for illegal activity…and insufficient identity assurance is preventing the fraudsters from being caught.

Obtaining Employer Identification Numbers to commit tax fraud

What is an EIN? In the same way that U.S. citizens have Social Security Numbers, U.S. businesses have Employer Identification Numbers. It’s not a rigorous process to get an EIN; heck, Bredemarket has one.

But maybe it needs to be a little more rigorous, according to TIGTA.

“EINs are targeted and used by unscrupulous individuals to commit fraud. In July 2021, we reported that there were hundreds of potentially fraudulent claims for employer tax credits….Further, in April 2024, our Office of Investigations announced that it helped prevent $3.5 billion from potentially being paid to fraudsters. Our special agents identified a scheme where individuals obtained an EIN for the sole purpose of filing business tax returns to improperly claim pandemic-related tax credits.”

Yes, that’s $3.5 billion with a B. That’s a lot of fraud.

Perhaps the pandemic has come and gone, but the temptation to file fraudulent business tax returns with an improperly-obtained EIN continues.

Facade.

Enter the Identity Assurance Level

So how does the Internal Revenue Service (IRS) gatekeep the assignment of EINs?

By specifying an Identity Assurance Level (IAL) before assigning an EIN.

Specifically, Identity Assurance Level 1.

“In December 2024, the IRS completed the annual reassessment of the Mod IEIN system. The IRS rated the identity proofing and authentication requirements at Level 1 (the same level as the initial assessment in January 2020).”

IAL1 doesn’t “assure” anything…except continued tax fraud

If you’ve read the Bredemarket blog or other biometric publications, you know that IAL1 is, if I may use a technical term, a “nothingburger.” The National Institute of Standards and Technology (NIST) says this about IAL1:

“There is no requirement to link the applicant to a specific real-life identity. Any attributes provided in conjunction with the subject’s activities are self-asserted or should be treated as self-asserted (including attributes a CSP asserts to an RP). Self-asserted attributes are neither validated nor verified.”

If that isn’t a shady way to identity a business, I don’t know what is.

From https://pages.nist.gov/800-63-3/sp800-63a.html#sec2.

Would IAL2 or IAL3 be better for EIN assignment?

These days it’s probably unreasonable to require every business to use Identity Assurance Level 3 (discussed in the Bredemarket post “Identity Assurance Level 3 (IAL3): When Identity Assurance Level 2 (IAL2) Isn’t Good Enough“) to obtain an EIN. As a reminder, IAL3 requires either in-person or supervised proof of identity.

But I agree with TIGTA’s assertion that Identity Assurance Level 2, with actual evidence of the real-world identity, should be the minimum.

Does your firm offer an IAL2/IAL3 product?

And if your identity/biometric firm offers a product that conforms to IAL2 or IAL3, and you need assistance creating product marketing content, talk to Bredemarket.

Stop losing prospects! Use Bredemarket content for tech marketers

Possible FinCEN Changes

H/T ComplyAdvantage. From FinCEN.

“[On June 18] the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) held the 62nd semi-annual plenary meeting of the Bank Secrecy Act Advisory Group (BSAAG). Deputy Secretary of the Treasury Michael Faulkender delivered remarks at the event laying out guiding principles for BSA modernization.”

https://www.fincen.gov/news/news-releases/fincen-holds-62nd-bank-secrecy-act-advisory-group-bsaag-plenary

ComplyAdvantage itself states:

“The most eye-catching update is that the Treasury will attempt to “change the AML/CFT [Anti Money Laundering/Combating the Financing of Terrorism] status quo” so the BSA “explicitly permits financial institutions to de-prioritize risks” and direct resources towards higher-risk areas. The Treasury also intends to streamline reporting processes to minimize the SAR [Suspicious Activity Report] and CTR [Currency Transaction Report] burden on organizations.”

https://www.linkedin.com/pulse/us-plans-bsa-modernization-singapore-implements-corporate-iuzxe

When Beneficial Ownership Diverges From Legal Ownership

I recently discussed some proposed changes to the way in which beneficial ownership information (BOI) is collected. However, even after the changes are made, FinCEN will still collect BOI for foreign firms.

Hungary, facial recognition, and geolocation

Biometric Update recently published a story about facial recognition in Hungary, and its use to identify people who display rainbows and dress in ways “that diverge from the gender they were assigned at birth.” I’m going to zero in on one portion of the story: the facial recognition provider involved.

The company FaceKom has been around under different names since 2010 but has seen significant growth during the past few years thanks to investments from the Central European Opportunity Private Equity Fund (CEOM). The fund has no direct links with [Prime Minister Orbán’s son-in-law, István] Tiborcz. However, it is registered on the same address in Budapest where several companies owned by Orbán ‘s son-in-law operate.

Ah, geolocation! The Chi Fu Investment Fund Management Zrt.’s address of record is 1051 Budapest, Vörösmarty tér 2.

And do you know what else is at that address?

A Western Union Currency Exchange.

From https://interchangefx.com/branches/vorosmarty/.

Well, that’s enough to drive some conspiracy theorists crazy.

Beneficial ownership and legal ownership

So I didn’t find the smoking gun, but I do want to take this opportunity to point out what BENEFICIAL ownership is. Investopedia:

A beneficial owner is a person who enjoys the benefits of ownership even though the title to some form of property is in another name.

Using the Hungarian example (without the Western Union part), it’s not enough to say that CEOM and/or Chi Fu Investment Fund Management Zrt. (I don’t know enough Hungarian to confirm they are one and the same) does not list István Tiborcz (or Victor Orbán) as an official owner or co-owner.

As Unit21 points out, you don’t have to literally own (either on your own or through a trust) 25% of an entity to be a beneficial owner. Here’s another criterion of a beneficial owner:

Any individual that holds a significant ability to control, manage, or direct the legal entity

De facto control without de jure control could very well be wielded by a powerful politician, or his son-in-law.

(Imagen 3)

FinCEN Domestic BOI Changes: Terrorists Have Not Already Won

A Bredemarket message about financial identity and anti-money laundering (AML) enforcement.

A huge loophole?

Tell your firm’s fraud-fighting story: https://bredemarket.com/cpa/

(Money laundering picture from Imagen 3)

Don’t Know Your Business and Corporate Transparency Act Limited Enforcement (Oh BOI Again)

AuthenticID shared the following:

“In March, the U.S. Treasury Department announced it would no longer enforce the Corporate Transparency Act, the anti-money-laundering law that requires millions of businesses to disclose the identity of their real beneficial owners.”

Not entirely accurate as we will see, but the details are gated. But not at JD Supra:

“On March 26, 2025, FinCEN issued an interim final rule and request for comments, removing the requirement under the Corporate Transparency Act (CTA) for both U.S. companies and U.S. persons to report beneficial ownership information to FinCEN. The rule is effective March 26, 2025. Thus, subject to additional rule changes, U.S. companies and U.S. individuals no longer have to file an initial Beneficial Ownership Information Report (BOIR) or otherwise update or correct a previously filed BOIR.”

As the interim rule itself clarifies, foreign companies still have to report.

“On March 2, 2025, Treasury announced the suspension of enforcement of the CTA against U.S. citizens, domestic reporting companies, and their beneficial owners, and Treasury further announced its intent to engage in a rulemaking to narrow the Reporting Rule to foreign reporting companies only.”

The interim rule itself addresses the convoluted history (one, two, three) of FinCEN’s attempts to enforce anti-money laundering (AML) laws as court challenges persist.

I will let you judge whether this is welcome relief from bureaucracy for American companies, or a huge FinCEN loophole that facilitates AML financial identity evasion by simply letting companies represent themselves as domestic, allowing them to launder as much money as they please for terrorists, drug dealers, and others.

Not that I have an opinion on that.

(Business terrorist image Imagen 3/Google Gemini)

FinCEN, Cartels, and Geolocation

Who says that geolocation isn’t a critical factor for persons and non-person entities alike?

ComplyAdvantage alerted me to a Geographic Targeting Order from FinCEN.

“The GTO requires all money services businesses (MSBs) located in 30 ZIP codes across California and Texas near the southwest border to file Currency Transaction Reports (CTRs) with FinCEN at a $200 threshold, in connection with cash transactions.”

Of course, the targeted “cartels, drug traffickers, and other criminal actors along the Southwest border” can easily evade the reporting requirements by going a little north, east, or west. After all, there are more than 40,000 ZIP codes….

Why No BOI?

(Business terrorist image Imagen 3/Google Gemini)

I asked my good buddy Google Gemini to describe the court arguments against FinCEN beneficial ownership reporting (which as of this hour is on a court-mandated hold pending a possible Supreme Court stay). Two of the items identified by Gemini are Bill of Rights related.

“Some argue the reporting requirements force businesses to disclose information about their owners, which they consider a form of compelled speech. The First Amendment protects freedom of expression, and this argument suggests the government is overstepping its bounds.”

“Critics argue that the collection of beneficial ownership information constitutes a search under the Fourth Amendment. They contend that this collection is overly broad and lacks sufficient justification to meet the constitutional standard of reasonableness.”

Human sources, including Engage Wealth Advisors, mention these same concerns.

So the big boys are still subject to KYC, KYB, and AML regulations, while the little boys (sole proprietors) aren’t. The ones in the middle who would have been subject to the Corporate Transparency Act remain in a state of limbo.

Of course, if an anonymous entity claimed that BOI opponents are Putin lovers who want to hide terrorist activities, those same opponents would want to know who is saying that about them. What’s good for me isn’t good for thee…

Oh BOI Again, Subject to Change

On December 23, 2024, we learned that Beneficial Ownership Information (BOI) reporting WOULD be required, albeit later than originally planned.

The next day, December 24, I wrote a Bredemarket blog post about this.

Two days later, December 26, my December 24 blog post was already outdated. 

“On December 26, 2024, a different panel from the Fifth Circuit issued an order that vacated the court’s prior December 23 order granting a stay of the preliminary injunction. As a result, the injunction issued in Texas Top Cop Shop remains in effect nationwide and reporting companies are currently not required to file beneficial ownership information with FinCEN.”

The notice above was published on January 4.

Check back on January 6.

Oh BOI

Beneficial Ownership Information alert. From Proskauer:

“On December 23, 2024, the Fifth Circuit of the United States Court of Appeals (the “Fifth Circuit”) issued an order that has the effect of reinstituting the deadlines under the Corporate Transparency Act (the (“CTA”)….

“The CTA requires a range of entities, primarily smaller, otherwise unregulated companies, to file a report with the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) identifying the entities’ beneficial owners—the persons who ultimately own or control the company—and provide similar identifying information about the persons who formed the entity.

“FinCEN has recognized that the timing of the order lifting the injunction may be particularly burdensome and has extended the reporting deadlines.  Accordingly, reporting companies created prior to January 1, 2024, that are not eligible for an exemption, are required to file beneficial ownership reports by January 13, 2025 (and not January 1, 2025).”