FinCEN Issues Advisory on Detecting Illicit Activity Linked to Unlawful Employment: What Banks and MSBs Need To Know

Key takeaways

• The Financial Crimes Enforcement Network (FinCEN) has issued the Treasury advisory (Advisory) required by Executive Order 14406 jointly with the federal banking agencies, identifying red flag typologies associated with the unlawful employment of illegal aliens and the use of the U.S. financial system by non-work-authorized populations and their employers.
• The Advisory consolidates and elevates typologies from prior FinCEN alerts issued over the past decade but introduces several new elements, such as enhanced due diligence (EDD) expectations for Individual Taxpayer Identification Numbers (ITINs), an expanded set of 18 red flag indicators, and an explicit national security framing tying payroll fraud to transnational criminal organizations and designated foreign terrorist organizations.
• The Advisory's use of "enhanced due diligence" language for ITINs is significant because EDD has historically been reserved under the Bank Secrecy Act (BSA) for a narrow set of high-risk relationships, including correspondent accounts for foreign financial institutions, private banking accounts, and jurisdictions designated as primary money laundering concerns.
• The Advisory aligns with five AML/CFT national priorities, and institutions should anticipate that its typologies will become priority areas that must be incorporated into risk assessments under the proposed AML/CFT program rule.
• Financial institutions should carefully calibrate their compliance response to avoid defensive suspicious activity report (SAR) filing and de-risking of entire customer segments, which could raise additional risks including customer discrimination claims under certain circumstances. 

On June 5, 2026, FinCEN issued a joint Advisory (FIN-2026-A002) with the Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC), and National Credit Union Administration (NCUA) urging financial institutions to be vigilant against unlawful employment of illegal aliens. The Advisory, issued in coordination with the IRS, is consistent with Executive Order 14406, “Restoring Integrity to America's Financial System,” and represents the latest concrete step in Treasury's effort to prevent use of the U.S. financial system by non-work-authorized populations. The Advisory also builds on Executive Order 14159, "Protecting the American People Against Invasion" (January 20, 2025), which declared it the policy of the United States to faithfully execute the immigration laws against all “inadmissible and removable alien[s].” As we discussed in our earlier Update regarding the EO's directive on foreign consular identification cards, this administration has signaled a marked departure from the historical deference Treasury afforded individual institutions on these issues, and this Advisory confirms that shift is well under way.

Key themes: Identity theft, payroll fraud, and the financial system

The Advisory focuses on two primary typologies: identity theft and payroll fraud schemes used by complicit employers in the agriculture, construction, domestic service, hospitality, and other industries to conceal violations of the Immigration Reform and Control Act of 1986 (IRCA or the Act) and other U.S. immigration laws. The Act prohibits U.S. persons and entities from knowingly hiring unlawful aliens for employment and requires employers to verify employment eligibility through the Form I-9 process. According to FinCEN, in 2025 alone, financial institutions reported over $2.5 billion in suspicious activity associated with payroll tax fraud schemes. 

The Advisory describes a common pattern in which a complicit labor broker establishes a shell company, often an unregistered money services business (MSB) with a generic name, such as "ABC Construction," and uses a foreign identity document or ITIN to open a bank account, listing themselves as "self-employed" or "laborer." Complicit employers send checks to these shell companies for purported industry-related services. The labor broker then distributes payments to unlawful alien workers through cash couriers, checks, or peer-to-peer platforms in structured transactions designed to fall below BSA reporting thresholds, without withholding any federal or state payroll taxes. Labor brokers may also obtain minimal workers' compensation policies and "rent" access to complicit employers employing hundreds of unlawful workers, enabling insurance fraud, and may use the shell companies for money laundering on behalf of drug trafficking organizations and transnational criminal organizations. 

The Advisory highlights the risk that complicit employers undercut legitimate businesses by evading payroll taxes, workers' compensation premiums, and other employment-related costs, creating an unlevel playing field across entire industries. The broader employment tax gap reached $127 billion in 2022 according to the IRS. In addition, the Advisory notes that the identity theft underlying these schemes victimizes U.S. citizens and lawful permanent residents whose stolen Social Security numbers are used to gain employment, healthcare benefits, and access to financial services and credit. 

Consolidation of prior FinCEN guidance: Overlap and new elements

The EO's typologies did not emerge in a regulatory vacuum. Rather, in many instances, they restated and elevated warnings already present in FinCEN's existing alert program. Our earlier analysis mapped each of the order's typologies to specific prior FinCEN notices, including the 2023 Notice on Payroll Tax Evasion and Workers' Compensation Fraud in the Construction Sector (FIN-2023-NTC1), the 2022 Advisory on Kleptocracy and Foreign Public Corruption (FIN-2022-A001), the 2020 Supplemental Advisory on Human Trafficking (FIN-2020-A008), and the 2025 Alert on Cross Border Funds Transfers Involving Illegal Aliens (FIN-2025-Alert003), among others. The Advisory confirms that assessment, explicitly acknowledging that many of its red flags "build off of FinCEN's 2023 Payroll Tax Fraud Notice, which remain relevant for this joint Advisory." 

However, the Advisory introduces several elements that go beyond prior guidance. First, it is the first FinCEN issuance to specifically encourage banks to treat ITINs as a risk factor warranting enhanced due diligence. Second, it provides a more granular set of 18 red flag indicators organized by individual customers, large companies, and small companies. Third, it draws an explicit connection to transnational criminal organizations and designated foreign terrorist organizations, a national security framing not present in the 2023 notice. Fourth, the joint issuance with the FDIC, OCC, and NCUA gives this Advisory a multiagency imprimatur signaling coordinated supervisory expectations. Finally, the Advisory introduces a specific SAR filing key term, "FINANCIALINTEGRITY-2026-A002," and encourages reporting tips to ICE. 

EDD on ITINs: A significant regulatory development

One of the Advisory's most consequential elements is its treatment of ITINs. Under the existing customer identification program (CIP) rule (31 CFR § 1020.220), banks may accept a taxpayer identification number, which includes ITINs, as a valid identification number for non-U.S. persons opening accounts. The preamble to the 2003 final CIP rule stated that the rule "neither endorses nor prohibits bank acceptance of information from particular types of identification documents issued by foreign governments," leaving each bank to decide based on appropriate risk factors whether the information presented by a customer is reliable. See 68 FR 25090, 25098 (May 9, 2003).

The Advisory now adds a significant gloss to this framework. It notes that ITINs do not provide evidence of legal status, authorize work, or serve as identification outside the federal tax system, and it encourages banks to treat the presentation of an ITIN in lieu of a Social Security number as a relevant risk factor requiring EDD. This guidance does not prohibit the use of ITINs for account opening, but it does place institutions on notice that ITIN usage should factor into ongoing risk assessment and monitoring.

The Advisory's use of the term "Enhanced Due Diligence" is itself significant. Under the BSA framework, EDD has historically been reserved for a narrow set of high-risk relationships: correspondent accounts for foreign financial institutions and private banking accounts under Section 312 of the USA PATRIOT Act, senior foreign political figures, shell banks, and jurisdictions designated as primary money laundering concerns under Section 311. By invoking EDD for ITIN-based accounts, the agencies are signaling that these accounts warrant a level of scrutiny traditionally reserved for the most sensitive categories in the BSA regime, including more intensive monitoring, greater scrutiny of the source and purpose of funds, and escalation to senior compliance personnel when risk indicators are present.

Importantly, the Advisory frames this guidance within the customer due diligence (CDD) rule's "fifth pillar," codified in FinCEN's 2016 final rule, which requires institutions to understand the nature and purpose of customer relationships and conduct ongoing monitoring to identify suspicious transactions and, on a risk basis, maintain and update customer information. It is worth noting that the proposed AML/CFT program rule (91 FR 18704-01) would restructure this framework by eliminating the "fifth pillar" as a standalone requirement and instead incorporating CDD obligations into the internal controls pillar of the AML/CFT program. If finalized in that form, the substantive CDD obligations, including understanding customer relationships and conducting ongoing monitoring, would remain but would be situated within the broader internal controls framework rather than as a separate program element. Regardless of how the final rule structures these requirements, the underlying CDD obligations remain operative under the existing 2016 rule and are directly implicated by the Advisory's ITIN guidance.

The CDD rule's "event driven" updating requirement, triggered when institutions detect information relevant to assessing customer risk, means the Advisory's formalization of ITIN usage as a risk factor could require banks to reassess the risk profiles of existing ITIN holding customers, even though the Advisory does not explicitly direct retrospective lookbacks. 

Alignment with AML/CFT national priorities

The Advisory expressly aligns with FinCEN's AML/CFT national priorities (June 30, 2021) that identified eight priorities that included fraud, terrorist financing, drug trafficking organization (DTO) activity, transnational criminal organization (TCO) activity, and human trafficking and human smuggling. This is not merely rhetorical. As we discussed in our prior Update, FinCEN's proposed AML/CFT program rule would require all BSA-regulated institutions to incorporate AML/CFT priorities into their risk assessments and update those programs promptly upon significant changes to their risk profiles. The Advisory's explicit alignment with multiple national priorities signals that its typologies will likely constitute priority areas institutions must incorporate once the program rule is finalized.

For banks, the proposed supervision and enforcement framework (proposed 31 CFR § 1020.221) provides that only "significant or systemic failures" warrant enforcement action, but a program that fails to respond to known risk profile changes formalized in this Advisory may no longer be deemed "reasonably designed." For MSBs, although the bank-specific framework does not apply, they are fully subject to the proposed program rule and should treat these typologies as areas where examiners will expect demonstrable compliance attention. 

Steps for banks and MSBs

Banks should review and update their CIP procedures to ensure foreign identity documents and ITINs are subject to appropriate risk-based analysis. Where institutions have concerns about Social Security number authenticity, the Advisory encourages verification against Social Security Administration records. Banks should enhance transaction monitoring to incorporate the 18 red flag indicators, update SAR filing procedures to include the key term "FINANCIALINTEGRITY-2026-A002," and train frontline personnel on the Advisory's typologies. Banks should also consider whether the Advisory's risk factors warrant a review of existing customer relationships in light of the CDD rule's event-driven updating requirement. 

For MSBs, the Advisory carries particular significance given FinCEN's identification of unregistered MSBs as a key vehicle for laundering payroll fraud proceeds. Registered MSBs should review agent and counterparty relationships, evaluate whether their customer base includes patterns consistent with the distribution of unlawfully obtained wages, and incorporate the Advisory's red flags and SAR key term into their monitoring frameworks.

The burden question: Squaring the advisory with the AML Act of 2020

The Advisory raises a question compliance professionals will rightly ask: How does this expanding mandate square with the burden reduction provisions of the Anti-Money Laundering Act of 2020 (AMLA)? The AMLA directed Treasury to streamline BSA requirements; eliminate those that are "outdated, redundant, or otherwise do not contribute to the effective detection of illicit activity;" and ensure that institutional programs are "risk based" and "reasonably designed." The Advisory's cumulative expectations, including 18 new red flags, ITIN EDD, new training requirements, and a new SAR key term, represent a substantial compliance lift, particularly for community banks and smaller MSBs.

Moreover, the underlying typologies, including payroll tax evasion, workers' compensation fraud, and IRCA violations, are fundamentally employment and tax law violations. The IRS, ICE, and the U.S. Department of Labor have direct statutory authority and investigative tools designed for precisely these issues, and asking financial institutions to serve as a proxy enforcement layer raises legitimate concerns about mission creep.

Notwithstanding this incongruity, the Advisory's alignment with five AML/CFT national priorities provides a defensible nexus to the BSA's core mandate, and the $2.5 billion in suspicious activity reported in 2025 demonstrates that these schemes generate significant illicit financial flows through the banking system. It is also worth noting that much of what the Advisory describes is not new. FinCEN has been issuing alerts and advisories addressing many of these same typologies for the better part of a decade, and our earlier analysis mapped each of the EO's typologies to these existing notices. The Advisory itself acknowledges that its red flags "build off of" the 2023 Payroll Tax Fraud Notice. For institutions that have kept pace with FinCEN's alert program, the incremental burden may be more modest than a first reading suggests. The Advisory's principal additions are the ITIN EDD guidance, the expanded red flag indicators, the national security framing, and the multiagency imprimatur.

The practical tension, however, remains real. The Advisory's red flags, if applied without refinement, could lead to defensive SAR filing, de-risking of entire customer segments, and the exclusion of lawful immigrants from financial services—outcomes that would undermine the policy objectives of financial inclusion that Treasury has historically endorsed. Although the comment period for the proposed AML/CFT Program Rule closed on June 9, 2026, institutions should continue to engage with Treasury and FinCEN through supervisory and industry channels to help ensure that the final framework appropriately balances enforcement priorities with AMLA’s mandate for risk-based, burden-conscious compliance 

Key deadlines

The following deadlines remain operative: The comment period for FinCEN's proposed AML/CFT Program Rule closed June 9, 2026; the CFPB's ability-to-repay clarification and regulators'-credit-risk guidance are due by mid-July 2026; Treasury's proposed CDD rule changes are due by mid-August 2026; and CIP rule changes addressing the Matricula Consular are due by mid-November 2026. The compliance date for banks and MSBs under the reformed AML/CFT program requirements will be 12 months after final rule issuance. 

In addition to filing SARs, the Advisory encourages financial institutions and the public to report tips about employers exploiting unauthorized workers to ICE's tip form or by calling (866) 347-2423. FinCEN also maintains a whistleblower incentive program for BSA violations, under which individuals may be eligible for awards if their tip leads to a successful enforcement action resulting in monetary penalties exceeding $1,000,000. 

Financial institutions that have not yet begun reassessing their programs in light of Executive Order 14406 should treat this Advisory as a call to action. The interplay between the EO, the proposed AML/CFT program rule, and now this Advisory creates a complex compliance landscape that will evolve rapidly as Treasury publishes further guidance and FinCEN moves toward final rules.