Payroll Tax Evasion and Workers’ Compensation Fraud – What to Watch For

Payroll tax evasion and workers’ compensation fraud are multi-million-dollar problems in the US construction sector. Especially as many of these schemes flow through financial institutions. The Financial Crimes Enforcement Network (FinCEN) has issued Notice FIN-2023-NTC1, highlighting the problem, identifying red flags, and explaining SAR filing instructions.

What are these schemes?

Workers' compensation and payroll tax evasion fraud use shell companies and fake documents. The fraudsters will set up a shell company (call it XYZ Corp) that purchases a small workers’ comp insurance policy. XYZ Corp then sells or rents the policy to construction companies with far more employees than the policy covers. This is insurance fraud.

The contractors also have XYZ Corp pay their employees “off the books.” These payments are made without paying required state and federal payroll taxes. This is tax fraud.

What are the red flags of these frauds?

In the notice, FinCEN included 11 red flags for identifying these frauds. The red flags were created in coordination with Internal Revenue Service-Criminal Investigation (IRS-CI) and Homeland Security Investigations (HSI). As with all such lists, a single red flag doesn’t make the activity suspicious. In making that decision, the totality of the activity should be considered.

Here is an overview of the red flag list:

1. The customer is a small construction firm focused on a single construction trade, has been in business for a short time, has a very limited or no online presence, and has other indicators of being a shell company.
2. The company has no known involvement in the construction industry. The form of ID used to open the account is a non-US passport.
3. The company’s owners are not involved in the construction industry and may have prior fraud convictions.
4. The company’s latest workers’ comp insurance policy is for a small number of employees compared to the transaction activity in the account.
5. The customer receives regular deposits into the account from multiple construction companies. The deposits may be made from locations in several cities or states.
6. The customer attempts to avoid currency transaction reporting.
7. The company withdraws large amounts of cash or uses armored car delivery services for bulk cash.
8. Many lower-value checks are issued to separate payees, which are negotiated for cash.
9. Few or no tax payments are made to the IRS, state or local governments, or a payroll processor.
10. The IP address of the customer’s online banking is also connected with online banking for another customer in the same construction activity.
11. A company representative indicates that cash withdrawals are for payroll, and the activity does not align with a company having a small number of employees.

How should suspected fraud be reported on a SAR?

To highlight these frauds in SAR, financial service providers should:

• Use the key term FIN-2023-NTC1 in SAR field 2 (Filing Institution Note to FinCEN)
• Select SAR Field 34(z) (FRAUD-Other) as the suspicious activity type and include the term payroll tax evasion or workers’ compensation in the related text box.

As with all SARs, a complete discussion of the account activity, the people, and other institutions involved should be included in the narrative.

FinCEN also includes information law enforcement has found valuable in investigating these frauds. The notice contains a reminder that information sharing among institutions under §314(b) of the USA PATRIOT Act can be beneficial in identifying the participants in these schemes.

For more insight into financial fraud, see these resources on our website:

Connecting Fraud and Money Laundering

Fraud – It Continues in Bad Times and Good

Disrupting Fraud – Stopping the Flow of Funds

We have helped financial institutions across the globe for decades. If you want to learn more about how our experts can help you reach your goals, fill out our contact form, and we’ll start the conversation.