At the end of March, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a new Advisory urging financial institutions to heighten scrutiny of transactions potentially tied to healthcare fraud schemes targeting Medicare, Medicaid, and other federal and state healthcare benefit programs. The Advisory is accompanied by this press release.

Issued in coordination with the FBI and the U.S. Department of Health and Human Services Office of Inspector General (HHS-OIG), the Advisory outlines how medical professionals, fraudsters, organized crime groups, and – increasingly – transnational criminal organizations (TCOs) are exploiting healthcare benefit programs and laundering proceeds through the U.S. and international financial systems.

The Advisory reflects FinCEN’s broader focus on fraud as a core anti-money laundering priority: according to Treasury’s 2026 National Money Laundering Risk Assessment, fraud, including healthcare fraud and government benefits fraud, continues to be one of the largest sources of illicit proceeds in the United States. Both financial institutions that support the healthcare industry and healthcare providers themselves need to be aware of and take proactive measures considering FinCEN’s targeting of heathcare fraud.

Background: How Fraudsters Operate and Use the Financial System

According to FinCEN, perpetrators are increasingly using shell companies, straw owners, stolen identities, and false beneficial ownership information to enroll sham entities as healthcare providers or suppliers capable of billing government healthcare programs. In some cases, illicit actors purchase already-enrolled entities but do not report changes in ownership, then use those entities to submit fraudulent reimbursement claims. FinCEN identified durable medical equipment suppliers, home and hospice care companies, pharmacies, telemedicine companies, laboratories and adult day care centers as sectors that may be vulnerable to these schemes.

Once established in the system, fraudulent actors may submit false claims for nonexistent, exploitative, substandard or medically unnecessary care. According to FinCEN, schemes may involve phantom billing, double billing, unbundling and upcoding, often facilitated through kickbacks and bribes to marketers or complicit medical professionals. Notably, the inclusion of “medically unnecessary” and “substandard” care in this list could open the floodgates as to what would constitute a red flag for financial institutions, given the subjective nature of these types of allegations. 

The Advisory also identifies a litany of ways in which fraudulent funds are laundered. After a fraudulent claim is paid, often by ACH deposit, proceeds may be moved rapidly through domestic and international accounts, converted into digital assets, transferred to broker-dealers or online betting platforms, funneled through money mule accounts, withdrawn in cash, or used to purchase real estate and luxury goods. FinCEN warns that actors may even recruit insiders at financial institutions to help evade anti-money laundering (AML) controls.

Operationalizing: Red Flags for Financial Institutions

The Advisory provides financial institutions with an overview of healthcare fraud schemes targeting Healthcare Benefit Programs. It also highlights the associated money laundering typologies and red flag indicators to identify and report suspicious activity to FinCEN and reminds financial institutions of their reporting requirements under the Bank Secrecy Act.

The Advisory provides a detailed list of red flags that financial institutions should consider when monitoring customers who are healthcare providers or suppliers, including:

  • Recently formed or purchased healthcare entities receiving large reimbursement payments soon after launch.
  • Sudden spikes in billings or reimbursements.
  • Significant transfers to shell companies or foreign jurisdictions.
  • Substantial outgoing transactions to virtual asset service providers, brokerage accounts, or online betting platforms.
  • Minimal or no legitimate business expenses consistent with the claimed healthcare activity.
  • Repeated withdrawals of cash or payments labeled as vague “consulting” or “marketing” fees.

FinCEN emphasizes that no single red flag is determinative. Instead, institutions should evaluate suspicious conduct in context. FinCEN also specifically encourages financial institutions to review whether customers are receiving reimbursements from Medicare Administrative Contractors or state agencies and to assess whether that payment activity aligns with the customer’s known business model.

Suspicious Activity Report (SAR) Expectations

The Advisory instructs financial institutions filing SARs related to activity described in the Advisory to include the key term “HCF-2026-A001,” and to select SAR field 34(g) for healthcare/public or private health insurance (along with any other relevant suspicious activity fields). Even before the issuance of this Advisory, healthcare fraud reporting by financial institutions has risen sharply in recent years.

In 2025, financial institutions filed more than 3,800 initial SARs in which the healthcare-related SAR field was identified. Over 3,200 such SARs were filed in 2024, and over 2,400 in 2023. Even so, FinCEN cautions that reported activity likely represents only a small fraction of the underlying illicit conduct. More information about specific SARs reporting is available on FinCEN’s SAR Stats page.

Why This Matters

The Advisory is notable for at least three reasons.

First, it continues FinCEN’s recent emphasis on fraud involving government payment systems, including programs funded by federal and state healthcare dollars. The agency expressly frames healthcare fraud as a significant threat to both the U.S. healthcare system and the financial system. Also, as noted above, the conduct described in the Advisory is extremely broad and implicates allegations of fraud arising under the False Claims Act, like medically unnecessary or substandard care, that often are difficult for the government to prove.

Second, the Advisory places substantial focus on TCOs and sophisticated laundering typologies. In the Advisory, FinCEN cites a Department of Justice (DOJ) case study involving alleged foreign-based actors, shell companies, stolen patient identities, and transfers through overseas banks and digital assets. The message is that financial institutions should not view healthcare fraud as a purely domestic billing issue. The emphasis on TCOs also implicates potential issues under U.S. economic sanctions, which have long targeted such actors, and the Foreign Corrupt Practices Act, under which the DOJ is specifically prioritizing corruption and bribery involving TCOs.

Third, the Advisory reinforces the expectation that financial institutions apply risk-based customer due diligence and transaction monitoring to customers in the healthcare space, particularly where beneficial ownership, ownership changes, reimbursement activity and outbound fund flows do not line up with the customer’s stated business.

Practically speaking, how financial institutions handle such oversight will largely depend on each institution’s approach to risk and what information it obtains related to the customer on an ongoing basis. Implicit in the Advisory is that financial institutions may not naturally view healthcare providers as an AML risk – even if, at least according to FinCEN, they increasingly are.

Looking Ahead: Ongoing Vigilance for Financial Crimes Risk Associated with Healthcare Fraud

Financial institutions, especially banks and other covered entities with commercial customers in the healthcare sector, should review whether their AML programs adequately account for this risk. That may include reassessing onboarding and beneficial ownership procedures for healthcare providers and suppliers, calibrating transaction monitoring scenarios around reimbursement patterns and rapid outbound transfers, reviewing controls for recently purchased entities and nominee ownership structures, and refreshing escalation procedures for suspicious activity involving potential government program fraud.

In truth, many of the compliance measures outlined in the Advisory are ones that financial institutions already are taking or should be taking with respect to many customers. As noted above, issuance of the Advisory suggests that compliance measures with respect to healthcare providers may have traditionally been less robust than measures for other sectors.

Healthcare companies themselves should also treat the Advisory as a prompt to strengthen basic front-end diligence and internal controls. This means maintaining clear onboarding and credentialing records for vendors, marketers, referral sources, management companies and healthcare providers themselves, and ensuring that payment flows, billing activity and use of third-party contractors align with the company’s legitimate business model. This may be more challenging depending on the size and complexity of the practice or institution, but companies should consider outsourcing these responsibilities to the extent that they lack the infrastructure to ensure compliance within their own organization.

Companies should ensure that legal, compliance, finance, procurement and other operations personnel are equipped and empowered to spot and report on compliance red flags, such as:

  • Abrupt spikes in reimbursements.
  • Vague consulting or marketing arrangements.
  • Unusual cash activity.
  • Rapid transfers to unrelated third parties.
  • Ownership and control changes that are not fully documented.

Similarly, healthcare companies must keep accurate records of their diligence process. For companies that may not conduct this type of diligence often, even straightforward steps like using intake checklists, requiring supporting documentation for high-risk relationships, seeking business references, checking credit and background reports, and preserving a clear approval trail can reduce risk.

This Advisory is part of a broader Treasury enforcement and policy push focused on fraud, waste and abuse in federal payment programs, with an increased emphasis on healthcare fraud generally. Given the amount of money spent on healthcare programs and this administration’s stated prioritization of healthcare enforcement, we expect the industry to be a continued target of FinCEN and broader government enforcement efforts. We likewise expect greater coordination between the various government enforcement entities and divisions.

Please contact the authors if you have any questions.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Denise Barnes Denise Barnes

Denise Barnes counsels clients in high-stakes matters related to fraud allegations, including in healthcare, federal contract procurement, and securities and financial services. A former trial attorney with the U.S. Department of Justice (DOJ), she has extensive experience handling issues related to compliance, white-collar…

Denise Barnes counsels clients in high-stakes matters related to fraud allegations, including in healthcare, federal contract procurement, and securities and financial services. A former trial attorney with the U.S. Department of Justice (DOJ), she has extensive experience handling issues related to compliance, white-collar and regulatory investigations, and complex commercial litigation. Denise represents businesses in public and non-public investigations, regulatory inquiries, and proceedings involving federal and state agencies. She frequently assists clients navigating government investigations related to allegations arising under the False Claims Act (FCA), Anti-Kickback Statute (AKS), Stark Law, and Financial Institutions Reform, Recovery, and Enforcement Act (FIRREA). Notably, during her tenure at the DOJ, she spearheaded numerous multi-district investigations that resulted in over $2.7 billion in recoveries for federal taxpayers.

Read more about Denise Barnes
Show more Show less
Photo of Thad McBride Thad McBride

Thad McBride advises public and private companies on the legal considerations essential to successful business operations in a global marketplace. He focuses his practice on counseling clients on compliance with U.S. export regulations (ITAR and EAR), economic sanctions and embargoes, import controls (CBP)…

Thad McBride advises public and private companies on the legal considerations essential to successful business operations in a global marketplace. He focuses his practice on counseling clients on compliance with U.S. export regulations (ITAR and EAR), economic sanctions and embargoes, import controls (CBP), and the Foreign Corrupt Practices Act (FCPA). He also advises clients on anti-boycott controls, and assists companies with matters involving the Committee on Foreign Investment in the United States (CFIUS). Thad supports international companies across a range of industries, including aviation, automotive, defense, energy, financial services, manufacturing, medical devices, oilfield services, professional services, research and development, retail, and technology. Beyond advising on day-to-day compliance matters, Thad regularly assists clients in investigations and enforcement actions brought by government agencies, including the U.S. Department of Justice (DOJ), the U.S. Treasury Department Office of Foreign Assets Control (OFAC), the U.S. State Department Directorate of Defense Trade Controls (DDTC), Customs and Border Protection (CBP), the U.S. Commerce Department Bureau of Industry & Security (BIS), and the Securities & Exchange Commission.

Read more about Thad McBride
Show more Show less
Photo of James Parkinson James Parkinson

Jamie Parkinson focuses his practice on counseling businesses and individuals in regulatory compliance and government investigations, with an emphasis on multi-jurisdictional and Foreign Corrupt Practices Act (FCPA) matters. A member of the firm’s Compliance & Government Investigations group, Jamie  has significant experience navigating…

Jamie Parkinson focuses his practice on counseling businesses and individuals in regulatory compliance and government investigations, with an emphasis on multi-jurisdictional and Foreign Corrupt Practices Act (FCPA) matters. A member of the firm’s Compliance & Government Investigations group, Jamie  has significant experience navigating cross-border matters and representing clients in criminal and civil enforcement actions involving the FCPA, extradition, securities fraud, insider trading, false statements and environmental issues.

Read more about James Parkinson
Show more Show less
Related Posts
GAO: Conversion Did Not Void Procurement Eligibility
February 19, 2026
FAR Agenda Narrows, with CUI and OCI Rules Moving Forward
September 26, 2025
OFPP Green Lights Immediate Use of Revised Procurement Rules
August 19, 2025

From the Bass, Berry & Sims Blog Network
From the Bass, Berry & Sims Blog Network

Thought Leadership by our Attorneys.