FinCEN Rapid Response Program Recovers $1.8B for Cyber Fraud Victims

April 15, 2026 Since its inception in 2015, the U.S. Department Are you a victim of a cyber-related fraud?of the Treasury's Financial Crimes Enforcement Network's (FinCEN) Rapid Response Program TIME IS OF THE ESSENCE! (RRP) has facilitated the interdiction of $1.8 A victim should immediately contact billion and the recovery of over $1 billion in their financial institution to report stolen proceeds on behalf of 5,790 U.S. victims. fraudulent activity and request RRP is a partnership between FinCEN, U.S. assistance. Please do not contact law enforcement, and foreign partners working FinCEN directly.together to help victims and their financial institutions recover stolen funds sent abroad as A victim or their financial institution the result of cyber-enabled fraud. should file a complaint with the FBI's Internet Crime Complaint Center As the financial intelligence unit (FIU) of the (IC3) (www.IC3.gov) and/or contact United States, FinCEN uses its authority to share the nearest USSS field office (www.financial intelligence rapidly with counterpart secretservice.gov/contact/field-offices). FIUs and encourages foreign authorities to stop and repatriate the fraudulent transactions using authorities under their respective legal and regulatory frameworks. To date, the RRP has confronted cyber threats involving 96 foreign jurisdictions.

RRP'S IMPACT SINCE JANUARY 20, 2025

More than $268.2 million in stolen funds interdicted and $157.3 million recovered on behalf of U.S. victims. Phone Scams Business E-mail Compromise Investment Fraud $33.9 million interdicted $120.5 million interdicted $40.2 million interdicted

Activating the RRP

Once law enforcement refers a victim's complaint involving a foreign beneficiary account to FinCEN, the RRP will contact the foreign FIU to encourage the interdiction and repatriation of the stolen funds and will work with the foreign FIU to provide status updates, financial intelligence, and procedural information to law enforcement. RRP shares the financial intelligence with the foreign The victim or their financial Law enforcement reviews the FIU in an attempt to recover institution must file a complaint complaint and refers the case to the proceeds and provides with law enforcement. FinCEN, activating the RRP. information back to law enforcement.

Information to Provide to Law Enforcement to Activate the RRP

FinCEN encourages individuals to report fraudulent activity to law enforcement as quickly as possible. FinCEN is most likely to be able to interdict or recover funds when fraudulently induced wire transfers are reported to law enforcement within 72 hours of the transaction. When requesting law enforcement assistance, the victim or their financial institution should provide as much detail about the scheme and transactions as possible. The following information is required to be provided at the time of filing a complaint with law enforcement:

• Victim's account name and number • Beneficiary's account name and number
• Victim's financial institution's name • Beneficiary's financial institution's name

• The country of the branch of the victim's • The country of the beneficiary's financial
  financial institution that originated the institution's branch that received the funds transaction • Date of wire transaction

• Summary of the fraud • Currency and amount transferred
  FinCEN encourages financial institutions to provide secondary information, where available, at the time of filing the complaint, in subsequent communications with law enforcement, and in any suspicious activity reports. 1 While not required to activate the RRP, FinCEN recommends financial institutions provide the following additional information if available: Additional financial institution information, including but not limited to:

• Society for Worldwide Interbank Financial Telecommunication (SWIFT) payment reference code from
  the victim bank

• Correspondent and intermediary financial institution information
  Additional fraud details, including but not limited to:

• Fake names and credentials, including government-issued identification numbers, used by fraud actors

• Mobile application names used by fraud actors, including encrypted chat applications or any social
  networking sites exploited in the fraud scheme

• Filenames and/or hash values of documents, images, videos, or other digital files sent from the fraud
  actor

• Emails, unique hashtags, or other unique descriptive information

• Peer-to-peer (P2P) payment details, such as handles, usernames, QR codes, or other unique identifying
  information associated with fraud actors

• Virtual currency wallet addresses and transaction hashes
  Additional cyber indicators, including but not limited to:

• Descriptive information involving any methods of cyber compromise, such as a Common
  Vulnerabilities and Exploits (CVE) record ID

• Mobile device information (such as device International Mobile Equipment Identity or IMEI numbers)
  associated with fraud actors. 1 The data collected through the RRP aids government authorities in the recovery of stolen funds on behalf of victims of cyber-enabled crime and assists FinCEN and law enforcement in detecting trends and criminal networks.