FinCEN Advisory Warns Financial Institutions of Healthcare Fraud Targeting Medicare and Medicaid

April 10, 2026

FinCEN Advisory Warns Financial Institutions of Healthcare Fraud Targeting Medicare and Medicaid

Denise Barnes, Thaddeus McBride, James Parkinson Bass, Berry & Sims PLC + Follow Contact LinkedIn Facebook X Send Embed

At the end of March, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a new Advisory urging financial institutions to heighten scrutiny of transactions potentially tied to healthcare fraud schemes targeting Medicare, Medicaid, and other federal and state healthcare benefit programs. The Advisory is accompanied by this press release.

Issued in coordination with the FBI and the U.S. Department of Health and Human Services Office of Inspector General (HHS-OIG), the Advisory outlines how medical professionals, fraudsters, organized crime groups, and – increasingly – transnational criminal organizations (TCOs) are exploiting healthcare benefit programs and laundering proceeds through the U.S. and international financial systems.

The Advisory reflects FinCEN’s broader focus on fraud as a core anti-money laundering priority: according to Treasury’s 2026 National Money Laundering Risk Assessment, fraud, including healthcare fraud and government benefits fraud, continues to be one of the largest sources of illicit proceeds in the United States. Both financial institutions that support the healthcare industry and healthcare providers themselves need to be aware of and take proactive measures considering FinCEN’s targeting of heathcare fraud.

Background: How Fraudsters Operate and Use the Financial System

According to FinCEN, perpetrators are increasingly using shell companies, straw owners, stolen identities, and false beneficial ownership information to enroll sham entities as healthcare providers or suppliers capable of billing government healthcare programs. In some cases, illicit actors purchase already-enrolled entities but do not report changes in ownership, then use those entities to submit fraudulent reimbursement claims. FinCEN identified durable medical equipment suppliers, home and hospice care companies, pharmacies, telemedicine companies, laboratories and adult day care centers as sectors that may be vulnerable to these schemes.

Once established in the system, fraudulent actors may submit false claims for nonexistent, exploitative, substandard or medically unnecessary care. According to FinCEN, schemes may involve phantom billing, double billing, unbundling and upcoding, often facilitated through kickbacks and bribes to marketers or complicit medical professionals. Notably, the inclusion of “medically unnecessary” and “substandard” care in this list could open the floodgates as to what would constitute a red flag for financial institutions, given the subjective nature of these types of allegations.

The Advisory also identifies a litany of ways in which fraudulent funds are laundered. After a fraudulent claim is paid, often by ACH deposit, proceeds may be moved rapidly through domestic and international accounts, converted into digital assets, transferred to broker-dealers or online betting platforms, funneled through money mule accounts, withdrawn in cash, or used to purchase real estate and luxury goods. FinCEN warns that actors may even recruit insiders at financial institutions to help evade anti-money laundering (AML) controls.

Operationalizing: Red Flags for Financial Institutions

The Advisory provides financial institutions with an overview of healthcare fraud schemes targeting Healthcare Benefit Programs. It also highlights the associated money laundering typologies and red flag indicators to identify and report suspicious activity to FinCEN and reminds financial institutions of their reporting requirements under the Bank Secrecy Act.

The Advisory provides a detailed list of red flags that financial institutions should consider when monitoring customers who are healthcare providers or suppliers, including:

• Recently formed or purchased healthcare entities receiving large reimbursement payments soon after launch.
• Sudden spikes in billings or reimbursements.
• Significant transfers to shell companies or foreign jurisdictions.
• Substantial outgoing transactions to virtual asset service providers, brokerage accounts, or online betting platforms.
• Minimal or no legitimate business expenses consistent with the claimed healthcare activity.
• Repeated withdrawals of cash or payments labeled as vague “consulting” or “marketing” fees. FinCEN emphasizes that no single red flag is determinative. Instead, institutions should evaluate suspicious conduct in context. FinCEN also specifically encourages financial institutions to review whether customers are receiving reimbursements from Medicare Administrative Contractors or state agencies and to assess whether that payment activity aligns with the customer’s known business model.

Suspicious Activity Report (SAR) Expectations

The Advisory instructs financial institutions filing SARs related to activity described in the Advisory to include the key term “HCF-2026-A001,” and to select SAR field 34(g) for healthcare/public or private health insurance (along with any other relevant suspicious activity fields). Even before the issuance of this Advisory, healthcare fraud reporting by financial institutions has risen sharply in recent years.

In 2025, financial institutions filed more than 3,800 initial SARs in which the healthcare-related SAR field was identified. Over 3,200 such SARs were filed in 2024, and over 2,400 in 2023. Even so, FinCEN cautions that reported activity likely represents only a small fraction of the underlying illicit conduct. More information about specific SARs reporting is available on FinCEN’s SAR Stats page.

Why This Matters

The Advisory is notable for at least three reasons.

First, it continues FinCEN’s recent emphasis on fraud involving government payment systems, including programs funded by federal and state healthcare dollars. The agency expressly frames healthcare fraud as a significant threat to both the U.S. healthcare system and the financial system. Also, as noted above, the conduct described in the Advisory is extremely broad and implicates allegations of fraud arising under the False Claims Act, like medically unnecessary or substandard care, that often are difficult for the government to prove.

Second, the Advisory places substantial focus on TCOs and sophisticated laundering typologies. In the Advisory, FinCEN cites a Department of Justice (DOJ) case study involving alleged foreign-based actors, shell companies, stolen patient identities, and transfers through overseas banks and digital assets. The message is that financial institutions should not view healthcare fraud as a purely domestic billing issue. The emphasis on TCOs also implicates potential issues under U.S. economic sanctions, which have long targeted such actors, and the Foreign Corrupt Practices Act, under which the DOJ is specifically prioritizing corruption and bribery involving TCOs.

Third, the Advisory reinforces the expectation that financial institutions apply risk-based customer due diligence and transaction monitoring to customers in the healthcare space, particularly where beneficial ownership, ownership changes, reimbursement activity and outbound fund flows do not line up with the customer’s stated business.

Practically speaking, how financial institutions handle such oversight will largely depend on each institution’s approach to risk and what information it obtains related to the customer on an ongoing basis. Implicit in the Advisory is that financial institutions may not naturally view healthcare providers as an AML risk – even if, at least according to FinCEN, they increasingly are.

Looking Ahead: Ongoing Vigilance for Financial Crimes Risk Associated with Healthcare Fraud

Financial institutions, especially banks and other covered entities with commercial customers in the healthcare sector, should review whether their AML programs adequately account for this risk. That may include reassessing onboarding and beneficial ownership procedures for healthcare providers and suppliers, calibrating transaction monitoring scenarios around reimbursement patterns and rapid outbound transfers, reviewing controls for recently purchased entities and nominee ownership structures, and refreshing escalation procedures for suspicious activity involving potential government program fraud.

In truth, many of the compliance measures outlined in the Advisory are ones that financial institutions already are taking or should be taking with respect to many customers. As noted above, issuance of the Advisory suggests that compliance measures with respect to healthcare providers may have traditionally been less robust than measures for other sectors.

Healthcare companies themselves should also treat the Advisory as a prompt to strengthen basic front-end diligence and internal controls. This means maintaining clear onboarding and credentialing records for vendors, marketers, referral sources, management companies and healthcare providers themselves, and ensuring that payment flows, billing activity and use of third-party contractors align with the company’s legitimate business model. This may be more challenging depending on the size and complexity of the practice or institution, but companies should consider outsourcing these responsibilities to the extent that they lack the infrastructure to ensure compliance within their own organization.

Companies should ensure that legal, compliance, finance, procurement and other operations personnel are equipped and empowered to spot and report on compliance red flags, such as:

• Abrupt spikes in reimbursements.
• Vague consulting or marketing arrangements.
• Unusual cash activity.
• Rapid transfers to unrelated third parties.
• Ownership and control changes that are not fully documented. Similarly, healthcare companies must keep accurate records of their diligence process. For companies that may not conduct this type of diligence often, even straightforward steps like using intake checklists, requiring supporting documentation for high-risk relationships, seeking business references, checking credit and background reports, and preserving a clear approval trail can reduce risk.

This Advisory is part of a broader Treasury enforcement and policy push focused on fraud, waste and abuse in federal payment programs, with an increased emphasis on healthcare fraud generally. Given the amount of money spent on healthcare programs and this administration’s stated prioritization of healthcare enforcement, we expect the industry to be a continued target of FinCEN and broader government enforcement efforts. We likewise expect greater coordination between the various government enforcement entities and divisions.

Send Print Report

Related Posts

• FinCEN Update: Huge Penalty on Broker-Dealer for Willful AML, SAR, and Due Diligence Failures
• FinCEN Interim Final Rule Signals End of Domestic Entities’ CTA Reporting Obligations
• FinCEN Extends BOI Reporting Deadlines: Key Updates for Reporting Companies

Latest Posts

• ERISA Preemption – Alive and Well
• FinCEN Advisory Warns Financial Institutions of Healthcare Fraud Targeting Medicare and Medicaid See more »

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.

©
Bass, Berry & Sims PLC

Written by:

Bass, Berry & Sims PLC Contact + Follow Denise Barnes + Follow Thaddeus McBride + Follow James Parkinson + Follow more less

PUBLISH YOUR CONTENT ON JD SUPRA

• ✔ Increased readership
• ✔ Actionable analytics
• ✔ Ongoing writing guidance Join more than 70,000 authors publishing their insights on JD Supra

Start Publishing »

Published In:

Anti-Money Laundering + Follow Bank Secrecy Act + Follow Beneficial Owner + Follow Department of Health and Human Services (HHS) + Follow Digital Assets + Follow Financial Crimes + Follow Financial Institutions + Follow FinCEN + Follow Government Agencies + Follow Healthcare Fraud + Follow Medicaid + Follow Medicare + Follow Reporting Requirements + Follow Suspicious Activity Reports (SARs) + Follow Criminal + Follow Finance & Banking + Follow Health + Follow Insurance + Follow more less

Bass, Berry & Sims PLC on:

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra: Sign Up Log in ** By using the service, you signify your acceptance of JD Supra's Privacy Policy.* - hide - hide