When Payroll Becomes a Laundering Channel: Inside FinCEN’s New Advisory on Off-the-Books Wage Schemes

In 2025, U.S. financial institutions filed more than $2.5 billion in suspicious activity tied to a single, often-overlooked typology: payroll tax fraud. On June 5, 2026, FinCEN responded. Its new interagency advisory, FIN-2026-A002, asks banks, money services businesses, and fintech platforms to treat off-the-books payroll arrangements as what they increasingly are — a structured, shell-company-driven channel for moving illicit value through the regulated financial system.

For compliance teams in the MSB, fintech, payroll-processing, and e-commerce space, this is not a peripheral tax story. It lands squarely on your transaction monitoring, your customer due diligence, and your SAR program. Here is what the advisory says, and what a defensible response looks like.

What the Advisory Actually Requires

FinCEN issued FIN-2026-A002 in coordination with the IRS, FDIC, OCC, and NCUA, framing it as part of a whole-of-government effort that aligns with Executive Order 14406, Restoring Integrity to America’s Financial System (May 19, 2026), which expressly identifies payroll tax evasion as a systemic risk. The advisory directs institutions to detect and report “off-the-books” payroll arrangements used to pay workers outside lawful wage and tax reporting.

The mechanics described are familiar to anyone who works BSA typologies. Employers — concentrated in agriculture, construction, domestic service, hospitality, and staffing — contract with labor brokers who stand up shell companies to manufacture the appearance of a legitimate business. Those shells frequently operate as unregistered money services businesses, paying workers in cash, checks, or peer-to-peer transfers, with transactions deliberately sized to fall below Bank Secrecy Act and recordkeeping thresholds. In other words: classic structuring, wrapped in a payroll narrative.

The 18 Red Flags — and Where They Hit Your Monitoring

FinCEN provided eighteen red-flag indicators. They cluster into patterns your scenarios should already surface, but rarely do in the payroll context:

  • Identity mismatches: Social Security number discrepancies, or accounts opened with a non-U.S. passport or ITIN by customers claiming to be self-employed or running a small business.
  • Sector concentration: customers operating in or paying into agriculture, construction, domestic service, hospitality, or staffing firms.
  • Sub-threshold check patterns: large volumes of recurring checks under $1,000 made out to separate individuals.
  • Cash-out behavior: unusually large cash withdrawals, or repeated negotiation of checks for cash later used to pay wages off-ledger.

When you report, FinCEN asks that you reference the key term “FINANCIALINTEGRITY-2026-A002” in SAR field 2 and in the narrative. As always, a single indicator is rarely decisive — the obligation is to evaluate red flags in combination, against the full context of the customer relationship.

The ITIN Question: Calibrate, Don’t Over-Correct

The advisory’s treatment of Individual Taxpayer Identification Numbers deserves careful handling. ITINs are issued by the IRS to support tax compliance and do not, by themselves, authorize employment. FinCEN asks institutions to assess whether ITIN use may be a relevant risk factor within risk-based CDD — not to treat it as a presumption of wrongdoing. The task is to integrate ITIN data into a holistic risk picture, document the rationale, and avoid both under-detection and indiscriminate de-risking that sweeps in legitimate, tax-compliant customers. Getting this calibration wrong creates fair-access and reputational exposure of its own.

Why This Lands Hardest on MSBs, FinTechs, and Payroll Platforms

The shell entities at the center of these schemes are, by FinCEN’s own description, unregistered MSBs. That single phrase pulls the advisory directly into the verticals we serve. Payroll processors and earned-wage platforms can be the rails these arrangements ride on; P2P-enabled fintechs and e-commerce payout flows are precisely the channels used to keep payments below the radar. If your program has historically treated “payroll” as low-risk and “B2B” as benign, this advisory is a prompt to revisit that assumption with evidence, not instinct.

FinCheck’s Perspective & the Way Forward

Advisories like FIN-2026-A002 do not create new obligations so much as they reset examiner expectations about what your existing program should already catch. After publication, “we weren’t looking for that” is no longer a defensible position. Five concrete moves:

  • Refresh your risk assessment. Add payroll tax fraud and off-the-books wage schemes as a named typology, mapped to your customer base, products, and geographies — not buried under generic “structuring.”
  • Tune monitoring to the named patterns. Build or sharpen scenarios for sub-$1,000 recurring check runs, sector-concentrated payout flows, and check-to-cash conversion, then back-test them against historical data.
  • Operationalize the SAR key term. Update SAR templates and investigator playbooks so FINANCIALINTEGRITY-2026-A002 is applied consistently and your narratives connect the dots the advisory asks for.
  • Screen for unregistered-MSB behavior. Where a “staffing” or “labor” customer is functionally transmitting wages, treat that as the MSB-risk question it is — and document the determination.
  • Calibrate ITIN handling with written rationale. Embed ITIN risk factors into CDD in a way that is defensible to both an examiner and a fair-access review.

The institutions that fare best after a new advisory are not the ones that scramble — they are the ones whose programs were already evidence-driven and quick to absorb new typologies. That is exactly the discipline an independent AML audit, a focused risk-assessment refresh, or fractional CCO coverage is built to deliver.

Is your AML program ready for FIN-2026-A002? FinCheck LLC helps FinTechs, MSBs, crypto, gaming, payroll, and e-commerce businesses operationalize new FinCEN guidance — from independent AML audits and BSA/AML risk assessments to fractional Chief Compliance Officer coverage, policy development, and transaction-monitoring tuning. Let’s pressure-test your program before your next exam does.

Drawing the Line: Why Geolocation Integrity Became a Core AML Control in 2026 Gaming

Drawing the Line: Why Geolocation Integrity Became a Core AML Control in 2026 Gaming

A player’s location used to be a product question. In…

When Payroll Becomes a Laundering Channel: Inside FinCEN’s New Advisory on Off-the-Books Wage Schemes

When Payroll Becomes a Laundering Channel: Inside FinCEN’s New Advisory on Off-the-Books Wage Schemes

In 2025, U.S. financial institutions filed more than $2.5 billion…

Chinese Money Laundering Networks: The Cartel Laundering Threat on America’s Doorstep

Chinese Money Laundering Networks: The Cartel Laundering…

In August 2025, FinCEN named a threat that had been hiding in plain sight inside…

Drawing the Line: Why Geolocation Integrity Became a Core AML Control in 2026 Gaming

Drawing the Line: Why Geolocation Integrity Became…

A player’s location used to be a product question. In 2026, it is a money-laundering…

When Payroll Becomes a Laundering Channel: Inside FinCEN’s New Advisory on Off-the-Books Wage Schemes

When Payroll Becomes a Laundering Channel: Inside…

In 2025, U.S. financial institutions filed more than $2.5 billion in suspicious activity tied to…