Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

The Financial Fraud Kill Chain is the most powerful asset recovery tool you’ve never heard of

Recently, the FBI has been waging a highly successful but little-known campaign against sophisticated fraudsters who leverage domestic bank wire transfers to steal millions of dollars from unsuspecting victims. This campaign is possible because of a small but impactful change to the Financial Fraud Kill Chain (FFKC), a tool which, surprisingly, the FBI has not heavily publicized.

Go ahead and search for it on the web. We’ll wait – it won’t take long for you to find that the search results are almost entirely private companies sharing information rather than the FBI itself. So what is this program, and why has it become so effective recently?

The Financial Fraud Kill Chain was created in 2016 by the FBI to assist law enforcement with the ability to quickly identify and stop suspicious wire transfers from going to offshore accounts, making it almost impossible for recovery. However, until recently, the suspicious transfer had to meet the all of the following parameters for the kill chain to be activated, holding the transfer until it could be determined if it was legitimate:     

  • The wire transfer is $50,000 or above
  • The wire transfer is international
  • A SWIFT Recall notice has been initiated
  • The wire transfer has occurred within the last 72 hours

Slightly better publicized is the Financial Crimes Enforcement Network (FinCEN) version of a kill chain called the Rapid Response Program. However, it clearly states that the victim or victim’s financial institution “must file a complaint with law enforcement” first, through either the FBI’s Cyber- and Internet-related Crime Complaint Center (the IC3) or the nearest U.S. Secret Service field office.

The FBI, however, did mention in their 2021 Internet Crime Report that “in 2021, the IC3’s RAT [Recovery Asset Team] initiated the Financial Fraud Kill Chain (FFKC) on 1,726 BEC [Business Email Compromise] complaints involving domestic-to-domestic transactions with potential losses of $443,448,237. A monetary hold was placed on approximately $329 million, representing a 74 percent success rate.”

For context, the total Business Email Compromise-related complaints to the IC3, mentioned in the same report, exceeded $2.4 billion. And “BEC actors have targeted large and small companies and organizations in every U.S. state and more than 150 countries around the world.” These impressive statistics are largely made possible because of the new capability added to the FFKC, which no longer limits the application to international transfers only, but now includes domestic-to-domestic transactions.

Certain industries that often depend on substantial wire transfers, such as real estate and title company transactions – where traditionally AML compliance measures have been characterized as less robust or nonexistent– h ave seen an increase in fraudulent attacks. The FBI noted in their 2022 Congressional Report on BEC and Real Estate Wire Fraud that:

… the criminal finds a way to insert themselves into a real estate transaction through compromising parties’ email or other digital communications. Once the transaction has reached a point where funds begin changing hands, the criminal intervenes and directs the funds to accounts in their control, typically through an email that appears to be from a title company, real estate company, or another interested party. The funds are transferred to the criminal well before the buyer is made aware of the theft.

However, if a potential victim can act quickly enough to report their incident to IC3, resulting in the deployment of the FFKC while the funds are still in the U.S., the chances of the suspicious wire being held by the financial institution are greatly increased.

Given the possible permutations of funds flows in a typical corruption investigation, much less the ubiquitous nature of cybercrime in each of our lives — who hasn’t gotten a spam call or email in the time it took to read this? — it may be wise to bookmark these resources just in case.


Pete Viksnins, pictured above left, a longtime friend and periodic contributor to the FCPA Blog, is a Senior Advisor at  TrustStorm, helping clients with services such as anticorruption compliance, fraud prevention, and internal investigations.

George “Ren” McEachern, above right, is a former FBI Supervisory Special Agent and in 2015 was selected to lead the FBI’s Washington Field Office, International Corruption Squad. In this role, Ren led a team of Special Agents, Forensic Accountants, and Intelligence Analysts with a focus on investigations related to the FCPA, International Money Laundering, Kleptocracy and Antitrust violations. Currently, Ren is the Founder and President of TrustStorm, based in Arlington, Virginia. 

Share this post


Comments are closed for this article!