On September 8, 2025, FinCEN issued a Notice to help financial institutions detect and disrupt financially motivated sextortion. According to FinCEN, financially motivated sextortion has been an increasingly common typology and has devastating effects on victims and their families.

FinCEN defines financially motivated sextortion as a crime in which perpetrators, using fake identities, coerce victims into creating and sending sexually explicit images or videos of themselves. These typically happen online through social media platforms. The perpetrators then threaten to release this material to the victims' friends and family unless the victims pay them.

According to law enforcement, reports of financially motivated sextortion incidents have dramatically increased in recent years, targeting boys. Recent advances in generative AI tools have enabled the creation of realistic deepfake images and videos that exploit victims' likenesses for extortion. The FBI has noted an increase in sextortion cases where perpetrators use manipulated content sourced from victims' social media or shared non-explicit images after being denied explicit materials. Many transactions for these illicit AI-generated content creations are conducted using convertible virtual currency or prepaid cards to ensure the perpetrators remain anonymous.

FinCEN enumerated the following red flag indicators to help financial institutions detect, prevent, and report potential suspicious activity related to financially motivated sextortion:

Red Flag Indicators for Victims Experiencing Financially Motivated Sextortion

A customer, including a customer who is a minor with an account co-signed by a parent or guardian, makes a series of payments over a short period of time using P2P payment platforms to a recipient in a Jurisdiction of Concern, especially if the customer has no discernable personal connection to that geographic area.
A customer, especially a customer who is a minor with an account co-signed by a parent or guardian or who is a young adult, makes a series of P2P transfers that may be low, round dollar amounts (e.g., between $10-50) that are hundreds of dollars or less over a short period of time to an individual, or individuals, with whom the customer has no prior transaction relationship. The customer who receives these funds then rapidly transfers them via a P2P transfer to another account or accounts.
A customer makes payments that include payment memos with messages indicating extortion (e.g., “delete the pictures,” “please stop”) and typically occur during late night and early morning hours.
A customer, including a customer who is a minor with a P2P account co-signed by a parent or guardian, purchases CVC through a P2P platform and subsequently transfers the CVC to an unhosted CVC wallet with exposure to illicit finance risk based on blockchain analytics or to a CVC wallet with whom the customer has had no prior transaction relationship with no business or apparent lawful purpose.
A customer, including a customer who is a minor with an account co-signed by a parent or guardian, makes multiple, uncharacteristic purchases of prepaid access cards. These prepaid access cards are typically then redeemed in a different jurisdiction from where the cards were purchased.

Red Flag Indicators for Money Mule Accounts

A customer, including a customer who is a minor with an account co-signed by a parent or guardian, receives multiple P2P payments from unrelated accounts with which the customer had not previously interacted. The customer then rapidly transfers these funds via a P2P payment to another unrelated account or accounts. This activity may be indicative of a victim who is being coerced to act as a money mule.
A customer’s account receives many deposits or transfers from P2P payment platforms, that may be hundreds of dollars or less, over a short period of time that are quickly withdrawn in cash or transferred to other accounts with no business or apparent lawful purpose.
A customer’s P2P or bank account experiences a high volume of transfers to and from accounts in a Jurisdictions of Concern with no business or apparent lawful purpose.
A customer receives multiple P2P payments and subsequently uses these funds to purchase CVC. The customer then transfers the purchased CVC to an unhosted CVC wallet with exposure to illicit finance risk based on blockchain analytics or a CVC wallet that is hosted by a CVC exchange in a Jurisdiction of Concern.
A customer deposits or cashes multiple money orders that may be hundreds of dollars or less from individuals with whom the customer previously had no interaction and who may be geographically distant from the customer’s location with no business or apparent lawful purpose.

Read FinCEN’s press release here.

The full Notice can be found here.

Adam Witmer

Adam Witmer is a speaker, author, and founder of the Compliance Cohort. Adam has taught hundreds of seminars and training sessions to thousands of bankers throughout the United States and teaches on all areas of regulatory compliance. Adam has written five e-books that he never published, hit a grizzly bear while driving in a National Park, and is an award winning photographer and musician (though he no longer takes photos nor plays any instruments). In his spare time, Adam can be found kayaking on the lake, doing taekwondo with his kids, working on his (project) house, or spending time with his family.

Website

Become a Free Member