US agencies’ notice about Mexico timeshare fraud doubles as handy surveillance checklist

FinCEN’s joint notice with OFAC and the FBI directs financial firms to identify and report timeshare fraud conducted by Mexico-based criminal entities.

Three US agencies have issued a notice directing financial institutions to operationalize the threats posed by timeshare fraud and Mexico-based transnational criminal organizations such as the Jalisco New Generation Cartel, commonly known as CJNG.

In their joint statement, the US Treasury’s Office of Foreign Assets Control (OFAC) and its Financial Crimes Enforcement Network (FinCEN), plus the FBI, said in a joint statement that Mexican international cartels “have increasingly targeted US owners of timeshare properties in Mexico.”

“The [cartels] use proceeds from timeshare fraud to diversify their revenue streams and finance other criminal activities, including the manufacturing and trafficking of illicit fentanyl and other deadly synthetic drugs into the United States,” the agencies said.

Timeshares and fraud

A timeshare, also known as a vacation ownership, is a commitment to paying for annual trips to the same resort or family of resorts, often as a lifetime commitment. You prepay or finance a lump sum upfront plus annual maintenance fees, and fees attach to upgrade or exchange where you have such a time-restricted access to stay.

Although fraud of all kinds continues to be the largest source of illicit proceeds in the United States (as noted in Treasury’s 2024 National Money Laundering Risk Assessment), timeshare fraud and elder financial exploitation has become an increasing money laundering threat to the US financial system, the agencies said.

“The [cartels] use proceeds from timeshare fraud to diversify their revenue streams and finance other criminal activities.”

OFAC, FinCEN and FBI

Fraud from Mexico-based companies is estimated at hundreds of millions of dollars a year, and the Treasury Department has sanctioned 40 Mexican companies associated with CJNG and its scams. The group is reported to have at least two dozen call centers that contact US owners of timeshares using a variety of scam techniques.

In the notice, the agencies said that approximately 6,000 US victims have reported losing a total of nearly $300m between 2019 and 2023 to timeshare fraud schemes in Mexico. According to the FBI, this figure likely underestimates the total losses, as an estimated 80% of victims choose not to report the scam due to embarrassment, lack of resources, or other reasons.

Surveillance, training reminders

The crux of the joint notice is that financial institutions are instructed to appreciate, organize surveillance techniques and train their personnel on the methodologies, financial typologies, and red flag indicators associated with timeshare fraud in Mexico.

The 14-page document can be used to provide customer education and internal training. Here are the highlights:

Types of scans and keywords to monitor

The notice details how scammers will claim to represent ready buyers, renters, or investors and then exploit victims’ trust through timeshare exit, re-rent, and investment scams. In pages 3-5 of the notice, the agencies not only present what type of sales pitches, offer letters and investment documents may be presented to customers, but the notice provides some keywords businesses can use in their communications and transactions lexicon surveillance.

Such keywords must be captured in English and Spanish, of course, and include surveilling wires containing words like “fees,” taxes,” “travel,” “real estate,” “closing,” “title,” “realty” and “broker.”

Mexico timeshare fraud patterns

The notice then describes the process the fraudsters often use to take the timeshare payments and wire then to a number of shell companies that the cartel and cartel’s family members or third-party launderers control, including complicit accountants and other professionals. The TCOs will then use those Mexican shell companies and trusts to send bank transfers or withdrawal cash to either

  • finance drug trafficking operations and make payments to cartel members, or;
  • purchase luxury real estate or construct timeshare resorts in Mexico to use in future timeshare fraud schemes, particularly in resort towns.

Insight into the threat landscape

The notice provides insight into the threat landscape and how to gauge a business’s threat exposure, noting that elderly people are often targeted. Firms must watch out for repetitive wires to Mexico; wires to that region with the keywords noted above; and wires to Mexico going to the same beneficiary – but from different persons all 60 years old or older.

Victims of timeshare fraud schemes in Mexico generally send payments to scammers through wire via US correspondent banks to Mexican shell companies with accounts at Mexican banks or brokerage houses, and the recipient accounts in such transactions are ones that were typically opened in the preceding six months.

Filing a SAR

The notice gives tips for filing a suspicious activity report based on timeshare fraud in Mexico. And it reminds banks, brokers or dealers in securities, mutual funds, futures commission merchants and introducing brokers in commodities that they must conduct ongoing customer due diligence so as to understand the nature of customer relationships for the purpose of developing a customer risk profile. They must also monitor, identify and report suspicious transactions and, on a risk basis, maintain and update customer information, such as (if applicable) the identity of the beneficial owners of legal entity customers.

Sharing information with other financial firms

The notice reminds institutions that Section 314(b) of the USA PATRIOT Act provides financial institutions with the ability to share information with one another, voluntarily, under a safe harbor that offers protections from liability, to better identify and report activities that may involve money laundering or terrorist activities.

(Author’s Note: Section 6212 of the AML Act of 2020, finalized in November 2023, is helpful here too, as it created a four-year pilot program for US parent banks to share suspicious activity reports with their foreign subsidiaries and branches – at least those in US-allied jurisdictions.)