In a notable back-to-back set of releases, the Financial Crimes Enforcement Network first issued a March 30, 2026 advisory urging financial institutions to identify and report suspicious activity tied to health care fraud schemes targeting Medicare, Medicaid, and other federal and state health care benefit programs, and then, one day later, published a notice of proposed rulemaking to formally implement its whistleblower incentives and protections program. Read together, the two actions send a clear message: FinCEN is sharpening both sides of the anti-fraud enforcement equation by giving financial institutions more specific expectations for suspicious activity reporting while also creating stronger incentives for insiders to bring forward information about Bank Secrecy Act and sanctions-related misconduct.
For banks, fintechs, money services businesses, broker-dealers, crypto-facing institutions, and other covered financial institutions, the sequencing is important. FinCEN is not merely announcing a whistleblower regime in the abstract. It is simultaneously highlighting a concrete enforcement priority—health care fraud—and describing the transactional patterns, typologies, and red flags that institutions should be watching for now. That pairing suggests that FinCEN expects not only better Suspicious Activity Reports, but also more direct reporting from insiders with actionable knowledge of compliance failures, concealed ownership structures, and financial flows tied to fraud against government health care programs.
What FinCEN proposed in its April 1 notice of proposed rulemaking
The proposed whistleblower rule would implement provisions enacted through the Anti-Money Laundering Act of 2020 and the Anti-Money Laundering Whistleblower Improvement Act of 2022. Under the proposal, eligible whistleblowers would generally be individuals, or two or more individuals acting jointly, who voluntarily provide original information leading to successful enforcement actions involving the Bank Secrecy Act, the International Emergency Economic Powers Act, the Trading With the Enemy Act, or the Foreign Narcotics Kingpin Designation Act. If the information leads to a covered action resulting in more than $1 million in monetary sanctions, the whistleblower may be eligible for an award ranging from 10% to 30% of the monetary sanctions collected. The proposed rule also includes confidentiality protections, anti-retaliation protections, and procedural mechanisms for submitting tips and award claims.
The proposal closely resembles the architecture of more established federal whistleblower programs, particularly those at the Securities and Exchange Commission and the Commodity Futures Trading Commission. Like those programs, FinCEN’s model relies on original voluntary submissions, uses a 10% to 30% award framework, permits anonymous submissions through counsel, and emphasizes protection against retaliation. In practical terms, that familiarity is likely to make the program accessible to experienced whistleblower counsel and may accelerate the flow of tips in AML and sanctions matters.
Why the March 30 FinCEN health care fraud advisory matters
The March 30 advisory makes the whistleblower proposal feel immediate rather than theoretical. Issued in coordination with the Federal Bureau of Investigation and the U.S. Department of Health and Human Services Office of Inspector General, the advisory warns financial institutions about health care fraud schemes affecting Medicare, Medicaid, and other federal and state health care benefit programs. FinCEN reports that from 2020 through 2025 it observed a 330% increase in Bank Secrecy Act reporting on health care fraud, which underscores both the scale of the problem and Treasury’s view that fraud involving public benefit programs is a core AML concern.
The advisory is especially useful because it translates an enforcement priority into operational detail. It describes common health care fraud typologies including phantom billing, upcoding, unbundling, billing for medically unnecessary services, kickback arrangements, and the use of shell companies, straw owners, stolen identities, and rapid fund transfers to disguise or move proceeds. It also points to laundering patterns involving wire transfers to foreign companies, digital asset platforms, online betting platforms, and luxury purchases. In other words, the advisory reinforces that health care fraud is not just a provider-side issue; it is also a payments, account-opening, and transaction-monitoring issue squarely within the compliance function of financial institutions.
FinCEN further requests that institutions reference the advisory in SAR field 2 and in the SAR narrative using the key term “HCF-2026-A001,” while also selecting SAR field 34(g) for health care/public or private health insurance, as applicable. That kind of filing instruction is often a signal that FinCEN is trying to improve data capture around a specific threat area and build a richer pipeline of intelligence for future investigations and enforcement actions.
The healthcare fraud advisory ties into the whistleblower proposal
The advisory provides a live example of the kinds of underlying conduct that can generate BSA reporting failures, AML control issues, and enforcement exposure—precisely the types of matters that may also attract whistleblower tips. A financial institution that ignores suspicious provider onboarding, fails to investigate anomalous reimbursement patterns, overlooks beneficial ownership red flags, or inadequately escalates suspicious movement of funds tied to health care claims could face questions not only about the underlying suspicious activity, but also about its own Bank Secrecy Act compliance. In that setting, employees with knowledge of internal warnings, resource constraints, suppressed escalation, or deliberately narrow monitoring rules may have a newly meaningful incentive to report to FinCEN.
The advisory itself appears to underscore that connection. In addition to describing fraud as one of FinCEN’s AML/CFT National Priorities, it notes the existence of FinCEN’s whistleblower incentive program for Bank Secrecy Act violations where the information leads to a successful enforcement action with monetary penalties exceeding $1 million. That is a striking inclusion. It suggests that FinCEN is not treating suspicious activity reporting, supervisory expectations, and whistleblower incentives as separate silos, but rather as mutually reinforcing tools in a broader anti-fraud strategy.
What companies should do now
Taken together, the advisory and the proposed whistleblower rule should prompt companies to revisit both transaction monitoring and internal reporting frameworks. Financial institutions should ensure that teams responsible for onboarding, AML investigations, fraud monitoring, and SAR decision-making understand the health care fraud typologies and red flags highlighted by FinCEN. They should also assess whether escalation pathways are functioning effectively, whether investigate findings are being documented consistently, and whether personnel feel safe surfacing concerns internally without retaliation.
The broader lesson is that FinCEN appears to be moving toward a more integrated and intelligence-driven model of enforcement. It is identifying priority fraud typologies, instructing institutions how to report them, coordinating with criminal and inspector general partners, and simultaneously strengthening the incentives for insiders to report BSA-related misconduct directly. For regulated institutions, that means compliance breakdowns in areas like health care fraud may now carry a higher likelihood of detection from both outside-in monitoring and inside-out whistleblower reporting.