9.3 Fraud-related statutes (RICO, FCPA, Sarbanes-Oxley, AML, whistleblower)
Key Takeaways
- Mail fraud (18 U.S.C. §1341) and wire fraud (§1343) criminalize any scheme to defraud using the mail or interstate wires and serve as predicate acts for RICO and money-laundering charges.
- RICO requires a pattern of racketeering activity—at least two predicate acts within 10 years tied to an enterprise—and civil RICO allows treble (triple) damages.
- The FCPA combines anti-bribery provisions against paying foreign officials with books-and-records and internal-controls provisions enforced by the SEC and DOJ.
- Sarbanes-Oxley requires CEO/CFO certification (§302), internal-control reporting (§404), whistleblower protection (§806), and criminalizes document destruction.
- The Bank Secrecy Act requires CTRs for cash transactions over $10,000 and confidential SARs, while the False Claims Act's qui tam provision lets a relator recover 15–30 percent.
Key Federal Fraud Statutes
The CFE exam tests familiarity with the major U.S. laws used to combat fraud, corruption, and money laundering. Each statute has distinct elements, thresholds, and remedies.
Mail and Wire Fraud
The mail fraud (18 U.S.C. §1341) and wire fraud (18 U.S.C. §1343) statutes are the workhorses of federal fraud prosecution. They criminalize any scheme to defraud that uses the U.S. mail or a private carrier (mail fraud) or interstate wire, radio, or television communications—including phone calls, emails, and electronic funds transfers (wire fraud). Prosecutors favor them because almost every modern scheme touches a wire or a mailing. Each count carries up to 20 years in prison—30 years if a financial institution is affected—and both statutes serve as predicate acts for RICO and money-laundering charges.
RICO
The Racketeer Influenced and Corrupt Organizations Act (RICO, 18 U.S.C. §§1961–1968) targets ongoing criminal enterprises. To establish a RICO violation, the government—or a civil plaintiff—must show a pattern of racketeering activity: at least two predicate acts (drawn from a long statutory list that includes mail and wire fraud, bribery, and money laundering) committed within a 10-year period and connected to an enterprise affecting interstate commerce. RICO is powerful because it lets prosecutors reach an entire organization, and because civil RICO permits treble (triple) damages plus attorney's fees for injured plaintiffs.
The Foreign Corrupt Practices Act (FCPA)
The FCPA (1977) has two main components:
- Anti-bribery provisions. Prohibit U.S. persons and issuers—and, in some cases, foreign parties acting within U.S. territory—from corruptly offering or paying anything of value to a foreign government official to obtain or retain business. A narrow exception exists for small "facilitating" or grease payments that merely expedite routine governmental action.
- Books-and-records and internal-controls provisions. Require issuers to keep accurate books and records and to maintain a system of internal accounting controls. These accounting provisions are enforced by the SEC and frequently produce liability even without a proven bribe.
The DOJ and SEC jointly enforce the FCPA, and penalties can be enormous—reaching hundreds of millions of dollars in disgorgement and fines, plus individual prosecutions. Because the accounting provisions require accurate records and effective controls regardless of intent to bribe, companies frequently face FCPA exposure even when investigators cannot trace a specific improper payment. This is why many organizations invest heavily in third-party due diligence and anti-corruption compliance programs.
Sarbanes-Oxley Act (SOX)
Enacted in 2002 after the Enron and WorldCom scandals, SOX reshaped corporate governance and financial reporting for public companies:
- §302 — CEO/CFO certification. Senior officers must personally certify the accuracy of financial reports.
- §404 — internal control over financial reporting. Management must assess and report on internal controls, and the external auditor must attest to them.
- §806 — whistleblower protection. Bars retaliation against employees of public companies who report suspected fraud.
- §802 / §1102 — document destruction. Criminalizes knowingly altering, destroying, or falsifying records to obstruct an investigation, with penalties up to 20 years.
SOX also created the PCAOB to oversee audit firms and strengthened audit-committee independence.
Bank Secrecy Act and Anti-Money Laundering (AML)
The Bank Secrecy Act (BSA) and related AML laws require financial institutions to help detect and prevent money laundering:
- Currency Transaction Report (CTR). Must be filed for cash transactions exceeding $10,000 in a single business day.
- Suspicious Activity Report (SAR). Filed when an institution detects a transaction that appears suspicious; the filing is confidential and may not be disclosed to the subject ("no tipping off").
- Structuring—breaking a transaction into smaller amounts to evade the CTR threshold—is itself a federal crime.
Money laundering typically moves through three stages: placement, layering, and integration. The USA PATRIOT Act later expanded AML obligations, including customer identification (KYC) programs.
The False Claims Act and Whistleblower Programs
The False Claims Act (FCA, 31 U.S.C. §§3729–3733) imposes liability for knowingly submitting false claims to the federal government—common in healthcare, defense, and procurement fraud. Its distinctive qui tam provision lets a private citizen (a "relator") sue on the government's behalf and share 15–30 percent of any recovery; the FCA also protects relators from retaliation. Separately, the Dodd-Frank Act created SEC and CFTC whistleblower programs that pay awards of 10–30 percent of sanctions over $1 million for original information about securities and commodities violations.
Statutes at a Glance
| Statute | Focus | Key Feature |
|---|---|---|
| Mail/Wire Fraud (§§1341/1343) | Any scheme to defraud using mail or wires | Up to 20 yrs; RICO predicate |
| RICO (§§1961–1968) | Ongoing criminal enterprises | 2+ predicate acts in 10 yrs; civil treble damages |
| FCPA (1977) | Bribery of foreign officials | Anti-bribery + books-and-records; DOJ & SEC |
| Sarbanes-Oxley (2002) | Public-company reporting | §302 certification, §404 controls, whistleblower |
| BSA / AML | Money-laundering detection | CTR over $10,000; confidential SARs |
| False Claims Act | False claims to the government | Qui tam; relator recovers 15–30% |
Knowing which statute fits a given fact pattern—and exactly what each requires the government to prove—lets a fraud examiner structure an investigation and referral that maximizes the chance of a successful prosecution or civil recovery.
To establish a "pattern of racketeering activity" under RICO, the government generally must prove:
The FCPA's books-and-records and internal-controls (accounting) provisions are primarily enforced by which agency?
A bank must file a Currency Transaction Report (CTR) under the Bank Secrecy Act when a customer conducts a cash transaction exceeding what amount?