Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 22, the Financial Industry Regulatory Authority (FINRA) issued new guidance on areas member firms should consider when seeking to improve their compliance, supervisory, and risk management programs. The 2019 FINRA Risk Monitoring and Examination Priorities Letter (2019 Priorities Letter) examines both new priorities as well as areas of ongoing concern, including the adequacy of firms’ cybersecurity programs. FINRA notes, however, that the 2019 Priorities Letter does not repeat topics previously addressed in prior letters, and advises member firms that it will continue to review ongoing obligations for compliance. Topics FINRA plans to focus on in the coming year include:
- Firms’ use of regulatory technology to help compliance efforts become “more efficient, effective, and risk-based.” FINRA will work with firms to understand risks and concerns related to supervision and governance systems, third party vendor management, and safeguarding customer data;
- Supervision of digital assets, including coordinating with the SEC to review how firms determine whether a given digital asset is a security and whether firms are implementing adequate controls and supervisions related to digital assets, such as complying with anti-money laundering and Bank Secrecy Act rules and regulations;
- Assessment of firms’ compliance with FinCEN’s Customer Due Diligence rule, which requires firms to identify beneficial owners of legal entity customers (as previously covered by InfoBytes here); and
- Financial risks, including credit risks, funding and liquidity planning.
On January 11, the Georgia Department of Banking and Finance (Department) announced the issuance of a Final Order taken against a Florida-based money transmitter and two of its officers for allegedly failing to, among other things, timely file suspicious activity reports (SARs) or conduct required background checks on covered employees. Following a hearing, the Department issued the Final Order on January 9 to revoke the company’s money transmitter license and order the officers to cease and desist. According to the Order, the officers’ failure to timely file SARs related to four cancelled money transmission transactions violated Georgia’s Rules and Regulations 80-3-1-.03(3), which obligate money transmitters to “comply with the recordkeeping requirements, currency transaction reporting, and suspicious activity reporting set forth in the Bank Secrecy Act.” Moreover, the Department further asserted that the officers materially misrepresented why the filings were delayed, and therefore deemed the officers “incompetent or untrustworthy to engage in the money transmission business.”
On January 8, the Federal Reserve Board announced an enforcement action against a Texas bank for alleged weaknesses in its anti-money laundering risk management and compliance programs, including failure to comply with applicable rules and regulations, such as the Bank Secrecy Act. Under the terms of the order, the bank is required to (i) develop and implement a written plan to strengthen the board of directors’ oversight of Bank Secrecy Act/anti-money laundering (BSA/AML) compliance; (ii) submit an enhanced written compliance program that complies with BSA/AML requirements; (iii) ensure the bank provides effective training for all personnel related to BSA/AML compliance responsibilities; (iv) submit an enhanced, written customer due diligence plan; (v) submit a program to ensure compliant, timely, and accurate suspicious activity monitoring and reporting; (vi) retain an independent third party to ensure the effectiveness of the bank’s transaction monitoring system; and (vii) submit a written plan for independent testing of the bank’s compliance with all applicable BSA/AML requirements. A civil money penalty was not assessed against the bank.
On December 26, the Financial Industry Regulatory Authority (FINRA) entered into a Letter of Acceptance, Waiver, and Consent (AWC), fining a broker-dealer $10 million for failing to establish and enforce an anti-money laundering (AML) program that complies with Bank Secrecy Act and implementing regulation requirements. According to FINRA, alleged failures in the firm’s automated AML surveillance system allowed transactions from countries with “high money laundering risk” to flow through the financial system from January 2011 through at least April 2016. Furthermore, the firm allegedly failed to (i) devote sufficient resources to reviewing suspicious transactions; (ii) adequately monitor customers’ penny stock trades and deposits for suspicious activities; and (iii) adequately monitor and conduct risk-based reviews of correspondent accounts of certain foreign financial institutions.
The firm neither admitted nor denied the findings set forth in the AWC agreement, but agreed to address identified deficiencies in its programs. FINRA further noted that the firm “has taken extraordinary steps and devoted substantial resources since 2013 to expand and enhance its AML policies and procedures.”
On December 20, the U.S. Treasury Department issued the National Strategy for Combating Terrorist and Other Illicit Financing (the National Illicit Finance Strategy). Pursuant to Sections 261 and 262 of the Countering America’s Adversaries Through Sanctions Act of 2017 (CAATSA), the National Illicit Finance Strategy describes current U.S. government efforts to combat domestic and international illicit finance threats in the areas of terrorist financing, proliferation financing, and money laundering, and discusses potential risks, priorities and objectives, as well as areas for improvement. The document addresses the strengths of U.S. counter-illicit finance efforts, including the legal and regulatory framework, as well as efforts undertaken to improve the effectiveness of national safeguards currently in place due to changes in technology and emerging threats. Recent efforts include a working group formed earlier in December to explore ways to modernize the Bank Secrecy Act/Anti-Money Laundering regulatory regime and encourage banks and credit unions to explore innovative approaches such as artificial intelligence, digital identity technologies, and internal financial intelligence units to combat money laundering, terrorist financing, and other illicit financial threats when safeguarding the financial system (see previous InfoBytes coverage here).
On December 19, the United States Attorney for the Southern District of New York announced it filed charges against a Kansas-based broker-dealer for allegedly willfully failing to file a suspicious activity report (SAR) in connection with the illegal activities of one of its customers in violation of the Bank Secrecy Act (BSA). According to the announcement, this is the first criminal BSA action ever brought against a U.S. broker-dealer. The allegations are connected to the actions of the broker-dealer’s customer, who was the owner of a Kansas-based payday lending scheme that was ordered to pay a $1.3 billion judgment for making false and misleading representations about loan costs and payments in violation of the FTC Act (previously covered by InfoBytes here). The U.S. Attorney alleges the broker-dealer, among other things, failed to follow its customer identification procedures, disregarded “red flags that were known prior to [the customer] opening the accounts,” and continued to ignore additional red flags that arose over time. Additionally, the U.S. Attorney alleges the broker-dealer failed to monitor transactions using its anti-money laundering (AML) tool, which led to numerous suspicious transactions going undetected and unreported until long after the customer was convicted at trial for his actions in the scheme.
Along with the announcement of the filing, the U.S. Attorney’s Office further stated it had entered into a deferred prosecution agreement with the broker-dealer in which it agreed to accept responsibility for its conduct, pay a $400,000 penalty, and enhance its BSA/AML compliance program.
The SEC also settled with the broker-dealer for the failure to file the SARs. The settlement requires the broker-dealer to hire an independent consultant to review its AML and customer identification program and implement any recommended changes. The independent consultant will monitor for compliance with the recommendations for two years.
On December 4, the Financial Crimes Enforcement Network (FinCEN) issued Notice 2018-1 announcing a further extension of time for certain Report of Foreign Bank and Financial Accounts (FBAR) filings in light of FinCEN’s notice of proposed rulemaking (NPR) published March 10, 2016. (See previous InfoBytes coverage on the 2016 NPR here.) Specifically, one of the proposed amendments seeks to “expand and clarify the exemptions for certain U.S. persons with signature or other authority over foreign financial accounts,” but with no financial interest, as outlined in FinCEN Notice 2017-1 issued December 22, 2017. FinCEN noted that because the proposal has not been finalized, it is extending the filing due date to April 15, 2020 for individuals who previously qualified for a filing due date extension under Notice 2017-1. All other individuals must submit FBAR filings by April 15, 2019.
Agencies encourage financial institutions to explore innovative industry approaches to BSA/AML compliance
On December 3, the Financial Crimes Enforcement Network (FinCEN) released a joint statement along with federal banking agencies—the Federal Reserve Board, FDIC, NCUA, and OCC (together, the “agencies”)—to encourage banks and credit unions to explore innovative approaches such as artificial intelligence, digital identity technologies, and internal financial intelligence units to combat money laundering, terrorist financing, and other illicit financial threats when safeguarding the financial system. According to the agencies, private sector innovation and the adoption of new technologies can enhance the effectiveness and efficiency of Bank Secrecy Act/anti-money laundering (BSA/AML) compliance programs. Moreover, new innovations and technologies can also enhance transaction monitoring systems. Specifically, the agencies urged banks to test innovative programs to explore the use of artificial intelligence. However, the agencies emphasized that while feedback on innovative programs may be provided, the “pilot programs in and of themselves should not subject banks to supervisory criticism even if the pilot programs ultimately prove unsuccessful. Likewise, pilot programs that expose gaps in a BSA/AML compliance program will not necessarily result in supervisory action with respect to that program.” The joint statement further specifies that the agencies will be willing to grant exceptive relief from BSA regulatory requirements to facilitate pilot programs, “provided that banks maintain the overall effectiveness of their BSA/AML compliance programs.” However, banks that maintain effective compliance programs but choose not to innovate will not be penalized or criticized.
According to Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker, “[a]s money launderers and other illicit actors constantly evolve their tactics, we want the compliance community to likewise adapt their efforts to counter these threats,” pointing to the recent use of innovative technologies to identify and report illicit financial activity related to both Iran and North Korea.
As previously covered by InfoBytes, earlier in October the agencies provided guidance on resource sharing between banks and credit unions in order to more efficiently and effectively manage their BSA/AML obligations.
On November 30, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in October. Included among the actions is an order to pay a civil money penalty of $9,600 issued against a Louisiana-based bank for alleged violations of the Flood Disaster Protection Act in connection with alleged failures to obtain flood insurance coverage on loans at or before origination or renewal.
Consent orders were also issued against three separate banks related to alleged weaknesses in their Bank Secrecy Act (BSA) and/or BSA/anti-money laundering (BSA/AML) compliance programs. (See orders here, here, and here.) Among other things, the banks are ordered to: (i) implement comprehensive written BSA/AML compliance programs, which include revising BSA risk assessment policies, developing a system of BSA internal controls, and enhancing suspicious activity monitoring and reporting and customer due diligence procedures; (ii) conduct independent testing; and (iii) implement effective BSA training programs. The FDIC further requires the Florida and New Jersey-based banks to conduct suspicious activity reporting look-back reviews.
In addition, a Kentucky-based bank was ordered to pay a civil money of $300,000 for allegedly violating TILA by “failing to clearly and conspicuously disclose required information related to the [b]ank’s Elastic line of credit product” and Section 5 of the FTC ACT by “using a processing order for certain deposit account transactions contrary to the processing orders disclosed in the [b]ank’s deposit account disclosures.”
There are no administrative hearings scheduled for December 2018. The FDIC database containing all 17 enforcement decisions and orders may be accessed here.
On November 29, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “Combating Money Laundering and Other Forms of Illicit Finance: Regulator and Law Enforcement Perspectives on Reform” to discuss efforts to improve the Bank Secrecy Act/anti-money laundering (BSA/AML) regulatory, supervisory, and enforcement regime. Committee Chairman Mike Crapro, R-Idaho, opened the hearing by emphasizing the need for a continued dialogue on modernizing the BSA/AML regime to “encourage the innovation necessary to combat illicit financing while also encouraging regulators to focus on more tangible threats, and law enforcement to increase interagency cooperation and improve information sharing throughout the process.”
Among other things, Financial Crimes Enforcement Network (FinCEN) Director Kenneth A. Blanco highlighted the following three key priorities as part of FinCEN’s “multi-prong approach” to the regulatory reform process: (i) examining and understanding the value and effectiveness of the BSA through data-driven analysis in conjunction with both considering changes to enhance efficiency (such as evaluating suspicious activity and currency transaction reporting requirements) and engaging with regulators through, for example, monthly meetings with the FFIEC’s Anti-Money Laundering Working Group; (ii) “promot[ing] responsible innovation and creative solutions to combat money laundering and terrorist financing” by exploring ways to collaborate with financial institutions to improve AML/countering the financing of terrorism compliance, fostering innovation, and leveraging technology while also minimizing vulnerabilities; and (iii) “[e]nhancing public-private partnerships that reveal and mitigate vulnerabilities” and sharing information with the private sector to help identify suspicious activity.
OCC Compliance and Community Affairs Senior Deputy Comptroller Grovetta N. Gardineer discussed the agency’s efforts to enhance the efficiency of its current supervisory practices, and commented on how new technologies such as artificial intelligence and machine learning provide opportunities for banks to cut costs and identify suspicious activity. Gardineer also highlighted the OCC’s Money Laundering Risk System, which allows for the identification of potentially higher-risk community bank areas by “identifying the products and services offered by these institutions, as well as the customers and geographies they serve.” In addition, Gardineer offered recommendations for BSA amendments to improve supervisory efforts, such as (i) requiring a periodic review of BSA/AML regulations to identify those that may be outdated or burdensome; (ii) amending BSA safe harbor rules to clarify that a financial institution can file a suspicious activity report without being exposed to civil liability; and (iii) expanding safe harbor to permit information sharing beyond money laundering and terrorism financing between financial institutions without incurring liability. Moreover, Gardineer stated that FinCEN’s notice requirement with respect to information-sharing under section 314(b) of the USA Patriot Act should be eliminated or modified in order to enhance institutions’ ability to share information.
FBI Criminal Investigative Division Section Chief Steven M. D'Antuono also discussed, among other things, the Treasury Department’s recent Customer Due Diligence Final Rule (see previous InfoBytes coverage here), and stated that the Rule is “a step toward a system that makes it difficult for sophisticated criminals to circumvent the law through use of opaque corporate structures.”
- Kathryn L. Ryan to discuss "NMLS usage" at the NMLS Annual Conference & Training
- Jeffrey S. Hydrick to discuss "State legislative update" at the NMLS Annual Conference & Training
- Kathryn L. Ryan to speak at the "Business model primer" at the NMLS Annual Conference & Training
- Daniel P. Stipano to discuss "Dynamic customer due diligence and beneficial ownership from KYC to ongoing CDD and the new rule implementation" at the Puerto Rican Symposium of Anti-Money Laundering
- Michelle L. Rogers to discuss "Preparing for servicing exams in the current regulatory environment" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Jon David D. Langlois to discuss "Regulatory risks of convenience fees" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- APPROVED Webcast: NMLS Annual Conference & Ombudsman Meeting: Review and recap
- Brandy A. Hood to discuss "Keeping your head above water in flood insurance compliance" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Melissa Klimkiewicz to discuss "Servicing super session" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Daniel P. Stipano to discuss "Lessons learned from recent high profile enforcement actions" at the Florida International Bankers Association AML Compliance Conference
- Moorari K. Shah to provide "Regulatory update – California and beyond" at the National Equipment Finance Association Summit
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Aaron C. Mahler to discuss "Regulation B/fair lending" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Heidi M. Bauer to discuss "'So you want to form a joint venture' — Licensing strategies for successful JVs" at RESPRO26
- Jonice Gray Tucker to discuss "Small business & regulation: How fair lending has evolved & where are we heading?" at CBA Live
- Jonice Gray Tucker to to discuss "DC policy: Everything but the kitchen sink" at CBA Live
- Daniel P. Stipano to discuss "Lessons learned from ABLV and other major cases involving inadequate compliance oversight" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "A year in the life of the CDD final rule: A first anniversary assessment" at the ACAMS International AML & Financial Crime Conference
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program