Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FinCEN issues proposed beneficial ownership information access and safeguards rulemaking

    Financial Crimes

    On December 15, FinCEN issued a notice of proposed rulemaking (NPRM) to implement provisions of the Corporate Transparency Act (CTA) that govern the access to and protection of beneficial ownership information. (See also FinCEN fact sheet here.) The NPRM follows a final rule issued by FinCEN at the end of September (effective January 1, 2024), which establishes a beneficial ownership information reporting requirement (Reporting Rule) and requires most corporations, limited liability companies, and other entities created in or registered to do business in the U.S. to report information about their beneficial owners to FinCEN. (Covered by InfoBytes here.)

    In accordance with CTA requirements related to beneficial ownership information access and safeguard provisions, FinCEN’s NPRM proposes regulations for establishing who may request beneficial ownership information, how the information must be secured, and non-compliance penalties. Specifically, the proposal would limit the disclosure of beneficial information to “[f]ederal agencies engaged in national security, intelligence, or law enforcement activities; state, local, and Tribal law enforcement agencies with court authorization; financial institutions with customer due diligence requirements and regulators supervising them for compliance with such requirements; foreign law enforcement agencies, prosecutors, judges, and other agencies that meet specific criteria; and Treasury officers and employees under certain circumstances.” The proposal would also require authorized recipients to maintain security and confidentiality protocols that align with the scope of access and use provisions.

    Among other things, the NPRM addresses aspects of the secure, non-public beneficial ownership database that is currently in development, and specifies when and how reporting companies may report FinCEN identifiers tied to entities. Under the proposal, foreign requesters would be required to make their requests for beneficial ownership information through intermediary federal agencies, and financial institutions would only be allowed to request this information from FinCEN for purposes of complying with customer due diligence (CDD) requirements and only after receiving consent from the reporting company to which the information pertains.

    Comments on the NPRM are due by February 14, 2023. FinCEN explained that this is the second of three rulemakings planned to implement the CTA. The third rulemaking, which will revise FinCEN’s CDD rule, will occur no later than one year after the effective date of the Reporting Rule.

    Financial Crimes Agency Rule-Making & Guidance FinCEN Of Interest to Non-US Persons Corporate Transparency Act CDD Rule Beneficial Ownership

  • FinCEN provides timing on CTA rulemaking

    Financial Crimes

    On October 12, FinCEN acting Director Himamauli Das provided timelines on recent agency efforts to combat financial crime. Speaking during the ACAMS AML Conference, Das pointed to actions taken by bad actors to hide assets behind shell/front companies and evade U.S. sanctions, and highlighted measures, including beneficial ownership information reporting, suspicious activity reporting, and geographic targeting, designed to combat illicit activity. Das also provided an update on recent rulemakings mandated by the Corporate Transparency Act (CTA), including (i) the beneficial ownership reporting rule (which takes effect January 1, 2024, and is covered by InfoBytes here); (ii) the access rule, which would establish protocols for accessing the beneficial ownership database by law enforcement and financial institutions (FinCEN is currently working on the notice of proposed rulemaking and expects to issue it in the near term); and (iii) the Customer Due Diligence rule, which Das said will be revised “no later than one year after the effective date of the reporting rule” as required by the CTA. He added that FinCEN is also developing an “infrastructure to build a secure and confidential database that meets the highest security standards” to ensure only authorized users can access information. This system is expected to be operational by the time the beneficial ownership reporting rule takes effect. Additionally, FinCEN will, among other things, develop guidance and educational materials to assist companies when preparing their beneficial ownership information reports and will continue to regularly update its dedicated resource page on this subject.

    Financial Crimes Agency Rule-Making & Guidance FinCEN Of Interest to Non-US Persons Corporate Transparency Act CDD Rule Beneficial Ownership OFAC Sanctions

  • FinCEN explores possibility of creating regulatory sandboxes

    Financial Crimes

    On January 13, the acting Director of FinCEN Him Das spoke at the Financial Crimes Enforcement Conference to discuss the transformation of the anti-money laundering/counter-terrorist financing regulatory regime as it relates to new threats, new innovations, and new partnerships. Das highlighted recent FinCEN rulemaking initiatives, including a proposed rule issued last December (covered by InfoBytes here) to implement the beneficial ownership information reporting provisions of the Corporate Transparency Act. In particular, the proposed rule would require many U.S. and foreign companies to report their true beneficial owners to FinCEN and update that information when those beneficial owners change. Das explained that FinCEN is examining how a proposed beneficial ownership database would interplay with the Customer Due Diligence Rule, and stated the agency will share more information in the coming months. Das also discussed an Advance Notice of Proposed Rulemaking (covered by InfoBytes here), which sought comments on potential requirements under the Bank Secrecy Act to address vulnerabilities in the U.S. real estate market to money laundering and other illicit activity.

    With respect to new innovation, Das noted that while FinCEN is exploring the idea of creating regulatory sandboxes to test new methods of transaction monitoring using artificial intelligence, the agency needs feedback from institutions on the potential use and risks of the program. Das also discussed other potential innovative ideas, including, among other things, “new approaches to customer risk rating and institutional risk assessment, digital identity tools and utilities, and automating the adjudication and filing of [suspicious activity reports] related to certain types of activity.”

    Financial Crimes FinCEN Regulatory Sandbox Fintech Anti-Money Laundering Combating the Financing of Terrorism Of Interest to Non-US Persons Corporate Transparency Act Beneficial Ownership CDD Rule Bank Secrecy Act

  • FinCEN, federal banking agencies clarify CDD requirements for charities and non-profit organizations

    Federal Issues

    On November 19, the Financial Crimes Enforcement Network (FinCEN), in concurrence with the Federal Reserve Board, FDIC, NCUA, and OCC (collectively, “federal banking agencies”), released a fact sheet clarifying that Bank Secrecy Act (BSA) customer due diligence (CDD) requirements for charities and nonprofit organizations (NPOs) should be based on the money laundering risks posed by customer relationships. FinCEN and the federal banking agencies remind banks that “the application of a risk-based approach for charities and other NPOs is consistent with existing CDD and other [BSA/anti-money laundering] compliance requirements.” The fact sheet further emphasizes that while “the U.S. government does not view the charitable sector as a whole as presenting a uniform or unacceptably high risk of being used or exploited for money laundering, terrorist financing [], or sanctions violations,” banks must adopt risk-based procedures for conducting CDD that will allow banks to (i) understand the nature and purpose of a customer relationship in order to develop a customer risk profile, and (ii) conduct ongoing monitoring for the purposes of identifying and reporting suspicious transactions “on a risk basis, to maintain and update customer information.” The fact sheet does not alter existing BSA/AML legal or regulatory requirements, nor does it establish new supervisory expectations. (See also OCC Bulletin 2020-101 and FDIC FIL-106-2020.)

    Federal Issues Financial Crimes FinCEN Federal Reserve NCUA FDIC OCC Bank Secrecy Act Anti-Money Laundering CDD Rule Of Interest to Non-US Persons

  • FinCEN removes AML exemption for non-federally regulated banks

    Agency Rule-Making & Guidance

    On September 14, the Financial Crimes Enforcement Network (FinCEN) issued a final rule, under its sole authority, to remove the anti-money laundering (AML) program exemption for non-federally regulated banks. According to FinCEN, the rulemaking was prompted by the “gap in AML coverage” between banks that have a federal functional regulator and those that do not, which has created “a vulnerability to the U.S. financial system that could be exploited by bad actors.” The final rule would bring non-federally regulated banks that are currently required to comply with certain Bank Secrecy Act (BSA) obligations, such as filing currency transaction reports and suspicious activity reports to detect unusual activity, into compliance with the same standards applicable to all other banks. Specifically, the final rule outlines minimum standards for non-federally regulated banks to ensure the establishment and implementation of required AML programs, and extends customer identification program (CIP) requirements, as well as beneficial ownership requirements outlined in FinCEN’s 2016 customer due diligence (CDD) rule (covered by InfoBytes here), to banks not already subject to these requirements. FinCEN believes that non-federally regulated banks will be able to take a risk-based approach when tailoring their AML and CIP programs to fit their size, needs, and operational risks, and that those banks should be able to build on “existing compliance policies and procedures and prudential business practices to ensure compliance. . .with relatively minimal cost and effort.” The final rule takes effect November 16.

    For more details, please see a Buckley Special Alert on the final rule. 

    Agency Rule-Making & Guidance FinCEN Anti-Money Laundering CDD Rule Bank Secrecy Act Compliance Of Interest to Non-US Persons

  • FinCEN clarifies customer due diligence FAQs

    Agency Rule-Making & Guidance

    On August 3, the Financial Crimes Enforcement Network (FinCEN), in consultation with the federal functional regulators, issued responses to three frequently asked questions (FAQs) concerning customer due diligence (CDD) requirements under the Bank Secrecy Act for covered financial institutions. As previously covered by InfoBytes, the 2016 CDD Rule imposed standardized requirements for financial institutions to identify and verify beneficial owners of legal entity customers, subject to certain exclusions and exemptions. The FAQs follow those issued by FinCEN in July 2016 and April 2018 (covered by InfoBytes here and here), and address procedures to collect customer information, methods to establish a customer risk profile, and obligations to update customer information.

    Agency Rule-Making & Guidance FinCEN CDD Rule Bank Secrecy Act

  • FinCEN outlines BSA due diligence requirements for hemp-related businesses

    Agency Rule-Making & Guidance

    On June 29, the Financial Crimes Enforcement Network (FinCEN) issued guidance for hemp-related business customers to explain due diligence requirements and identify the types of information financial institutions can collect to comply with Bank Secrecy Act (BSA) regulatory requirements. The guidance supplements a December 2019 interagency statement (covered by a Buckley Special Alert), which confirmed that financial institutions are no longer required to file a suspicious activity report (SARs) on customers solely because they are “engaged in the growth or cultivation of hemp in accordance with applicable laws and regulations.” Among other things, the guidance reiterates FinCEN’s expectation that financial institutions conduct customer due diligence (CDD) for hemp-related businesses, as they would for other customers, and establish appropriate on-going risk-based CDD procedures. This may include confirming that the hemp business is complying with applicable state, tribal government, or United States Department of Agriculture licensing requirements. Financial institutions should also tailor BSA/Anti-Money Laundering programs to appropriately reflect the risks associated with a customer’s particular risk profile and file the required reports. The guidance further provides that while financial institutions are not required to file SARs on customers solely because they are engaged in a hemp business, “financial institutions are expected to follow standard SAR procedures.” Examples of suspicious activity that may warrant the filing of a SAR are provided. Finally, the guidance states that financial institutions must report currency transactions connected to hemp-related businesses as they would for any other customer for transactions above $10,000 in aggregate on a single business day.

    Agency Rule-Making & Guidance FinCEN Bank Secrecy Act Anti-Money Laundering Hemp Businesses CDD Rule

  • FinCEN Director warns of account takeovers via fintech data aggregators

    Financial Crimes

    On September 24, Financial Crimes Enforcement Network (FinCEN) Director Kenneth Blanco spoke at the Federal Identity (FedID) Forum and Exposition, discussing the role of FinCEN in combatting fraud and cybercrime and highlighting concerns regarding identity crimes. Blanco noted that FinCEN sees approximately 5,000 account takeover reports each month, a crime that “involves the targeting of financial institution customer accounts to gain unauthorized access to funds.” Moreover, FinCEN sees a high amount of fraud through account takeovers via fintech platforms, where cybercriminals use fintech data aggregators to facilitate account takeovers and fraudulent wires. Blanco stated that cybercriminals create fraudulent accounts and are able to “exploit the platforms’ integration with various financial services to initiate seemingly legitimate financial activity while creating a degree of separation from traditional fraud detection efforts.”

    Additionally, Blanco discussed how cybercriminals use business email compromise (BEC) fraud schemes to target financial institutions and relayed FinCEN’s efforts to combat these schemes. As previously covered by InfoBytes, in July, FinCEN issued an updated advisory, describing general trends in BEC schemes, information concerning the targeting of non-business entities, and risks associated with the targeting of vulnerable business processes. Blanco also discussed (i) FinCEN’s final rule titled the “Customer Due Diligence Requirements for Financial Institutions,” (the CDD Rule) (prior coverage by InfoBytes here); and (ii) FinCEN’s December 2018 joint statement with federal banking agencies encouraging innovative approaches to combatting money laundering, terrorist financing, and other illicit financial threats when safeguarding the financial system (previously covered by InfoBytes here).

     

     

    Financial Crimes Fintech Bank Secrecy Act Anti-Money Laundering CDD Rule Fraud Of Interest to Non-US Persons

  • Agency officials urge Congress to create central repository to combat money laundering

    Federal Issues

    On May 21, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “Combating Illicit Financing By Anonymous Shell Companies Through the Collection of Beneficial Ownership Information.” The Committee heard from the same panel of witnesses who testified in November on the need for modernization of the Bank Secrecy Act/Anti-Money Laundering regime. (Covered by InfoBytes here.) Committee Chairman Mike Crapo opened the hearing by stressing the need to discuss ways in which beneficial ownership information collected in an effort to deter money laundering and terrorist financing through anonymous shell companies can be made more useful. Panelists from the Financial Crimes Enforcement Network, the FBI, and Office of the Comptroller of the Currency all emphasized the importance of creating a regime in which beneficial ownership is collected at the corporate formation stage and, for foreign entities, upon the time of registration with U.S. states to conduct business or upon establishing an account with a U.S. financial institution.

    Federal Issues Senate Banking Committee FinCEN Beneficial Ownership Financial Crimes Department of Treasury OCC FBI Of Interest to Non-US Persons Anti-Money Laundering Combating the Financing of Terrorism CDD Rule Hearing

  • FINRA provides 2019 risk monitoring and examination guidance

    Agency Rule-Making & Guidance

    On January 22, the Financial Industry Regulatory Authority (FINRA) issued new guidance on areas member firms should consider when seeking to improve their compliance, supervisory, and risk management programs. The 2019 FINRA Risk Monitoring and Examination Priorities Letter (2019 Priorities Letter) examines both new priorities as well as areas of ongoing concern, including the adequacy of firms’ cybersecurity programs. FINRA notes, however, that the 2019 Priorities Letter does not repeat topics previously addressed in prior letters, and advises member firms that it will continue to review ongoing obligations for compliance. Topics FINRA plans to focus on in the coming year include:

    • Firms’ use of regulatory technology to help compliance efforts become “more efficient, effective, and risk-based.” FINRA will work with firms to understand risks and concerns related to supervision and governance systems, third party vendor management, and safeguarding customer data;
    • Supervision of digital assets, including coordinating with the SEC to review how firms determine whether a given digital asset is a security and whether firms are implementing adequate controls and supervisions related to digital assets, such as complying with anti-money laundering and Bank Secrecy Act rules and regulations;
    • Assessment of firms’ compliance with FinCEN’s Customer Due Diligence rule, which requires firms to identify beneficial owners of legal entity customers (as previously covered by InfoBytes here); and
    • Financial risks, including credit risks, funding and liquidity planning.

    Agency Rule-Making & Guidance Fintech FINRA Cryptocurrency Examination FinCEN CDD Rule Privacy/Cyber Risk & Data Security Bank Secrecy Act

Pages

Upcoming Events