InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN issues FAQs on PPP
On January 12, FinCEN and the SBA issued FAQs on the Paycheck Protection Program (“PPP”), established under the CARES Act, to assist borrowers and lenders in interpreting the CARES act and the PPP Interim Final Rule. Among the issues addressed in the FAQs, FinCEN and the SBA provided guidance regarding whether under the CDD Rule, lenders are required to collect, certify, or verify beneficial ownership information for existing customers, stating that it is not necessary to re-verify “[i]f the PPP loan is being made to an existing customer, and the existing customer and the necessary information was previously verified. Additionally, FinCEN and the SBA addressed the question of whether a lender’s collection of the information required with respect to owners of 20% or greater interest in PPP applicants is sufficient to satisfy a lender’s obligation to collect beneficial ownership information under the Bank Secrecy Act. FinCEN and the SBA stated that for lenders with existing customers the lender does not need to reverify beneficial ownership information for owners that hold ownership interests of at least 20 percent, and with respect to new customers with the same ownership interest, all natural persons will need to provide the same information in order to satisfy BSA requirements. FinCEN also answered more FAQs on its April 2020 FAQs regarding the PPP on Second Draw PPP Loans, on BSA/AML compliances, and on SBA Procedural Notice 5000-835955, the last stating that a “PPP lender may reveal the existence of a SAR to the SBA when requesting a guaranty purchase (without charge-off) from the SBA.”
FinCEN report on identity fraud in 2021 outlines statistics and processes
On January 9, FinCEN published a report titled “Identity-Related Suspicious Activity: 2021 Threats and Trends” which focuses on patterns in reported Bank Secrecy Act (BSA) data linked to suspicious activity from 2021. The report is part of a broader set of financial trend analyses conducted by FinCEN under section 6206 of the Anti-Money Laundering Act of 2020. During 2021, about 1.6 million of all BSA reports (or 42 percent) on suspicious activity were related to identity, equaling $212 billion in suspicious activity.
Key findings in the report included: (i) 69 percent of identity-related BSA reports indicate attackers have impersonated others; (ii) depository institutions have filed the most BSA reports at 54 percent, with the next highest being money services businesses at 21 percent; (iii) general fraud was the most reported typology with 1.2 million BSA reports totaling $149 billion in suspicious amounts, with the next two being false records and identity theft, respectively; and (iv) there were a significant number of identity-related exploitations based on BSA report volumes and dollar values. FinCEN reported three identity-related exploitations, including how attackers (a) impersonate others; (b) dodge or exploit verification processes; and (c) use compromised credentials. A model on page six of the report provides further clarity on how attackers undermine identity processes, such as through bust out schemes (attackers open credit card accounts then max out the cards), check fraud, credit and debit card fraud, and Covid-19 fraud.
Treasury announces strategy to address financial institution de-risking
The U.S. Treasury Department recently released its “first of its kind” strategy to address financial institution de-risking. Mandated by the Anti-Money Laundering Act of 2020, the 2023 De-Risking Strategy examines customer categories most often impacted by de-risking and provides findings and policy recommendations to address ongoing problems. Treasury defines de-risking as financial institutions restricting or terminating business relationships indiscriminately with broad classes of customers rather than analyzing and managing specific risks in a targeted manner. The report found that customers most frequently subject to de-risking are small-to-medium-sized money service businesses (MSB) that are often used by immigrant communities to send remittances abroad. Other commonly impacted customer categories include non-profit organizations operating overseas in high-risk jurisdictions and foreign financial institutions with low correspondent banking transaction volumes. De-risking is particularly acute for entities operating in financial environments characterized by significant money laundering/terrorism financing risks, the report notes. Identifying “profitability as the primary factor in financial institutions’ de-risking decisions,” the report found that profitability is influenced by several factors, including the cost to implement anti-money laundering/countering the finance of terrorism (AML/CFT) compliance measures and systems commensurate with customer risk.
The report presents several recommendations for policymakers, such as promoting consistent supervisory expectations and training federal examiners to consider the effects of de-risking, as well as suggesting that financial institutions analyze account termination notices and notice periods for non-profits and MSBs to identify ways to support longer notice periods where possible. Treasury also encourages heightened international cooperation to strengthen foreign jurisdictions’ AML/CFT regimes, and encourages policymakers to continue assessing the risks and opportunities of innovative and emerging technologies for AML/CFT compliance solutions. Treasury may also consider requiring financial institutions to have “reasonably designed and risk-based AML/CFT programs supervised on a risk basis, possibly taking into consideration the effects of financial inclusion.”
Treasury official flags “de-risking” as a concern in combating illicit financial risks
On December 5, Assistant Secretary for Terrorist Financing and Financial Crimes at the U.S. Department of Treasury Elizabeth Rosenberg outlined key illicit finance risks impacting the broader financial system during the ABA/ABA Financial Crimes Enforcement Conference. Rosenberg noted that for many nations, the illicit finance threat posed by Russia related to its invasion into Ukraine is a top priority. She commented that more than 30 countries immediately implemented sanctions or other economic measures against Russia, and that since then, the U.S. and other countries have created an expansive, multilateral web of restrictions targeting Russia’s ability to fund its war. Rosenberg also recognized that by reassessing their understanding of Russian illicit financial risks and implementing adaptive measures, companies and financial institutions play an important role in providing critical insight into emerging threats. Rosenberg also discussed Treasury’s risk-based approach to crafting policy responses, including those related to beneficial ownership transparency, investment adviser misuse, and the use of residential and commercial real estate to hide and grow illicit funds.
Rosenberg warned, however, that there are challenges in implementing a truly risk-based approach. She pointed to observations made by the Financial Action Task Force, which showed that while many countries and their financial institutions “are keenly aware of where enhanced due diligence is needed,” many “often can not readily identify the inverse: places where simplified due diligence should be expected and permitted.” She cautioned that focusing on high-risk areas rather than lower-risk parts “is not without costs,” and illustrated a common form of de-risking that occurs “when financial institutions categorically cut off relationships or services to avoid perceived risks—for example, certain geographic regions—rather than applying a nuanced, risk-based approach.” Doing so can lead to “deleterious effects,” she warned, such as excluding businesses based on their location or status, or impacting emerging markets that could serve underbanked populations. Rosenberg said Treasury intends to study these concerns through the Anti-Money Laundering Act of 2020, and will develop a strategy for addressing de-risking, including recommendations on ways to improve public-private engagement on the issue, regulatory guidance and adjustments, and international supervision.
FinCEN reports significant increase in ransomware-related BSA filings in 2021
On November 1, FinCEN reported that ransomware continues to pose a significant threat to U.S. infrastructure, businesses, and the public, with ransomware-related Bank Secrecy Act (BSA) filings in 2021 accounting for nearly $1.2 billion. Issued pursuant to the Anti-Money Laundering Act of 2020, FinCEN’s Financial Trend Analysis examines ransomware activities for calendar year 2021, with a particular focus on ransomware trends in BSA data from July-December 2021. According to FinCEN, reported ransomware-related incidents have substantially increased from 2020, with roughly 75 percent of these incidents reported during the second half of 2021 emanating from or connected to actors in Russia. Highlights from the report include: (i) the number and total U.S. dollar value for ransomware-related incidents during 2021 far exceeds data for any previous year, with FinCEN reporting a 188 percent increase from 2020 to 2021 (possibly reflecting either an increase of ransomware-related incidents or improved reporting and detection); (ii) an average of 132 and a median of 136 ransomware-related incidents per month were reported during the review period (Treasury’s October 2021 measures to combat ransomware — covered by InfoBytes here — and potentially associated reporting obligations may have contributed to the overall rise in 2021 filings, FinCEN noted); and (iii) of the 793 ransomware-related incidents reported during the second half of 2021, 594 (roughly 75 percent) pertained to Russia-related variants.
The same day, Deputy Secretary of the Treasury Wally Adeyemo hosted participants from 36 countries during the second International Counter Ransomware Initiative Summit where attendees examined the challenges presented by ransomware and discussed the U.S.’s whole-of-government approach for responding to serious threats posed by bad actors.
FinCEN issues ANPRM on no-action letter process
On June 3, FinCEN issued an Advance Notice of Proposed Rulemaking (ANPRM) soliciting comments on questions related to implementing a no-action letter process at the agency. The ANPRM is part of FinCEN’s implementation of the Anti-Money Laundering Act of 2020, which directed the agency to conduct an assessment of a no-action letter process concerning how anti-money laundering or countering the financing of terrorism laws may apply to specific conduct. The ANPRM follows FinCEN’s June 2021 report to Congress (covered by InfoBytes here), which concluded that the agency should undertake rulemaking to establish a process for issuing no-action letters that will supplement its current forms of regulatory guidance and relief. FinCEN noted in its announcement that the addition of a no-action letter process (“generally understood to be a form of enforcement discretion where an agency states by letter that it will not take an enforcement action against the submitting party for the specific conduct presented to the agency”) could overlap with and “affect other forms of regulatory guidance and relief that FinCEN already offers, including administrative rulings and exceptive or exemptive relief.” The agency is seeking public input on whether the process should be implemented and, if so, how the process should work. Included in the ANPRM are questions concerning, among other things, FinCEN jurisdiction (specifically “[w]hat is the value of establishing a FinCEN no-action letter process if other regulators with jurisdiction over the same entity do not issue a similar no-action letter”), whether there should be limitations on which factual circumstances could be considered, and whether the scope of a no-action letter should be limited so that requests may not be submitted during a Bank Secrecy Act examination. The ANPRM also asked questions related to changes in circumstances, revocations, denials and withdrawals, confidentiality and consultation concerns, and criteria for distinguishing no-action letters from administrative rulings or exceptive/exemptive relief.
Comments on the ANPRM are due August 5.
FinCEN to issue second beneficial ownership NPRM later this year
On April 28, FinCEN acting Director Himamauli Das informed the House Financial Services Committee during a hearing on the oversight of the agency that FinCEN is currently developing a second notice of proposed rulemaking (NPRM) this year proposing “regulations governing access to beneficial ownership information by law enforcement, national security agencies, financial institutions and others.” The NPRM will be published this year and follows a previous proposal to implement the beneficial ownership information reporting provisions of the Corporate Transparency Act (CTA), which addresses who must report beneficial ownership information, when to report it, and what information must be provided (covered by InfoBytes here). In his written testimony, Das stated the agency also plans to issue a third and final proposal revising the Customer Due Diligence (CDD) regulation for financial institutions “no later than one year after the effective date of the final reporting rule,” as required by the statute. “The CTA directs that the revisions should bring the CDD regulation into conformance with the beneficial ownership rules under the CTA and reduce unnecessary or duplicative requirements, among other things,” Das said. “We are considering all options as we develop the Access Rule NPRM, and look forward to receiving public comments on our proposal when it is issued.” Das also noted that FinCEN is currently developing the beneficial ownership database, which will allow users to search and access certain beneficial ownership information. However, Das warned that limited resources “have presented significant challenges to meeting the implementation requirements of [FinCEN’s] expanded mandate under the Anti-Money Laundering Act, including the CTA’s beneficial ownership requirements . . . we are missing deadlines, and we will likely continue to do so.”
OCC issues final rule for granting exemptions to SAR requirements
On March 16, the OCC issued a final rule amending its suspicious activity report (SAR) regulations. The rule sets out a process for national banks and federal savings associations to request exemptions from the OCC’s SAR requirements. To request exemption under the final rule, national banks or federal savings associations, including federal branches and agencies of foreign banks, must submit a request in writing to the OCC. The agency “will consider whether the exemption is consistent with the purposes of the [Bank Secrecy Act] and with safe and sound banking and may consider any other appropriate factors.” Where required, institutions must separately seek an exemption from FinCEN, and the OCC intends to coordinate with FinCEN on such requests. The final rule will also allow “the OCC to facilitate changes required by the Anti-Money Laundering Act of 2020" and “will make it possible for the OCC to grant relief to national banks or federal savings associations that develop innovative solutions intended to meet Bank Secrecy Act requirements more efficiently and effectively.”
Treasury releases study on illicit finance in the high-value art market
On February 4, the U.S. Treasury Department published a study examining the high-value art market’s money laundering and terrorist financing risks to the U.S. financial system. The study also identified efforts U.S. government agencies, regulators, and other market participants should explore to mitigate the laundering of illicit proceeds through this industry. Treasury’s Study of the Facilitation of Money Laundering and Terror Finance Through the Trade in Works of Art found that while there is some evidence of money laundering risk in the high-value art market, there was limited evidence of a nexus between terrorist financing risk and high-value art (which the study theorizes is in part due “to a disconnect between the high-value art market and the physical geographies where terrorist groups are most active”). Participants most vulnerable to money laundering in the art market, the study noted, are financial services companies that offer art-collateralized loans but that are not subject to comprehensive anti-money laundering/countering the financing of terrorism (AML/CFT) requirements. Banks that facilitate payments between customers and art market institutions also present unique money laundering risks, the study found, while asset-based lending can disguise the original source of funds and provide liquidity to criminals. The study further cautioned that entities with large annual sales turnover present higher money laundering risks, and stressed that the emerging digital art market (including non-fungible tokens or NFTs) “may present new risks, depending on the structure and market incentives of certain activity in this sector of the market.”
To address the identified risks, the study recommended the following: (i) supporting “private sector information-sharing programs to encourage transparency among art market participants”; (ii) “updating guidance and training for law enforcement, customs enforcement, and asset recovery agencies”; (iii) using recordkeeping and reporting authorities to support information collection and money laundering activity analyses; and (iv) “applying comprehensive AML/CFT requirements to certain art market participants.” Treasury noted that it will consider “how these measures could mitigate identified money laundering risk, the potential burden on smaller art market participants, privacy considerations, as well as progress on addressing systemic AML/CFT issues, such as the abuse of shell companies.”
FinCEN proposes SAR pilot program
On January 24, FinCEN issued a Notice of Proposed Rulemaking (NPRM) to establish a limited-duration pilot program for financial institutions to share suspicious activity reports (SARs), pursuant to Section 6212 of the Anti-Money Laundering Act of 2020. The pilot program would allow financial institutions with SAR reporting obligations to share SARs and related information (subject to certain restrictions) with their foreign branches, subsidiaries, and affiliates for the purpose of combating illicit finance risks. The NPRM would expand guidance that previously only permitted SARs to be shared internally with foreign head offices, controlling companies (domestic or foreign), and domestic affiliates, and seeks input on the expected costs and benefits, technical challenges, merits of quarterly reporting, and SAR confidentiality protections. According to FinCEN, the pilot program is intended to provide feedback as the agency considers longer-term approaches towards SAR sharing with foreign affiliates. Comments are due March 28.