InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Special Alert: Lessons Learned from Arab Bank's U.S. Anti-Terrorism Act Verdict
On September 22, 2014, following a two-month trial, a federal jury in the Eastern District of New York ruled in favor of a group of 297 individual plaintiffs in a civil suit accusing Arab Bank PLC, headquartered in Amman, Jordan, of supporting terrorism. Linde vs. Arab Bank PLC, No. 1:04-CV-2799 (E.D.N.Y. filed July 2, 2004).
In summary, the plaintiffs alleged that Arab Bank was liable under the U.S. Anti-Terrorism Act, 18 U.S.C. § 2331, et seq. (the “ATA”), for the deaths and/or severe injuries resulting from acts in international terrorism that occurred between 2001 and 2004, because the bank had processed and facilitated payments for Hamas and other terrorist or terrorist-related organizations, their members, the families of suicide bombers, or Hamas front organizations.
What this means for financial institutions, particularly foreign banks that increasingly face the potential reach of U.S. laws and plaintiffs, remains to be seen. But there are three take-aways worthy of immediate consideration.
Click here to view the full special alert.
Buckley Sandler Webcast Recap: FinCEN's Proposed Rule Amending Customer Due Diligence Obligations
BuckleySandler hosted a webcast entitled “FinCEN’s Proposed Rule Amending Customer Due Diligence Obligations,” on September 18, 2014, as part of the ongoing FinCrimes Webcast Series. Panelists included James Cummans, Vice President of BSA/AML Operations at TCF Bank; Jacqueline Seeman, Managing Director and Global Head of KYC at Citigroup, Inc.; and Sarah K. Runge, Director, Office of Strategic Policy at the U.S. Department of Treasury. The following is a summary of the guided conversation moderated by Jamie Parkinson, partner at BuckleySandler, and key take-aways to prepare for comments to the proposed rule and implementation of the new rule, once final, at your financial institution.
Key Tips and Take-Aways:
- Assess and prepare your organization’s financial and personnel resources to make sure that the appropriate resources are in place to comply with the proposed rule once it is finalized. Certain technical aspects of implementation may be complicated depending on the financial institutions’ existing processes.
- Boards of Directors should participate in and be informed of the process.
- Institutions that are exempt from the rule, including money services businesses (“MSBs”), should also consider how this rule would affect their operations. FinCEN has announced that this is an incremental rule making, meaning the rule could extend to additional entities in the future.
- Covered financial institutions should consider the implications and compliance issues associated with the proposed rule and actively engage in the comment period. It is clear that FinCEN took certain industry concerns into account from the earlier Advance Notice of Proposed Rulemaking (“ANPRM”), so any potential issues should again be raised.
Customer Due Diligence Rule Requirements
The session began with a brief background on the rulemaking process and the overarching goals of the proposed CDD obligations. The panel then addressed the rule’s codification of existing practices and procedures relating to client onboarding procedures and transaction monitoring. Significantly, the panelists outlined the new requirement to identify “beneficial owners” and the two independent prongs—ownership and control—used to determine who would be considered a “beneficial owner” of a legal entity customer. Finally, the panelists noted that the current proposed rule requires financial institutions to use a standard certification form to document the beneficial ownership of legal entity customers.
Potential Compliance Difficulties
The panelists noted that while the proposed rule outlines what would be required of an institution, there are a number of potential compliance challenges. First, the panelists discussed the definition of a “beneficial owner.” Some financial institutions have implemented lower ownership thresholds or additional persons in “control” for CDD purposes based on their assessment of risk. This presents potential compliance and logistical considerations for institutions that determined for compliance risk reasons to identify additional “beneficial owners” under both prongs when considered under their current policies and procedures.
Next, the panelists discussed the certification form that may be required by the rule. Panelists noted that the use of a paper based form could cause logistical challenges and compliance issues for institutions that are moving to digital documentation and banking. Specifically, the panelists expressed concern that the form might present difficulties associated with compiling data and performing additional risk analysis, and may also constrain the flexibility sought by different institutions in the manner of implementation of the new CDD information. The panelists also pointed out that a standard form (and the rule in general) impacts other compliance considerations, for example, those associated with e-signatures and data security. This looks likely to be an area of constructive commentary.
Identity Verification for Beneficial Owners
Panelists next discussed the rule’s requirement that financial institutions verify the identity of a “beneficial owner.” The original ANPRM had required financial institutions to verify not only the identity but also the status of the “beneficial owner.” Panelists noted that verification of an individual’s status would have presented significant compliance issues due to limited reliable resources to confirm such information, and that the required identity verification was a much better standard. The panelists also pointed out that this significant change demonstrates that FinCEN was taking industry opinion and comments to heart, and that this should encourage institutions to actively engage in the ongoing comment period.
Non-Covered Entities
Panelists then shifted to discussing the issue of entities who are not covered by the proposed rule. Panelists noted that there is likely to be commentary over some concern that the rule may create an uneven playing field between those companies that are required to gather this data and those companies that are not affected. Additionally, the panelists highlighted the fact that the current rule-making process has been presented as an incremental rule making, meaning that while certain entities may not currently be covered by the rule, FinCEN may expand the scope of entities covered by the rule in the future. As such, panelists suggested that entities not currently covered—such as MSBs and casinos—should not only pay attention to the proposed rule but perhaps evaluate their own compliance programs in anticipation of potential application later, but also actively engage in the comment portion of the rule making. The panel then warned that if these entities do not participate now, it may be difficult to make significant changes to the rule after it takes effect. Finally, regarding non-covered entities such as MSBs, panelists noted that the CDD requirements may have a practical impact despite the lack of formal mandate, as those covered institutions that bank non-covered entities may inquire about CDD practices and may expect non-covered entities to implement some type of risk-based CDD.
Board Level Responsibilities and Requirements
The panel also discussed the implications the proposed rule has on governance and the responsibilities of boards of directors. Panelists noted that boards have been encouraged to focus on enhanced training and resources regarding AML and BSA matters and that boards of directors need to understand the associated risks and legal requirements. Additionally, the panel pointed out that boards of directors need to monitor the implementation of any procedures dealing with the proposed requirements and that failure to properly implement the procedures or requirements could lead to disciplinary action. Finally, the board needs to ensure the organization’s financial and personnel resources are sufficient to address and implement the requirements of the proposed rule once it is finalized.
Requirements for Existing Accounts
The panel addressed the fact that while the proposed rule is not retroactive, the commentary states that financial institutions should be keeping the required information current and updated. Panelists expressed concern over what would be required with regard to keeping this information current, specifically highlighting concerns with when the financial institution would be required to update pre-existing low and medium risk customer profiles. The panel noted that while there are currently refresh cycles involved with their customers, there is no guidance as to how far back an institution would have to go and whether they would have to update the entire customer profile associated with an account.
Implementation Timeline
The panel concluded by discussing the proposed rule’s implementation timeline of one year. Panelists expressed concern that the one year period would cause certain technology related challenges and would be more burdensome for large institutions. The panelists noted that this is an issue that will likely be addressed in the comment period, with suggestions of between 18 and 24 months to prepare for and implement policies and procedures associated with the new rule.
Special Alert: FinCEN Publishes Long-Awaited Proposed Customer Due Diligence Requirements
On August 4, 2014, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) published a Notice of Proposed Rulemaking ("NPRM") that would amend existing Bank Secrecy Act (“BSA”) regulations intended to clarify and strengthen customer due diligence (“CDD”) obligations for banks, securities broker-dealers, mutual funds, and futures commission merchants and introducing brokers in commodities (collectively, “covered financial institutions”).
In drafting the modifications, FinCEN clearly took into consideration comments responding to its February 2012 Advance Notice of Proposed Rulemaking (“ANPRM”), as the current proposal appears narrower and somewhat less burdensome on financial institutions. Comments on the proposed rulemaking are due October 3, 2014.
Overview: Under the NPRM, covered financial institutions would be obligated to collect information on the natural persons behind legal entity customers (beneficial owners) and the proposed rule would make CDD an explicit requirement. If adopted the NPRM would amend FinCEN’s AML program rule (the four pillars) by making CDD a fifth pillar.
Click here to view the special alert.
FinCEN Proposes Customer Due Diligence Rule
On July 30, FinCEN released a proposed rule that would amend BSA regulations to clarify and add customer due diligence (CDD) obligations for banks and other financial institutions, including brokers or dealers in securities, mutual funds, futures commission merchants, and introducing brokers in commodities. The rule would not cover other entities subject to FinCEN regulations that are not already required to have a customer identification program (CIP)—e.g money services businesses—but FinCEN may extend CDD requirements in the future to these, and potentially other types of financial institutions. The proposed rule states that as part of the existing regulatory requirement to have a CIP, covered institutions are already obligated to identify and verify the identity of their customers. The proposed rule would add to that base CDD requirement, new requirements to: (i) understand the nature and purpose of customer relationships; and (ii) conduct ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions. The proposed rule also would add a so-called beneficial ownership requirement, which would require institutions to know and verify the identities of any individual who owns at least 25% of a legal entity, or who controls the legal entity.
FinCEN emphasizes that nothing in the proposal is intended to limit the due diligence expectations of the federal functional regulators or in any way limit their existing regulatory discretion. To that end, the rule would incorporate the CDD elements on nature and purpose and ongoing monitoring into FinCEN’s existing AML program requirements, which generally provide that an AML program is adequate if, among other things, the program complies with the regulation of its federal functional regulator governing such programs. FinCEN does not believe that the new CDD requirements will require covered institutions to perform any additional activities or operations, but acknowledges the rule may necessitate revisions to written policies and procedures. FinCEN also recognizes that financial institutions will be required to modify existing customer onboarding processes to incorporate the beneficial ownership requirement. As such, FinCEN proposes an effective date of one year from the date the final rule is issued. Comments on the proposal are due 60 days from publication of the proposal in the Federal Register.
New York DFS Launches New Database Of Online Payday Lenders
On June 16, the New York DFS launched a new database of online lenders that have been subject to actions by DFS based on evidence of illegal payday lending, and announced that one national bank had agreed to start using the tool. The DFS believes the database will help financial institutions meet “know your customer” obligations with regard to online lenders and will help ensure that electronic payment and debit networks are not used to transmit or collect on allegedly illegal, online payday loans made to New York residents. According to the DFS, the national bank plans to use the information about companies that may be engaged in illegal lending to (i) help confirm that its merchant customers are not using their accounts to make or collect on illegal payday loans to New York consumers; and (ii) identify payday lenders that engage in potentially illegal payday loan transactions with its New York consumer account holders, and, when appropriate, contact the lenders’ banks to notify them that the transactions may be illegal. The bank also agreed to provide DFS with information about payday lending activities by lenders listed in the database, including identifying lenders that continue to engage in potentially illegal lending activities despite the DFS’s previous actions. The database announcement is just the latest step taken by the DFS with regarding to online payday lending. Over the past year, the DFS has opened numerous investigations of online lenders and has scrutinized or sought to pressure debt collectors, payment system operators, and lead generators in an attempt to halt lending practices that the DFS claims violate state licensing requirements and usury restrictions.