Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN releases beneficial ownership reporting guidance
On March 24, FinCEN released its first set of guidance materials to aid the public and small businesses in reporting beneficial ownership information (i.e., individuals who directly or indirectly own or control a company). As previously covered by InfoBytes, last September, FinCEN published a final rule establishing beneficial ownership information requirements, as required by the Corporate Transparency Act. The final rule, which becomes effective January 1, 2024, will require most corporations, limited liability companies, and other entities created in or registered to do business in the United States, to report information about their beneficial owners to FinCEN. Reporting companies created or registered before January 1, 2024, will have until January 1, 2025, to file their initial reports, while reporting companies created or registered after January 1, 2024, will have 30 days after creation or registration to file their initial reports. The guidance materials include FAQs, information on key filing dates, and informational videos. Additional guidance will be published in the coming months, including a Small Entity Compliance Guide, FinCEN said in the announcement.
FinCEN comments on Russia’s suspended FATF membership; issues statements on jurisdictions with AML/CFT/CPF deficiencies
On March 9, FinCEN informed U.S. financial institutions that last month the Financial Action Task Force (FATF) suspended the Russian Federation’s membership after determining that the country’s “actions unacceptably run counter to the FATF core principles aiming to promote security, safety, and the integrity of the global financial system.” (Covered by InfoBytes here.) FATF also urged jurisdictions to monitor for and mitigate emerging risks resulting “from the circumvention of measures taken in order to protect the international financial system.”
Additionally, FinCEN noted that at the end of February, FATF issued public statements updating its lists of jurisdictions with strategic deficiencies in anti-money laundering (AML), countering the financing of terrorism (CFT), and countering the financing of proliferation of weapons of mass destructions (CPF) regimes. These include (i) Jurisdictions under Increased Monitoring, “which publicly identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes that have committed to, or are actively working with, the FATF to address those deficiencies in accordance with an agreed upon timeline,” and (ii) High-Risk Jurisdictions Subject to a Call for Action, “which publicly identifies jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and calls on all FATF members to apply enhanced due diligence, and, in the most serious cases, apply counter-measures to protect the international financial system from the money laundering, terrorist financing, and proliferation financing risks emanating from the identified countries.”
With respect to jurisdictions under increased monitoring, FinCEN’s announcement reminded U.S. covered financial institutions of their due diligence obligations for foreign financial institutions (including correspondent accounts maintained for foreign banks), and instructed them to ensure that they implement “appropriate, specific, risk-based, and, where necessary, enhanced policies, procedures, and controls that are reasonably designed to detect and report known or suspected money laundering activity conducted through or involving any correspondent account established, maintained, administered, or managed in the United States.” Money services business are reminded of parallel requirements with respect to foreign agents or counterparties. Members were informed that FATF removed Cambodia and Morocco from its list of Jurisdictions under Increased Monitoring but added Nigeria and South Africa to the list.
FinCEN’s announcement also informed members that Burma remains on the list of High-Risk Jurisdictions Subject to a Call for Action, and advised U.S. financial institutions to apply enhanced due diligence. Moreover, U.S. financial institutions should continue to refer to existing FinCEN and OFAC guidance on engaging in financial transactions with Burma. With respect to the Democratic People’s Republic of Korea and Iran, “financial institutions must comply with the extensive U.S. restrictions and prohibitions against opening or maintaining any correspondent accounts, directly or indirectly, for North Korean or Iranian financial institutions,” FinCEN said, adding that “[e]xisting U.S. sanctions and FinCEN regulations already prohibit any such correspondent account relationships.”
FinCEN warns financial institutions of surge in mail theft-related check fraud
On February 27, FinCEN issued an alert to financial institutions on the nationwide surge in check fraud schemes targeting the U.S. mail. Mail theft-related check fraud, FinCEN explained, generally relates to the fraudulent negotiation of checks stolen from the U.S. postal service, and represents one of the most significant money laundering threats to the U.S. The alert is intended to ensure financial institutions file suspicious activity reports (SARs) that appropriately identify and report suspected check fraud schemes possibly linked to mail theft. The alert highlighted red flags to help financial institutions identify and report suspicious activity, and reminded financial institutions of their Bank Secrecy Act (BSA) reporting requirements. According to FinCEN, BSA reporting for check fraud has increased significantly over the past three years. “In 2021, financial institutions filed over 350,000 [SARs] to FinCEN to report potential check fraud, a 23 percent increase over the number of check fraud-related SARs filed in 2020,” the agency said, adding that in 2022, SARs related to check fraud reached over 680,000. When suspecting this type of fraud, financial institutions are advised to refer customers to the United States Postal Inspection Service in addition to filing a SAR.
CSBS says state regulators need access to FinCEN’s beneficial ownership database
On February 14, the Conference of State Bank Supervisors commented that FinCEN should be more explicit in its inclusion of state regulators as agencies that can request access to FinCEN’s forthcoming secure, non-public beneficial ownership information database. (See comment letter here.) As previously covered by InfoBytes, last December FinCEN issued a notice of proposed rulemaking (NPRM) to implement provisions of the Corporate Transparency Act (CTA) that govern the access to and protection of beneficial ownership information (BOI). The NPRM proposed regulations for establishing who may request beneficial ownership information, how the information must be secured, and non-compliance penalties, and also addressed aspects of the database that are currently in development. Agreeing that the new database would help enhance anti-money laundering and countering the financing of terrorism standards and help prevent the use of privacy to hide illicit activity from law enforcement and government authorities, CSBS asked that the final rule “explicitly define state regulators so that there is no confusion about their ability to access BOI when examining state-chartered banks and non-depository trust companies for compliance with customer due diligence requirements under the Bank Secrecy Act (BSA).” According to CSBS, state regulators conducted over 1,200 BSA exams in 2021. CSBS further pointed out that being able request BOI on an as needed basis would aid investigative and enforcement responsibilities for both state-chartered banks and state-licensed nonbank financial services providers.
OFAC, UK announce joint sanctions on Russia-based cybercrime gang
On February 9, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), in coordination with the UK, announced sanctions against seven individuals who allegedly are involved in a Russia-based cybercrime gang and are associated with the development or deployment of a range of ransomware strains designed to steal financial data. (See also UK’s announcement here.) The sanctions, taken pursuant to Executive Order (E.O.) 13694 as amended by E.O. 13757, represent the first sanctions of their kind for the UK, and come as a result of a partnership between OFAC and the U.K.’s Foreign, Commonwealth, and Development Office, the UK National Crime Agency, and His Majesty’s Treasury—all of which serve to disrupt Russian cybercrime and ransomware. “Cyber criminals, particularly those based in Russia, seek to attack critical infrastructure, target U.S. businesses, and exploit the international financial system,” Treasury Under Secretary Brian E. Nelson said in the announcement, stressing that “international cooperation is key to addressing Russian cybercrime.” Referring to an action taken by FinCEN last month, which identified a Russia-based virtual currency exchange “as a ‘primary money laundering concern’ in connection with Russian illicit finance” (covered by InfoBytes here), OFAC reiterated that the U.S. and UK are “committed to using all available authorities and tools to defend against cyber threats.” The designations follow other joint sanctions actions taken by the two countries and reflect findings that sanctions are most effective in coordination with international partners, OFAC said.
As a result of the sanctions, all property and interests in property belonging to the sanctioned individuals that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. U.S. persons are generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons. Persons that engage in certain transactions with the designated individuals may themselves be exposed to sanctions, and “any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals or entities designated today could be subject to U.S. correspondent or payable-through account sanctions.”
Luetkemeyer accuses DOJ of incomplete BSA/AML data
On February 1, Representative Blaine Luetkemeyer (R-MO) sent a letter to Attorney General Merrick Garland asking for an explanation as to why the DOJ has not complied with a provision in the 2021 National Defense Authorization Act (2021 NDAA), which requires the Department to report metrics on its use of Bank Secrecy Act (BSA) data to the Treasury Department. According to Luetkemeyer, section 6201 of the 2021 NDAA requires the DOJ to also report “on the use of data derived from financial institutions reporting under the [BSA]” in order to increase transparency on the usefulness of BSA data filed with FinCEN from financial institutions and ensure bad actors are not using the U.S. financial system to fund illicit activities.
Specifically, the DOJ is required by the 2021 NDAA to examine how often the reported data contains actionable information, the number of legal entities and individuals identified within the reported data, and information on investigations resulting from the reported data that are conducted by state and federal authorities, the letter said. Citing a Government Accountability Office report (which found that the DOJ’s report failed to “include new statistics on the use and impact of BSA reports, including the summary statistics required under the act”), Luetkemeyer claimed the lack of transparency “begs the question if the burdensome reporting is worthwhile” and prevents “FinCEN and Congress from determining the effectiveness of the U.S. anti-money laundering regime.” Luetkemeyer asked the DOJ for an explanation as to why it failed to provide the required information.
OFAC sanctions evasion network supporting Russia’s military-industrial complex
On February 1, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced it is imposing “full blocking sanctions against 22 individuals and entities across multiple countries related to a sanctions evasion network supporting Russia’s military-industrial complex.” The sanctions, taken pursuant to Executive Order 14024, are part of the United States’ strategy to target sanctions evasion efforts around the globe, shut down key backfilling channels, expose facilitators and enablers, and limit Russia’s access to revenue to fund its war against Ukraine. “Targeting proxies is one of many steps that Treasury and our coalition of partners have taken, and continue to take, to tighten sanctions enforcement against Russia’s defense sector, its benefactors, and its supporters,” Deputy Secretary of the Treasury Wally Adeyemo said. The sanctions are part of Treasury’s ongoing commitment to the Russian Elites, Proxies, and Oligarchs Task Force, which identifies, freezes, and seizes assets of sanctioned Russians around the world, and leverages information sharing between international partners as well as key data from the Financial Crimes Enforcement Network.
As a result of the sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Further, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless exempt or authorized by a general or specific OFAC license. Prohibitions “include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person and the receipt of any contribution or provision of funds, goods, or services from any such person.”
Senators exploring bank’s dealings with collapsed crypto exchange
On January 30, Senators Elizabeth Warren (D-MA), John Kennedy (R-LA), and Roger Marshall (R-KS) sent a follow-up letter to a California-based bank asking for additional responses to questions related to the bank’s relationship with several cryptocurrency firms founded by the CEO of a now-collapsed crypto exchange. As previously covered by InfoBytes, the senators pressed the CEO for an explanation for why the bank failed to monitor for and report suspicious transactions to the Financial Crimes Enforcement Network, and asked for information about how deposits it was holding on behalf of the collapsed exchange and related firm were being handled. The senators stressed that the bank has a legal responsibility under the Bank Secrecy Act to maintain an effective anti-money laundering program that may have flagged suspicious activity.
In the letter, the senators accused the bank of evading their previous questions in its December response, writing that while the bank’s answers confirm the extent of its failure to monitor and report suspicious financial activity, it failed “to provide key information needed by Congress to understand why and how these failures occurred.” The bank’s “repeated reference to ‘confidential supervisory information’” as a justification for its refusal to provide the requested information “is simply not an acceptable rationale,” the senators said. They also noted that the bank’s recent advance from the Federal Home Loan Bank of San Francisco—intended “to ‘stave off a further run on deposits’”—has introduced additional crypto market risks into the traditional banking system, especially should the bank fail. The bank was asked to explain how it plans to use the $4.3 billion it received.
The senators further commented that additional findings have revealed that neither the Federal Reserve nor the bank’s independent auditors were able to identify the “extraordinary gaps” in the bank’s due diligence process. The senators asked the bank to provide responses to questions related to its risk management policies, as well as how many safety and soundness exams were conducted, and whether any of the bank’s executives were “held accountable” for the failures related to the collapsed exchange, among other things.
FinCEN discusses digital identity threats
On January 25, FinCEN's acting Deputy Director, Jimmy Kirby, spoke before the Identity Policy Forum regarding digital identity threats, stating that FinCEN is “pragmatically focused” on protecting the U.S. financial system from illicit finance threats. According to Kirby, financial institutions must establish with confidence who their customers are on the front end and throughout the customer relationship. He noted that a failure or security compromise in any step of that process compromises the integrity of customer identity. Kirby also pointed out that security breaches have led to data hacks of centralized repositories of identity-related information, exposing personally identifiable information, and making those data sources less reliable, and that identity-related suspicious activity reports are increasing. Observing such threats, Kirby said that FinCEN designed the Identity Project to achieve three goals, to: (i) learn about financial institutions’ customer identification processes; (ii) quantify process breakdowns, vulnerabilities, and threats; and (iii) identify solutions, including digital identity. Kirby also discussed responsible innovation and emphasized the need to “foster development of infrastructure, information sharing, and standards that will safeguard the future of identity and the financial system.” Regarding expanding partnerships and feedback loops, Kirby said that the public sector must learn from each other, and that FinCEN is “also engaging with other domestic Federal agencies and regulators on digital identity, at FedID and throughout the year.”
FinCEN alert covers potential CRE investments by sanctioned Russians
On January 25, the Financial Crimes Enforcement Network (FinCEN) issued an alert to financial institutions on potential investments in the U.S. commercial real estate sector by sanctioned Russian elites, oligarchs, their family members, and the entities through which they act. The alert provides a list of possible red flags and typologies regarding attempted sanctions evasion in the commercial real estate sector and emphasizes financial institutions’ Bank Secrecy Act reporting obligations. The alert noted that banks frequently work with market participants who seek financing for commercial real estate projects, and that banks have customer due diligence obligations to verify the beneficial owners of legal entity customers. Specifically, the alert noted that “banks therefore may be in a position to identify and report suspicious activities associated with sanctioned Russian elites and their proxies including [politically exposed persons], among banks’ [commercial real estate]-related customers.” According to FinCEN, the recent alert builds on FinCEN’s March 2022 alert identifying real estate, luxury goods, and other high value assets involving sanctioned Russian and elites, and is the fourth alert issued by FinCEN on potential Russian illicit financial activity since Russia’s invasion of Ukraine in February 2022 (covered by InfoBytes here).
- Keisha Whitehall Wolfe to discuss “Tips for successfully engaging your state regulator” at the MBA's State and Local Workshop
- Max Bonici to discuss “Enforcement risk and trends for crypto and digital assets (Part 2)” at ABA’s 2023 Business Law Section Hybrid Spring Meeting
- Jedd R. Bellman to present “An insider’s look at handling regulatory investigations” at the Maryland State Bar Association Legal Summit