InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN Issues Advisory and Supplemental FAQs on Cyber-Events and Cyber-Enabled Crime
On October 25, FinCEN issued advisory bulletin FIN-2016-A005 reminding financial institutions of their Bank Secrecy Act (BSA) obligations to report certain cyber-events and cyber-enabled crime. The advisory highlights the importance of (i) reporting cyber-events and cyber-enabled crime through Suspicious Activity Reports (SARs); (ii) including cyber-related information such as IP addresses with timestamps, virtual-wallet information, device identifiers, and cyber-event information, in SAR reporting; (iii) collaborating with BSA/AML, cybersecurity, and other in-house units to facilitate “a more comprehensive threat assessment and develop appropriate risk management strategies to identify, report, and mitigate cyber-events and cyber-enabled crime”; and (iv) sharing cyber-related information – including specific malware signatures, IP addresses and device identifiers, and virtual currency addresses that seem anonymous – amongst financial institutions for the “purpose of identifying and, where appropriate, reporting money laundering or terrorist activities.” Importantly, the advisory distinguishes between mandatory SAR reporting of cyber-events, providing three specific examples, and voluntary reporting of cyber-events. Per the advisory, “[c]yber-events targeting financial institutions that could affect a transaction or series of transactions would be reportable as suspicious transactions because they are unauthorized, relevant to a possible violation of law or regulation, and regularly involve efforts to acquire funds through illegal activities.”
FinCEN simultaneously issued FAQs to supplement advisory bulletin FIN-2016-A005. The FAQs, which supersede 2001 FAQs regarding computer intrusion, provide answers to a set of nine questions. The FAQs address, among other things, (i) when cyber-related SAR reports should be filed; (ii) the type of information that should be included in cyber-related SARs; and (iii) cyber-event and cyber-enabled crime information sharing, pursuant to Section 314(b) of the USA PATRIOT Act, between financial institutions.
FinCEN Assesses Civil Money Penalty Against Nevada-Based Casino for BSA/AML Violations
On October 3, FinCEN assessed a $12 million civil money penalty against a Nevada-based casino for willfully violating the anti-money laundering (AML) provisions of the Bank Secrecy Act (BSA). Pursuant to the Statement of Facts, from March 2009 through September 28, 2015, the casino allegedly failed to (i) develop and implement an effective AML program reasonably designed to ensure compliance with the BSA; (ii) exercise due diligence in its monitoring of suspicious activity; and (iii) maintain sufficient AML compliance controls, procedures, training, and audits, which resulted in multiple filing and recordkeeping control violations. As part of the FinCEN’s Assessment and the Non-Prosecution Agreement filed by the U.S. Attorney’s Officers, the casino must (i) perform a series of required Remedial Measures to ensure compliance going forward; and (ii) conduct a look-back review to ensure that suspicious transactions and attempted transactions were appropriately reported for transactions that occurred between 2010 and 2013.
FinCEN Issues Proposed Rule to Remove AML Exemption for Certain Banks
On August 26, FinCEN published a proposed rule that seeks to impose AML program requirements on banks that are without a Federal functional regulator, including, but not limited to, private banks, non-federally insured credit unions, and certain trust companies. FinCEN estimates that there are 740 such banks nationwide. The proposal would establish minimum AML program standards for such banks. In addition, if finalized, the proposed rule would expand the reach of FinCEN’s customer due diligence final rule to cover banks that are not already subject to the rule’s customer identification program requirements and beneficial ownership requirements. FinCEN issued the proposal to ensure that Bank Secrecy Act coverage is consistent across the industry. Comments on the proposal must be submitted to FinCEN by October 24, 2016.
Thomas Ott Named FinCEN's Associate Director of Enforcement
On August 16, FinCEN named Thomas P. Ott Associate Director for FinCEN’s Enforcement Division. In his new role, Ott will oversee the agency’s Bank Secrecy Act compliance and enforcement program. Ott’s responsibilities will include “developing and implementing compliance and enforcement strategies, supervising investigations, enforcement actions, and other activities that have industry-wide, national, and international impact.” Ott has served as FinCEN’s Acting Associate Director of Enforcement since March 2016.
FinCEN Imposes Civil Money Penalty Against Owner of Kentucky-Based Money Services Business
On March 24, FinCEN assessed a civil money penalty against a Kentucky-based MSB and its owner for violations of the Bank Secrecy Act (BSA). As the designated AML compliance officer of the MSB, the owner willfully violated the BSA’s AML program and reporting requirements by failing to ensure that the MSB complied with obligations under the BSA and its implementing regulations. In 2009, after an IRS Small Business/Self-Employed Division (IRS SB/SE) examination of the MSB’s activities, FinCEN issued a warning letter advising the company to take corrective actions. A subsequent 2013 IRS SB/SE examination found continued violations. Specifically, the MSB failed to (i) establish and implement an effective AML program by “failing to implement policies, procedures, and internal controls reasonably designed to assure ongoing compliance, failing to designate an adequate compliance officer, failing to provide adequate training, and failing to conduct independent testing of its compliance program”; and (ii) file accurate and timely currency transaction reports. The MSB’s owner admitted to violating the BSA’s AML program and reporting requirements and agreed to a $10,000 civil money penalty.
OCC and FinCEN Assess Civil Money Penalties against Florida-Based Wealth Management Firm for BSA Violations
On February 25, the OCC, in coordination with FinCEN, announced that it took action against a Florida-based wealth management firm and private bank for allegedly violating the Bank Secrecy Act (BSA). According to the OCC, the bank failed to maintain an effective BSA/AML compliance program, thus violating its 2010 agreement with the OCC to “revise its policies, procedures, and systems related to the BSA/AML laws and regulations (‘BSA/AML Compliance Program’), and, among other things, address weaknesses with the Bank’s BSA/AML Compliance programs, including a lack of internal controls necessary to ensure effective and timely customer identification, risk assessment, monitoring, validation, and suspicious activity reports (‘SARs’).” Without admitting or denying any wrongdoing, the bank agreed to pay a total of $4 million in civil penalties, with $2.5 million to be paid directly to the OCC and, pursuant to FinCEN’s separately announced civil money penalty, $1.5 to be paid to the U.S. Department of the Treasury.
District Court Denies Motion to Dismiss, Rules Compliance Officers Responsible for AML Program Failures
On January 8, the U.S. District Court of Minnesota ruled that individual officers of financial institutions may be held responsible for ensuring compliance with anti-money laundering laws under the Bank Secrecy Act (BSA). U.S. Dep’t of Treasury v. Haider, No. 15-cv-01518, WL 107940 (Dist. Ct. Minn. Jan. 8, 2016). In May 2015, the defendant filed a motion to dismiss the U.S. Department of the Treasury’s December 2014 complaint against him. The Treasury’s complaint alleged that the defendant failed in his responsibility as the Chief Compliance Officer for an international money transfer company to ensure that “the Company implemented and maintained an effective AML program and complied with its SAR-filing obligations.” The complaint sought a $1 million judgment against the defendant and enjoined him from working for, either directly or indirectly, any “financial institution” as defined in the BSA. In his motion to dismiss, the defendant contended that the Treasury’s complaint should be dismissed because, among other reasons, 31 U.S.C. § 5318(a) permits the imposition of a penalty for AML program failures against an entity, not an individual. However, the District Court of Minnesota dismissed the motion, ruling that the BSA’s more general civil penalty provision, § 5321(a)(1), could subject a partner, director, officer, or employee of a domestic financial institution to civil penalties for violations “of any provision of the BSA or its regulations, excluding the specifically excepted provisions.” Judge David Doty further opined, “Because § 5318(h) is not listed as one of those exceptions, the plain language of the statute provides that a civil penalty may be imposed on corporate officers and employees like [the defendant], who was responsible for designing and overseeing [the company's] AML program.” The defendant also challenged the Treasury’s complaint on the bases that (i) the request for injunctive relief was time barred by the applicable statute of limitations; (ii) FinCEN should not have been permitted to receive and publicly use grand jury information; and (iii) FinCEN violated his due process rights. For various reasons, the District Court declined to decide on such issues or to dismiss materials based on the arguments presented.
FinCEN Settles with Card Club Gaming Establishment for BSA Violations
On December 17, FinCEN announced a $650,000 settlement with a “card club” gaming establishment in California for willfully violating the program and reporting requirements of the Bank Secrecy Act (BSA). The gaming establishment allegedly trained its staff using misleading and inaccurate AML policy, which either failed to provide instructions at all, or provided incorrect instructions regarding the establishment’s obligations and reporting requirements under the BSA. As an example, the establishment “encouraged employees to provide notice to patrons if they were about to conduct a cash transaction that would put them over the $10,000 threshold for the filing of a Currency Transaction Report, thereby possibly encouraging structured transactions.” In addition, since the establishment’s policy did not contain instructions regarding when an employee should file a Suspicious Activity Report (“SAR”), it failed to file SARs in 2009 and 2010. Card clubs are gaming facilities that generally host only games involving cards; like casinos, card clubs are defined as financial institutions under the BSA, rendering them subject to FinCEN’s rules and regulatory authority.
U.S. Department of the Treasury Senior Staff Deliver Remarks Regarding Enforcement Efforts
On November 16, FinCEN Director Jennifer Calvery and Treasury’s Acting Under Secretary Adam Szubin delivered remarks at the American Bankers Association and American Bar Association Money Laundering Enforcement Conference on continued AML enforcement efforts. Szubin focused on the topic of “de-risking,” which he described as “instances in which a financial institution seeks to avoid perceived regulatory risk by indiscriminately terminating, restricting, or denying services to broad classes of clients, without case-by-case analysis or consideration of mitigating options,” and addressed Treasury’s efforts to curtail the negative effects attributed to de-risking, such as preventing access to the dollar and pushing people out of the regulated financial system. Szubin emphasized, however, that the Treasury would not “dilute or roll back [its] AML/CFT standards,” but expects financial institutions to be vigilant when identifying potential risks and to implement AML/CFT programs that effectively address risks associated with illicit financing on a client-by-client basis. In a separate speech, Director Calvery addressed FinCEN’s reliance on Bank Secrecy Act (BSA) data to “uncover risks, vulnerabilities, and gaps in each financial sector,” noting that BSA data supports FinCEN’s ongoing AML enforcement efforts.
FinCEN Issues NPRM Establishing BSA/AML Requirements for Investment Advisers
On August 25, FinCEN issued a Notice of Proposed Rulemaking (NPRM) seeking to adopt minimum Bank Secrecy Act (BSA) and anti-money laundering (AML) standards that would be applicable to investment advisers. Under the proposal, investment advisers would be required to implement AML programs and report suspicious activity, among other safeguards. The NPRM states that the proposal would cover investment advisers registered or required to register with the SEC. The proposal would also add such investment advisers to the definition of “financial institution.” This would result in investment advisers being required to file currency transaction reports and to comply with recordkeeping and other requirements applicable to financial institutions. With respect to supervisory authority, FinCEN stated that it would delegate its authority to the SEC for purposes of examining investment advisers for compliance with the proposed requirements.