InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
California DBO issues cannabis banking guidance
On October 3, the California Department of Business Oversight (DBO) issued guidance for state-chartered financial institutions that serve cannabis-related businesses. The guidance, which is intended to help financial institutions manage risks appropriately, addresses cannabis program governance and compliance with the Bank Secrecy Act (BSA), as well as cannabis banking guidance issued in 2014 by the Financial Crimes Enforcement Network (FinCEN). As previously covered by InfoBytes, FinCEN’s guidance—which includes federal law enforcement priorities still in effect that were taken from a now-rescinded DOJ memo—details the necessary elements of a customer due diligence program, ongoing monitoring and suspicious activity report filing requirements, and priorities and potential red flags. Notably, the DBO states that while it will not bring regulatory actions against state-chartered financial institutions “solely for establishing a banking relationship with licensed cannabis businesses,” it expects all financial institutions to comply with FinCEN’s BSA expectations and guidance to make appropriate risk assessments. The DBO also referred bank examiners to its September Cannabis Job Aid, which is intended to assist with the examination of financial institutions that may be banking cannabis-related businesses.
FHFA advises GSEs on fraud reporting
On September 18, the FHFA issued Advisory Bulletin AB 2019-04, which provides guidance to Fannie Mae and Freddie Mac (GSEs) on fraud reporting requirements pursuant to 12 C.F.R. Part 1233 (FHFA Regulation). The Bulletin states that the GSEs are required to notify designees of the Director of the FHFA through the secure methods established by the FHFA within one calendar day from when the GSE discovers fraud or possible fraud that may have a “significant impact” on the GSE. The Bulletin defines “significant impact” as an event that “may create substantial financial or operational risk for the Enterprise, whether from a single event/incident or because it is systemic.” Moreover, the GSEs are required to submit a monthly fraud status report to the FHFA containing instances where they have (i) filed a suspicious activity report (SAR) with the Treasury Department or the Financial Crimes Enforcement Network; or (ii) discovered that the Enterprise purchased or sold a fraudulent loan or financial instrument, or suspects a possible fraud related to the purchase or sale of any loan or financial instrument, and the Enterprise has not filed a SAR. Additionally the GSEs are required to submit quarterly reports summarizing information concerning the GSE fraud risk management environments. The Bulletin is effective January 1, 2020.
FinCEN deputy director discusses innovation, non-bank supervision, and “culture of compliance”
On September 11, Financial Crimes Enforcement Network (FinCEN) Deputy Director Jamal El-Hindi delivered remarks at the 2019 Money Transmitter Regulators Association’s annual conference. El Hindi’s remarks focused on innovation and reform pertaining to the Bank Secrecy Act (BSA), supervision in the non-bank financial institution sector and coordination with state supervisors, and “the importance of a strong culture of compliance and what it means in a national and global security context.” According to El-Hindi, the BSA/anti-money laundering system “is good; but it can always be improved,” including through innovations that can “help better detect and safeguard against illicit activity.” El-Hindi reiterated FinCEN’s policy statement from December 2018, which encouraged innovation in the banking sector. (Previously covered by InfoBytes here.)
El-Hindi also highlighted recent discussions related to the role artificial intelligence can play in reducing false positives to assist human analysis, and the potential for blockchain technology to enhance transparency through the understanding of customer identity or transaction profiles. He noted that these themes and others emerged from FinCEN’s recent “Innovation Hours Program,” which encourages fintech companies, regtech companies, and financial institutions to present to FinCEN new and innovative products and services for potential use in the financial sector. The program’s upcoming September meeting will focus on innovations in “know your customer” compliance, BSA reporting, and core inter-bank payment and messaging systems associated with industry anti-money laundering/combating the financing of terrorism efforts. Additionally, El-Hindi noted that FinCEN’s enhanced supervision of nonbank financial institutions involves “actively prioritizing and engaging in,” among other activities, (i) conducting examinations of “specialized, rapidly evolving” financial services providers (e.g., virtual currency exchangers and administrators); (ii) identifying sector data to support FinCEN's analytic endeavors; and (iii) developing a stronger framework for risk assessments of the nonbank financial sector “from both the compliance and illicit activity standpoints.” El-Hindi closed his remarks by encouraging FinCEN and other regulators to discuss with foreign counterparts “the concept of a culture of compliance in the United States and what underpins it, and explore with our counterparts concepts that could underpin a culture of compliance in their own jurisdictions.”
U.S. enforcement authorities seize $3.7 million, arrest 281 for involvement in Business Email Compromise schemes
On September 10, the DOJ announced a coordinated effort with the U.S. Department of Homeland Security, the U.S. Department of the Treasury, the U.S. Postal Inspection Service, and the U.S. Department of State, against a series of Business Email Compromise (BEC) scams. The effort was conducted over a four-month period, resulting in the seizure of nearly $3.7 million and the arrest of 281 individuals in the U.S. and overseas, including 167 in Nigeria, 18 in Turkey and 15 in Ghana, along with arrests in France, Italy, Japan, Kenya, Malaysia, and the U.K. According to the DOJ, “BEC, also known as ‘cyber-enabled financial fraud,’ is a sophisticated scam often targeting employees with access to company finances and businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.” BEC scams can involve requests for paper checks and may not actually “compromise” an email account or computer network. The DOJ notes that many BEC scams are perpetrated by foreign citizens, who are often members of transnational criminal organizations.
As previously covered by InfoBytes, the Financial Crimes Enforcement Network (FinCEN), in July, discussed efforts designed to restrict and impede Business Email Compromise (BEC) scammers and other illicit actors who profit from email compromise fraud schemes and issued an updated advisory, providing general trends in BEC schemes, information concerning the targeting of non-business entities, and risks associated with the targeting of vulnerable business processes.
FinCEN division will investigate global money-laundering threats
On August 28, the Financial Crimes Enforcement Network (FinCEN) announced a new division intended to investigate global money laundering threats. The Global Investigations Division (GID)—led by Matthew Stiglitz, a former senior official in the Department of Justice’s Criminal Division—will target activities such as weapons of mass destruction proliferation, rogue state actors, transnational organized crime, and narcotics trafficking. According to FinCEN, GID will utilize the agency’s Bank Secrecy Act authorities, including Section 311 of the USA PATRIOT Act, to combat both domestic and international illicit terrorist finance and money laundering threats.
OFAC and FinCEN target synthetic opioids
On August 21, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) and Treasury’s Financial Crimes Enforcement Network (FinCEN) announced coordinated actions related to the manufacturing, selling, or distribution of synthetic opioids or their precursor chemicals. OFAC identified two Chinese nationals, a trafficking organization, and a related entity as “significant foreign narcotics traffickers” pursuant to the Foreign Narcotics Kingpin Designation Act, for running “an international drug trafficking operation that manufactures and sells lethal narcotics, directly contributing to the crisis of opioid addiction, overdoses, and death in the United States.” OFAC notes that, in August 2018, the U.S. Attorney’s Office for the Northern District of Ohio unsealed an indictment, which charged one of the Chinese nationals and his father with operating a conspiracy that allegedly manufactured and shipped deadly fentanyl analogues, cathinones, and cannabinoids to at least 37 U.S. states. Additionally, in September 2017, the U.S. Attorney’s Office for the Southern District of Mississippi indicted another significant foreign narcotics trafficker on two counts of conspiracy to manufacture and distribute multiple controlled substances, including fentanyl, and seven counts of manufacturing and distributing the drugs in specific instances. As a result of the sanctions designation, “all property and interests in property of these individuals and entities that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC.”
Additionally, FinCEN released an advisory alerting financial institutions to financial schemes related to the trafficking of fentanyl and other synthetic opioids. The advisory provides detailed explanations of the funding mechanisms associated with fentanyl trafficking patterns, including (i) purchases from a foreign source of supply made using money services businesses (MSBs), bank transfers, or online payment processors; (ii) purchases from a foreign source of supply made using convertible virtual currency (CVC); (iii) purchases from a U.S. source of supply made using a MSB, online payment processor, CVC, or person-to-person sales; and (iv) more general money laundering mechanisms associated with procurement and distribution. The advisory also provides a list of red flags financial institutions should be aware of that may assist in identifying suspected schemes related to illicit fentanyl trafficking. Lastly, the advisory reminds financial institutions of their regulatory obligations to combat illicit financing and anti-money laundering, such as due diligence obligations, customer identification, and suspicious activity reporting.
FinCEN director discusses gaming industry AML compliance
On August 13, Financial Crimes Enforcement Network (FinCEN) Director Kenneth Blanco delivered remarks at the 12th Annual Las Vegas Anti-Money Laundering Conference stressing the need for compliance within the gaming industry, particularly as new technologies emerge such as mobile gaming and the use of convertible virtual currencies (CVC) increases. With the U.S. Supreme Court issuing a decision in May holding that states can legalize sports gambling (previously covered by InfoBytes here), Blanco stated that casinos need to consider ways to integrate their sports betting programs—including mobile sports betting apps—into their existing anti-money laundering programs. These measures must include establishing and implementing procedures for detecting and reporting suspicious activities, Blanco noted, reminding the audience of FinCEN’s FAQs designed to assist financial institutions when reporting cyber indicators and cyber-enabled financial crime.
Blanco also discussed FinCEN’s work with respect to cybersecurity and virtual payments, noting, among other things, that both online and physical casinos that accept CVC need to consider how they review transactions to determine the source of the currency and recognize indicators of suspicious activity. Blanco referred casinos to consolidated guidance issued by FinCEN in May (previously covered by InfoBytes here), and expressed a concern that “CVC-related SAR filings by casinos have not been as robust as expected since the May CVC guidance and advisory were published.” He further stressed the importance of information-sharing between casinos, and highlighted that sharing SARs can contribute to the identification of suspicious transactions as well as Bank Secrecy Act compliance responsibilities.
Federal banking agencies and FinCEN issue statement on risk-focused BSA/AML examinations
On July 22, the Federal Reserve Board, FDIC, NCUA, and the OCC along with the Financial Crimes Enforcement Network (FinCEN), released a joint statement to improve transparency of their risk-focused approach to Bank Secrecy Act/anti-money laundering (BSA/AML) supervision. The statement outlines common practices for assessing a bank’s risk profile, including (i) leveraging available information, including internal BSA/AML risk assessments, independent audits, and results from previous examinations; (ii) contacting banks between examinations or before finalizing the scope of an examination; and (iii) considering the bank’s ability to identify, measure, monitor, and control risks. Examiners will use the information from the risk assessments to scope and plan the examination, as well as to evaluate the adequacy of the bank’s BSA/AML compliance program. The statement notes that the extent of examination activities needed to evaluate a bank’s BSA/AML compliance program, “generally depends on a bank’s risk profile and the quality of its risk management processes.”
FinCEN addresses efforts to counter business email compromise schemes
On July 16, the Financial Crimes Enforcement Network (FinCEN) discussed efforts designed to restrict and impede business email compromise (BEC) scammers and other illicit actors who profit from email compromise fraud schemes. BEC schemes, FinCEN reports, generally involve “criminal attempts to compromise the email accounts of victims to send fraudulent payment instructions to financial institutions or business associates in order to misappropriate funds or to assist in financial fraud.” An updated advisory provides current operational definitions and general trends in BEC schemes, information concerning the targeting of non-business entities and data by these types of schemes, and risks associated with the targeting of vulnerable business processes. The advisory also discusses opportunities for information sharing between financial institutions concerning subjects and accounts affiliated with BEC schemes in the interest of identifying risks of fraudulent transactions and money laundering. An in-depth strategic Financial Trend Analysis of Bank Secrecy Act (BSA) data explores industries targeted by BEC scammers as well as employed methodologies, and highlights BSA information collected by regulated financial institutions. Suspicious activity report highlights reveal a nearly tripling of attempted BEC thefts—from $110 million per month in 2016 to $301 million per month in 2018 on average. FinCEN’s release also discusses its Rapid Response Program as well as international information sharing initiatives addressing BEC schemes and associated fraudulently-induced transactions.
CFPB updates advisory on elder financial exploitation
On July 17, the CFPB issued an updated advisory to financial institutions with information on the financial exploitation of older Americans and recommendations on how to prevent and respond to such exploitation. The update urges financial institutions to report to the appropriate authorities whenever they suspect that an older adult is the target or victim of financial exploitation, and recommends that they also file Suspicious Activity Reports (SARs) with the Financial Crimes Enforcement Network (FinCEN). The update builds on an advisory that was previously released by the Bureau in March 2016 (covered by InfoBytes here), which included recommended best practices to help prevent and respond to elder financial exploitation, such as (i) establish protocols for ensuring staff compliance with the Electronic Fund Transfer Act; (ii) train staff to detect the warning signs of financial exploitation and respond appropriately to suspicious events; and (iii) maintain fraud detection systems that provide analyses of the types of products and account activity associated with elder financial exploitation. With the release of the update, Director Kraninger noted that, “[t]he Bureau stands ready to work with federal, state and local authorities and financial institutions to protect older adults from abusive financial practices that rob them of their financial security.”
As previously covered by InfoBytes, in February, the CFPB’s Office of Financial Protection for Older Americans, released a report studying the financial abuse reported in SARs, discussing key facts and trends revealed after the Bureau analyzed 180,000 elder exploitation SARs filed with the FinCEN from 2013 to 2017. Key findings of the report included, (i) SARs filings on elder financial abuse quadrupled from 2013 to 2017, with 63,500 SARs reporting the abuse in 2017; (ii) the average amount of loss to an elder was $34,200, while the average amount of loss to a filer was $16,700; and (iii) more than half of the SARs involved a money transfer.