InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FINRA revises anti-money laundering template for small firms
On April 4, the Financial Industry Regulatory Authority (FINRA) released a revised template to assist FINRA-registered small firms in developing and implementing risk-based anti-money laundering (AML) programs as required by the Bank Secrecy Act and FINRA Rule 3310. Changes to the template reflect FinCEN’s final rule concerning customer due diligence requirements for covered financial institutions (CDD rule), which goes into effect May 11. (See previous InfoBytes coverage on the CDD rule here.) The CDD rule requires covered financial institutions, including FINRA-registered firms, to identify the beneficial owners of legal entity customers who open new accounts.
Buckley Sandler Insights: FinCEN updates FAQs regarding customer due diligence requirements for financial institutions
On April 3, the Financial Crimes Enforcement Network released an update to its FAQs in advance of the upcoming Customer Due Diligence Requirements for Financial Institutions final rule (issued in 2016 and amended last September for various technical corrections) that goes into effect May 11. As previously covered in InfoBytes, the final rule imposes standardized customer due diligence (CDD) requirements under the Bank Secrecy Act for covered financial institutions and requires financial institutions to identify and verify beneficial owners of legal entity customers, subject to certain exclusions and exemptions. The supplemental FAQs (see InfoBytes coverage on an earlier set of FAQs issued in 2016) assist covered financial institutions in understanding the scope of their CDD requirements, as well as the CDD rule’s impact on broader anti-money laundering (AML) program obligations, and cover a broad range of interpretations including the following:
- Question 1 specifies covered financial institutions will satisfy the requirements to identify and verify beneficial owners of legal entity customers by collecting and verifying the identity of individuals who directly or indirectly own 25 percent or more of the equity interests in a legal entity customer, as well as “one individual who has managerial control of a legal entity customer.” However, they may choose to implement stricter written internal policies and procedures and expand their information collection to include more than one individual with managerial control or persons owning a lower percentage of equity interests.
- Question 3 clarifies that covered financial institutions may reasonably rely on a legal entity customer to provide the identities of individuals who satisfy the definition of beneficial ownership, whether indirectly or directly, and “need not independently investigate the legal entity customer’s ownership structure.”
- Question 7 states that for existing customers, a covered financial institution may rely on information in its possession subject to its Customer Identification Program (CIP) to fulfill the beneficial ownership identification and verification requirements, “provided the existing information is up-to-date, accurate, and the legal entity customer’s representative certifies or confirms (verbally or in writing) the accuracy of the pre-existing CIP information.”
- Question 10 states that if a legal entity customer opens multiple accounts, the covered financial institution may rely on information obtained from a previously issued certification form (or equivalent), provided the legal entity customer certifies or confirms—verbally or in writing—that such information is up-to-date and accurate at the time each subsequent account is opened. Records of such certification or confirmation must also be maintained.
- Question 12 confirms that covered financial institutions seeking to renew a loan or roll over a certificate of deposit must treat these as new accounts and require their legal entities customers to certify or confirm beneficial owners, “even if the legal entity is an existing customer.”
- Question 18 stipulates that covered financial institutions are not required to identify and verify the identity of beneficial owners that own 25 percent or more of the equity interests of a pooled investment vehicle, whether or not such vehicle is managed by a “financial institution,” due to the typical fluctuation of ownership. However, Question 18 notes that covered financial entities must collect beneficial ownership information for an individual who has significant control or management over the vehicle as required under the control prong to comply with the CDD rule.
- Question 19 concerns trusts overseen by multiple trustees and states that in circumstances where a trust owns 25 percent or more of the equity interests of a legal entity customer, covered financial institutions are required, at a minimum, to collect beneficial ownership information on a single trustee but may choose to identify additional co-trustees based on risk assessment or a risk profile.
- Question 21 specifies that a covered financial institution may rely on information provided by a legal entity customer to determine eligibility for exclusion from the definition of a legal entity customer, provided the financial institution has no knowledge of facts that would reasonably call into question the reliability of such information. Covered financial institutions should also ensure that their risk-based written policies and procedures address and specify the type of information to be used when reasonably determining exclusion eligibility.
- Question 28 stipulates which non-U.S. governmental entities qualify for exclusion from the definition of a legal entity customer. It specifies that state-owned enterprises that engage in profit-seeking activities, such as sovereign wealth funds, airlines, and oil companies, are not excluded from the definition of a legal entity.
- Questions 29-31 provide guidance on account level beneficial owner exceptions related to (i) point of sale products for certain low-risk retail credit accounts; and (ii) certain equipment finance and lease accounts with low money laundering risks. Question 31 also stipulates that an equipment lease and purchase exemption would apply in circumstances where a customer leases necessary equipment directly from a covered financial institution.
- Questions 32-33 provide guidance on circumstances where beneficial ownership information should be aggregated for purposes of complying with Currency Transaction Report (CTR) requirements, and state that “absent indications that the businesses are not operating independently . . . , financial institutions should not aggregate transactions involving those businesses with those of each other or with those of the common owner for CTR filing.” Furthermore, covered financial institutions are generally not required to list beneficial owners on a CTR.
- Question 35 specifies what information covered financial institutions should collect and consider as part of on-going CDD when developing customer risk profiles. Specifically, covered financial institutions should develop an understanding of the “nature and purpose of a customer relationship,” and review information obtained at the opening of an account such as type of customer, account, service, or product.
FinCEN adjusts civil penalties for inflation
On March 19, the Financial Crimes Enforcement Network (FinCEN) published a final rule adjusting upward the maximum amount of the civil monetary penalties within its jurisdiction, as required by the Inflation Adjustment Act. As explained in the rule, the new maximum penalty amounts for 2018 are calculated by multiplying the corresponding 2017 penalty by a “cost-of-living adjustment” multiplier—which for 2018 has been set by the OMB at 1.02041—and then rounding to the nearest dollar. The rule is effective March 19.
GAO studies effect of Southwest border banks "derisking" due to BSA/AML concerns
On February 26, the Government Accountability Office (GAO) released a report, which describes Bank Secrecy Act/anti-money laundering (BSA/AML) compliance challenges facing Southwest border banks, examines the impact “derisking” has had on banking services in this region, and evaluates responses by regulators to “derisking” concerns. “Derisking” is defined by GAO as “the practice of banks limiting certain services or ending their relationships with customers to, among other things, avoid perceived regulatory concerns about facilitating money laundering.” According to GAO, because the region has a high volume of cash and cross-border transactions, as well as a large number of foreign accountholders, banks are required to engage in more intensive and frequent monitoring and investigating to comply with BSA/AML requirements. Due to some Southwest border residents and businesses reporting challenges when trying to access banking services in the region, GAO was asked to undertake a review to determine if the access problems were due to “derisking” and branch closures.
Among other things, the report found that (i) the average number of suspicious activity reports filed in the region was two and a half times the number for high-risk counties outside the region; (ii) 80 percent of banks in the region terminated accounts due to risks related to BSA/AML; (iii) 80 percent limited or did not offer accounts to certain businesses considered high risk for money laundering and terrorist financing because those customers drew heightened BSA/AML regulatory oversight; and (iv) money-laundering risks were a more important driver of branch closures in the region than elsewhere. GAO discovered that BSA/AML regulatory concerns may be a factor in banks’ decisions to engage in “derisking” in the region, and that “the actions taken to address derisking by the federal bank regulators and the Financial Crimes Enforcement Network (FinCEN) and the retrospective reviews conducted on BSA/AML regulations have not fully considered or addressed these effects.” The account terminations and limitations, along with branch closures in the region, have raised concerns that the closures have “affected key businesses and local economies and . . . economic growth.”
GAO recommended that FinCEN, FDIC, Federal Reserve Board, and the OCC (the agencies) conduct a comprehensive review of their BSA/AML regulatory framework to assess how banks’ regulatory concerns may be affecting their decisions to provide banking services. It also recommended that the agencies jointly conduct a retrospective review of BSA/AML regulations and their implementation and revise BSA regulations as necessary to “ensure that BSA/AML regulatory objectives are being met in the most efficient and least burdensome way.”
Agencies assess $613 million in total penalties against national bank and its parent for BSA/AML deficiencies
On February 15, a national bank and its parent corporation were assessed $613 million in total penalties by the OCC, DOJ, Federal Reserve, and Financial Crimes Enforcement Network (FinCEN) as part of a deferred prosecution agreement over Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance program deficiencies. According to the announcement by the DOJ, the agency’s settlements cover a range of alleged AML deficiencies back to 2009, including an alleged effort not to disclose known Suspicious Activity Report (SAR) deficiencies to the OCC. Additionally, the DOJ cited the bank for failing to timely file SARs related to the banking activity of a customer who used the bank to launder proceeds from a fraudulent payday lending scheme, when the bank was allegedly on notice of the activity (previously covered by InfoBytes here).
The $613 million in penalties include: a $453 million forfeiture as part of the deferred prosecution agreement with the DOJ; a $75 civil money penalty from the OCC; a $15 million civil money penalty from the Federal Reserve; and a $70 million civil money penalty from FinCEN.
FinCEN proposes measure against Latvian bank for alleged money laundering schemes, blocks U.S. accounts
On February 13, the Financial Crimes Enforcement Network (FinCEN) issued a finding and notice of proposed rulemaking (NPRM), pursuant to Section 311 of the USA PATRIOT Act, seeking to prohibit the opening or maintaining of correspondent accounts in the United States for, or on behalf of, a Latvian-based bank. The NPRM is being issued based on findings that the bank has “institutionalized money laundering as a pillar of [its] business practices.” According to the NPRM, the bank’s management (i) “permits the bank and its employees to orchestrate and engage in money laundering schemes”; (ii) “solicits the high-risk shell company activity that enables the bank and its customers to launder funds”; (iii) “maintains inadequate controls over high-risk shell company accounts”; and (iv) “seeks to obstruct enforcement of Latvian anti-money laundering and combating the financing of terrorism (AML/CFT) rules in order to protect these business practices.” Specifically, Secretary of the Treasury Steven T. Mnuchin asserted that the bank’s failure to implement effective AML/CFT and sanctions policies and procedures has become a conduit for widespread illicit activity, “including activity linked to North Korea’s weapons program and corruption connected to Russia and Ukraine.” The measures set forth under the NPRM are designed to protect the U.S. financial system from money laundering and terrorist financing threats. Comments are due 60 days after publication in the Federal Register.
FinCEN issues advisory updating FATF-identified jurisdictions with AML/CFT deficiencies
On February 9, the Financial Crimes Enforcement Network (FinCEN) issued an advisory to financial institutions based on November 3, 2017 updates to the Financial Action Task Force’s (FATF) list of jurisdictions identified as having “strategic deficiencies” in their anti-money laundering/combating the financing of terrorism (AML/CFT) regimes. FinCEN urges financial institutions to consider this list when reviewing due diligence obligations and risk-based policies, procedures, and practices.
The current jurisdictions (as further described in the Improving Global AML/CFT Compliance: On-going Process) that have AML/CFT deficiencies for which the jurisdictions have developed action plans are: Bosnia and Herzegovina, Ethiopia, Iraq, Sri Lanka, Syria, Trinidad and Tobago, Tunisia, Vanuatu, and Yemen. Notably, Uganda has been removed from this list for making “significant technical progress in improving its AML/CFT regime and . . . establish[ing] the legal and regulatory framework to meet the commitments in its action plan.” However, Sri Lanka, Trinidad and Tobago, and Tunisia were added to the list due to the ineffective implementation of their AML/CFT frameworks. The Democratic People’s Republic of Korea and Iran remain the two jurisdictions subject to countermeasures and enhanced due diligence due to AML/CFT deficiencies.
FinCEN issues requests for comments on renewal of BSA currency transaction and suspicious activity reporting requirements
On February 9, the Financial Crimes Enforcement Network (FinCEN) issued two notices and requests for comments in the Federal Register seeking renewals without change of currently approved Bank Secrecy Act (BSA) regulatory requirements for covered financial institutions. The first notice concerns the continuance of currency transaction reporting requirements, and the second notice addresses suspicious activity reporting requirements. Comments must be received by April 10.
See here for additional BSA InfoBytes coverage.
$368 million penalty assessed against California branch for BSA/AML deficiencies
On February 7, the OCC and DOJ announced settlements with a Netherlands-based lender’s California branch, in which the branch pled guilty to one count of conspiracy to defraud the U.S. Government for impeding and obstructing a 2012 OCC examination when it concealed deficiencies in its Bank Secrecy Act and anti-money laundering (BSA/AML) compliance programs. According to the DOJ’s press release, the branch will pay over $368 million as a result of allowing “hundreds of millions of dollars in untraceable cash, sourced from Mexico and elsewhere, to be deposited into its rural bank branches” without conducting adequate BSA/AML review, and for conspiring with several former executives to hide information from OCC officials during the 2012 examination. Among other things, the plea agreement states that the branch “created and implemented a number of policies and procedures that prevented adequate investigations into suspicious customer activity,” which included (i) creating a “Verified List” of customers whose transactions needed no further review even if there was a change in the customer’s activity from when it was verified; and (ii) instructing BSA/AML staff to “aggressively increase the number of bank accounts on the Verified List.” Further, the branch admitted it failed to both monitor and conduct adequate investigations into these transactions and submit suspicious activity reports to the Financial Crimes Enforcement Network, as required by the BSA. Additionally, in an effort to conceal deficiencies in its BSA/AML program, the branch demoted or terminated two employees who risked “contradicting” the branch’s findings. Two months before the branch's guilty plea, a former executive entered into a deferred prosecution agreement for his role in the misconduct, and agreed to cooperate with the DOJ's continuing investigation.
As part of the plea agreement, the OCC announced it had terminated a December 2013 consent order entered into with the branch over its BSA/AML failures and stated, “the OCC has determined that the bank has implemented all of the corrective actions required by the 2013 consent order and has achieved compliance with the requirements set forth in that order.” On February 6, the branch agreed to pay $50 million civil money penalty to the OCC, which will be credited towards the overall amount assessed by the DOJ.
Senate Banking Committee: The impact of cryptocurrency in AML/BSA enforcement
On January 17, the Senate Committee on Banking, Housing, and Urban Affairs held a second hearing with witnesses from the Treasury and Justice departments to further address the need to modernize and reform the Bank Secrecy Act and anti-money laundering (BSA/AML) regime. The hearing, entitled “Combating Money Laundering and Other Forms of Illicit Finance: Administration Perspectives on Reforming and Strengthening BSA Enforcement,” follows a January 9 hearing before the same Committee on related issues (see previous InfoBytes coverage here). Committee Chairman Mike Crapo, R-Idaho, opened the hearing by stating the need to understand the government’s position on “strengthening enforcement and protecting the integrity of the U.S. financial system in a new technological era,” while also recognizing the challenges technology creates for law enforcement. A primary topic of interest to the Committee was “the rise of cryptocurrencies and their potential to facilitate sanctions evasion and perhaps, other crimes.”
The first witness, Treasury’s undersecretary for terrorism and financial crimes, Sigal Mandelker (testimony), noted that money laundering related to cryptocurrencies is “an area of high focus” for Treasury, and highlighted actions taken by Treasury’s Financial Crimes Enforcement Network (FinCEN), such as the release of guidance announcing that “virtual currency exchangers and administrators” are subject to regulations under the BSA. Regulated entities, Mandelker stated, are required to file suspicious activity reports (SARs) and are subject to FinCEN and IRS examinations and enforcement actions. Mandelker further commented that Treasury is “aggressively tackling” illicit financing entering the U.S. system and elsewhere, and stressed that other countries face consequences if they fail to have an AML/Combating the Financing of Terrorism regime that meets Treasury standards.
The second witness, DOJ acting deputy assistant attorney general M. Kendall Day (testimony), informed the Committee of the recent hiring of a digital currency counsel who is responsible for ensuring prosecutors are up-to-date on the latest money-laundering threats in the digital currency field. Day also commented on recent DOJ prosecutions in this space, and emphasized the need for enhanced information sharing for law enforcement, including the benefit of deriving information from SARs.