InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN Fines NY-Based Securities Broker-Dealer for Anti-Money Laundering Shortfalls
On January 27, FinCEN fined a New York securities broker-dealer firm $20 million for violating the BSA. According to the press release, the firm failed to (i) establish an adequate anti-money laundering program; (ii) conduct proper due diligence on a foreign correspondent account; and (iii) comply with Section 311 of the USA Patriot Act. These failures resulted in customers engaging in suspicious trading, including prohibited third-party activity and illegal penny stock trading, without it being detected or reported. The firm must pay $10 million of the $20 million penalty to the US Department of the Treasury. The remaining $10 million will be paid to the SEC to settle a parallel enforcement action.
FinCEN Highlights Information Sharing Program Among Regulatory, Law Enforcement Agencies
On January 6, FinCEN released a fact sheet highlighting its Section 314(a) Program of the USA PATRIOT Act. Under the Section 314(a) Program, federal, state, local and foreign law enforcement are able to contact, through FinCEN, over 43,000 points of contact at more than 22,000 financial institutions to locate accounts and transactions of individuals or organizations engaged in, or reasonably suspected of, terrorism or money laundering. According to FinCEN, since its inception, the 314 Program has aided in 1,909 money laundering and 459 terrorism/terrorist financing criminal investigations. In addition, based on feedback from law enforcement, the Program has contributed to 95 percent of 314(a) requests lead to an arrest or indictment.
FinCEN Fines Former CCO For Maintaining Ineffective AML Program
Recently, FinCEN announced a $1 million civil money penalty against the former Chief Compliance Officer (CCO) of a large financial services company for allegedly violating the Bank Secrecy Act (BSA) and its implementing regulations. In its complaint, FinCEN alleges that the CCO, from 2003 through 2008, failed to implement and maintain an effective AML program and file timely Suspicious Activity Reports as required by the BSA. As a result, the company’s money transfer system was used to carry out fraudulent activities causing customers to incur substantial losses. In addition to the penalty, FinCEN is seeking to prohibit the former CCO from participating, directly or indirectly, in the affairs of any financial institution.
FinCEN Fines Small Credit Union for BSA Violations
On November 25, FinCEN fined a small Florida-based credit union $300,000 in civil monetary penalties for violating the Bank Secrecy Act (BSA). From 2009 through 2014, FinCEN charged that, among other deficiencies within its anti-money laundering program, the credit union lacked proper internal controls and failed to designate a BSA compliance officer to monitor suspicious transactions. The credit union admitted that it violated Section 314(a) of the USA PATRIOT ACT, which requires financial institutions to search their records of accounts and transactions of individuals who may be involved in money laundering or terrorist financing activities. The credit union, with assets of $4 million and five employees, contracted with a third party vendor to provide services and subaccounts to 56 money services businesses located in Central America, Middle East, and Mexico. FinCEN stated that 90% of the credit union’s annual revenue was generated from these accounts.
FinCEN Issues Statement On Providing Banking Services to Money Services Businesses
On November 10, FinCEN released a statement to reiterate that banking organizations can serve Money Services Businesses (MSB) while meeting obligations under the Bank Secrecy Act. FinCEN noted that there is concern that banks may be terminating the accounts of MSBs on a wholesale basis because of potential regulatory scrutiny and that as a result MSBs are losing access to banking services. FinCEN stated that they do “not support the wholesale termination of MSB accounts without regard to the risks presented or the bank’s ability to manage the risk.” Rather, the risks presented by a given MSB can vary and, therefore, financial institutions should assess the risks on a case-by-case basis. FinCEN expects that banking organizations will manage the risks associated with MSB accounts and are committed to addressing the “wholesale de-banking of an important part of the financial system.”
New Bitcoin Firms May Get Transitional License in New York
On November 2, New York Superintendent Lawsky delivered remarks at the Money 20/20 Conference on the state’s virtual currency and Bitcoin regulation. In October, Lawsky publicly stated that, as a result of the comments received on New York’s proposed BitLicense framework, there would be important changes made to the July 17 proposal. This week, on behalf of the NYDFS, Lawsky announced that additional changes are being considered to address “concern about the compliance costs of regulation on new or fledging virtual currency enterprises.” Specifically, Lawsky introduced the concept of a Transitional BitLicense, which would allow certain small, money transmitting startups to begin operating without huge compliance costs. Lawsky noted four main factors the NYDFS would consider when deciding whether or not to grant a Transitional BitLicense: (i) the nature and scope of the business and the associated risks for consumers; (ii) projected transactional and business volume; (iii) registration status as a Money Services Business with FinCEN; and (iv) previously established mitigating risk controls.
FinCEN Rules Proposed Virtual Currency Exchange, Bitcoin Payment System Subject to BSA
On October 27, FinCEN issued two administrative rulings to companies seeking guidance on whether they must register as MSBs and be subject to the required reporting, recordkeeping, and monitoring obligations. In its first letter, a company queried whether its plans to set up a virtual currency trading and booking platform, similar to a traditional securities or commodities exchange, would make it subject to FinCEN regulations. FinCEN responded that the proposed virtual trading platform would be classified as an MSB. As a result, the company would have to register as an MSB as defined under the BSA. In its second ruling, a company asked whether a bitcoin payment system would be subject to the agency’s regulations. The payment system would accept customers’ credit card payments and transfer the payments to merchants in the form of bitcoin. FinCEN ruled that if the company sets up the payment system, the company would be classified as a money transmitter, and subject to BSA regulations, because “it engages as a business in accepting and converting the customers’ real currency into virtual currency for transmission to the merchant.”
Buckley Sandler Webcast Recap: FinCEN's Proposed Rule Amending Customer Due Diligence Obligations
BuckleySandler hosted a webcast entitled “FinCEN’s Proposed Rule Amending Customer Due Diligence Obligations,” on September 18, 2014, as part of the ongoing FinCrimes Webcast Series. Panelists included James Cummans, Vice President of BSA/AML Operations at TCF Bank; Jacqueline Seeman, Managing Director and Global Head of KYC at Citigroup, Inc.; and Sarah K. Runge, Director, Office of Strategic Policy at the U.S. Department of Treasury. The following is a summary of the guided conversation moderated by Jamie Parkinson, partner at BuckleySandler, and key take-aways to prepare for comments to the proposed rule and implementation of the new rule, once final, at your financial institution.
Key Tips and Take-Aways:
- Assess and prepare your organization’s financial and personnel resources to make sure that the appropriate resources are in place to comply with the proposed rule once it is finalized. Certain technical aspects of implementation may be complicated depending on the financial institutions’ existing processes.
- Boards of Directors should participate in and be informed of the process.
- Institutions that are exempt from the rule, including money services businesses (“MSBs”), should also consider how this rule would affect their operations. FinCEN has announced that this is an incremental rule making, meaning the rule could extend to additional entities in the future.
- Covered financial institutions should consider the implications and compliance issues associated with the proposed rule and actively engage in the comment period. It is clear that FinCEN took certain industry concerns into account from the earlier Advance Notice of Proposed Rulemaking (“ANPRM”), so any potential issues should again be raised.
Customer Due Diligence Rule Requirements
The session began with a brief background on the rulemaking process and the overarching goals of the proposed CDD obligations. The panel then addressed the rule’s codification of existing practices and procedures relating to client onboarding procedures and transaction monitoring. Significantly, the panelists outlined the new requirement to identify “beneficial owners” and the two independent prongs—ownership and control—used to determine who would be considered a “beneficial owner” of a legal entity customer. Finally, the panelists noted that the current proposed rule requires financial institutions to use a standard certification form to document the beneficial ownership of legal entity customers.
Potential Compliance Difficulties
The panelists noted that while the proposed rule outlines what would be required of an institution, there are a number of potential compliance challenges. First, the panelists discussed the definition of a “beneficial owner.” Some financial institutions have implemented lower ownership thresholds or additional persons in “control” for CDD purposes based on their assessment of risk. This presents potential compliance and logistical considerations for institutions that determined for compliance risk reasons to identify additional “beneficial owners” under both prongs when considered under their current policies and procedures.
Next, the panelists discussed the certification form that may be required by the rule. Panelists noted that the use of a paper based form could cause logistical challenges and compliance issues for institutions that are moving to digital documentation and banking. Specifically, the panelists expressed concern that the form might present difficulties associated with compiling data and performing additional risk analysis, and may also constrain the flexibility sought by different institutions in the manner of implementation of the new CDD information. The panelists also pointed out that a standard form (and the rule in general) impacts other compliance considerations, for example, those associated with e-signatures and data security. This looks likely to be an area of constructive commentary.
Identity Verification for Beneficial Owners
Panelists next discussed the rule’s requirement that financial institutions verify the identity of a “beneficial owner.” The original ANPRM had required financial institutions to verify not only the identity but also the status of the “beneficial owner.” Panelists noted that verification of an individual’s status would have presented significant compliance issues due to limited reliable resources to confirm such information, and that the required identity verification was a much better standard. The panelists also pointed out that this significant change demonstrates that FinCEN was taking industry opinion and comments to heart, and that this should encourage institutions to actively engage in the ongoing comment period.
Non-Covered Entities
Panelists then shifted to discussing the issue of entities who are not covered by the proposed rule. Panelists noted that there is likely to be commentary over some concern that the rule may create an uneven playing field between those companies that are required to gather this data and those companies that are not affected. Additionally, the panelists highlighted the fact that the current rule-making process has been presented as an incremental rule making, meaning that while certain entities may not currently be covered by the rule, FinCEN may expand the scope of entities covered by the rule in the future. As such, panelists suggested that entities not currently covered—such as MSBs and casinos—should not only pay attention to the proposed rule but perhaps evaluate their own compliance programs in anticipation of potential application later, but also actively engage in the comment portion of the rule making. The panel then warned that if these entities do not participate now, it may be difficult to make significant changes to the rule after it takes effect. Finally, regarding non-covered entities such as MSBs, panelists noted that the CDD requirements may have a practical impact despite the lack of formal mandate, as those covered institutions that bank non-covered entities may inquire about CDD practices and may expect non-covered entities to implement some type of risk-based CDD.
Board Level Responsibilities and Requirements
The panel also discussed the implications the proposed rule has on governance and the responsibilities of boards of directors. Panelists noted that boards have been encouraged to focus on enhanced training and resources regarding AML and BSA matters and that boards of directors need to understand the associated risks and legal requirements. Additionally, the panel pointed out that boards of directors need to monitor the implementation of any procedures dealing with the proposed requirements and that failure to properly implement the procedures or requirements could lead to disciplinary action. Finally, the board needs to ensure the organization’s financial and personnel resources are sufficient to address and implement the requirements of the proposed rule once it is finalized.
Requirements for Existing Accounts
The panel addressed the fact that while the proposed rule is not retroactive, the commentary states that financial institutions should be keeping the required information current and updated. Panelists expressed concern over what would be required with regard to keeping this information current, specifically highlighting concerns with when the financial institution would be required to update pre-existing low and medium risk customer profiles. The panel noted that while there are currently refresh cycles involved with their customers, there is no guidance as to how far back an institution would have to go and whether they would have to update the entire customer profile associated with an account.
Implementation Timeline
The panel concluded by discussing the proposed rule’s implementation timeline of one year. Panelists expressed concern that the one year period would cause certain technology related challenges and would be more burdensome for large institutions. The panelists noted that this is an issue that will likely be addressed in the comment period, with suggestions of between 18 and 24 months to prepare for and implement policies and procedures associated with the new rule.
FinCEN Offers Red Flags Guidance On Human Trafficking And Smuggling
On September 11, in FIN-2014-A008, FinCEN advised financial institutions on how to detect and report suspicious financial activity that may be related to human smuggling and/or trafficking. The advisory describes the differences between human smuggling and trafficking, and describes how each is conducted. FinCEN suggests that financial institutions consider evaluating indicators of potential human smuggling or trafficking activity in combination with other red flags and factors, such as expected transaction activity, before making determinations of suspiciousness. Additionally, FinCEN states that in making a determination of suspiciousness, financial institutions are encouraged to use previous FinCEN advisories and guidance as a reference when evaluating potential suspicious activity, including a May 2014 advisory on the use and structure of funnel accounts. The advisory also attached two appendices that provide examples of human smuggling and trafficking red flags. FinCEN advises institutions that in evaluating whether certain transactions are suspicious and/or related to human smuggling or trafficking, they should share information with one another as appropriate, under Section 314(b) of the USA PATRIOT Act. If a financial institution knows, suspects, or has reason to suspect that a transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the financial institution knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction, the financial institution should file a SAR with the terms “Advisory Human Smuggling” and/or Advisory Human Trafficking” in the narrative and the Suspicious Activity Information. The narrative should also include an explanation of why the institution knows, suspects, or has reason to suspect that the activity is suspicious. The advisory further notes that a potential victim of human smuggling or trafficking should not be reported as the subject of the SAR, but rather to provide all available information on the victim in the narrative portion of the SAR.
Special Alert: FinCEN Publishes Long-Awaited Proposed Customer Due Diligence Requirements
On August 4, 2014, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) published a Notice of Proposed Rulemaking ("NPRM") that would amend existing Bank Secrecy Act (“BSA”) regulations intended to clarify and strengthen customer due diligence (“CDD”) obligations for banks, securities broker-dealers, mutual funds, and futures commission merchants and introducing brokers in commodities (collectively, “covered financial institutions”).
In drafting the modifications, FinCEN clearly took into consideration comments responding to its February 2012 Advance Notice of Proposed Rulemaking (“ANPRM”), as the current proposal appears narrower and somewhat less burdensome on financial institutions. Comments on the proposed rulemaking are due October 3, 2014.
Overview: Under the NPRM, covered financial institutions would be obligated to collect information on the natural persons behind legal entity customers (beneficial owners) and the proposed rule would make CDD an explicit requirement. If adopted the NPRM would amend FinCEN’s AML program rule (the four pillars) by making CDD a fifth pillar.
Click here to view the special alert.