Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On May 31, the FDIC announced its release of a list of administrative enforcement actions taken against banks and individuals in April. The list reflects that the FDIC issued 17 orders, which includes “two consent orders; three terminations of consent orders; five Section 19 orders; three removal and prohibition orders; and four orders to pay civil money penalty.” Among other actions, the FDIC assessed civil money penalties against three separate banks (see here, here, and here) for alleged violations of the Flood Disaster Protection Act, including failing to (i) obtain flood insurance coverage on loans at or before origination; (ii) maintain, increase, extend, renew, or provide written notification to borrowers concerning flood insurance coverage on loans secured by collateral located in special flood hazard areas; (iii) follow force-placement flood insurance procedures; or (iv) provide borrowers with notice of the availability of federal disaster relief assistance within a reasonable timeframe.
The FDIC also assessed a civil money penalty against a New York-based bank related to alleged violations of the Bank Secrecy Act.
On May 24, the Financial Crimes Enforcement Network (FinCEN) announced a new program that will provide opportunities for fintech/regulatory technology companies and financial institutions to showcase new and emerging innovative approaches for combating money laundering and terrorist financing and to demonstrate how other financial institutions could use similar technologies. The FinCEN Innovation Hours Program will accept meetings once per month, with primary consideration given to entities that are already operational. According to FinCEN, the program is part of a broader initiative introduced last year (previously covered by InfoBytes here and here) that encourages banks and credit unions to explore innovative approaches such as artificial intelligence, digital identity technologies, and internal financial intelligence units to combat illicit financial threats, as well as collaborative arrangements to share resources and enhance the effectiveness and efficiency of Bank Secrecy Act/anti-money laundering compliance programs.
On May 20, the OCC released its Semiannual Risk Perspective for Spring 2019, identifying and reiterating key risk areas that pose a threat to the safety and soundness of the federal banking system, focusing on the following risk areas: credit, operational, compliance, and interest rate. The OCC noted that rapid growth within the fintech and regulatory technology space impacts each of these risk areas, which the agency is monitoring closely in order to implement necessary actions to address concerns. Overall, although the OCC acknowledged that the health of the federal banking system remains strong, specific risk areas of concern include (i) the need to have in place appropriate risk management practices as well as methods for assessing “the quality and timeliness of credit risk identification, risk mitigation, and loan loss reserve methodology”; (ii) elevated operational risk as banks adapt to a changing and increasingly complex operating environment, including cybersecurity threats, fintech innovation, and a reliance on third-party providers; (iii) high compliance risk related to Bank Secrecy Act/anti-money laundering (BSA/AML), as well as challenges facing banks to “effectively manage money-laundering risks in a complex, dynamic global operating and regulatory environment”; and (iv) potential challenges to earnings due to interest rate risk and liquidity risk, which lead to increased difficulties when forecasting liability costs.
Concerning BSA/AML risk, the OCC specifically noted that AML-related deficiencies “stem from three primary causes: inadequate customer due diligence and enhanced due diligence, insufficient customer risk identification, and ineffective processes related to suspicious activity monitoring and reporting, including the timeliness and accuracy of Suspicious Activity Report filings. Talent acquisition and staff retention to manage BSA/AML compliance programs and associated operations present ongoing challenges, particularly at smaller regional and community banks.” The report reminded banks that necessary training, quality assurance, independent testing, and control updates are expected to be implemented during the FY 2019 examination cycle as required under the Financial Crimes Enforcement Network’s customer due diligence rule (previously covered by InfoBytes here).
“Innovation can enhance a bank’s ability to compete by introducing new ways to meet customer product and service needs, improve operating efficiencies, and increase revenue,” the OCC noted, but changing business models or offering new products and services can “elevate strategic risk when pursued without appropriate corporate governance and risk management.”
On May 16, the Federal Reserve Board (Board) announced an enforcement action against a Nebraska-based bank for allegedly violating the National Flood Insurance Act (NFIA) and Regulation H, which implements the NFIA. The consent order assesses a $69,000 penalty against the bank, but does not specify the number or the precise nature of the alleged violations. The maximum civil money penalty for a pattern or practice of violations under the NFIA is $2,000 per violation.
The same day, the Board issued an order of prohibition against a former employee and institution-affiliated party of an Illinois-based bank for allegedly engaging in unsafe and unsound lending practices, including engaging in improper lending practices and failing to implement adequate Bank Secrecy Act/anti-money laundering controls and training. The terms of the order prohibit the individual from, among other things, “participating in any manner in the conduct of the affairs of any financial institution or organization specified in section 8(e)(9)(A) of the [Federal Deposit Insurance Act],” or “voting for a director, or serving or acting as an institution-affiliated party.”
On May 9, the Financial Crimes Enforcement Network (FinCEN) issued new guidance designed to consolidate and clarify current FinCEN regulations, guidance, and administrative rulings related to money transmissions involving virtual currency. FinCEN noted that the guidance, “Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies (CVC),” serves to “remind persons subject to the Bank Secrecy Act (BSA) how FinCEN regulations relating to money services businesses (MSBs) apply to certain business models involving money transmission denominated in value that substitutes for currency, specifically, convertible virtual currencies (CVCs).” The guidance does not create any new expectations but instead “applies the same interpretive criteria to other common business models involving CVC.” These business models include peer-to-peer exchangers, CVC wallets, CVC money transmission services through electronic terminals (CVC kiosks), decentralized (or distributed) applications (DApp), anonymity-enhanced CVC transactions, CVC payment processors, and internet casinos. Finally, the guidance also specifies specific business models that may be exempt from the definition of a money transmitter. The same day, FinCEN also issued an “Advisory on Illicit Activity Involving Convertible Virtual Currency” to highlight threats posed by the criminal exploitation of CVCs for money laundering, sanctions evasion, and other illicit financing purposes, and to provide identification and reporting guidance for financial institutions.
On May 6, the Financial Industry Regulatory Authority (FINRA) issued Regulatory Notice 19-18, which provides guidance to member firms regarding suspicious activity monitoring and reporting obligations under FINRA’s Anti-Money Laundering Compliance Program. Specifically, the Notice is intended to assist broker-dealers with their existing obligations under Bank Secrecy Act/Anti-Money Laundering (BSA/AML) requirements by providing a list of “money laundering red flags,” augmenting the red flags list from the 2002 Notice to Members 02-21 with additional red flags published by a number of U.S. government agencies and international organizations. The guidance lists potential red flags in a number of categories, including (i) customer due diligence and interactions with customers; (ii) deposits of securities; (iii) securities trading; (iv) money movements; and (v) insurance products. The Notice emphasizes that the list of 97 red flags “is not an exhaustive list and does not guarantee compliance with AML program requirements or provide a safe harbor from regulatory responsibility,” but rather provides examples for firms to consider incorporating into their AML programs, as may be appropriate in implementing a risk-based approach to BSA/AML compliance. The Notice also reminds firms to be aware of emerging areas of risk, such as those associated with activity in digital assets.
On May 3, the Financial Crimes Enforcement Network (FinCEN) issued an updated advisory to warn financial institutions of continued public corruption and attempted money laundering related to Venezuelan government agencies and political figures. The advisory updates a September 2017 advisory (previously covered by InfoBytes here) and renews the description of public corruption in Venezuela. The advisory also describes how “corrupt Venezuelan senior political figures exploit a Venezuelan government-administered food program by directing overvalued, no-bid contracts to co-conspirators that use ‘an over-invoicing trade-based money laundering’” scheme, which involves, among other things, front or shell companies, non-dollar denominated accounts, and nested accounts designed to evade sanctions and anti-money laundering/countering the financing of terrorism (AML/CFT) controls. The advisory also notes attempts by former President Maduro’s regime to evade sanctions and AML/CFT controls through the use of digital currency. The update provides revised financial red flags to assist with the identification and reporting of suspicious activity to FinCEN in connection with senior Venezuelan political figures.
FinCEN further emphasizes that financial institutions should continue to follow a risk-based approach and that normal transactions involving Venezuelan business and nationals are not necessarily reflective of the aforementioned risks.
See here for continuing InfoBytes coverage of actions related to Venezuela.
On April 25, the Federal Reserve Board announced an enforcement action against a Japanese bank for alleged weaknesses in its New York branch’s anti-money laundering risk management and compliance programs, including a failure to comply with applicable rules and regulations, including the Bank Secrecy Act. Under the terms of the order, the bank is required to, among other things, (i) develop and implement a written plan to strengthen the board of directors’ oversight of Bank Secrecy Act/anti-money laundering (BSA/AML) compliance and Office of Foreign Assets Control (OFAC) regulations; (ii) submit an enhanced written compliance program that complies with BSA/AML requirements; (iii) submit an enhanced, written customer due diligence plan; (iv) submit a written program to ensure compliant, timely, and accurate suspicious activity monitoring and reporting; (v) submit a written plan to enhance OFAC regulation compliance; and (vi) submit a written plan for independent testing of the bank’s compliance with all applicable BSA/AML requirements. A civil money penalty was not assessed against the bank or the branch.
On April 26, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in March. The 13 orders include “three consent orders; two orders terminating consent orders; four Section 19 orders; one removal and prohibition order; two voluntary terminations of insurance orders; and two orders to pay civil money penalty.” The FDIC assessed, among other things, a $200,000 civil money penalty against an Oklahoma-based bank for allegedly violating the FTC Act and the TCPA by (i) using telemarketers who misrepresented themselves as employees or affiliates of the federal government; and (ii) placing calls to consumers who appeared on the National Do Not Call Registry or who requested to be added to the bank’s internal Do Not Call List.
The FDIC also assessed a consent order against an Illinois-based bank related to alleged weaknesses in its Bank Secrecy Act (BSA) compliance program. Among other things, the bank is ordered to (i) designate a senior official to enforce and take corrective action related to its BSA compliance policy; (ii) implement a revised, comprehensive written BSA compliance program and system of internal controls to address provisions, including currency transaction reporting, customer identification program, beneficial ownership, and information sharing requirements; (iii) adopt a written Customer Due Diligence Program to assure the reasonable detection of suspicious activity, specifically for money services businesses and privately-owned ATM customers; (iv) implement a process for account transaction monitoring; (v) implement a comprehensive BSA training program for appropriate personnel; (vi) conduct a look back review to ensure certain transactions were appropriately identified and reported; and (vii) revise its internal control programs to correct the identified deficiencies.
On April 18, the Financial Crimes Enforcement Network (FinCEN) announced a civil money penalty against an individual operating as peer-to-peer exchanger for willful violations of Bank Secrecy Act (BSA) money service business (MSB) requirements. According to FinCEN, the exchanger engaged in activities such as (i) advertising his intentions to purchase and sell bitcoin; and (ii) completing transactions using in-person cash payments, currency sent or received in the mail, or wire transfers through the use of a depository institution. These activities, FinCEN claimed, qualified him as a virtual currency exchanger, MSB, and a financial institution under the BSA. As such, the exchanger was required to register as a MSB with FinCEN, establish and implement an effective written anti-money laundering program, detect and file suspicious activity reports, and report currency transactions, which he failed to do. The order requires the exchanger to pay a $35,350 civil money penalty and permanently prohibits him from engaging in any activity that would qualify him as a MSB.
- APPROVED Webcast: Introducing Mogy — APPROVED’s licensing technology solution
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Christopher M. Witeck and Moorari K. Shah to discuss "The latest in vendor management regulations" at a Mortgage Bankers Association webinar
- Buckley Webcast: Hot topics in debt collection — An analysis of recent federal FDCPA litigation
- Jonice Gray Tucker to discuss "How to succeed in law school" at the SEO Law DC Panel Discussions
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference