Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On December 4, FinCEN announced the release of a Financial Trend Analysis titled, “Elders Face Increased Financial Threat from Domestic and Foreign Actors.” In compiling the report, FinCEN reviewed Bank Secrecy Act (BSA) elder financial exploitation suspicious activity reports (SARs) from 2013 to 2019 to detect patterns and trends. Among other things, the study found that (i) elder financial exploitation filings nearly tripled during the study period, from around 2,000 per month in 2013 to nearly 7,500 in 2019, the majority of which were filed by money services businesses (MSBs) and depository institutions; (ii) while the amount of SARs filed by MSBs ebbed and flowed from 2013 to 2019, those of depository institutions steadily increased; (iii) MSBs filed nearly 80 percent of all SARs describing financial scams, while securities and futures firms filed just over 70 percent of all SARs describing theft; (iv) financial theft from elders is most frequently perpetrated by family members or caregivers; (v) SARs indicated that the most common scams included lottery, person-in-need, and romance scams, the majority of which saw elder victims transferring funds through MSBs; and (vi) money transfer scam SARs were most commonly filed by MSBs who transferred money to a receiver located outside the U.S.
Federal and state banking regulators confirmed in a December 3 joint statement that banks are no longer required to file a suspicious activity report on customers solely because they are “engaged in the growth or cultivation of hemp in accordance with applicable laws and regulations.”
* * *
Click here to read the full special alert.
For questions about the alert and related issues, please visit our Bank Secrecy Act/Anti-Money Laundering practice page, or contact a Buckley attorney with whom you have worked in the past.
On November 15, Financial Crimes Enforcement Network (FinCEN) Director Kenneth Blanco delivered remarks at the Chainalysis Blockchain Symposium to discuss, among other things, the agency’s focus on convertible virtual currency (CVC) and remind attendees—particularly financial institutions—of their compliance obligations. Specifically, Blanco emphasized that FinCEN applies a “technology-neutral regulatory framework to any activity that provides the same functionality at the same level of risk, regardless of its label.” As such, money transmissions denominated in CVC, Blanco stated, are money transmissions. Blanco discussed guidance issued by FinCEN in May (previously covered by InfoBytes here) that reminded persons subject to the Bank Secrecy Act (BSA) how FinCEN regulations relating to money services businesses apply to certain business models involving money transmissions denominated in CVC. Blanco also highlighted the agency’s recent collaboration with the CFTC and the SEC to issue joint guidance on digital asset compliance obligations. (Previous InfoBytes coverage here.) Highlights of Blanco’s remarks include (i) suspicious activity reporting related to CVC has increased, including “filings from exchanges identifying potential unregistered, foreign-located money services businesses”; (ii) compliance with the “Funds Travel Rule” is mandatory and applies to CVC; (iii) for anti-money laundering/combating the funding of terrorism purposes, accepting and transmitting activity denominated in stablecoins falls within FinCEN's definition of “money transmission services” under the BSA; and (iv) administrators of stablecoins must register as money services businesses with FinCEN.
On October 25, the FDIC announced its release of a list of administrative enforcement actions taken against banks and individuals in September. According to the press release, the FDIC issued 24 orders, which include “one consent order; five removal and prohibition orders; six assessments of civil money penalty; three voluntary terminations of deposit insurance; six section 19 orders; and three terminations of orders of restitution.”
Among other actions, the FDIC assessed separate civil money penalties (CMPs) against four banks for alleged violations of the Flood Disaster Protection Act:
- New Jersey-based bank CMP: Failure to (i) notify borrowers that they should obtain flood insurance; and (ii) follow force-placement flood insurance procedures;
- Wisconsin-based bank CMP: Failure to (i) maintain flood insurance coverage for the term of a loan; (ii) follow force-placement flood insurance procedures; and (iii) provide written notice to borrowers concerning flood insurance coverage prior to extending, increasing, or renewing a loan;
- Wisconsin-based bank CMP: Failure to (i) follow escrow requirements for flood insurance; and (ii) provide borrowers with notice of the availability of federal disaster relief assistance;
- Wisconsin-based bank CMP: Failure to (i) obtain flood insurance coverage on loans at the time of origination; (ii) obtain adequate flood insurance; (iii) follow escrow requirements for flood insurance; (iv) follow force-placement flood insurance procedures; and (v) provide borrowers with notice of the availability of federal disaster relief assistance.
The FDIC also assessed a CMP against an Oregon-based bank for allegedly violating RESPA and the TCPA by (i) placing telemarketing calls to consumers listed on the Do-Not-Call registry; and (ii) using an automated dialing system to send pre-recorded calls or text messages to consumers’ cell phones.
Additionally, the FDIC entered a notice of charges and hearing against a Georgia-based bank relating to alleged weaknesses in its Bank Secrecy Act compliance program.
On October 22, the U.S. House passed the Corporate Transparency Act of 2019 (H.R. 2513) by a vote of 249-173. The bill, which now heads to the Senate, would, among other things, update anti-money laundering (AML) rules, and direct the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) to collect and retain beneficial ownership information for corporations and limited liability companies for law enforcement agencies to access. Additionally, H.R. 2513 would update and revise the existing AML/Bank Secrecy Act framework to facilitate information sharing between law enforcement and regulators to prevent illicit activity such as terrorist financing and money laundering. The White House issued a statement of administration policy after the bill’s passage to commend the measure, emphasizing, however, that additional steps must be taken to improve H.R. 2513 as it moves along the legislative process: “These include aligning the definition of ‘beneficial owner’ to the [FinCEN’s] Customer Due Diligence Final Rule, protecting small businesses from unduly burdensome disclosure requirements, and providing for adequate access controls with respect to the information gathered under this bill’s new disclosure regime.”
On October 11, the SEC, Commodity Futures Trading Commission (CFTC), and Financial Crimes Enforcement Network (FinCEN) issued a joint statement to remind persons who engage in digital asset activities or handle cryptocurrency transactions of their anti-money laundering and countering the financing of terrorism (AML/CFT) obligations under the Bank Secrecy Act (BSA). According to the agencies, AML/CFT obligations apply to entities defined as “financial institutions” under the Bank Secrecy Act, which include “futures commission merchants and introducing brokers obligated to register with the CFTC, money services businesses (MSB) as defined by FinCEN, and broker-dealers and mutual funds obligated to register with the SEC.” The obligations include, among other things, (i) establishing and implementing an effective AML program; and (ii) complying with recordkeeping and reporting requirements such as suspicious activity reporting (SARs).
The agencies note that persons who engage in digital asset-related activities may have AML/CFT obligations regardless of the “label or terminology used to describe a digital asset or a person engaging in or providing financial activities or services involving a digital asset.” According to the agencies, the facts and circumstances underlying the asset or service, “including its economic reality and use,” is what determines how the asset is categorized, the applicable regulatory treatment, and whether the persons involved are financial institution under the BSA.
Additionally, FinCEN reminded financial institutions of its supervisory and enforcement authority to “ensure the effectiveness of the AML/CFT regime,” emphasizing that persons who provide money transmission services are MSBs subject to FinCEN regulation. FinCEN also referred to its May 2019 interpretive guidance, which consolidated and clarified current FinCEN regulations, guidance, and administrative rulings related to money transmissions involving virtual currency. (Previous InfoBytes coverage here.)
On October 3, the California Department of Business Oversight (DBO) issued guidance for state-chartered financial institutions that serve cannabis-related businesses. The guidance, which is intended to help financial institutions manage risks appropriately, addresses cannabis program governance and compliance with the Bank Secrecy Act (BSA), as well as cannabis banking guidance issued in 2014 by the Financial Crimes Enforcement Network (FinCEN). As previously covered by InfoBytes, FinCEN’s guidance—which includes federal law enforcement priorities still in effect that were taken from a now-rescinded DOJ memo—details the necessary elements of a customer due diligence program, ongoing monitoring and suspicious activity report filing requirements, and priorities and potential red flags. Notably, the DBO states that while it will not bring regulatory actions against state-chartered financial institutions “solely for establishing a banking relationship with licensed cannabis businesses,” it expects all financial institutions to comply with FinCEN’s BSA expectations and guidance to make appropriate risk assessments. The DBO also referred bank examiners to its September Cannabis Job Aid, which is intended to assist with the examination of financial institutions that may be banking cannabis-related businesses.
On September 24, Financial Crimes Enforcement Network (FinCEN) Director Kenneth Blanco spoke at the Federal Identity (FedID) Forum and Exposition, discussing the role of FinCEN in combatting fraud and cybercrime and highlighting concerns regarding identity crimes. Blanco noted that FinCEN sees approximately 5,000 account takeover reports each month, a crime that “involves the targeting of financial institution customer accounts to gain unauthorized access to funds.” Moreover, FinCEN sees a high amount of fraud through account takeovers via fintech platforms, where cybercriminals use fintech data aggregators to facilitate account takeovers and fraudulent wires. Blanco stated that cybercriminals create fraudulent accounts and are able to “exploit the platforms’ integration with various financial services to initiate seemingly legitimate financial activity while creating a degree of separation from traditional fraud detection efforts.”
Additionally, Blanco discussed how cybercriminals use business email compromise (BEC) fraud schemes to target financial institutions and relayed FinCEN’s efforts to combat these schemes. As previously covered by InfoBytes, in July, FinCEN issued an updated advisory, describing general trends in BEC schemes, information concerning the targeting of non-business entities, and risks associated with the targeting of vulnerable business processes. Blanco also discussed (i) FinCEN’s final rule titled the “Customer Due Diligence Requirements for Financial Institutions,” (the CDD Rule) (prior coverage by InfoBytes here); and (ii) FinCEN’s December 2018 joint statement with federal banking agencies encouraging innovative approaches to combatting money laundering, terrorist financing, and other illicit financial threats when safeguarding the financial system (previously covered by InfoBytes here).
On September 11, Financial Crimes Enforcement Network (FinCEN) Deputy Director Jamal El-Hindi delivered remarks at the 2019 Money Transmitter Regulators Association’s annual conference. El Hindi’s remarks focused on innovation and reform pertaining to the Bank Secrecy Act (BSA), supervision in the non-bank financial institution sector and coordination with state supervisors, and “the importance of a strong culture of compliance and what it means in a national and global security context.” According to El-Hindi, the BSA/anti-money laundering system “is good; but it can always be improved,” including through innovations that can “help better detect and safeguard against illicit activity.” El-Hindi reiterated FinCEN’s policy statement from December 2018, which encouraged innovation in the banking sector. (Previously covered by InfoBytes here.)
El-Hindi also highlighted recent discussions related to the role artificial intelligence can play in reducing false positives to assist human analysis, and the potential for blockchain technology to enhance transparency through the understanding of customer identity or transaction profiles. He noted that these themes and others emerged from FinCEN’s recent “Innovation Hours Program,” which encourages fintech companies, regtech companies, and financial institutions to present to FinCEN new and innovative products and services for potential use in the financial sector. The program’s upcoming September meeting will focus on innovations in “know your customer” compliance, BSA reporting, and core inter-bank payment and messaging systems associated with industry anti-money laundering/combating the financing of terrorism efforts. Additionally, El-Hindi noted that FinCEN’s enhanced supervision of nonbank financial institutions involves “actively prioritizing and engaging in,” among other activities, (i) conducting examinations of “specialized, rapidly evolving” financial services providers (e.g., virtual currency exchangers and administrators); (ii) identifying sector data to support FinCEN's analytic endeavors; and (iii) developing a stronger framework for risk assessments of the nonbank financial sector “from both the compliance and illicit activity standpoints.” El-Hindi closed his remarks by encouraging FinCEN and other regulators to discuss with foreign counterparts “the concept of a culture of compliance in the United States and what underpins it, and explore with our counterparts concepts that could underpin a culture of compliance in their own jurisdictions.”
On August 30, the FDIC announced its release of a list of administrative enforcement actions taken against banks and individuals in July. The list reflects that the FDIC issued fourteen orders and one notice of charges, which include “four stipulated consent orders; four terminations of consent orders; four Section 19 orders; one stipulated civil money penalty order; one stipulated removal and prohibition order; and one notice of charges and hearing.”
Among other actions, the FDIC assessed a civil money penalty (CMP) against a Louisiana-based bank for alleged violations of the Flood Disaster Protection Act, including, among other things, (i) failing to obtain flood insurance coverage on loans at the time of origination, increase, renewal, or extension; or (ii) failing to maintain flood insurance coverage for the term of a loan secured by property located or to be located in a special flood hazard area.
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at an American Bar Association webinar
- Kari K. Hall and Christopher M. Walczyszyn to speak on the "Understanding updates to Regulation CC to ensure effective check processing" at a National Association of Federal Credit Unions webinar
- Daniel P. Stipano to discuss "ACAMS Moneylaundering.com Year-End Compliance Review and 2020 Outlook" at an ACAMS webinar
- APPROVED Webcast: Periodic reporting made easier
- Daniel P. Stipano to discuss "A 20/20 view on 2020’s legislative and regulatory outlook" at the ACAMS Anti-Financial Crime and Public Policy Conference