Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • OCC announces enforcement actions targeting BSA/AML compliance deficiencies

    Federal Issues

    On April 19, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include cease and desist orders, civil money penalty orders, and removal/prohibition orders. The consent orders described below were among those in the OCC’s list:

    Cease and Desist Consent Order. On February 28, the OCC issued a consent order against a Washington-based bank for deficiencies related to its Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program. Among other things, the consent order requires the bank to (i) maintain a Compliance Committee consisting of at least three board members; (ii) develop and implement an ongoing BSA/AML risk assessment program; (iii) create and implement BSA internal controls to mitigate risks; (iv) develop and implement policies and procedures for an automated suspicious activity monitoring system; (v) conduct a “Look-Back” to determine whether suspicious activity was timely identified and reported by the bank and whether additional SARs should be filed for previously unreported suspicious activity; (vi) adopt an independent third-party audit program to conduct a review of the bank’s BSA/AML compliance program; and (viii) create a comprehensive training program for appropriate bank personnel. The bank has neither admitted nor denied the findings.

    Civil Money Penalty Consent Order. On March 3, the OCC issued a consent order (2018 Order) against an officer of a California-based bank for violating consent orders issued in 2010 and 2014 related to deficiencies identified in the bank’s BSA/AML rules and regulations and for violations of 12 C.F.R. § 21.21 (Procedures for Monitoring Bank Secrecy Act Compliance). According to the 2018 Order, the officer, who was responsible for overseeing the bank’s operations department, allegedly engaged in “unsafe or unsound practices”; made false statements to the OCC and advised other bank employees to corroborate the statements; and “failed to take the necessary actions to ensure that the [b]ank corrected the deficiencies. . .” The 2018 Order requires the officer to, among other things, pay a $5,000 civil money penalty, and—under the cease and desist terms—participate in BSA/AML compliance training and refrain from making any BSA/AML staffing decisions. The officer, while agreeing to the terms of the consent order, has not admitted or denied any wrongdoing.

    Federal Issues OCC Enforcement Bank Secrecy Act Anti-Money Laundering Risk Management

  • NYDFS launches online portal for anti-terrorism and anti-money laundering regulation compliance certification

    Financial Crimes

    On April 9, the New York Department of Financial Services (NYDFS) announced the launch of a new online portal that regulated entities may use to securely file certifications required under New York’s risk-based anti-terrorism and anti-money laundering regulation. This regulation took effect January 1, 2017, and regulated entities must file their first certification of compliance by April 16 and annually thereafter. The regulation requires regulated entities to maintain programs to monitor and filter transactions for potential Bank Secrecy Act/anti-money laundering violations, and ban transactions with sanctioned entities. The announcement states that filing through the online portal is preferred over alternative filing mechanisms.

    Financial Crimes NYDFS Bank Secrecy Act Anti-Money Laundering State Issues

  • FINRA revises anti-money laundering template for small firms

    Agency Rule-Making & Guidance

    On April 4, the Financial Industry Regulatory Authority (FINRA) released a revised template to assist FINRA-registered small firms in developing and implementing risk-based anti-money laundering (AML) programs as required by the Bank Secrecy Act and FINRA Rule 3310. Changes to the template reflect FinCEN’s final rule concerning customer due diligence requirements for covered financial institutions (CDD rule), which goes into effect May 11. (See previous InfoBytes coverage on the CDD rule here.) The CDD rule requires covered financial institutions, including FINRA-registered firms, to identify the beneficial owners of legal entity customers who open new accounts.

    Agency Rule-Making & Guidance FINRA FinCEN Anti-Money Laundering Customer Due Diligence Department of Treasury Bank Secrecy Act Financial Crimes CDD Rule

  • Bank and shareholders reach settlement over BSA/AML compliance allegations

    Securities

    On March 30, a regional bank reached a $13 million settlement with a group of its shareholders over allegations of misleading statements and omissions regarding the bank’s compliance with fair lending laws, and Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations. The shareholders—purchasers of the bank’s stock between July 2013 and July 2014—allege that the bank’s misrepresentations regarding their compliance with BSA/AML laws, as well as other laws and regulations, artificially inflated the price of the bank’s stock. According to the settlement, both parties’ decisions to enter into the agreement were partially due to the length and expense of continued litigation, which began in 2014. The shareholders initiated the class action litigation in July 2014; however, the U.S. Court of Appeals for the 6th Circuit vacated the initial class certification in September 2016, remanding to the district court for further proceedings. The class was recertified by the district court in June 2017 with the 6th Circuit denying the bank’s petition for appeal of the recertification. The bank denies all allegations of wrongdoing and liability in the settlement.

    Securities Settlement Bank Secrecy Act Anti-Money Laundering Appellate Sixth Circuit Class Action

  • Buckley Sandler Insights: FinCEN updates FAQs regarding customer due diligence requirements for financial institutions

    Agency Rule-Making & Guidance

    On April 3, the Financial Crimes Enforcement Network released an update to its FAQs in advance of the upcoming Customer Due Diligence Requirements for Financial Institutions final rule (issued in 2016 and amended last September for various technical corrections) that goes into effect May 11. As previously covered in InfoBytes, the final rule imposes standardized customer due diligence (CDD) requirements under the Bank Secrecy Act for covered financial institutions and requires financial institutions to identify and verify beneficial owners of legal entity customers, subject to certain exclusions and exemptions. The supplemental FAQs (see InfoBytes coverage on an earlier set of FAQs issued in 2016) assist covered financial institutions in understanding the scope of their CDD requirements, as well as the CDD rule’s impact on broader anti-money laundering (AML) program obligations, and cover a broad range of interpretations including the following:

    • Question 1 specifies covered financial institutions will satisfy the requirements to identify and verify beneficial owners of legal entity customers by collecting and verifying the identity of individuals who directly or indirectly own 25 percent or more of the equity interests in a legal entity customer, as well as “one individual who has managerial control of a legal entity customer.” However, they may choose to implement stricter written internal policies and procedures and expand their information collection to include more than one individual with managerial control or persons owning a lower percentage of equity interests.
    • Question 3 clarifies that covered financial institutions may reasonably rely on a legal entity customer to provide the identities of individuals who satisfy the definition of beneficial ownership, whether indirectly or directly, and “need not independently investigate the legal entity customer’s ownership structure.”
    • Question 7 states that for existing customers, a covered financial institution may rely on information in its possession subject to its Customer Identification Program (CIP) to fulfill the beneficial ownership identification and verification requirements, “provided the existing information is up-to-date, accurate, and the legal entity customer’s representative certifies or confirms (verbally or in writing) the accuracy of the pre-existing CIP information.”
    • Question 10 states that if a legal entity customer opens multiple accounts, the covered financial institution may rely on information obtained from a previously issued certification form (or equivalent), provided the legal entity customer certifies or confirms—verbally or in writing—that such information is up-to-date and accurate at the time each subsequent account is opened. Records of such certification or confirmation must also be maintained.
    • Question 12 confirms that covered financial institutions seeking to renew a loan or roll over a certificate of deposit must treat these as new accounts and require their legal entities customers to certify or confirm beneficial owners, “even if the legal entity is an existing customer.”
    • Question 18 stipulates that covered financial institutions are not required to identify and verify the identity of beneficial owners that own 25 percent or more of the equity interests of a pooled investment vehicle, whether or not such vehicle is managed by a “financial institution,” due to the typical fluctuation of ownership. However, Question 18 notes that covered financial entities must collect beneficial ownership information for an individual who has significant control or management over the vehicle as required under the control prong to comply with the CDD rule.
    • Question 19 concerns trusts overseen by multiple trustees and states that in circumstances where a trust owns 25 percent or more of the equity interests of a legal entity customer, covered financial institutions are required, at a minimum, to collect beneficial ownership information on a single trustee but may choose to identify additional co-trustees based on risk assessment or a risk profile.
    • Question 21 specifies that a covered financial institution may rely on information provided by a legal entity customer to determine eligibility for exclusion from the definition of a legal entity customer, provided the financial institution has no knowledge of facts that would reasonably call into question the reliability of such information. Covered financial institutions should also ensure that their risk-based written policies and procedures address and specify the type of information to be used when reasonably determining exclusion eligibility. 
    • Question 28 stipulates which non-U.S. governmental entities qualify for exclusion from the definition of a legal entity customer. It specifies that state-owned enterprises that engage in profit-seeking activities, such as sovereign wealth funds, airlines, and oil companies, are not excluded from the definition of a legal entity.
    • Questions 29-31 provide guidance on account level beneficial owner exceptions related to (i) point of sale products for certain low-risk retail credit accounts; and (ii) certain equipment finance and lease accounts with low money laundering risks. Question 31 also stipulates that an equipment lease and purchase exemption would apply in circumstances where a customer leases necessary equipment directly from a covered financial institution.
    • Questions 32-33 provide guidance on circumstances where beneficial ownership information should be aggregated for purposes of complying with Currency Transaction Report (CTR) requirements, and state that “absent indications that the businesses are not operating independently . . . , financial institutions should not aggregate transactions involving those businesses with those of each other or with those of the common owner for CTR filing.” Furthermore, covered financial institutions are generally not required to list beneficial owners on a CTR.
    • Question 35 specifies what information covered financial institutions should collect and consider as part of on-going CDD when developing customer risk profiles. Specifically, covered financial institutions should develop an understanding of the “nature and purpose of a customer relationship,” and review information obtained at the opening of an account such as type of customer, account, service, or product.

    Agency Rule-Making & Guidance FinCEN Bank Secrecy Act Anti-Money Laundering Customer Due Diligence Department of Treasury CDD Rule Beneficial Ownership

  • OCC announces March 2018 enforcement actions and terminations

    Federal Issues

    On March 16, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such parties. The new enforcement actions include a cease and desist order, a civil money penalty order, notices filed, and recently terminated enforcement actions. Two notable actions are as follows:

    Cease and Desist Consent Order. On February 12, the OCC issued a consent order against a New Jersey-based bank for deficiencies related to its Bank Secrecy Act/Anti-Money Laundering (BSA/AML) rules and regulations. Among other things, the consent order requires the bank to (i) appoint an independent third-party consultant to conduct a review of the bank’s BSA/AML compliance program; (ii) review and update a comprehensive BSA/AML compliance action plan and monitoring system; (iii) create a comprehensive training program for “appropriate operational and supervisory personnel, and the Board of Directors, to ensure their awareness of their responsibility for compliance with” the BSA; (iv) develop policies and procedures related to the collection of customer due diligence and enhanced due diligence when opening accounts; (v) appoint a BSA officer; (vi) develop and conduct ongoing BSA/AML risk assessments to monitor accounts for “high-risk customers”; and (vii) conduct a “Look-Back” plan to determine whether suspicious activity was timely identified and reported by the bank and whether additional SARs should be filed for previously unreported suspicious activity. Furthermore, the bank is prohibited from opening new accounts for commercial customers designated as “medium risk or higher” in areas such as “money services businesses, foreign or domestic correspondent banks, payment processors, or cash-intensive businesses” without prior authorization. The bank, while agreeing to the terms of the consent order, has neither admitted nor denied any wrongdoing.

    Termination of enforcement action. On February 14, the OCC terminated a 2002 consent order issued against a Texas-based payday lender after determining that “the safe and sound operation of the banking system does not require the continued existence of” previously issued restrictions. In 2002, the OCC claimed the payday lender engaged in “unsafe and unsound” practices, including violations of ECOA and TILA for failing to safeguard customers’ loan files. Among other things, the consent order fined the payday lender a $250,000 civil money penalty, imposed record-keeping requirements, and prohibited it from “entering into any kind of written or oral agreement to provide any services, including payday lending, to any national bank or its subsidiaries without the prior approval of the OCC.”

    Federal Issues OCC Enforcement Bank Secrecy Act Anti-Money Laundering Payday Lending Customer Due Diligence

  • Federal Reserve orders Chinese bank to correct BSA/AML controls

    Financial Crimes

    On March 12, the Federal Reserve Board (Fed) entered into a consent order with a Chinese bank (bank) and its New York branch (branch) in connection with alleged Bank Secrecy Act and anti-money laundering (BSA/AML) violations. According to the Fed’s order, a recent examination identified “significant deficiencies” in the branch’s BSA/AML compliance and risk management controls. The consent order requires, among other things, the bank and branch submit within 60 days: (i) a written governance plan to achieve compliance with BSA/AML requirements; (ii) a system to identify and assess risks associated with all products and customers, including “politically exposed persons”; (iii) an enhanced customer due diligence program plan; and (iv) a compliance program to ensure accurate suspicious activity monitoring and reporting. The bank and branch are further required to engage an independent third party acceptable to the Fed to review their dollar-clearing transaction activity in the second half of 2016 “to determine whether suspicious activity involving high-risk customers or transactions” was properly flagged. The order imposes no financial penalty.

    Financial Crimes Federal Reserve Bank Secrecy Act Anti-Money Laundering Bank Compliance International Customer Due Diligence

  • 9th Circuit denies bank’s challenge to FDIC bank secrecy order

    Courts

    On March 12, the U.S. Court of Appeals for the 9th Circuit upheld a 2016 FDIC cease and desist order against a California bank arising out of alleged deficiencies in compliance management relating to the Bank Secrecy Act (BSA) and anti-money laundering laws. According to the opinion, FDIC examinations dating back to 2010 identified areas for BSA compliance improvement. While the bank made adjustments in response to the original findings, a 2012 FDIC examination found the bank’s BSA compliance program still was deficient, including because it did not “establish and maintain procedures designed to ensure adequate internal controls, independent testing, administration, and training”—known as the “four pillars”—and because the bank had not filed a necessary suspicious activity report. The bank argued that the BSA compliance standards were too vague, accused FDIC examiners of bias during the examination in a manner that violated its due process rights, and alleged that the decision was not supported by substantial evidence.

    The three-judge panel ruled that (i) there was no bias in the FDIC’s decision to assess a penalty against the bank because there was substantial evidence to support an administrative law judge’s findings that the bank’s failure to maintain adequate controls violated BSA regulations; and (ii) because the BSA and FDIC’s implementing regulations are “economic in nature and threaten no constitutionally protected rights,” vagueness is not an overriding concern. While the “four pillars” of BSA compliance are open to interpretation, the panel noted, the FDIC provides banks with a manual written by the Federal Financial Institutions Examination Council that sets forth a uniform compliance standard. Furthermore, FDIC Financial Institution Letter 17-2010 clarifies that the manual contains the FDIC’s BSA compliance supervisory expectations. “A BSA Officer at the Bank bearing the requisite ‘specialized knowledge’ would understand that compliance with the FFIEC Manual ensures compliance with the BSA. . . . The BSA and its implementing regulations are not unconstitutionally vague,” the panel stated. Therefore, the 9th Circuit held that the manual was entitled to Chevron deference and denied the bank’s petition for review.

    Courts Appellate Ninth Circuit Bank Secrecy Act Anti-Money Laundering Compliance FDIC FFIEC

  • OCC announces enforcement action against Washington-based bank citing BSA/AML compliance deficiencies

    Financial Crimes

    On February 28, the OCC issued a consent order against a Washington-based bank for deficiencies related to its Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program. The consent order requires the bank to, among other things, (i) maintain a Compliance Committee responsible for ensuring the bank adheres to the consent order’s provisions; (ii) appoint a BSA officer who will ensure compliance with the requirements of the BSA and the Office of Foreign Assets Control’s rules and regulations; (iii) implement an enhanced BSA/AML Risk Assessment Program, including the adoption of written policies to ensure the timely review of BSA/AML suspicious activity alerts and the implementation of an automated suspicious activity monitoring system; (iv) conduct a risk-based “Look-Back” to determine whether suspicious activity was timely identified and reported by the bank; (v) develop policies and procedures for enhanced customer due diligence to monitor information for risk; (vi) implement an independent BSA/AML audit program; and (vii) create a comprehensive training program for appropriate bank personnel. The bank did not admit to any wrongdoing in the consent order.

    Financial Crimes OCC Bank Secrecy Act Anti-Money Laundering Enforcement OFAC SARs Customer Due Diligence

  • GAO recommends the CFPB review the effectiveness of TRID guidance for small institutions

    Federal Issues

    On February 27, the U.S. Government Accountability Office (GAO) released a report of recommendations to financial regulators on actions to take related to the compliance burdens faced by certain small financial institutions. The report is the result of a study the GAO initiated with over 60 community banks and credit unions (collectively, “institutions”) regarding which financial regulations were viewed as the most burdensome. Among others, the report includes a recommendation to the CFPB that it should assess the effectiveness of its TILA/RESPA Integrated Disclosure Rule (TRID) guidance and take affirmative steps to address any issues that are necessary. In a response to the GAO that is included in the report, the CFPB Associate Director David Silberman said, “the Bureau agrees with this recommendation and commits to evaluating the effectiveness of its guidance and updating it as appropriate.” Among other recommendations, the GAO highlights the need for the CFPB to coordinate with the other financial regulators on their periodic Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) reviews.

    In addition to the compliance concerns with TRID disclosures, the GAO reports that the institutions also consider the data reporting requirements under HMDA, and the transaction reporting and customer due diligence requirements of the Bank Secrecy Act and related anti-money laundering laws the most burdensome. The GAO includes specific recommendations to the other financial regulators to strengthen and streamline regulations through the EGRPRA process.

    Federal Issues GAO CFPB Mortgages TRID HMDA Bank Secrecy Act Anti-Money Laundering EGRPRA Customer Due Diligence

Pages

Upcoming Events