InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
GAO recommends the CFPB review the effectiveness of TRID guidance for small institutions
On February 27, the U.S. Government Accountability Office (GAO) released a report of recommendations to financial regulators on actions to take related to the compliance burdens faced by certain small financial institutions. The report is the result of a study the GAO initiated with over 60 community banks and credit unions (collectively, “institutions”) regarding which financial regulations were viewed as the most burdensome. Among others, the report includes a recommendation to the CFPB that it should assess the effectiveness of its TILA/RESPA Integrated Disclosure Rule (TRID) guidance and take affirmative steps to address any issues that are necessary. In a response to the GAO that is included in the report, the CFPB Associate Director David Silberman said, “the Bureau agrees with this recommendation and commits to evaluating the effectiveness of its guidance and updating it as appropriate.” Among other recommendations, the GAO highlights the need for the CFPB to coordinate with the other financial regulators on their periodic Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) reviews.
In addition to the compliance concerns with TRID disclosures, the GAO reports that the institutions also consider the data reporting requirements under HMDA, and the transaction reporting and customer due diligence requirements of the Bank Secrecy Act and related anti-money laundering laws the most burdensome. The GAO includes specific recommendations to the other financial regulators to strengthen and streamline regulations through the EGRPRA process.
GAO studies effect of Southwest border banks "derisking" due to BSA/AML concerns
On February 26, the Government Accountability Office (GAO) released a report, which describes Bank Secrecy Act/anti-money laundering (BSA/AML) compliance challenges facing Southwest border banks, examines the impact “derisking” has had on banking services in this region, and evaluates responses by regulators to “derisking” concerns. “Derisking” is defined by GAO as “the practice of banks limiting certain services or ending their relationships with customers to, among other things, avoid perceived regulatory concerns about facilitating money laundering.” According to GAO, because the region has a high volume of cash and cross-border transactions, as well as a large number of foreign accountholders, banks are required to engage in more intensive and frequent monitoring and investigating to comply with BSA/AML requirements. Due to some Southwest border residents and businesses reporting challenges when trying to access banking services in the region, GAO was asked to undertake a review to determine if the access problems were due to “derisking” and branch closures.
Among other things, the report found that (i) the average number of suspicious activity reports filed in the region was two and a half times the number for high-risk counties outside the region; (ii) 80 percent of banks in the region terminated accounts due to risks related to BSA/AML; (iii) 80 percent limited or did not offer accounts to certain businesses considered high risk for money laundering and terrorist financing because those customers drew heightened BSA/AML regulatory oversight; and (iv) money-laundering risks were a more important driver of branch closures in the region than elsewhere. GAO discovered that BSA/AML regulatory concerns may be a factor in banks’ decisions to engage in “derisking” in the region, and that “the actions taken to address derisking by the federal bank regulators and the Financial Crimes Enforcement Network (FinCEN) and the retrospective reviews conducted on BSA/AML regulations have not fully considered or addressed these effects.” The account terminations and limitations, along with branch closures in the region, have raised concerns that the closures have “affected key businesses and local economies and . . . economic growth.”
GAO recommended that FinCEN, FDIC, Federal Reserve Board, and the OCC (the agencies) conduct a comprehensive review of their BSA/AML regulatory framework to assess how banks’ regulatory concerns may be affecting their decisions to provide banking services. It also recommended that the agencies jointly conduct a retrospective review of BSA/AML regulations and their implementation and revise BSA regulations as necessary to “ensure that BSA/AML regulatory objectives are being met in the most efficient and least burdensome way.”
Agencies assess $613 million in total penalties against national bank and its parent for BSA/AML deficiencies
On February 15, a national bank and its parent corporation were assessed $613 million in total penalties by the OCC, DOJ, Federal Reserve, and Financial Crimes Enforcement Network (FinCEN) as part of a deferred prosecution agreement over Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance program deficiencies. According to the announcement by the DOJ, the agency’s settlements cover a range of alleged AML deficiencies back to 2009, including an alleged effort not to disclose known Suspicious Activity Report (SAR) deficiencies to the OCC. Additionally, the DOJ cited the bank for failing to timely file SARs related to the banking activity of a customer who used the bank to launder proceeds from a fraudulent payday lending scheme, when the bank was allegedly on notice of the activity (previously covered by InfoBytes here).
The $613 million in penalties include: a $453 million forfeiture as part of the deferred prosecution agreement with the DOJ; a $75 civil money penalty from the OCC; a $15 million civil money penalty from the Federal Reserve; and a $70 million civil money penalty from FinCEN.
FinCEN issues requests for comments on renewal of BSA currency transaction and suspicious activity reporting requirements
On February 9, the Financial Crimes Enforcement Network (FinCEN) issued two notices and requests for comments in the Federal Register seeking renewals without change of currently approved Bank Secrecy Act (BSA) regulatory requirements for covered financial institutions. The first notice concerns the continuance of currency transaction reporting requirements, and the second notice addresses suspicious activity reporting requirements. Comments must be received by April 10.
See here for additional BSA InfoBytes coverage.
$368 million penalty assessed against California branch for BSA/AML deficiencies
On February 7, the OCC and DOJ announced settlements with a Netherlands-based lender’s California branch, in which the branch pled guilty to one count of conspiracy to defraud the U.S. Government for impeding and obstructing a 2012 OCC examination when it concealed deficiencies in its Bank Secrecy Act and anti-money laundering (BSA/AML) compliance programs. According to the DOJ’s press release, the branch will pay over $368 million as a result of allowing “hundreds of millions of dollars in untraceable cash, sourced from Mexico and elsewhere, to be deposited into its rural bank branches” without conducting adequate BSA/AML review, and for conspiring with several former executives to hide information from OCC officials during the 2012 examination. Among other things, the plea agreement states that the branch “created and implemented a number of policies and procedures that prevented adequate investigations into suspicious customer activity,” which included (i) creating a “Verified List” of customers whose transactions needed no further review even if there was a change in the customer’s activity from when it was verified; and (ii) instructing BSA/AML staff to “aggressively increase the number of bank accounts on the Verified List.” Further, the branch admitted it failed to both monitor and conduct adequate investigations into these transactions and submit suspicious activity reports to the Financial Crimes Enforcement Network, as required by the BSA. Additionally, in an effort to conceal deficiencies in its BSA/AML program, the branch demoted or terminated two employees who risked “contradicting” the branch’s findings. Two months before the branch's guilty plea, a former executive entered into a deferred prosecution agreement for his role in the misconduct, and agreed to cooperate with the DOJ's continuing investigation.
As part of the plea agreement, the OCC announced it had terminated a December 2013 consent order entered into with the branch over its BSA/AML failures and stated, “the OCC has determined that the bank has implemented all of the corrective actions required by the 2013 consent order and has achieved compliance with the requirements set forth in that order.” On February 6, the branch agreed to pay $50 million civil money penalty to the OCC, which will be credited towards the overall amount assessed by the DOJ.
Seven state regulators agree to streamline money service licensing process for fintech companies
On February 6, the Conference of State Bank Supervisors (CSBS) announced that financial regulators from seven states have agreed to a multi-state compact that will offer a streamlined licensing process for money services businesses (MSB), including fintech firms. The seven states initially participating in the MSB licensing agreement are Georgia, Illinois, Kansas, Massachusetts, Tennessee, Texas and Washington. The CSBS expects other states to join the compact. According to the CSBS, “[i]f one state reviews key elements of state licensing for a money transmitter—IT, cybersecurity, business plan, background check, and compliance with the federal Bank Secrecy Act—then other participating states agree to accept the findings.” CSBS noted that the agreement is the first step in efforts undertaken by state regulators to create an integrated system for licensing and supervising fintech companies across all 50 states.
The announcement of the MSB licensing agreement follows a May 2017 CSBS policy statement, which established the 50-state goal, and—as previously covered by InfoBytes—is a part of previously announced “Vision 2020” initiatives designed to modernize and streamline the state regulatory system to be capable of supporting business innovation while still protecting the rights of consumers.
OCC announces recent enforcement actions and terminations, BSA/AML deficiencies targeted
On January 19, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such parties. The new enforcement actions include civil money penalty orders, cease and desist orders, prompt corrective action directives, and removal/prohibition orders. The list also includes recently terminated enforcement actions.
Civil Monetary Penalty. On December 27, the OCC issued a consent order (2017 Order) against a national bank’s South Dakota branch for violating a 2012 OCC issued consent order (2012 Order) related to deficiencies identified in the agency’s Bank Secrecy Act and anti-money laundering (BSA/AML) rules and regulations. According to the 2017 Order, the branch failed to timely comply with the 2012 Order, which required the branch to, among other things, (i) establish a Compliance Committee to oversee the branch’s adherence to the outlined provisions; (ii) submit, implement, and maintain an effective BSA/AML action plan; (iii) ensure the effective implementation of policies and procedures, which would fulfill BSA/AML and Office of Foreign Assets Control obligations; (iv) conduct a BSA/AML compliance program evaluation, risk assessment, and audit program; (v) develop appropriate customer due diligence policies and procedures, along with programs to ensure the timely identification and reporting of suspicious activity; (vi) develop practices governing the use of cash letter services and remote deposit capture; and (vii) conduct independent reviews of account and transaction activity. As a result, the 2017 Order requires the branch to pay a $70 million civil money penalty for failing to comply with the 2012 Order. The bank, while agreeing to the terms of the consent order, has not admitted or denied any wrongdoing.
Federal Reserve fines Taiwanese bank $29 million for anti-money laundering compliance deficiencies
On January 17, the Federal Reserve Board (Fed) ordered a Taiwanese bank to pay a $29 million penalty in connection with alleged Bank Secrecy Act and anti-money laundering (BSA/AML) violations. According to the Fed’s Order, examinations conducted in 2016 identified “significant deficiencies” in three of the bank’s U.S. branches’ BSA/AML compliance and risk management controls. In addition to assessing a penalty, the Order required the bank and its New York, Chicago, and San Jose branches to, among other things, (i) submit a written plan from the board of directors for improving senior management oversight, including building a sustainable governance framework for BSA/AML compliance; (ii) submit compliance plans for enhanced internal controls, independent testing, risk assessment, and employee training; (iii) submit a revised program designed to conduct customer due diligence; (iv) ensure timely, accurate, and complete suspicious activity monitoring and reporting; (v) engage an independent third-party to review the identification and reporting of suspicious activity “involving high risk customers or transactions”; (vi) comply with Office of Foreign Assets Control regulations; and (vii) submit periodic progress reports to the branches’ applicable Federal Reserve Banks detailing actions taken to comply with the provisions of the order.
Senate Banking Committee: The impact of cryptocurrency in AML/BSA enforcement
On January 17, the Senate Committee on Banking, Housing, and Urban Affairs held a second hearing with witnesses from the Treasury and Justice departments to further address the need to modernize and reform the Bank Secrecy Act and anti-money laundering (BSA/AML) regime. The hearing, entitled “Combating Money Laundering and Other Forms of Illicit Finance: Administration Perspectives on Reforming and Strengthening BSA Enforcement,” follows a January 9 hearing before the same Committee on related issues (see previous InfoBytes coverage here). Committee Chairman Mike Crapo, R-Idaho, opened the hearing by stating the need to understand the government’s position on “strengthening enforcement and protecting the integrity of the U.S. financial system in a new technological era,” while also recognizing the challenges technology creates for law enforcement. A primary topic of interest to the Committee was “the rise of cryptocurrencies and their potential to facilitate sanctions evasion and perhaps, other crimes.”
The first witness, Treasury’s undersecretary for terrorism and financial crimes, Sigal Mandelker (testimony), noted that money laundering related to cryptocurrencies is “an area of high focus” for Treasury, and highlighted actions taken by Treasury’s Financial Crimes Enforcement Network (FinCEN), such as the release of guidance announcing that “virtual currency exchangers and administrators” are subject to regulations under the BSA. Regulated entities, Mandelker stated, are required to file suspicious activity reports (SARs) and are subject to FinCEN and IRS examinations and enforcement actions. Mandelker further commented that Treasury is “aggressively tackling” illicit financing entering the U.S. system and elsewhere, and stressed that other countries face consequences if they fail to have an AML/Combating the Financing of Terrorism regime that meets Treasury standards.
The second witness, DOJ acting deputy assistant attorney general M. Kendall Day (testimony), informed the Committee of the recent hiring of a digital currency counsel who is responsible for ensuring prosecutors are up-to-date on the latest money-laundering threats in the digital currency field. Day also commented on recent DOJ prosecutions in this space, and emphasized the need for enhanced information sharing for law enforcement, including the benefit of deriving information from SARs.
OCC highlights supervisory priorities in fall 2017 semiannual risk report
On January 18, the OCC announced the release of its Semiannual Risk Perspective for Fall 2017, identifying key risk areas for national banks and federal savings associations. Top supervisory priorities will focus on credit, operational, and compliance risk. As previously discussed in the spring 2017 semiannual report, compliance risk continues to be an ongoing concern, particularly as banks continue to adopt new technologies to help them comply with anti-money laundering rules and the Bank Secrecy Act (BSA), in addition to addressing increased cybersecurity challenges and new consumer protection laws. (See previous InfoBytes coverage here.) The OCC commented that these types of risks can be mitigated by banks with “appropriate due diligence and ongoing oversight.”
Specific areas of particular concern include the following:
- easing of commercial credit underwriting practices;
- increasing complexity and severity of cybersecurity threats, including phishing scams that are the primary method of breaching bank data systems;
- using limited third-party service providers for critical operations, which can create “concentrated points of failure resulting in systemic risk to the financial services sector”;
- compliance challenges under the BSA; and
- challenges in risk management involving consumer compliance regulations.
The report also raises concerns about new requirements under the Military Lending Act along with pending changes to data collection under the Home Mortgage Disclosure Act, which could pose compliance challenges. It further discusses a new standard taking effect in 2020 for measuring expected credit losses, which “may pose operational and strategic risk to some banks when measuring and assessing the collectability of financial assets.”
The data relied on in the report was effective as of June 30, 2017.