InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC highlights supervisory priorities in fall 2017 semiannual risk report
On January 18, the OCC announced the release of its Semiannual Risk Perspective for Fall 2017, identifying key risk areas for national banks and federal savings associations. Top supervisory priorities will focus on credit, operational, and compliance risk. As previously discussed in the spring 2017 semiannual report, compliance risk continues to be an ongoing concern, particularly as banks continue to adopt new technologies to help them comply with anti-money laundering rules and the Bank Secrecy Act (BSA), in addition to addressing increased cybersecurity challenges and new consumer protection laws. (See previous InfoBytes coverage here.) The OCC commented that these types of risks can be mitigated by banks with “appropriate due diligence and ongoing oversight.”
Specific areas of particular concern include the following:
- easing of commercial credit underwriting practices;
- increasing complexity and severity of cybersecurity threats, including phishing scams that are the primary method of breaching bank data systems;
- using limited third-party service providers for critical operations, which can create “concentrated points of failure resulting in systemic risk to the financial services sector”;
- compliance challenges under the BSA; and
- challenges in risk management involving consumer compliance regulations.
The report also raises concerns about new requirements under the Military Lending Act along with pending changes to data collection under the Home Mortgage Disclosure Act, which could pose compliance challenges. It further discusses a new standard taking effect in 2020 for measuring expected credit losses, which “may pose operational and strategic risk to some banks when measuring and assessing the collectability of financial assets.”
The data relied on in the report was effective as of June 30, 2017.
Senate Banking Committee: Sharpen the focus of AML/BSA enforcement and oversight
On January 9, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled, “Combating Money Laundering and Other Forms of Illicit Finance: Opportunities to Reform and Strengthen BSA Enforcement” to discuss anti-money laundering and Bank Secrecy Act (AML/BSA) enforcement and compliance. Committee Chairman Mike Crapo (R-Idaho) opened the hearing by stating that Congress and financial regulators must examine and address “decades-old” Bank Secrecy Act and anti-money laundering requirements in order “to sharpen the focus, sustainability and enforcement of a modernized, more efficient U.S. counter-threat-finance architecture.” During the hearing, the Committee stressed the need to move towards a more targeted, strengthened AML framework so that banks, law enforcement, and regulators can focus on specific threats such as the financing of terrorism and sanctions evasions.
The three witnesses offered numerous insights related to reforming AML/BSA enforcement and regulatory structures, including: (i) establishing an approach that would utilize and track intelligence and analysis rather than focusing primarily on quantifiable metrics; (ii) increasing inter-agency coordination and improving information sharing between financial institutions and regulators, and among financial institutions themselves; (iii) recognizing the importance of law enforcement participation, specifically related to the sharing of suspicious activity reports; (iv) encouraging the participation of entities outside of the banking sector, such as persons involved in real estate or those acting as proxies for financial system access; (v) supporting beneficial ownership legislation for companies formed in the United States; and (v) understanding the ways in which financial institutions are addressing the anonymity of cryptocurrencies and blockchain technology. The witnesses were:
OCC fines national bank for failing to fix BSA deficiencies
On January 4, the OCC issued a consent order assessing a $70 million civil money penalty against a national bank for failing to comply with the agency’s 2012 cease and desist consent order related to Bank Secrecy Act (BSA) and anti-money laundering (AML) deficiencies. The 2012 order cited the bank for, among other things, failing to file suspicious activity reports in a timely manner and weaknesses in controls related to its correspondent banking from deposit capture/international cash letter instrument activity. According to the OCC, the $70 million civil money penalty results from the bank’s failure “to complete corrective actions to address BSA/AML compliance issues as required by the [2012] order.”
NYDFS fines global money service $60 million for AML deficiencies
On January 4, New York Department of Financial Services (NYDFS) ordered one of the largest global money transfer services to pay $60 million for willfully failing to implement an effective anti-money laundering (AML) program. According to the consent order, between 2004 and 2012, three of the company’s New York locations allowed the company’s services to be used to pay debts to human traffickers based in China. Additionally, the order emphasizes that the company was aware of weaknesses in its compliance program for years and failed to implement controls that could have detected and prevented the payments in question. The NYDFS investigation resulted from a January 2017 settlement with the Department of Justice, which found that during the same time period (2004-2012), the company processed hundreds of thousands of transactions for company agents and others involved in an international consumer fraud scheme, as previously covered by InfoBytes. In addition to the fine, the order requires that the company put in place stricter AML compliance measures, including the creation of an Independent Compliance Committee of the Board of Directors.
NYDFS orders Korean bank to pay $11 million civil money penalty for BSA/AML compliance deficiencies
On December 21, the New York Department of Financial Services (NYDFS) entered into a consent order with a Korean bank and its New York branch to resolve issues regarding alleged deficiencies in the branch’s Bank Secrecy Act and other anti-money laundering (BSA/AML) compliance and risk management. The alleged deficiencies were discovered during three examinations between 2014-2016 by NYDFS and the Federal Reserve Bank of New York. According to the consent order, among other things, the branch failed to maintain adequate transaction monitoring and suspicious activity reporting (SAR), lacked compliance staff with proper BSA/AML background experience, and lacked adequate BSA/AML and OFAC risk assessments.
The Korean bank and its branch are required to pay an $11 million civil money penalty, and in addition must submit the following documentation (i) a BSA/AML compliance program; (ii) a customer due-diligence program; (iii) a SAR program; (iv) a revised internal audit program; and (v) a plan to enhance oversight of the branch’s BSA/AML compliance requirements. The Korean bank and branch are also required to submit quarterly reports for two years with updates on the branch’s compliance progress.
FinCEN updates Bank Secrecy Act FAQs
Recently, the Financial Crimes Enforcement Network (FinCEN) updated its “Answers to Frequently Asked Bank Secrecy Act (BSA) Questions.” The December update provided the following, among other things: (i) “depository institutions are not required to file a Designation of Exempt Person form . . . with respect to the transfer of currency to or from any of the 12 Federal Reserve Banks” (in accordance with amended 31 CFR 1020.315); (ii) guidelines for filing the Designation of Exempt Person form; and (iii) guidance concerning the types of identifying information financial institutions should obtain when a federal, state or local government official engages in a transaction over a certain amount in an official capacity. FinCEN stated that “the answers are not meant to be comprehensive, apply to all factual situations, or to replace or supersede the BSA regulations.”
Federal Reserve Issues Consent Order to Bank for BSA/AML Compliance Deficiencies
On December 14, the Federal Reserve Board (Fed) entered into a consent order with an international bank regarding alleged deficiencies in the bank’s New York branch (Branch) Bank Secrecy Act and other anti-money laundering (BSA/AML) compliance and risk management. The consent order also relates to a 2009 written agreement among the bank, the Branch and the predecessor of the New York State Department of Financial Services, which cited BSA/AML compliance and risk management deficiencies identified by examiners in regards to the Branch’s correspondent banking services and U.S. dollar funds transfer clearing. In 2016, a Fed examination found that the bank and the Branch had not achieved full compliance with the requirements in the 2009 agreement.
The 2017 order, among other things, requires the bank and Branch to submit a written governance plan to achieve compliance with BSA/AML requirements, and to engage an independent third party acceptable to the Fed to conduct and report on a comprehensive review of Branch’s BSA/AML compliance. Within 60 days of the report findings, the bank and Branch must submit an enhanced compliance program plan, an enhanced customer due diligence program plan, and a program to ensure accurate suspicious activity monitoring and reporting.
OCC Recent Enforcement Actions Target BSA/AML Compliance Programs and National Flood Insurance Act Violations
On December 14, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such parties. The new enforcement actions include cease and desist orders, civil money penalty orders, removal/prohibition orders, and restitution orders. The list also includes recently terminated enforcement actions.
Cease and Desist Order. On November 9, the OCC issued a consent order (2017 Order) two days after converting a Japanese bank’s two New York branches under the supervision of the New York Department of Financial Services (NYDFS) to federally licensed branches under the supervision of the OCC. As part of the OCC’s approval process, the bank’s federal branches and New York branches agreed to the issuance of the 2017 Order, which requires adherence to “remedial provisions . . . substantively the same as those” in consent orders entered into in 2013 and 2014 with NYDFS. The previously issued consent orders addressed deficiencies related to the bank’s Bank Secrecy Act/Anti-Money Laundering (BSA/AML) sanctions compliance programs, specifically concerning the removal of key warnings to regulators on transactions with sanctioned countries.
The 2017 Order, among other things, requires the bank to: (i) submit an action plan on enhancing internal controls and updating policies and procedures to correct BSA/AML deficiencies, address provisions applicable under the Office of Foreign Assets Control’s requirements, and implement requirements outlined in the 2013 and 2014 consent orders; (ii) ensure adherence to the action plan and 2017 Order under the direction of the bank’s general manager; (iii) submit a management oversight plan designed to improve and enhance the bank’s sanctions compliance programs; and (iv) prevent the retention or future engagement of any individual identified and “barred by the 2014 Consent Order from engaging, directly or indirectly, in any duties, responsibilities, or activities at or on behalf of the [b]ank or the [b]ank’s affiliates that involve their banking business in the [U.S.].” The 2017 Order does not require the bank to pay a civil monetary penalty.
Civil Monetary Penalty. On October 10, the OCC assessed a $452,000 civil monetary penalty against a national bank lender for alleged violations of the National Flood Insurance Act and/or the Flood Disaster Protection Act. The bank agreed to pay the penalty without admitting or denying any wrongdoing.
FINRA Provides Additional Guidance on AML Obligations
On November 21, the Financial Industry Regulatory Authority (FINRA) published additional guidance regarding member firms’ obligations under FINRA Rule 3310, which requires adoption of an anti-money laundering (AML) program. The guidance provided in Regulatory Notice 17-40 follows the Financial Crime Enforcement Network’s (FinCEN) 2016 adoption of a final rule on customer due diligence requirements for financial institutions (CDD Rule). Under the CDD Rule, member firms must now comply with a “fifth pillar,” which requires them to “identify and verify the identity of the beneficial owners of all legal entity customers” at the time when a new account is opened, subject to certain exclusions and exemptions. Additionally, the “fifth pillar” requires member firms to understand the nature and purpose of customer relationships, conduct ongoing monitoring to report suspicious activities and transactions, and maintain and update customer information “on a risk basis.”
The “fifth pillar” supplements the previously established Bank Secrecy Act AML program requirements, coined the “four pillars,” which require member firms to (i) establish policies and procedures to “achieve compliance”; (ii) conduct independent compliance testing; (iii) designate responsible individuals to implement and monitor AML compliance; and (iv) provide ongoing training.
The CDD Rule became effective on July 11, 2016, and member firms must comply by May 11, 2018. FINRA advises members firms to consult the CDD Rule, along with FinCEN's related FAQs, to ensure AML program compliance.
SEC Reaches $3.5 Million Settlement With Broker-Dealer Over Failure to File Suspicious Activity Reports
On November 13, the SEC announced it has reached a settlement in an administrative proceeding against a broker-dealer firm for allegedly willful violations of Section 17(a) of the Securities and Exchange Act, including the firm’s failure to file, or timely file, at least 50 Suspicious Activity Reports (SARs) with the Financial Crime Enforcement Network (FinCEN) from approximately March 2012 through June 2013. As the SEC Order notes, Bank Secrecy Act regulations require a broker-dealer to file a SAR if it knows, suspects or has reason to suspect that a transaction of a certain minimum or aggregated amount involved funds derived from illegal activity or if the transaction was conducted to disguise funds derived from illegal activities. Other factors requiring a broker-dealer to file a SAR include the absence of any business or apparent lawful purpose for the transaction or if the transaction is to facilitate criminal activity.
When deciding whether to accept the firm’s settlement offer, the SEC considered voluntary remedial efforts undertaken by the firm, including the fact that the firm retained a third-party anti-money laundering (AML) compliance company to conduct a review of some of the firm’s SAR investigations. Under the terms of the settlement, the firm voluntarily agreed to, among other things, conduct a review of its AML policies and procedures for the identification, evaluation and reporting of suspicious activity related to firm accounts; and provide additional training to staff responsible for conducting investigations and filing SARs. Additionally, the firm was assessed a civil money penalty of $3.5 million.