InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FINRA Fines Brokerage Firm $5.75M for Lax Anti-Money Laundering Program
On December 28, FINRA entered into an acceptance, waiver, and consent (AWC) agreement with a Puerto-Rican-based brokerage firm based upon allegations that the firm’s anti-money laundering (AML) program “was not reasonably designed to achieve and monitor compliance with the requirements of the Bank Secrecy Act.” In deciding to levy a $5.75 million fine, FINRA noted, among other things, that the firm improperly “relied on manual supervisory review of securities transactions” that was “not sufficiently focused on AML risks.” The firm neither admitted nor denied the findings set forth in the AWC agreement, but agreed to address deficiencies in their AML program within 180 days. According to a firm spokeswoman, the firm is “pleased to have this matter from 2013 resolved and we continue to improve, manage and monitor our AML efforts.”
FinCEN Issues Guidance on Sharing Suspicious Activity Reports with U.S. Parents and Affiliates of Casinos
On January 4, the Financial Crimes Enforcement Network (FinCEN) issued guidance to “confirm that, under the Bank Secrecy Act (BSA) and its implementing regulations, a casino that has filed a Suspicious Activity Report (SAR) may share the SAR, or any information that would reveal the existence of the SAR, with each office or other place of business located within the United States of either the casino itself or a parent or affiliate of the casino.” As explained in the guidance, FinCEN expects that the anti-money laundering efforts of the casino’s affiliates could be enhanced by virtue of their access to a clearer and more comprehensive picture of the activities the casino has identified as suspicious. The guidance also specified that casinos may not share SARs or information that would reveal the existence of a SAR with non-U.S. offices or affiliates, individuals or entities within the casino’s corporate famile that perform functions unrelated to gaming, a financial institution without an independent SAR obligation, or unaffialited money services businesses located within the casino. Finally, the guidance specified that a domestic affiliate that receives a SAR or revealing information from a casino may not further share that SAR with an affiliate of its own.
NYDFS Fines Italian Bank $235 Million for Repeated Violations of BSA/AML Laws
On December 14 the New York State Department of Financial Services (NYDFS) announced the imposition of a $235 million fine against an Italian bank and its New York branch as part of a consent order addressing “significant violations of New York Bank Secrecy Act and anti-money laundering (BSA/AML) laws.” According to the consent order, a NYDFS investigation identified “compliance failures . . . arising from deficiencies in the implementation and oversight of the transaction monitoring system located at the New York Branch,” as well as “non-transparent practices to process payments on behalf of Iranian clients” and “shell company activity indicative of potentially suspicious transactions” and a general “breakdown in audit and management oversight.” The consent order findings stipulate that the wrongdoing dated back to 2002, but also acknowledge that the Bank made the decision to discontinue certain of its non-transparent practices in 2006. In addition to a civil monetary penalty, the consent order also requires that the bank continue to engage an independent consultant to help “remediate the identified shortcomings,” “audit the Bank’s transaction review efforts”, and submit a report of its findings, conclusions and recommendations within 60 days. Thereafter, the Bank must submit, in writing for NYDFS review, across-the-board enhancements to its internal control policies and procedures.
FinCEN Issues Advisory and Supplemental FAQs on Cyber-Events and Cyber-Enabled Crime
On October 25, FinCEN issued advisory bulletin FIN-2016-A005 reminding financial institutions of their Bank Secrecy Act (BSA) obligations to report certain cyber-events and cyber-enabled crime. The advisory highlights the importance of (i) reporting cyber-events and cyber-enabled crime through Suspicious Activity Reports (SARs); (ii) including cyber-related information such as IP addresses with timestamps, virtual-wallet information, device identifiers, and cyber-event information, in SAR reporting; (iii) collaborating with BSA/AML, cybersecurity, and other in-house units to facilitate “a more comprehensive threat assessment and develop appropriate risk management strategies to identify, report, and mitigate cyber-events and cyber-enabled crime”; and (iv) sharing cyber-related information – including specific malware signatures, IP addresses and device identifiers, and virtual currency addresses that seem anonymous – amongst financial institutions for the “purpose of identifying and, where appropriate, reporting money laundering or terrorist activities.” Importantly, the advisory distinguishes between mandatory SAR reporting of cyber-events, providing three specific examples, and voluntary reporting of cyber-events. Per the advisory, “[c]yber-events targeting financial institutions that could affect a transaction or series of transactions would be reportable as suspicious transactions because they are unauthorized, relevant to a possible violation of law or regulation, and regularly involve efforts to acquire funds through illegal activities.”
FinCEN simultaneously issued FAQs to supplement advisory bulletin FIN-2016-A005. The FAQs, which supersede 2001 FAQs regarding computer intrusion, provide answers to a set of nine questions. The FAQs address, among other things, (i) when cyber-related SAR reports should be filed; (ii) the type of information that should be included in cyber-related SARs; and (iii) cyber-event and cyber-enabled crime information sharing, pursuant to Section 314(b) of the USA PATRIOT Act, between financial institutions.
FinCEN Assesses Civil Money Penalty Against Nevada-Based Casino for BSA/AML Violations
On October 3, FinCEN assessed a $12 million civil money penalty against a Nevada-based casino for willfully violating the anti-money laundering (AML) provisions of the Bank Secrecy Act (BSA). Pursuant to the Statement of Facts, from March 2009 through September 28, 2015, the casino allegedly failed to (i) develop and implement an effective AML program reasonably designed to ensure compliance with the BSA; (ii) exercise due diligence in its monitoring of suspicious activity; and (iii) maintain sufficient AML compliance controls, procedures, training, and audits, which resulted in multiple filing and recordkeeping control violations. As part of the FinCEN’s Assessment and the Non-Prosecution Agreement filed by the U.S. Attorney’s Officers, the casino must (i) perform a series of required Remedial Measures to ensure compliance going forward; and (ii) conduct a look-back review to ensure that suspicious transactions and attempted transactions were appropriately reported for transactions that occurred between 2010 and 2013.
OCC Hints At AML Guidelines to Come
On September 28, OCC Comptroller Thomas J. Curry announced Wednesday during a speech at the Association of Certified Anti-Money Laundering Specialists (ACAMS) conference that the OCC is developing guidance for banks to manage AML/BSA risks in their foreign correspondent banking relationships.
OCC Lays Out Supervision Plan for 2017
On September 14, the OCC released its bank supervision operating plan for fiscal year 2017. The plan identifies the OCC’s priority objectives, which include: (i) commercial and retail loan underwriting; (ii) business model sustainability and viability; (iii) operational resiliency; (iv) BSA/AML compliance; and (v) processes to address regulatory changes. Moreover, the plan affirms that the OCC will look at each individual bank’s key risks, and will continue the process of stress testing, both for large banks and for midsize and community banks.
FATF Updates List of Jurisdictions with AML/CFT Deficiencies, FinCEN Issues Related Advisory
On September 7, FinCEN issued advisory bulletin FIN-2016-A004 notifying financial institutions of updates to the Financial Action Task Force’s (FATF) list of jurisdictions containing anti-money laundering/combating the financing of terrorism (AML/CFT) deficiencies. The FATF updated two documents categorizing certain jurisdictions: (i) the FATF Public Statement, identifying jurisdictions that are subject to the FATF’s call for countermeasures or are subject to Enhanced Due Diligence (EDD) due to AML/CFT deficiencies; and (ii) the Improving Global AML/CFT Compliance: on-going process, identifying jurisdictions which have developed an action plan with the FATF to address strategic AML/CFT deficiencies. Revisions to the FATF Public Statement include the 12 months suspension of FATF’s call for countermeasures against Iran; in turn, Iran was added to the EDD category based on the continued risk posed by Iran to the international financial system. North Korea remains the sole country subject to countermeasures. Jurisdictions currently on the Improving Global AML/CFT Compliance: on-going process list include Afghanistan, Bosnia and Herzegovina, Guyana, Iraq, Lao PDR, Syria, Uganda, Vanuatu, and Yemen. Myanmar (Burma) and Papua New Guinea were removed from the list. FinCEN reminded financial institutions that they are subject to a broad range of restrictions on dealing with North Korea and Iran, in spite of the 12-month suspension of its call for countermeasures against Iran.
Treasury Issues Joint BSA/AML Fact Sheet
On August 30, the Department of the Treasury, along with the OCC, FDIC, Federal Reserve and NCUA, issued a joint fact sheet on foreign correspondent banking. The fact sheet provides a summary of the agencies’ (i) expectations for BSA/AML and OFAC risk management at U.S. depository institutions; (ii) risk-based approach to the supervisory examination process; and (iii) use of enforcement as an “extension of the supervisory process.” As highlighted in a corresponding blog post, the fact sheet explains that about “95% of BSA/OFAC compliance deficiencies identified by the [Federal Banking Agencies], FinCEN, and OFAC are corrected by the institution’s management without the need for any enforcement action or penalty.” The fact sheet notes that, under existing regulations there is no general requirement for depository institutions to conduct due diligence on an individual customer of a foreign financial institution (FFI). But it also notes that “[i]n determining the appropriate level of due diligence necessary for an FFI relationship, U.S. depository institutions should consider the extent to which information related to the FFI’s markets and types of customers is necessary to assess the risks posed by the relationship, satisfy the institution’s obligations to detect and report suspicious activity, and comply with U.S. economic sanctions. This may require U.S. depository institutions to request additional information concerning the activity underlying the FFI’s transactions in accordance with the suspicious activity reporting rules and sanctions compliance obligations.”
FinCEN Issues Proposed Rule to Remove AML Exemption for Certain Banks
On August 26, FinCEN published a proposed rule that seeks to impose AML program requirements on banks that are without a Federal functional regulator, including, but not limited to, private banks, non-federally insured credit unions, and certain trust companies. FinCEN estimates that there are 740 such banks nationwide. The proposal would establish minimum AML program standards for such banks. In addition, if finalized, the proposed rule would expand the reach of FinCEN’s customer due diligence final rule to cover banks that are not already subject to the rule’s customer identification program requirements and beneficial ownership requirements. FinCEN issued the proposal to ensure that Bank Secrecy Act coverage is consistent across the industry. Comments on the proposal must be submitted to FinCEN by October 24, 2016.