InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN Supplements 2011 FAQs Regarding Prepaid Access
On March 24, FinCEN issued FIN-2016-G002 to supplement guidance issued in 2011 regarding aspects of its Prepaid Access Final Rule. FIN-2016-G002 provides answers to a list of frequently asked questions related to the following areas: (i) the relationship between de minimis cash refund requirements under state law and the exemption in FinCEN’s regulations for closed loop prepaid access products; (ii) conditions under which the use of quick response codes and other technology would fall within the definition of closed loop prepaid access; (iii) whether the term “defined merchant” in the context of closed loop prepaid access is limited to a single merchant; (iv) policies and procedures reasonably adapted to avoid the threshold for being designated as a “seller” of prepaid access; and (v) listing sellers of prepaid access on the provider’s money services business (MSB) agent list.
FinCEN Imposes Civil Money Penalty Against Owner of Kentucky-Based Money Services Business
On March 24, FinCEN assessed a civil money penalty against a Kentucky-based MSB and its owner for violations of the Bank Secrecy Act (BSA). As the designated AML compliance officer of the MSB, the owner willfully violated the BSA’s AML program and reporting requirements by failing to ensure that the MSB complied with obligations under the BSA and its implementing regulations. In 2009, after an IRS Small Business/Self-Employed Division (IRS SB/SE) examination of the MSB’s activities, FinCEN issued a warning letter advising the company to take corrective actions. A subsequent 2013 IRS SB/SE examination found continued violations. Specifically, the MSB failed to (i) establish and implement an effective AML program by “failing to implement policies, procedures, and internal controls reasonably designed to assure ongoing compliance, failing to designate an adequate compliance officer, failing to provide adequate training, and failing to conduct independent testing of its compliance program”; and (ii) file accurate and timely currency transaction reports. The MSB’s owner admitted to violating the BSA’s AML program and reporting requirements and agreed to a $10,000 civil money penalty.
FinCEN Announces Proposed Rule to Amend FBAR Regulations
On March 1, FinCEN announced a Notice of Proposed Rulemaking to revise certain provisions in the rules related to the filing of Reports of Foreign Bank and Financial Accounts (FBAR). The proposed rule would, among other things, (i) remove provisions allowing limited account information to be reported when a filer has at least 25 foreign financial accounts; (ii) clarify and expand exemptions for officers and employees of institutions maintaining signature or other authority over accounts, but have no financial interest in such accounts; (iii) require institutions to maintain a list of the officers and employees with signature authority over accounts; (iv) amend the filing date for FBAR reports due in 2016; and (v) revise the FinCEN Form 114 instructions, which outline the BSA electronic filing requirements. Due to potential regulatory changes, FinCEN previously issued temporary notices to extend reporting deadlines for certain filers submitting FBARs.
OCC Releases Bulletin Outlining BSA Noncompliance Enforcement Process
On February 29, the OCC released Bulletin 2016-6, supplementing information in Bulletin 2007-36, “BSA Enforcement Policy,” and rescinding Bulletin 205-45, “Process for Taking Administrative Enforcement Actions Against Banks Based on BSA Violations.” Applicable to OCC-supervised institutions, the bulletin describes the OCC’s enforcement process for banks’ noncompliance with BSA requirements and dealing with repeated or uncorrected BSA compliance problems. As outlined in the bulletin, this administrative enforcement process is comprised of four distinct parts: (i) notice and opportunity to respond, during which bank management has 15 days to respond to the OCC’s written notice regarding potential noncompliance; (ii) consideration of enforcement actions, when the OCC’s supervisory office and legal department reviews relevant materials and makes a recommendation to the OCC Supervision Review Committee, which then determines whether the OCC should pursue an enforcement action or if the determination should instead be delegated to the Senior Deputy Comptroller; (iii) initiation of BSA enforcement actions, at which point the bank receives the final letter or report of examination, a proposed cease-and-desist order, and notice regarding potential civil money penalties upon approval of the action; and (iv) coordination with other agencies, when the OCC notifies FinCEN of any informal and formal actions taken against the alleged perpetrator, and when the OCC ensures that all suspicious activity reports are filed and coordinated with other appropriate law enforcement agencies.
OCC and FinCEN Assess Civil Money Penalties against Florida-Based Wealth Management Firm for BSA Violations
On February 25, the OCC, in coordination with FinCEN, announced that it took action against a Florida-based wealth management firm and private bank for allegedly violating the Bank Secrecy Act (BSA). According to the OCC, the bank failed to maintain an effective BSA/AML compliance program, thus violating its 2010 agreement with the OCC to “revise its policies, procedures, and systems related to the BSA/AML laws and regulations (‘BSA/AML Compliance Program’), and, among other things, address weaknesses with the Bank’s BSA/AML Compliance programs, including a lack of internal controls necessary to ensure effective and timely customer identification, risk assessment, monitoring, validation, and suspicious activity reports (‘SARs’).” Without admitting or denying any wrongdoing, the bank agreed to pay a total of $4 million in civil penalties, with $2.5 million to be paid directly to the OCC and, pursuant to FinCEN’s separately announced civil money penalty, $1.5 to be paid to the U.S. Department of the Treasury.
Government Accountability Office Issues Report on Proposed AML Legislation
Recently, the GAO published a report regarding the potential illicit use of remittance transfers and how, if at all, the proposed Remittance Status Verification Act (RSVA or Act) would assist federal agencies in their anti-money laundering (AML) requirements under the Bank Secrecy Act. If adopted, the RSVA would, among other things, require that remittance providers verify remittance senders’ legal status under the U.S. immigration laws; those unable to provide proof of immigration status would be subject to a fine. The proposed Act would also lower the $3,000 threshold level at which remittance providers are required to obtain and record data for a funds transfer. According to the GAO’s findings, almost all stakeholders expressed concern over the potential requirement to verify legal immigration status, with IRS officials concluding that “verifying identities and collecting information at a near zero dollar threshold would not be useful and could cause remitters to resort to off-the-book methods.” Most law enforcement officials, however, suggested that a lower threshold would benefit agencies’ AML efforts.
District Court Denies Motion to Dismiss, Rules Compliance Officers Responsible for AML Program Failures
On January 8, the U.S. District Court of Minnesota ruled that individual officers of financial institutions may be held responsible for ensuring compliance with anti-money laundering laws under the Bank Secrecy Act (BSA). U.S. Dep’t of Treasury v. Haider, No. 15-cv-01518, WL 107940 (Dist. Ct. Minn. Jan. 8, 2016). In May 2015, the defendant filed a motion to dismiss the U.S. Department of the Treasury’s December 2014 complaint against him. The Treasury’s complaint alleged that the defendant failed in his responsibility as the Chief Compliance Officer for an international money transfer company to ensure that “the Company implemented and maintained an effective AML program and complied with its SAR-filing obligations.” The complaint sought a $1 million judgment against the defendant and enjoined him from working for, either directly or indirectly, any “financial institution” as defined in the BSA. In his motion to dismiss, the defendant contended that the Treasury’s complaint should be dismissed because, among other reasons, 31 U.S.C. § 5318(a) permits the imposition of a penalty for AML program failures against an entity, not an individual. However, the District Court of Minnesota dismissed the motion, ruling that the BSA’s more general civil penalty provision, § 5321(a)(1), could subject a partner, director, officer, or employee of a domestic financial institution to civil penalties for violations “of any provision of the BSA or its regulations, excluding the specifically excepted provisions.” Judge David Doty further opined, “Because § 5318(h) is not listed as one of those exceptions, the plain language of the statute provides that a civil penalty may be imposed on corporate officers and employees like [the defendant], who was responsible for designing and overseeing [the company's] AML program.” The defendant also challenged the Treasury’s complaint on the bases that (i) the request for injunctive relief was time barred by the applicable statute of limitations; (ii) FinCEN should not have been permitted to receive and publicly use grand jury information; and (iii) FinCEN violated his due process rights. For various reasons, the District Court declined to decide on such issues or to dismiss materials based on the arguments presented.
FinCEN Assesses Civil Money Penalty Against LA-Based Precious Metals Business for AML Violations
On December 30, FinCEN announced a civil money penalty of $200,000 against a Los Angeles-based precious metals business – a financial institution as defined by the BSA – and its owner and compliance officer. The company and the two individuals admitted to willfully violating federal AML laws by (i) failing to adequately asses its own risk; and (ii) failing to conduct due diligence on its highest-risk customers. Specifically, the business did not have an AML program in place until 2011, five years after the IRS instructed it to establish one. In 2013, IRS examiners found that the company’s recently-established AML program did not ensure compliance with the BSA and, as a result, the company “failed to appropriately assess its money laundering to terrorist financing risks, conducted almost no due diligence on money laundering and terrorist financing, conducted almost no due diligence on many of its highest risk customers, and failed to implement effective procedures to identify red flags or to conduct inquiries when such red flags were present, among other things.” In addition to the civil money penalty, the company and the two individuals agreed that, until 2020, they would: (i) retain an auditor; (ii) provide a comprehensive annual report to FinCEN detailing the implementation of the company’s improved AML program; and (iii) annually provide FinCEN with a copy of the company’s AML training program, certifying attendance and testing results of the program.
OCC Releases Semiannual Risk Perspective Report
On December 16, the OCC released its Semiannual Risk Perspective report to provide an overview of supervisory concerns for the federal banking system, including operational and compliance risks. According to the report, which covers data through June 30, 2015, risks relating to strategic, compliance, and interest rates remain unchanged, but risks connected to underwriting and cybersecurity continue to grow. Notable findings in the report reveal that (i) the low interest rate environment has led banks to reevaluate risk tolerance and extend their reach for yield; and (ii) banks are responding to competitive pressures and growth objectives by adopting a more relaxed approach toward credit underwriting standards and practices, particularly in high-growth loan segments, such as indirect auto, commercial and industrial, and multifamily.
The report emphasizes cyber threats and Bank Secrecy Act (BSA) and anti-money laundering (ALM) risks as growing concerns, commenting that “[c]yber attacks against cybersecurity products and services further increase risk to banks because of the release or sale of malware and zero-day vulnerabilities,” and “BSA/AML risks remain high, as technological developments that benefit customers through enhanced products and greater access to financial services may be vulnerable to criminals who exploit such innovations.”
FinCEN Settles with Card Club Gaming Establishment for BSA Violations
On December 17, FinCEN announced a $650,000 settlement with a “card club” gaming establishment in California for willfully violating the program and reporting requirements of the Bank Secrecy Act (BSA). The gaming establishment allegedly trained its staff using misleading and inaccurate AML policy, which either failed to provide instructions at all, or provided incorrect instructions regarding the establishment’s obligations and reporting requirements under the BSA. As an example, the establishment “encouraged employees to provide notice to patrons if they were about to conduct a cash transaction that would put them over the $10,000 threshold for the filing of a Currency Transaction Report, thereby possibly encouraging structured transactions.” In addition, since the establishment’s policy did not contain instructions regarding when an employee should file a Suspicious Activity Report (“SAR”), it failed to file SARs in 2009 and 2010. Card clubs are gaming facilities that generally host only games involving cards; like casinos, card clubs are defined as financial institutions under the BSA, rendering them subject to FinCEN’s rules and regulatory authority.