InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN Determines That Issuing a Digital Certificate Evidencing Ownership in Precious Metals, and Buying and Selling Precious Metals, Are Subject to The BSA
On August 14, FinCEN issued an Administrative Ruling, FIN-2015-R001, determining that a company who: i) provides Internet-based brokerage services between buyers and sellers of precious metals; ii) buys and sells precious metals on its own account; and iii) holds precious metals in custody, opens a digital wallet, and issues a digital proof of custody certificates evidencing ownership of such metals, is subject to the BSA.
FinCEN determined that, as a broker or dealer in e-currencies and e-precious metals, the company did not fall under the e-currencies or e-precious metals trading exemption from money transmission: “when the Company issues a freely transferable digital certificate of ownership to buyers, it is allowing the unrestricted transfer of value from a customer’s commodity position to the position of another customer of a third-party, and it is no longer limiting itself to the type of transmission of funds that is a fundamental element of the actual transaction necessary to execute the contract for the purchase of sale of the currency or the other commodity.” As such, it is acting as a convertible virtual currency administrator (the freely transferable digital certificates being the commodity-backed virtual currency). Further, the purchases and sales of precious metals made on its own account render the Company a dealer in precious metals (subject to certain monetary thresholds and other considerations), and thus a financial institution for purposes of the BSA.
Federal Reserve Orders Chinese Bank to Overhaul its BSA/AML Compliance Program
On July 21, a leading China-based bank agreed to address deficiencies in connection with the BSA/AML risk management and compliance program of its New York branch office. The Agreement, entered into with the Federal Reserve Bank of New York and the New York State Department of Financial Services, requires the bank and its New York branch to (i) enhance the branch’s written BSA/AML compliance program and customer due diligence program; and (ii) develop a written program for the branch that is capable of identifying and reporting suspected violations of law and suspicious transactions to law enforcement and supervisory authorities. In addition, the bank must hire an independent third-party to review the Branch’s U.S. dollar clearing transaction activity “to determine whether suspicious activity involving high-risk customers or transactions at, by, or through the branch was properly identified and reported” to the appropriate federal banking authorities. No civil money penalty was imposed on the bank.
FDIC and California Department of Business Oversight Levy $140 Million Penalty Against California Bank for Ongoing BSA/AML Deficiencies
On July 22, the FDIC, along with the Commissioner of the California Department of Business Oversight (“DBO”), announced the assessment of a $140 million civil money penalty against a California state-chartered bank to resolve allegations that it failed to implement and maintain an adequate BSA/AML Compliance Program over an extended period of time. In 2012, the bank entered a consent order with the FDIC and the DBO (fka California Department of Financial Institutions), requiring that it “address the weaknesses and correct deficiencies” in its BSA and AML programs. According to the DBO, the bank has since failed to implement the corrective actions stipulated in the consent order, which required the bank to, among other things, (i) establish internal controls to “detect and report illicit financial transactions and other suspicious activities”; (ii) hire a qualified BSA officer and sufficient staff; (iii) provide adequate BSA training; and (iv) conduct effective independent testing. Additionally, since the 2012 consent order, the DBO and FDIC have discovered “new, substantial violations of the BSA and anti-money laundering mandates over an extended period of time.” Under terms of the joint order, the bank will pay $40 million to the DBO and $100 million to the Department of the Treasury to satisfy the full $140 million penalty.
OCC Releases Semiannual Report Highlighting Key Risks Facing National Banks and Federal Savings Associations
Today, the OCC announced the release of its semiannual report, Semiannual Risk Perspective for Spring 2015, highlighting key risk areas affecting national banks and federal savings associations. Based on 2014 year-end data, the report identifies issues that pose a potential threat to the safety and soundness of banks and thrifts. It also sets forth the OCC’s supervisory priorities for the next 12 months, including, among others, (i) cybersecurity awareness and preventative controls, (ii) Bank Secrecy Act/Anti-Money Laundering compliance, (iii) fair access to credit, and (iv) underwriting practices, particularly with respect to leveraged loans, indirect auto lending, HELOCs, and credit related to the oil and gas sector. The report also notes declining revenues and profitability overall in OCC-supervised institutions.
FinCEN Fines MSB and Its Owner for Alleged BSA Violations
Today, FinCEN announced the assessment of a civil money penalty against a Los Angeles-based Money Services Business (MSB) and its owner for alleged violations of the Bank Secrecy Act (BSA). During a 2011 examination of the MSB, FinCEN determined that, from October 1, 2010 through the present, the MSB knowingly violated the BSA by failing to (i) establish and ensure ongoing compliance with an adequate AML program; (ii) provide adequate training; and (iii) conduct independent testing of its compliance program. In addition, the MSB violated the BSA’s reporting requirements by failing to “file required currency transaction reports (“CTRs”) on all of its reportable transactions during the examination scope period,” and continued to file untimely CTRs even after the examination scope period ended on March 31, 2011. Finally, FinCEN expressed concern over the MSB owner’s failure to disclose that the MSB “frequently exchanged check for cash with another MSB, an arrangement known as ‘wholesaling’ or ‘bulk check cashing.’” According to the assessment document, the MSB’s owner, who was also the designated AML compliance officer, participated in the BSA violations by failing to accept his responsibility to “ensure that [an] AML program was in place, was effective, and was followed.” To resolve FinCEN’s allegations, the MSB and its owner admitted to violating the BSA program and its reporting requirements and will pay a civil money penalty of $60,000.
FinCEN Announces Civil Money Penalty Against West Virginia Bank for BSA Violations
On June 15, FinCEN announced a $4.5 million civil money penalty against a West Virginia-based bank for alleged violations of the BSA from 2008 through 2013. According to the Assessment of Civil Money Penalty, the bank failed to monitor, detect, and report suspicious activity as a result of an inadequate AML and customer due diligence program, ultimately allowing over $9.2 million in structured and otherwise suspicious cash transactions to pass though the financial institution unreported. FinCEN found that the bank failed to establish and maintain an AML program that provided, at a minimum: (i) a system of internal controls to ensure ongoing compliance; (ii) a designated individual or individuals responsible for coordinating and monitoring day-to-day compliance; (iii) independent testing for compliance to be conducted by either an outside party or bank personnel; and (iv) training for appropriate personnel. FinCEN’s enforcement action and $4.5 million civil money penalty against the bank is concurrent with a $3.5 million penalty imposed by the FDIC, of which $2.2 million is concurrent with a forfeiture pursuant to a deferred prosecution agreement with the U.S. Attorney’s Office for the Southern District of West Virginia.
FinCEN Levies $75 Million Penalty on International Casino for BSA/AML Lapse
On June 3, FinCEN announced a $75 million civil money penalty against an international casino for alleged “willful and egregious” violations of the BSA. As detailed in the Assessment, the casino (i) failed to develop and implement an AML program; (ii) failed to designate an official BSA officer to oversee compliance requirements of the BSA; and (iii) failed to train employees in adequate recordkeeping, or in identifying, monitoring or reporting suspicious activity – all considered to be critical components of an adequate BSA/AML program. Moreover, FinCen alleges that casino employees “provided detailed instructions” to undercover agents on how to conduct transactions without being properly reported to U.S. authorities. FinCen’s latest action follows a March announcement, when the agency imposed a $10 million civil money penalty against a New Jersey-based casino.
Federal Reserve Orders Two Financial Institutions to Improve BSA/AML Compliance Programs
On June 1, a Boston-based international financial services holding company and its banking subsidiary agreed to address deficiencies in how they manage compliance risks with respect to their BSA/AML compliance program. The Agreement, entered into with the Federal Reserve Bank of Boston and the Massachusetts Division of Banks, requires both entities to submit a written plan outlining their efforts to improve their compliance with OFAC and internal controls, customer due-diligence procedures, and suspicious activity monitoring and reporting, among other things. In addition, the banking subsidiary must hire an independent third-party to review account and transaction activity during a specified period to ensure suspicious activity was properly identified and reported.
In a separate enforcement action, the Federal Reserve Bank of Chicago entered into an agreement on May 26 with an Illinois-based financial services company, requiring the parent company and its banking subsidiary to, among other things, submit written plans to (i) strengthen its BSA/AML compliance risk management program; and (ii) “ensure the identification and timely, accurate, and complete reporting” of suspicious transactions to the appropriate law enforcement and supervisory [banking] authorities.” No civil money penalties were imposed in either enforcement action.
FinCEN Fines Michigan MSB For BSA/AML Violations, Bans Owner From Serving at Any U.S. Financial Institution
On May 29, a Michigan-based money service business (MSB), along with its owner, admitted to repeated violations of the BSA and have agreed to pay FinCEN a civil money penalty in the amount of $12,000. The company violated the BSA in numerous ways, including but not limited to: (i) failing to maintain a sufficient anti-money laundering program; (ii) engaging in high-risk transactions, including wire transfers to Yemen, totaling millions of dollars, without keeping proper records of the transfers or performing due diligence; and (iii) conducting suspicious transactions “with no apparent business or lawful purpose.” According to FinCEN, the MSB failed to monitor the suspicious transactions, had no review process in place, and neglected to file a Suspicious Activity Report or a Currency Transaction Report while operating as a business entity. Furthermore, in addition to the aforementioned MSB, the owner opened an additional MSB in October 2010, containing similar BSA deficiencies. The owner has “agreed to immediately and permanently cease serving as an employee, officer, director, or agent of any financial institution located in the United States or that conducts business within the United States.”
Buckley Sandler FinCrimes Webinar Series Recap: Best Practices in Customer Due Diligence and Know-Your-Customer
BuckleySandler hosted a webinar, Best Practices in Customer Due Diligence and Know-Your-Customer, on May 21, 2015 as part of their ongoing FinCrimes Webinar Series. Panelists included Eric Arciniega, Senior Manager, BSA/AML Due Diligence Operations at First Republic Bank; Janice Mandac, Global Head of KYC at Goldman Sachs; and Nagib Touma, Director Global AML/KYC at Citi. The following is a summary of the guided conversation moderated by Jamie Parkinson, partner at BuckleySandler LLP, and key take-aways you can implement in your company.
Best Practice Tips and Take-Aways:
- Establishing company-wide/global standards for your company’s customer due diligence and KYC program will help to ensure consistency throughout the organization. But, for global institutions, you must also be able to accommodate jurisdictions with requirements that are more stringent than the global standards.
- Be aware of data privacy standards in the countries where you operate. These standards pose a particular challenge to operating a centralized customer due diligence and KYC program.
- Regulators’ recent focus on model risk management extends to your customer risk rating model. Ensure that your model is being tested and tuned rigorously.
Balancing Globalization with Regional Variations
The panelists began the session by discussing how to take advantage of the benefits of a globalized customer due diligence and KYC program while accounting for jurisdictional variations in legal requirements. The panelists observed that a good approach is to first create baseline standards that apply globally and then append local requirements onto the global standards. Panelists felt that it was best to integrate any local requirements into the centralized customer due diligence and KYC system rather than create separate systems for regions with more stringent requirements. To make this possible, the centralized AML function must have ongoing communication with local teams that are on the ground in these jurisdictions.
The panelists discussed the challenges posed by jurisdictions with data privacy requirements that make it impossible to house customers’ information in a centralized database. In Switzerland for example, one panelist explained that the company has created a separate incidence of the customer due diligence and KYC system with firewalls to ensure that the data privacy requirements are fulfilled. Other jurisdictions’ requirements could lead a company to create a duplicate record of a customer’s information for use outside the jurisdiction. The panelists suggested categorizing jurisdictions into buckets based on how open or private they are to create controls that prevent unauthorized access.
The panelists stressed the value of leveraging your company’s technology to acquire a consistent set of information about new customers during the onboarding process. When a customer has one record across the company, that information can be used by different lines of business and different applications can be run off of the database. This same principle applies when a company implements a global case management tool for AML cases.
Effective Customer Risk Rating Models
The panelists identified many different factors that an effective customer risk rating model should take into account. These included:
(1) The kinds of business the customer is engaged in;
(2) Locations in which the customer operates;
(3) Whether the customer maintains custodial accounts;
(4) Reputational risk associated with the customer;
(5) Negative news reports on the customer; and
(6) SARs filed on the customer.
Here, too, the panelists noted the challenge of incorporating jurisdictional variation in requirements, such as a country requiring certain industries to be rated high-risk, into a globalized system. But again, the panelists felt that the best approach was to establish a global model and incorporate jurisdictional-specific requirements. One panelist described a peer-grouping function that compares a customer to similar customers within the company’s portfolio to see if the customer is operating much differently than similar customers.
The panelists observed that regulators have placed particular emphasis on models in general, including customer risk rating models. Accordingly, the panelists stressed the importance of the Supervisory Guidance on Model Risk Management released by the OCC in April 2011 when testing and tuning your customer risk rating model. The panelists generally agreed that testing and tuning the customer risk rating model should be an ongoing process with enhancements made to the model on a regular basis; perhaps annually or quarterly. A regular review should also be conducted to look for new factors that should be considered in the model.
Looking ahead
The panelists concluded the session by discussing what issues related to customer due diligence and KYC they anticipated being especially important in the upcoming year. Several panelists mentioned the anticipated beneficial ownership rules. The panelists said that they are beginning to have internal discussions about the costs and changes that will need to be made to comply with the new requirements. The panelists also mentioned that meeting regulatory expectations for their customer risk rating models will also be an important issue.