InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN Publishes SAR Activity Review and Annual SAR Data Report
This week, FinCEN published its semiannual SAR Activity Review, which provides information about the preparation, use, and value of Suspicious Activity Reports (SARs) filed by financial institutions. The report identifies SAR trends, reviews law enforcement cases that demonstrate the importance and value of Bank Secrecy Act (BSA) data to the law enforcement community, and highlights issues related to financial exploitation of older Americans. FinCEN also published an annual companion report, “By the Numbers,” which compiles numerical data gathered from SARs filed by financial institutions.
Federal Reserve Board, New York DFS Issue Joint Enforcement Action against U.S. Branch of Foreign Bank
On April 4, the Federal Reserve Board released a March 25, 2013 written agreement between the Federal Reserve Board, the New York Department of Financial Services, and a German bank and its U.S. branch regarding certain BSA/AML deficiencies at the U.S. branch. The agreement requires that the bank and the branch retain within 30 days an independent consultant to conduct a comprehensive review of the branch’s compliance with BSA/AML rules and state regulations, and subsequently prepare a report of the findings. The agreement further requires that within 60 days of the compliance report prepared by the consultant, the bank and the branch (i) submit a written enhanced BSA/AML compliance program for the branch, (ii) submit a written plan to improve and enhance management oversight of the branch’s compliance program, (iii) submit a written program to improve customer due diligence and a written program to ensure timely and accurate SAR reporting, and (iv) engage a different independent testing consultant to develop a risk-based BSA/AML audit program and conduct an independent compliance test. In addition, the agreement requires the bank and the branch to submit within 60 days of the agreement a written plan to enhance compliance with OFAC requirements.
Federal Reserve Board Announces BSA/AML Enforcement Action against Bank Holding Company
On March 26, the Federal Reserve Board released a recent enforcement action against a bank holding company related to deficiencies in certain of its bank subsidiaries’ Bank Secrecy Act and anti-money laundering (BSA/AML) compliance programs, as reflected in 2012 orders from the OCC and the FDIC requiring the subsidiary banks to remedy certain BSA/AML compliance deficiencies. Nearly a year later, the Federal Reserve Board order charges that the holding company lacked effective systems of governance and internal controls to adequately oversee the activities of the banks with respect to legal, compliance, and reputational risk related to the banks’ respective BSA/AML compliance programs. The order requires the holding company to (i) submit a plan to continue to improve the governance, structure, and operations of its BSA/AML and OFAC regulations compliance risk management program; and (ii) complete a review of the effectiveness of its firmwide BSA/AML compliance program and prepare a report. In addition, the company’s board must (i) submit a written plan to continue ongoing enhancements to its oversight of the company’s firmwide BSA/AML compliance risk management program; (ii) review the above-referenced BSA/AML compliance program report and submit a plan with specific actions the company will take to continue to strengthen the management and oversight of its firmwide compliance program; and (iii) submit quarterly progress reports. The Federal Reserve Board order does not include a civil money penalty.
Insights Into The Financial Fraud Enforcement Task Force Priorities for 2013
On March 20, 2013, Michael Bresnick, Executive Director of DOJ’s Financial Fraud Enforcement Task Force gave a speech at the Exchequer Club of Washington, DC highlighting recent accomplishments of the Task Force and outlining its priorities for the coming year. He began by discussing a number of areas of known focus for the Task Force, including RMBS fraud, fair lending enforcement, and servicemember protection. He then outlined three additional areas of focus that the Task Force has prioritized, including (i) the “government’s ability to protect its interests and ensure that it does business only with ethical and responsible parties;” (ii) discrimination in indirect auto lending; and (iii) financial institutions’ role in fraud by their customers, which include third party payment processors and payday lenders.
The third priority, which was the focus of Mr. Bresnick’s remarks, involves the Consumer Protection Working Group’s prioritization of “the role of financial institutions in mass marketing fraud schemes -- including deceptive payday loans, false offers of debt relief, fraudulent health care discount cards, and phony government grants, among other things -- that cause billions of dollars in consumer losses and financially destroy some of our most vulnerable citizens.” He added that the Working Group also is investigating third-party payment processors, the businesses that process payments on behalf of the fraudulent merchant. Mr. Bresnick explained that “financial institutions and payment processors . . . are the so-called bottlenecks, or choke-points, in the fraud committed by so many merchants that victimize consumers and launder their illegal proceeds.” He said that “they provide the scammers with access to the national banking system and facilitate the movement of money from the victim of the fraud to the scam artist.” He further stated that “financial institutions through which these fraudulent proceeds flow . . . are not always blind to the fraud” and that the FFETF has “observed that some financial institutions actually have been complicit in these schemes, ignoring their BSA/AML obligations, and either know about -- or are willfully blind to -- the fraudulent proceeds flowing through their institutions.” Mr. Bresnick explained that “[i]f we can eliminate the mass-marketing fraudsters’ access to the U.S. financial system -- that is, if we can stop the scammers from accessing consumers’ bank accounts -- then we can protect the consumers and starve the scammers.”
Mr. Bresnick stated that the Task Force’s message to banks is this: “Maintaining robust BSA/AML policies and procedures is not merely optional or a polite suggestion. It is absolutely necessary, and required by law. Failure to do so can result in significant civil, or even criminal, penalties under the Bank Secrecy Act, FIRREA, and other statutes.” He noted that banks should endeavor not only to know their customers, but also to know their customers’ customers: “Before they agree to do business with a third-party payment processor, banks should strive to learn more about the processors’ merchant-clients, including the names of the principals, the location of the business, and the products being sold, among other things.” They further should be aware of glaring red flags indicative of fraud, such as high return rates on the processor’s accounts: “High return rates trigger a duty by the bank and the third-party payment processor to inquire into the reasons for the high rate of returns, in particular whether the merchant is engaged in fraud.” (See BuckleySandler’s previous Spotlight on Anti-Money Laundering posts here, here and here.) Mr. Bresnick underscored this point by mentioning a recent complaint filed by the DOJ in the Eastern District of Pennsylvania.
With respect to the financial institutions’ relationships with the payday lending industry, Mr. Bresnick stated that “the Bank Secrecy Act required banks to have an effective compliance program to prevent illegal use of the banking system by the banks’ clients.” He explained that financial institutions “should consider whether originating debit transactions on behalf of Internet payday lenders – particularly where the loans may violate state laws – is consistent with their BSA obligations.” Although he acknowledged that it was not a simple task for a financial institution to determine whether the loans being processed through it are in violation of the state law where the borrower resides, he suggested “at a minimum, banks might consider determining the states where the payday lender makes loans, as well as what types of loans it offers, the APR of the loans, and whether it makes loans to consumers in violation of state, as well as federal, laws.”
In concluding, Mr. Bresnick said, “It comes down to this: When a bank allows its customers, and even its customers’ customers, access to the national banking system, it should endeavor to understand the true nature of the business that it will allow to access the payment system, and the risks posed to consumers and society regarding criminal or other unlawful conduct.”
The agenda outlined by Mr. Bresnick reinforces ongoing efforts by FinCEN and the FDIC, and adds to the priorities recently sketched out by CFPB and the OCC. Together they describe an ambitious, and increasingly aggressive, financial services enforcement agenda for federal regulators and enforcement authorities.
FinCEN Issues Guidance on Virtual Currencies
On March 18, FinCEN issued guidance to clarify the applicability of Bank Secrecy Act regulations to persons creating, obtaining, distributing, exchanging, accepting, or transmitting virtual currencies. FinCEN clarifies that a person that obtains a virtual currency to purchase goods or service (a “user”) does not fit within the regulatory definition of a money transmission service, and therefore is not subject to the relevant regulations. However, a person engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency (an “exchanger”), and a person engaged as a business in issuing a virtual currency, and who has the authority to redeem such virtual currency (an “administrator”), generally are considered money transmitters under FinCEN's regulations if they (i) accept and transmit a convertible virtual currency or (ii) buy or sell convertible virtual currency for any reason. The guidance reviews FinCEN’s specific determinations regarding different activities involving virtual currencies and the appropriate regulatory treatment of administrators and exchangers under each of the scenarios. Specifically, the guidance addresses (i) brokers and dealers of e-currencies and e-precious metals; (ii) centralized convertible virtual currencies; and (iii) de-centralized convertible virtual currencies.
Regulators, Lawmakers Scrutinize BSA/AML Compliance and Enforcement
On March 7, the Senate Banking Committee held a hearing entitled “Patterns of Abuse: Assessing Bank Secrecy Act Compliance and Enforcement,” which featured testimony from representatives of the Treasury Department, the Comptroller of the Currency; and the Federal Reserve Board. During the hearing, Senators challenged the regulators on what they view as insufficient civil and criminal enforcement of the Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) rules, and pressed them to act more aggressively in bringing criminal actions against banks. Senators also pressed lawmakers on comments made by Attorney General Holder at a hearing the day before where he expressed concern that some of the world’s biggest banks have become “too big to jail” because a potential punishment could negatively impact the broader economy. With regard to possible regulatory and legislative changes, Comptroller of the Currency Thomas Curry stated that the OCC is drafting guidance for banks on BSA/AML compliance, in part, to make it easier for the OCC to remove bank officers who violate federal anti-money laundering laws. Curry said the OCC also would support expanded safe harbors for banks submitting and sharing Suspicious Activity Reports. Comptroller Curry’s comments at the hearing follow remarks he made earlier in the week when he called on banks to devote more resources to BSA/AML compliance. Mr. Curry stressed that controls with regard to international activities – e.g., foreign correspondent banking and remote deposit capture – need to be commensurate with risk. He also directed banks to focus on third-party relationships and payment processors. Finally, the Comptroller cautioned banks to understand risks presented by deployment of new technologies and payment activities, including prepaid access cards, mobile banking, and mobile wallets.
FinCEN Reminds Institutions about Tax Refund Fraud and SAR Filing
On February 26, FinCEN issued Advisory FIN-2013-A001 to remind financial institutions of their important role in identifying tax refund fraud and provide a list of red flags to aid in such identification. The Advisory also reminds institutions that they may be required to filed a SAR if they know, suspect or have reason to suspect that a transaction conducted or attempted by, at, or through the financial institution (i) involves funds derived from illegal activity or an attempt to disguise funds derived from illegal activity, (ii) is designed to evade regulations promulgated under the Bank Secrecy Act, or (iii) lacks a business or apparent lawful purpose. Institutions completing a tax refund fraud SAR should use the term “tax refund fraud” in the narrative section of the SAR and provide a detailed description of the activity, and are encouraged to notify their local IRS Criminal Investigation Field Office of the filed SAR.
Federal Regulators Propose Guidance for Social Media Use
On January 22, the FFIEC proposed guidance on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by federally supervised financial institutions, as well as nonbanks supervised by the CFPB. With regard to compliance and legal risks, the guidance addresses (i) the applicability of existing federal laws and regulations to the use of social media for marketing and originating new deposit and lending products and the use of social media to facilitate consumer use of payment systems; (ii) the need to apply BSA/AML internal controls to customers engaging in electronic banking through the use of social media, and e-banking products and services offered in the context of social media, as well as BSA/AML risks emerging through the growing use of social media; (iii) CRA monitoring of social media sites run by an institution; and (vi) customer privacy issues associated with social media. The guidance also reviews reputational risks related to social media, including risks related to (i) fraud and brand identity; (ii) social media vendor monitoring; (iii) privacy; (iv) consumer complaints; and (v) employee use of social media. Finally, the guidance addresses the vulnerability of social media to malware and the resultant operational risk. The FFIEC is accepting comments for 60 days after publication in the Federal Register. After the comment period, the agencies will issue supervisory guidance and will urge state regulators to follow.
Federal Regulators Announce BSA/AML and Derivatives Trading Enforcement Actions Against Large Bank.
On January 14, the Federal Reserve Board and the OCC issued two consent orders against a large international bank and its trust company over alleged deficiencies in its Bank Secrecy Act and Anti-Money Laundering (BSA/AML) compliance programs. Under the Federal Reserve Board Order, the bank is required to conduct a full review of its compliance program and submit written reports to the Federal Reserve Bank of New York regarding the review’s findings and recommendations. Any proposed improvements are subject to approval by the Federal Reserve Bank of New York. The OCC Order identifies “critical deficiencies” in the bank’s BSA/AML compliance programs with respect to suspicious activity reporting, transaction monitoring, customer due diligence, and internal control implementation and requires specific corrective actions in response. Neither order requires a civil money penalty. On the same day, the Federal Reserve Board and the OCC issued consent orders concerning the bank’s derivatives trading activity. Under those orders, the bank must take corrective action as to its risk-management program, finance and internal audit functions, and Chief Investment Office, but the orders do not include a monetary settlement. The Federal Reserve Board stated that the corrective actions are necessary in light of disclosed, significant losses in a large synthetic credit portfolio managed by the Chief Investment Office. An OCC report found that the bank lacked adequate oversight to protect itself from such material risk, and had other inadequate risk management processes, trade valuation controls, and audit processes.
U.S. Law Enforcement Authorities and Regulators Resolve Significant Money Laundering and Sanctions Investigations
On December 11, a major international bank holding company announced agreements with U.S. law enforcement authorities and federal bank regulators to end investigations into alleged inadequate compliance with anti-money laundering and sanctions laws by the holding company and its U.S. subsidiaries (collectively the banks). Under these agreements, the banks will make payments totaling $1.92 billion, will continue to cooperate fully with regulatory and law enforcement authorities, and will take further action to strengthen its compliance policies and procedures. As part of the resolution, the bank entered into a deferred prosecution agreement (DPA) with the DOJ pursuant to which the banks will forfeit $1.256 billion, $375 million of which satisfies a settlement with the Office of Foreign Assets Control (OFAC). The four-count criminal information filed in conjunction with the DPA charges that the banks violated the Bank Secrecy Act by failing to maintain an effective anti-money laundering program and to conduct appropriate due diligence on its foreign correspondent account holders. The DOJ also alleged that the banks violated the International Emergency Economic Powers Act and the Trading with the Enemy Act by illegally conducting transactions on behalf of customers in certain countries that were subject to sanctions enforced by OFAC. The banks agreed to pay a single $500 million civil penalty to satisfy separate assessments by the OCC and FinCEN related to the same alleged conduct, as well as a $165 million penalty to the Federal Reserve Board. The banks already have undertaken numerous voluntary remedial actions, including to (i) substantially increase AML compliance spending and staffing, (ii) revamp their Know Your Customer program, (iii) exit 109 correspondent relationships for risk reasons, and (iv) claw back bonuses for a number of senior officers. The banks also have undertaken a comprehensive overhaul of their structure, controls, and procedures, including to (i) simplify the control structure, (ii) create new compliance positions and elevate their roles, (iii) adopt a set of guidelines limiting business in those countries that pose a high financial crime risk, and (iv) implement a single global standard shaped by the highest or most effective anti-money laundering standards available in any location where the banks operates. Pursuant to the DPA, an independent monitor will evaluate the banks’ continued implementation of these and other enhanced compliance measures.
In a separate matter, on December 10, Manhattan District Attorney Cyrus R. Vance, Jr. and the DOJ announced the resolution of a joint investigation into a British bank’s alleged movement of more than $200 million through the U.S. financial system primarily on behalf of Iranian and Sudanese clients by removing information that would have revealed the payments as originating with a sanctioned country or entity, and thereby avoiding OFAC scrutiny. To resolve the matter, the bank was required to pay $227 million in penalties and forfeiture, and to enter into a DPA and corresponding Statement of Facts. Through the DPA, the bank admitted that it violated New York State law by falsifying the records of New York financial institutions and by submitting false statements to its state and federal regulators about its business conduct, and agreed to certain enhanced compliance practices and procedures. The payment also satisfies a settlement with OFAC over the same practices, while the Federal Reserve Board required an additional $100 million penalty to resolve its parallel investigation. The settlement follows an earlier settlement between this British bank and the New York Superintendent of Financial Services regarding the same alleged conduct.