InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN hosts exchange on SAR reporting
On November 9, the Financial Crimes Enforcement Network (FinCEN) held a virtual “FinCEN Exchange” with members of the financial industry and law enforcement “to discuss FinCEN’s analysis of suspicious activity reporting (SAR) with a transactional nexus to Alabama, Florida, Georgia, Mississippi, and South Carolina.” As previously covered by InfoBytes, SAR Stats—formerly called By the Numbers—is an annual compilation of numerical data gathered from SARs filed by financial institutions using FinCEN’s new unified SAR form and e-filing process. According to FinCEN, analysis of certain Bank Secrecy Act filing statistics for SARs and an analysis of SAR filings related to recent FinCEN advisories were among the topics discussed. FinCEN also noted that this FinCEN Exchange “supports one of FinCEN’s highest priorities—to strengthen public-private partnerships to identify and mitigate threats in order to safeguard our national security and protect communities and citizens from harm.”
Treasury and DOJ announce sanctions and charges in ransomware attacks, FinCEN updates ransomware guidance
On November 8, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13694 as amended against two ransomware operators and a virtual currency exchange network. According to OFAC, the virtual currency exchange, and its associated support network, are being designated for allegedly facilitating financial transactions for ransomware actors. OFAC is also designating two individuals allegedly associated with perpetuating ransomware incidents against the U.S., and who are part of a cybercriminal group that has engaged in ransomware activities and has received over $200 million in ransom payments. As a result of the sanctions, “all property and interests in property of the designated targets that are subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them” and “any entities 50 percent or more owned by one or more designated persons are also blocked.” According to OFAC, the sanctions are a part of a set of actions focused on disrupting criminal ransomware actors and virtual currency exchanges that launder the proceeds of ransomware, which “advance the Biden Administration’s counter-ransomware efforts to disrupt ransomware infrastructure and actors and address abuse of the virtual currency ecosystem to launder ransom payments.” Additionally, the DOJ announced charges against the sanctioned individuals under OFACs designations, seizing approximately $6.1 million in alleged ransomware payments.
The same day, FinCEN issued an advisory, which updated and replaced its October 1, 2020 Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments (covered by InfoBytes here). The updated advisory is in response to the recent increase in ransomware attacks against critical U.S. infrastructure. The updated advisory also reflects information released by FinCEN in its Financial Trend Analysis Report, which discusses ransomware trends and includes information on current trends and typologies of ransomware and associated payments as well as recent examples of ransomware incidents. Additionally, the updated advisory describes financial red flag indicators of ransomware-related illicit activity to assist financial institutions in identifying and reporting suspicious transactions related to ransomware payments, consistent with obligations under the Bank Secrecy Act.
California AG takes action against casino for AML violations
On November 5, the California attorney general filed an administrative accusation with the California Gambling Control Commission against a California casino for violating the Bank Secrecy Act’s (BSA) anti-money laundering provisions. The action, which follows a federal investigation, alleges that the casino “overlooked, neglected, or was willfully blind to accusations and actions taken against other casinos for violations of the BSA and for failing to maintain adequate Anti Money Laundering (AML) programs.” The casino had previously entered into a Non-Prosecution Agreement with the U.S. Attorney’s Office for the Central District of California, accepted responsibility for “failing to properly file reports for a foreign national who conducted millions of dollars in cash transactions at the casino,” and agreed to pay $500,000 and undergo an increased review of its AML compliance program to prevent future violations, according to a DOJ press release. The California AG now seeks to hold the casino and its owners responsible for state law violations.
OCC releases October enforcement actions
On October 21, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently or formerly affiliated with such entities. Included is a civil money penalty order against a Seattle-based bank, which requires the bank to pay $2.5 million for, among other things, allegedly failing to adopt and implement a Bank Secrecy Act/Anti-Money Laundering compliance program.
Agencies announce new measures to combat ransomware
On October 15, the U.S. Treasury Department announced additional steps to help the virtual currency industry combat ransomware and prevent exploitation by illicit actors. The guidance builds upon recent “whole-of-government” actions focused on confronting “criminal networks and virtual currency exchanges responsible for laundering ransoms, encouraging improved cyber security across the private sector, and increasing incident and ransomware payment reporting to U.S. government agencies, including both Treasury and law enforcement.” (Covered by InfoBytes here.) The newest industry-specific guidance—part of the Biden administration’s efforts to counter ransomware threats—outlines sanctions compliance best practices tailored to the unique risks associated with this space. According to Treasury, there is a “need for a collaborative approach to counter ransomware attacks, including public-private partnerships and close relationships with international partners.”
The same day, the Financial Crimes Enforcement Network (FinCEN) released new data analyzing ransomware trends in Bank Secrecy Act reporting filed between January 2021 and June 2021. The report follows FinCEN’s government-wide priorities for anti-money laundering and countering the financing of terrorism priorities released in July (covered by InfoBytes here). Issued pursuant to the Anti-Money Laundering Act of 2020, the report flags “ransomware as a particularly acute cybercrime concern,” and states that in the first half of 2021, FinCEN identified $590 million in ransomware-related suspicious activity reports (SARs)—an amount exceeding the entirety of the value report in 2020 ($416 million). If this trends continues, FinCEN warns that ransomware-related SARs submitted in 2021 will have a higher transaction value than similar SARs filed in the previous 10 years combined. FinCEN attributes this uptick in activity to several factors, including an increasing overall prevalence of ransomware-related incidents, improved detection and incident reporting, and an increased awareness of reporting obligations and willingness to report by financial institutions.
In conjunction with the “growing prevalence of virtual currency as a payment method,” Treasury’s Office of Foreign Assets Control (OFAC) issued sanctions compliance guidance for companies in the virtual currency industry, including technology companies, exchangers, administrators, miners, wallet providers, and financial institutions. OFAC warned that “sanctions compliance obligations apply equally to transactions involving virtual currencies and those involving traditional fiat currencies,” and that participants “are responsible for ensuring that they do not engage, directly or indirectly, in transactions prohibited by OFAC sanctions, such as dealings with blocked persons or property, or engaging in prohibited trade- or investment-related transactions.” Among other things, the guidance will assist participants on ways to evaluate risks and build a risk-based sanctions compliance program. OFAC also updated related FAQs 559 and 646.
OCC releases bank supervision operating plan for FY 2022
On October 15, the OCC’s Committee on Bank Supervision released its bank supervision operating plan for fiscal year 2022. The plan outlines the agency’s supervision priorities and highlights several supervisory focus areas including: (i) strategic and operational planning; (ii) credit risk management, including allowances for loan and lease losses and credit losses; (iii) cybersecurity and operational resiliency; (iv) third-party oversight; (v) Bank Secrecy Act/anti-money laundering compliance; (vi) consumer compliance management systems and fair lending risk assessments; (vii) Community Reinvestment Act performance; (viii) LIBOR phase-out preparations; (ix) payment systems products and services; (x) fintech partnerships involving potential cryptocurrency-related activities and other services; and (xi) climate-change risk management. The plan will be used by OCC staff members to guide the development of supervisory strategies for individual national banks, federal savings associations, federal branches, federal agencies, and technology service providers.
The OCC will provide updates about these priorities in its Semiannual Risk Perspective, as InfoBytes has previously covered.
FINRA advises firms to incorporate FinCEN’s AML/CFT priorities
On October 8, the Financial Industry Regulatory Authority (FINRA) encouraged member firms to consider ways to incorporate recently issued anti-money laundering and countering the financing of terrorism priorities (AML/CFT Priorities) into their risk-based compliance programs. As previously covered by InfoBytes, the Financial Crimes Enforcement Network’s (FinCEN) AML/CFT Priorities—issued pursuant to the Anti-Money Laundering Act of 2020—highlighted key threat trends and provided informational resources to help covered institutions manage their risks and meet their obligations under laws and regulations designed to combat money laundering and counter terrorist financing.
FINRA reminded member firms that FINRA Rule 3310 requires the development and implementation of a written AML program to achieve compliance with the Bank Secrecy Act (BSA). While FinCEN’s issuance of the AML/CFT Priorities “does not trigger an immediate change in the BSA requirements or supervisory expectations for member firms,” FINRA advised member firms to evaluate how they plan to incorporate these priorities into their risk-based AML programs. Among other things, FINRA advised member firms to: (i) review red flags based on potential risks presented by their business activities, size, geographic location, and types of accounts and transactions; and (ii) consider potential technical changes, including those used to monitor and investigate suspicious activity.
FinCEN seeks comments on antiquities trading
On September 23, the Financial Crimes Enforcement Network (FinCEN) issued an Advance Notice of Proposed Rulemaking (ANPRM) to solicit public comments on implementing Section 6110 of the Anti-Money Laundering Act of 2020 (Act) regarding the trade in antiquities. FinCEN noted that this is the first of several regulatory actions that the agency intends to undertake to implement Section 6110. As previously covered by InfoBytes, the Act made numerous changes to the Bank Secrecy Act (BSA), including amendments to the definition of “financial institution” to include a “person engaged in the trade of antiquities, including an advisor, consultant, or any other person who engages as a business in the solicitation or the sale of antiquities.” FinCEN explained that crimes related to the trade in antiquities may include money laundering and sanctions violations, and may also be exploited by terrorist financiers seeking to evade detection when laundering illicit funds through the U.S. financial system. In March, FinCEN issued an advisory notice (covered by InfoBytes here) alerting financial institutions with existing BSA obligations about illicit activity associated with trade in antiquities and art. According to FinCEN, the ANPRM “is an important step in strengthening U.S. national security by protecting the U.S. financial system from money launderers and terrorist financiers that seek to exploit the antiquities trade.”
In developing the ANPRM, FinCEN coordinated with the FBI, the Attorney General, and Homeland Security Investigations to consider several factors, including “the degree to which the regulations should focus on high-value trade in antiquities, and on the need to identify the actual purchasers of such antiquities, in addition to the agents or intermediaries acting for or on behalf of such purchasers,” whether thresholds should apply when determining persons to regulate, and what exemptions, if any, should apply to the regulations. The ANPRM seeks comments regarding, among other things: (i) “the potential for money laundering, financing of terrorism, and other illicit financial activity in the antiquities industry”; (ii) “the existence of any safeguards in the industry to guard against this potential”; (iii) “the effect that compliance with BSA requirements could have on the antiquities industry”; (iv) “what additional steps may be necessary to protect the industry from abuse by money launderers and other malign actors”; and (v) “which actors within the antiquities trade should be subject to BSA requirements.” Comments are due October 25.
Former officials agree SEC usurped FinCEN’s BSA enforcement authority
On August 20, former FinCEN officials filed an amicus brief in support of a petition for certiorari filed by penny stock broker-dealer (petitioner) against the SEC claiming the agency usurped FinCEN’s Bank Secrecy Act (BSA) enforcement authority. The petition seeks to reverse a U.S. Court of Appeals for the Second Circuit decision, which upheld a $12 million penalty and concluded the SEC has the authority to bring an action under Section 17(a) of the Securities Exchange Act of 1934 (Exchange Act) and Rule 17a-8 promulgated thereunder for failure to comply with the Suspicious Activity Report (SAR) provisions of the BSA. As previously covered by InfoBytes, the appellate court rejected the broker-dealer’s argument that the SEC is attempting to enforce the BSA, which only the U.S. Treasury Department has the authority to do. The appellate court noted that the SEC is enforcing the requirements of Rule 17a-8, which requires broker-dealers to adhere to the BSA in order to comply with requirements of the Exchange Act, which does not constitute the agency’s enforcement of the BSA. Moreover, the appellate court concluded that the SEC did not overstep its authority when promulgating Rule 17a-8, as SARs “serve to further the aims of the Exchange Act by protecting investors and helping to guard against market manipulation,” and that the broker-dealer did not meet its “‘heavy burden’ to show that Congress ‘clearly expressed [its] intention’ to preclude the SEC from examining for SAR compliance in conjunction with FinCEN and pursuant to authority delegated under the Exchange Act.”
The former officials’ brief states that they “have no interest in the facts” of the petitioner’s dispute with the SEC, but rather “are concerned that the Second Circuit’s misunderstanding of FinCEN’s delegated enforcement authority will lead to confusion among the financial institutions that must comply with the BSA; create multiple, conflicting BSA regulatory regimes; decrease American influence over global financial regulators; and hamper U.S. law enforcement and national security efforts by diminishing the value of BSA data.” They further pointed out that the appellate court “erred in conflating delegated compliance examination efforts with the exercise of enforcement authority and let stand SEC and lower court decisions applying materially different legal standards with a lower level of judicial oversight and review than that established by Congress.” The former officials stressed that the appellate court’s decision fails “to appreciate the nature of the AML regime and therefore FinCEN’s unique expertise and central role,” adding that the decision “threatens to undermine the BSA statutory regime and harm U.S. efforts to fight money laundering and terrorist financing” and may affect other regulators and regulated entities.
FinCEN’s interactive SAR stats include 2020 data
On August 19, FinCEN announced that its Interactive SAR Stats webpage now includes Filing Trend Data by industry updated through December 31, 2020. As previously covered by InfoBytes, SAR Stats—formerly called By the Numbers—is an annual compilation of numerical data gathered from the Suspicious Activity Reports (SARs) filed by financial institutions using FinCEN’s new unified SAR form and e-filing process. Interactive SAR Stats provide users the opportunity to find FinCEN’s trend data for aggregated counts of defined suspicious activities that financial institutions file with FinCEN as required by the Bank Secrecy Act.