Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 31, the OCC announced an updated version of its “Subsidiaries and Equity Investments” booklet of the Comptroller’s Licensing Manual. According to Bulletin 2019-4, the revised booklet now provides additional guidance describing activities that the OCC has determined may be performed in operating subsidiaries and servicer corporations, or through pass-through investments.
On January 29, NYDFS announced a $40 million settlement with a London-based financial services company to resolve allegations the bank engaged in unsafe and unsound practices in its foreign exchange (FX) trading business. According to the consent order, the company did not implement and maintain sufficient controls to identify illegal tactics used by traders to maximize profits or minimize losses at the expense of the company’s customers, competitors, and the market as a whole. Among other things, the order states that between 2007 and 2013 the company’s FX traders (i) improperly coordinated trading through a chat room; (ii) improperly shared confidential consumer information; and (iii) engaged in “deliberate underfills” of consumer accounts. In addition to the fine, the company is required to improve its internal controls and programs to comply with applicable New York State and federal laws and regulations, submit a written plan to improve its compliance risk management program, and provide an enhanced written internal audit program. NYDFS acknowledged the company’s full cooperation with the investigation, in addition to taking disciplinary action against those identified as engaging in the misconduct.
On January 8, the Federal Reserve Board announced an enforcement action against a Texas bank for alleged weaknesses in its anti-money laundering risk management and compliance programs, including failure to comply with applicable rules and regulations, such as the Bank Secrecy Act. Under the terms of the order, the bank is required to (i) develop and implement a written plan to strengthen the board of directors’ oversight of Bank Secrecy Act/anti-money laundering (BSA/AML) compliance; (ii) submit an enhanced written compliance program that complies with BSA/AML requirements; (iii) ensure the bank provides effective training for all personnel related to BSA/AML compliance responsibilities; (iv) submit an enhanced, written customer due diligence plan; (v) submit a program to ensure compliant, timely, and accurate suspicious activity monitoring and reporting; (vi) retain an independent third party to ensure the effectiveness of the bank’s transaction monitoring system; and (vii) submit a written plan for independent testing of the bank’s compliance with all applicable BSA/AML requirements. A civil money penalty was not assessed against the bank.
Agencies encourage financial institutions to explore innovative industry approaches to BSA/AML compliance
On December 3, the Financial Crimes Enforcement Network (FinCEN) released a joint statement along with federal banking agencies—the Federal Reserve Board, FDIC, NCUA, and OCC (together, the “agencies”)—to encourage banks and credit unions to explore innovative approaches such as artificial intelligence, digital identity technologies, and internal financial intelligence units to combat money laundering, terrorist financing, and other illicit financial threats when safeguarding the financial system. According to the agencies, private sector innovation and the adoption of new technologies can enhance the effectiveness and efficiency of Bank Secrecy Act/anti-money laundering (BSA/AML) compliance programs. Moreover, new innovations and technologies can also enhance transaction monitoring systems. Specifically, the agencies urged banks to test innovative programs to explore the use of artificial intelligence. However, the agencies emphasized that while feedback on innovative programs may be provided, the “pilot programs in and of themselves should not subject banks to supervisory criticism even if the pilot programs ultimately prove unsuccessful. Likewise, pilot programs that expose gaps in a BSA/AML compliance program will not necessarily result in supervisory action with respect to that program.” The joint statement further specifies that the agencies will be willing to grant exceptive relief from BSA regulatory requirements to facilitate pilot programs, “provided that banks maintain the overall effectiveness of their BSA/AML compliance programs.” However, banks that maintain effective compliance programs but choose not to innovate will not be penalized or criticized.
According to Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker, “[a]s money launderers and other illicit actors constantly evolve their tactics, we want the compliance community to likewise adapt their efforts to counter these threats,” pointing to the recent use of innovative technologies to identify and report illicit financial activity related to both Iran and North Korea.
As previously covered by InfoBytes, earlier in October the agencies provided guidance on resource sharing between banks and credit unions in order to more efficiently and effectively manage their BSA/AML obligations.
On December 3, the OCC released its Semiannual Risk Perspective for Fall 2018, identifying and reiterating key risk areas that pose a threat to the safety and soundness of national banks and federal savings associations. The report focuses on risks to the federal banking system based on five areas: the operating environment, bank performance, special topics in emerging risk, trends in key risks, and supervisory actions. Overall, loans and bank profitability grew in 2018 as the U.S. economy continued to grow. Moreover, recent examination findings indicate incremental improvements in banks’ general risk management practices. Specific risk areas of concern noted by the OCC include: (i) the origination quality of new loans and potential embedded risks from previously successive years of relaxed underwriting standards; (ii) an increasingly complex operating environment, including the continually evolving threat to cybersecurity; (iii) elevated money-laundering risks; and (iv) rising market interest rates, including certain risks associated with heightened competition for deposits.
The report also notes that outstanding enforcement actions continue to decline since peaking in 2010, which, according to the OCC, reflects an overall improvement in, among other things, banks’ risk management practices. The leading cause of current enforcement actions continues to be compliance or operational failures.
On November 30, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in October. Included among the actions is an order to pay a civil money penalty of $9,600 issued against a Louisiana-based bank for alleged violations of the Flood Disaster Protection Act in connection with alleged failures to obtain flood insurance coverage on loans at or before origination or renewal.
Consent orders were also issued against three separate banks related to alleged weaknesses in their Bank Secrecy Act (BSA) and/or BSA/anti-money laundering (BSA/AML) compliance programs. (See orders here, here, and here.) Among other things, the banks are ordered to: (i) implement comprehensive written BSA/AML compliance programs, which include revising BSA risk assessment policies, developing a system of BSA internal controls, and enhancing suspicious activity monitoring and reporting and customer due diligence procedures; (ii) conduct independent testing; and (iii) implement effective BSA training programs. The FDIC further requires the Florida and New Jersey-based banks to conduct suspicious activity reporting look-back reviews.
In addition, a Kentucky-based bank was ordered to pay a civil money of $300,000 for allegedly violating TILA by “failing to clearly and conspicuously disclose required information related to the [b]ank’s Elastic line of credit product” and Section 5 of the FTC ACT by “using a processing order for certain deposit account transactions contrary to the processing orders disclosed in the [b]ank’s deposit account disclosures.”
There are no administrative hearings scheduled for December 2018. The FDIC database containing all 17 enforcement decisions and orders may be accessed here.
On November 19, the Federal Reserve Board, Office of Foreign Assets Control (OFAC), DOJ, Manhattan District Attorney’s Office, and NYDFS announced that a French bank agreed to pay approximately $1.34 billion in total penalties to resolve federal and state investigations into the bank’s allegedly intentional violation of U.S. sanctions laws and other federal and New York state laws from approximately 2003 to 2013.
The bank entered into a deferred prosecution agreement (DPA) with the U.S. Attorney’s Office for the Southern District of New York to settle charges of conspiring to violate U.S. sanctions against Cuba by “structuring, conducting, and concealing U.S. dollar transactions using the U.S. financial system.” The DPA requires the bank to forfeit more than $717 million. The bank also agreed to “accept responsibility for its conduct by stipulating to the accuracy of an extensive Statement of Facts, pay penalties totaling [$1.34 billion] to federal and state prosecutors and regulators, refrain from all future criminal conduct, and implement remedial measures as required by its regulators.” According to the DOJ, the bank “admitted its willful violations of U.S. sanctions laws—and longtime concealment of those violations—which resulted in billions of dollars of illicit funds flowing through the U.S. financial system.” As factors mitigating the penalty, the DPA acknowledges the bank’s efforts to collect and produce “voluminous evidence located in other countries to the full extent permitted under applicable laws and regulations, and its enhancement of its compliance program and sanctions-related internal controls both before and after it became the subject of a U.S. law enforcement investigation.” Among other factors, the bank’s willingness to enter into the terms of the DPA, outweighed its “failure to self-report all of its violations of [U.S.] sanctions laws in a timely manner.”
The bank also entered into agreements to pay almost $163 million to the New York County District Attorney’s Office, nearly $54 million to OFAC, approximately $81 million to the Federal Reserve Board, and $325 million to NYDFS. Among other things, NYDFS noted that branch employees “responsible for originating USD transactions outside of the U.S. had a minimal understanding of U.S. sanctions laws and regulations as they related to Sudan, Iran, Cuba, North Korea, or other U.S. sanctions targets.”
Separate from the resolution of alleged sanctions violations, NYDFS imposed an additional $95 million penalty to resolve findings that the bank’s New York branch allegedly failed to “implement and maintain an effective Bank Secrecy Act/Anti-Money Laundering Law compliance program and transaction monitoring system.”
According to a bank statement issued the same day, the bank acknowledges and regrets the identified shortcomings, and “has already taken a number of significant steps in recent years and dedicated substantial resources to enhance its sanctions and AML compliance programs.”
On November 15, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include cease and desist orders, civil money penalty orders, formal agreements, prompt corrective action directives, removal/prohibition orders, and terminations of existing enforcement actions. Two notable enforcement actions are discussed below.
On October 25, the OCC issued a consent order against a Louisiana-based bank related to examination findings from 2018 wherein the bank failed to adopt and implement an adequate Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program. Among other conditions, the consent order requires the bank to (i) develop and implement an ongoing BSA/AML risk assessment program; (ii) adopt an independent audit program to conduct a review of the bank’s BSA/AML compliance program; and (iii) submit a written progress report within 30 days after the end of each calendar quarter that details actions undertaken to ensure compliance with the consent order’s provisions. The bank neither admitted nor denied the OCC’s findings and is not required to pay a civil money penalty.
On October 23, the OCC assessed a $100 million civil money penalty against a national bank for alleged deficiencies in the bank’s BSA/AML compliance programs. Specifically, the alleged deficiencies include the failure to comply with a 2015 consent order in a timely manner, which required the bank to, among other things, adopt and implement an adequate BSA/AML compliance program and file timely Suspicious Activity Reports. The consent order acknowledges that the bank has undertaken corrective action to remedy the deficiencies noted by the OCC.
On October 3, the Financial Crimes Enforcement Network, Federal Reserve Board, FDIC, NCUA, and OCC (together, the agencies) issued an interagency statement outlining instances where banks and credit unions may choose to enter into collaborative arrangements to share resources in order to more efficiently and effectively manage their Bank Secrecy Act (BSA) and anti-money laundering (AML) obligations. The statement noted that collaborative arrangements are most suitable for “banks with a community focus, less complex operations, and lower-risk profiles for money laundering or terrorist financing.” The agencies described several examples in which collaboration between banks may be beneficial, such as (i) conducting internal control functions, including reviewing and drafting BSA/AML policies and procedures and risk-based customer identification and account monitoring processes; (ii) sharing resources for BSA/AML independent testing; and (iii) conducting BSA/AML training on regulatory requirements and internal policies, procedures, and processes. Other potential benefits include cost reductions, increases in operational efficiencies, and the availability to leverage specialized expertise.
However, the agencies cautioned that banks who choose to enter into collaborative agreements should carefully consider the associated risks “in relation to the bank’s risk profile, adequate documentation, consideration of legal restrictions, and the establishment of appropriate oversight mechanisms.” Moreover, banks should ensure that the collaborative arrangement is consistent with sound principles of corporate governance, have in place a contractual agreement, conduct periodic performance reviews, and consult their regulator’s guidance concerning third-party relationship to ensure compliance. The agencies further noted that “each bank is responsible for ensuring compliance with BSA requirements. Sharing resources in no way relieves a bank of this responsibility.” The interagency statement emphasizes that it is not applicable “to collaborative arrangements or consortia formed for the purpose of sharing information under Section 314(b) of the USA PATRIOT Act,” and “banks that form collaborative arrangements as described in this interagency statement are not an association for purposes of Section 314(b) of the USA PATRIOT Act.”
On September 26, the OCC’s Committee on Bank Supervision released its bank supervision operating plan (Plan) for fiscal year 2019. The Plan outlines the agency’s supervision priorities and specifically highlights the following supervisory focus areas: (i) cybersecurity and operational resiliency; (ii) commercial and retail credit loan underwriting, concentration risk management, and the allowance for loan and lease losses; (iii) Bank Secrecy Act/anti-money laundering compliance; (iv) change management to address new regulatory requirements; and (v) internal controls and end-to-end processes necessary for product and service delivery.
The annual plan guides the development of supervisory strategies for individual national banks, federal savings associations, federal branches, federal agencies, and service providers.
The OCC will provide updates about these priorities in its Semiannual Risk Perspective, as InfoBytes previously has covered.
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Benjamin W. Hutten to discuss "BSA program reporting, management and board of directors responsibilities" at the Georgia Bankers Association BSA Experience Program
- Hank Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates and Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- H Joshua Kotin to discuss "Recent developments in fair lending and avoiding the pitfalls" at the Arkansas Community Bankers/Bankers Assurance 2019 Compliance Conference
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at the American Bar Association Business Law Section Annual Meeting
- Valerie L. Hletko to discuss "Banking on guns ‘n drugs: Social policy meets financial services" at the American Bar Association Business Law Section Annual Meeting
- Daniel P. Stipano to discuss "Navigating the conflicting federal and state laws for doing business with cannabis companies" at the American Bar Association Business Law Section Annual Meeting
- Tim Lange to discuss "Services and value" at the North American Collection Agency Regulatory Association Annual Conference
- Katherine L. Halliday to discuss "UDAP, UDAAP & the Map rule compliance basics" at the Mortgage Bankers Association Regulatory Compliance Conference
- Brandy A. Hood to discuss "How to ace your TRID exam" at the Mortgage Bankers Association Regulatory Compliance Conference
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Melissa Klimkiewicz to discuss "Navigating FHA rules and regs" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jeffrey P. Naimon to discuss "Washington regulatory overview" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Kathryn L. Ryan to discuss "The state’s role in fintech: Providing an industry framework for innovation" at Lend360
- Jeffrey P. Naimon to discuss "Truth in lending" at the American Bar Association National Institute on Consumer Financial Services Basics
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions" at the Institute of International Bankers Risk Management and Regulatory Examination/Compliance Seminar
- Jonice Gray Tucker to discuss "Fintech regulatory developments, crypto-assets, blockchain and digital banking, and consumer issues" at the Practising Law Institute Banking Law Institute
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference