Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On February 24, the Financial Crimes Enforcement Network (FinCEN) issued an advisory alerting financial institutions to potential fraud and other financial crimes targeting Covid-19 economic impact payments (EIP). The advisory is based on FinCEN’s analysis of Covid-19 related information obtained from Bank Secrecy Act data, public reporting, and law enforcement partners, and outlines potential methods of EIP fraud, associated red flags, and information for reporting suspicious activity related to such fraud. According to FinCEN, U.S. authorities have detected a wide range of EIP-related fraud, including (i) fraudulent, altered, or counterfeit checks; (ii) theft of EIPs; (iii) phishing schemes using EIPs as a lure, in which emails, letters, phone calls, and text messages are used by fraudsters in order to obtain personal information such as account numbers and passwords; and (iv) private companies with control over a person’s finances that seize a person’s EIP for wage garnishment or debt collection and do not return the inappropriately-seized payment.
FinCEN also issued a notice for filing suspicious activity reports (SAR) related to Covid-19. The notice consolidates filing instructions and key terms for fraudulent activities, crimes, and cyber/ransomware attacks related to the pandemic. FinCEN reminded financial institutions to consult previously issued advisories and notices to access additional SAR filing instructions and other Covid-19-related advisories and alerts (available here).
On January 22, the Federal Reserve Board published a notice of proposed rulemaking, which would modify the requirements to file Suspicious Activity Reports (SARs) for state member banks, Edge and agreement corporations, U.S. offices of foreign banking organizations supervised by the Federal Reserve, and bank holding companies and their nonbank subsidiaries. The proposal would amend the Board’s SAR regulations to allow for the issuance of exemptions from the requirements of those regulations. As previously covered by InfoBytes, in December, the FDIC and the OCC issued similar proposals. As with the OCC and the FDIC proposals, the Board’s proposal is intended “to facilitate supervised institutions in meeting Bank Secrecy Act requirements more efficiently and effectively, including through development of innovative solutions.” Comments on the proposed rule are due February 22.
On January 19, the Financial Crimes Enforcement Network (FinCEN), Federal Reserve Board, FDIC, NCUA, and the OCC, in consultation with staff at certain other federal functional regulators, published answers to frequently asked questions concerning suspicious activity reporting (SAR) and other anti-money laundering (AML) considerations. The answers clarify financial institutions’ commonly asked questions about SARs/AML regulatory requirements and are provided to assist financial institutions with their Bank Secrecy Act (BSA)/AML compliance obligations in order to enable them “to focus resources on activities that produce the greatest value to law enforcement agencies and other government users of [BSA] reporting.” Topics discussed include (i) law enforcement requests for financial institutions to maintain accounts; (ii) receipt of grand jury subpoenas and law enforcement inquiries and SAR filings; (iii) maintaining customer relationships following the filing of SARs; (iv) filing SARs based on negative news identified in media searches; (v) information provided in SAR data and narrative fields; and (vi) SAR character limits. The agencies note that the FAQs do not alter existing BSA/AML requirements or establish new supervisory expectations, but have been developed in response to recent recommendations as described more thoroughly in FinCEN’s Advance Notice or Proposed Rulemaking issued last September on AML program effectiveness (covered by InfoBytes here).
On December 28, the Financial Crimes Enforcement Network (FinCEN) issued a notice to financial institutions concerning the potential for Covid-19 vaccine-related fraud, ransomware attacks, and other types of criminal activity. Specifically, FinCEN warns financial institutions to be aware of the potential sale of unapproved and illegally marketed vaccines, as well as fraudsters offering vaccines sooner than allowed for a fee. Financial institutions should also look out for ransomware targeting vaccine delivery operations and supply chains. The notice provides instructions for filing suspicious activity reports regarding the aforementioned activity.
On December 15, the FDIC issued a proposed rule (with accompanying Financial Institution Letter FIL-114-2020), which would amend the agency’s Suspicious Activity Report (SAR) regulation to permit additional, case-by-case, exemptions from SAR filing requirements. The proposed rule would allow the FDIC, in conjunction with the Financial Crimes Enforcement Network (FinCEN), to grant supervised institutions exemptions to SAR filing requirements when developing “innovative solutions to meet Bank Secrecy Act (BSA) requirements more efficiently and effectively.” The FDIC would seek FinCEN’s concurrence with an exemption when the exemption request involves the filing of a SAR for potential money laundering, violations of the BSA, or other unusual activity covered by FinCEN’s SAR regulation. The proposal allows the FDIC to grant the exemption for a specified time period and allows the FDIC to extend or revoke the exemption if circumstances change. The proposal is intended to reduce the regulatory burden on supervised financial institutions that are likely to leverage existing or future technologies to report suspicious activity in a different and innovative manner. Comments on the proposed rule must be submitted within 30 days of publication in the Federal Register.
The OCC also issued a proposal that would similarly allow the OCC to issue exemptions from SAR filing requirements to support national banks or federal savings associations developing innovative solutions intended to meet BSA requirements more efficiently and effectively.
On December 10, FinCEN Director Kenneth A. Blanco spoke at the Financial Crimes Enforcement Conference hosted by the American Bankers Association and American Bar Association to discuss the importance of information sharing in identifying, reporting, and preventing financial crime. Specifically, Blanco addressed recently updated guidance designed to provide additional clarity on FinCEN’s information sharing program under Section 314(b) of the USA PATRIOT Act, which provides financial institutions “the ability to share information with one another, under a safe harbor provision that offers protections from civil liability, in order to better identify and report potential money laundering or terrorist financing.”
FinCEN provided three main clarifications:
- While financial institutions may share information about suspected terrorist financing or money laundering, they “do not need to have specific information that these activities directly relate to proceeds of [a specified unlawful activity (SUA)], or to have identified specific laundered proceeds of an SUA.” FinCEN also stated that a conclusive determination that an activity is suspicious does not need to be made in order for a financial institution to benefit from the statutory safe harbor. Furthermore, information may be shared “even if the activities do not constitute a ‘transaction,’” such as “an attempted transaction, or an attempt to induce others engage in a transaction.” FinCEN added that there is no limitation under Section 314(b) on the sharing of personally identifiable information and no restrictions on the type of information shared or how the information can be shared, including verbally.
- “An entity that is not itself a financial institution under the Bank Secrecy Act [(BSA)] may form and operate an association of financial institutions whose members share information under Section 314(b),” FinCEN noted, adding that this includes compliance service providers.
- An unincorporated association of financial institutions governed by a contract between its members “may engage in information sharing under Section 314(b).”
In prepared remarks, Blanco reiterated, among other things, that companies should be specific in describing the activity they see in their suspicious activity reports (SAR), and discussed FinCEN’s Advance Notice of Proposed Rulemaking issued in September (covered by InfoBytes here), which solicited comments on questions concerning potential regulatory amendments under the BSA. Blanco also highlighted recent FinCEN’s advisories and guidance related to Covid-19 fraud (covered by InfoBytes here, here, and here) and encouraged the audience to review the agency’s dedicated Covid-19 webpage.
On December 11, the U.S. Senate passed the National Defense Authorization Act (NDAA) for Fiscal Year 2021 in a 84-13 vote, which was passed by the U.S. House of Representatives earlier in the week. As previously covered by InfoBytes, the NDAA includes a number of anti-money laundering provisions, such as (i) establishing federal disclosure requirements of beneficial ownership information, including a requirement that reporting companies submit, at the time of formation and within a year of any change, their beneficial owner(s) to a “secure, nonpublic database at FinCEN”; (ii) expanding the declaration of purpose of the Bank Secrecy Act (BSA) and establishing national examinations and supervision priorities; (iii) requiring streamlined, real-time reporting of Suspicious Activity Reports; (iv) expanding the definition of financial institution under the BSA to include dealers in antiquities; and (v) including digital currency in the AML-CFT enforcement regime by, among other things, expanding the definition of financial institution under the BSA to include businesses engaged in the transmission of “currency, funds or value that substitutes for currency or funds.” The NDAA has been sent to President Trump, who has publicly threatened to veto the measure; however, the legislation passed both the Senate and the House with majorities large enough to override a veto.
On December 8, the U.S. House of Representatives passed the National Defense Authorization Act (NDAA) for Fiscal Year 2021 in a 335-78 vote, which includes significant language from the September 2019 proposed legislation, the “Improving Laundering Laws and Increasing Comprehensive Information Tracking of Criminal Activity in Shell Holdings (ILLICIT CASH) Act,” among other proposed laws. Highlights of the anti-money laundering (AML) provisions include:
- Establishing federal disclosure requirements of beneficial ownership information, including a requirement that reporting companies submit, at the time of formation and within a year of any change, their beneficial owner(s) to a “secure, nonpublic database at FinCEN”;
- Expand the declaration of purpose of the Bank Secrecy Act (BSA) and establish national examinations and supervision priorities;
- Require streamlined, real-time reporting of Suspicious Activity Reports;
- Establish a Subcommittee on Innovation and Technology within the Bank Secrecy Act Advisory Group to encourage and support technological innovation in the area of AML and countering the financing of terrorism and proliferation (CFT);
- Expand the definition of financial institution under the BSA to include dealers in antiquities;
- Require federal agencies to study the facilitation of money laundering and the financing of terrorism through the trade of works of art; and
- Inclusion of digital currency in AML-CFT enforcement by, among other things, expanding the definition of financial institution under the BSA to include businesses engaged in the transmission of “currency, funds or value that substitutes for currency or funds.”
On December 4, the U.S. Court of Appeals for the Second Circuit q summary judgment in favor of the SEC in an action brought by the agency against a penny stock broker-dealer, concluding the agency has the authority to bring an action under Section 17(a) of the Securities Exchange Act of 1934 (Exchange Act) and Rule 17a-8 promulgated thereunder for failure to comply with the Suspicious Activity Report (SAR) provisions of the Bank Secrecy Act (BSA). According to the opinion, the SEC filed an action against the broker-dealer for violating the Exchange Act and Rule 17a-8’s reporting, recordkeeping, and record-retention obligations by failing to file SARs as required by the BSA. Both parties moved for summary judgment, with the broker-dealer arguing that the SEC was improperly enforcing the BSA. The district court granted summary judgment in favor of the SEC in part (deferring “its resolution of categories of allegedly deficient SARs pending discovery and additional briefing”) and denied summary judgment for the broker-dealer, concluding that the SEC had authority to bring the action under the Exchange Act. After discovery and additional briefing, the SEC moved for summary judgment on the Rule 17a-8 violations and the district court granted summary judgment as to nearly 3,000 violations on the basis of the broker-dealer’s SARs-reporting and recordkeeping practices and imposed a $12 million civil penalty.
On appeal, the 2nd Circuit agreed with the district court, rejecting the broker-dealer’s argument that the SEC is attempting to enforce the BSA, which only the U.S. Treasury Department has the authority to do. The appellate court noted that the SEC is enforcing the requirements of Rule 17a-8, which requires broker-dealers to adhere to the BSA in order to comply with requirements of the Exchange Act, which does not constitute the agency’s enforcement of the BSA. Moreover, the appellate court concluded that the SEC did not overstep its authority when promulgating Rule 17a-8, as SARs “serve to further the aims of the Exchange Act by protecting investors and helping to guard against market manipulation,” and that the broker-dealer did not meet its “‘heavy burden’ to show that Congress ‘clearly expressed [its] intention’ to preclude the SEC from examining for SAR compliance in conjunction with FinCEN and pursuant to authority delegated under the Exchange Act.” In affirming the $12 million civil penalty, the appellate court stated that the district court acted “within its discretion to impose the  penalty” considering the broker-dealer’s “systematic and widespread evasion of the law.”
On November 19, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included among the actions is an October 9 consent order to resolve the OCC’s claims that a Washington, D.C.-based branch of a Caribbean bank (bank) engaged in Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program violations. According to the consent order, the OCC identified “critical deficiencies” in certain elements of the bank’s BSA/AML compliance program, including failure to implement a compliance program that “adequately covered the required BSA/AML program elements,” and failure to timely file Suspicious Activity Reports (SARs). Among the compliance program failures, the consent order states that the bank had (i) “systemic deficiencies in its transaction monitoring systems and alert management processes, which resulted in monitoring gaps”; (ii) “systemic deficiencies in its customer due diligence, enhanced due diligence, and customer risk rating processes”; and (iii) “an inadequate system of internal controls, ineffective independent testing, a weak BSA Officer function, and insufficient staffing and training.” The consent order requires the bank to pay a $5 million civil money penalty as a result of the deficiencies.
- Daniel R. Alonso to discuss "How to become an AUSA" at the New York City Bar Association Minorities in the Courts Committee “How To” series
- Michelle L. Rogers and Kathryn L. Ryan to discuss “Fintech U.S. expansion” at the Tech Nation 3.0 cohort meeting
- Melissa Klimkiewicz to discuss "Flood insurance basics" at the NAFCU Virtual Regulatory Compliance School
- Jonice Gray Tucker to discuss "Compliance under Biden" at the WSJ Risk & Compliance Forum