Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On August 13, Financial Crimes Enforcement Network (FinCEN) Director Kenneth Blanco delivered remarks at the 12th Annual Las Vegas Anti-Money Laundering Conference stressing the need for compliance within the gaming industry, particularly as new technologies emerge such as mobile gaming and the use of convertible virtual currencies (CVC) increases. With the U.S. Supreme Court issuing a decision in May holding that states can legalize sports gambling (previously covered by InfoBytes here), Blanco stated that casinos need to consider ways to integrate their sports betting programs—including mobile sports betting apps—into their existing anti-money laundering programs. These measures must include establishing and implementing procedures for detecting and reporting suspicious activities, Blanco noted, reminding the audience of FinCEN’s FAQs designed to assist financial institutions when reporting cyber indicators and cyber-enabled financial crime.
Blanco also discussed FinCEN’s work with respect to cybersecurity and virtual payments, noting, among other things, that both online and physical casinos that accept CVC need to consider how they review transactions to determine the source of the currency and recognize indicators of suspicious activity. Blanco referred casinos to consolidated guidance issued by FinCEN in May (previously covered by InfoBytes here), and expressed a concern that “CVC-related SAR filings by casinos have not been as robust as expected since the May CVC guidance and advisory were published.” He further stressed the importance of information-sharing between casinos, and highlighted that sharing SARs can contribute to the identification of suspicious transactions as well as Bank Secrecy Act compliance responsibilities.
On July 17, the CFPB issued an updated advisory to financial institutions with information on the financial exploitation of older Americans and recommendations on how to prevent and respond to such exploitation. The update urges financial institutions to report to the appropriate authorities whenever they suspect that an older adult is the target or victim of financial exploitation, and recommends that they also file Suspicious Activity Reports (SARs) with the Financial Crimes Enforcement Network (FinCEN). The update builds on an advisory that was previously released by the Bureau in March 2016 (covered by InfoBytes here), which included recommended best practices to help prevent and respond to elder financial exploitation, such as (i) establish protocols for ensuring staff compliance with the Electronic Fund Transfer Act; (ii) train staff to detect the warning signs of financial exploitation and respond appropriately to suspicious events; and (iii) maintain fraud detection systems that provide analyses of the types of products and account activity associated with elder financial exploitation. With the release of the update, Director Kraninger noted that, “[t]he Bureau stands ready to work with federal, state and local authorities and financial institutions to protect older adults from abusive financial practices that rob them of their financial security.”
As previously covered by InfoBytes, in February, the CFPB’s Office of Financial Protection for Older Americans, released a report studying the financial abuse reported in SARs, discussing key facts and trends revealed after the Bureau analyzed 180,000 elder exploitation SARs filed with the FinCEN from 2013 to 2017. Key findings of the report included, (i) SARs filings on elder financial abuse quadrupled from 2013 to 2017, with 63,500 SARs reporting the abuse in 2017; (ii) the average amount of loss to an elder was $34,200, while the average amount of loss to a filer was $16,700; and (iii) more than half of the SARs involved a money transfer.
On February 27, the CFPB’s Office of Financial Protection for Older Americans released Suspicious Activity Reports on Elder Financial Exploitation: Issues and Trends, which discusses key facts and trends revealed after the Bureau analyzed 180,000 elder exploitation Suspicious Activity Reports (SARs) filed with Financial Crimes Enforcement Network from 2013 to 2017. Key highlights from the report include:
- SARs filings on elder financial abuse quadrupled from 2013 to 2017, with 63,500 SARs reporting the abuse in 2017.
- Nearly 80 percent of the SAR filings involved a financial loss to an elder or to the filing institution. The average amount of loss to an elder was $34,200, while the average amount of loss to a filer was $16,700.
- Financial losses were greater when the elder knew the suspect, with an average loss of $50,000 when the elder knew the suspect compared to $17,000 with a stranger.
- More than half of the SARs involved a money transfer.
- Less than one-third of elder abuse SARs acknowledge that the financial institution reported the activity to a local, state, or federal authority.
On December 19, the United States Attorney for the Southern District of New York announced it filed charges against a Kansas-based broker-dealer for allegedly willfully failing to file a suspicious activity report (SAR) in connection with the illegal activities of one of its customers in violation of the Bank Secrecy Act (BSA). According to the announcement, this is the first criminal BSA action ever brought against a U.S. broker-dealer. The allegations are connected to the actions of the broker-dealer’s customer, who was the owner of a Kansas-based payday lending scheme that was ordered to pay a $1.3 billion judgment for making false and misleading representations about loan costs and payments in violation of the FTC Act (previously covered by InfoBytes here). The U.S. Attorney alleges the broker-dealer, among other things, failed to follow its customer identification procedures, disregarded “red flags that were known prior to [the customer] opening the accounts,” and continued to ignore additional red flags that arose over time. Additionally, the U.S. Attorney alleges the broker-dealer failed to monitor transactions using its anti-money laundering (AML) tool, which led to numerous suspicious transactions going undetected and unreported until long after the customer was convicted at trial for his actions in the scheme.
Along with the announcement of the filing, the U.S. Attorney’s Office further stated it had entered into a deferred prosecution agreement with the broker-dealer in which it agreed to accept responsibility for its conduct, pay a $400,000 penalty, and enhance its BSA/AML compliance program.
The SEC also settled with the broker-dealer for the failure to file the SARs. The settlement requires the broker-dealer to hire an independent consultant to review its AML and customer identification program and implement any recommended changes. The independent consultant will monitor for compliance with the recommendations for two years.
On December 17, the Financial Industry Regulatory Authority (FINRA), the Financial Crimes Enforcement Network (FinCEN), and the SEC announced separate settlements (see here, here, and here) with a global broker-dealer following investigations into the firm’s anti-money laundering (AML) programs. According to FINRA, the broker-dealer and its affiliated securities firm allegedly failed to establish and implement AML processes reasonably designed to detect and report potentially high-risk transactions, including foreign currency wire transfers to and from countries known to be at high risk for money laundering, as well as penny stock transactions processed through the use of an omnibus account on behalf of undisclosed customers. FINRA alleged that from January 2004 to April 2017, the broker-dealer “processed thousands of foreign currency wires for billions of dollars, without sufficient oversight.”
In a separate investigation conducted by FinCEN in conjunction with FINRA and the SEC, the broker-dealer reached a settlement over allegations that it failed to, among other things, (i) develop and implement a risk-based AML program that “adequately addressed the risks associated with accounts that included both traditional brokerage and banking-like services”; (ii) implement policies and procedures, which would ensure the detection and reporting of suspicious activity through all accounts, particularly for those accounts with little to no securities training; (iii) “implement an adequate due diligence program for foreign correspondent accounts”; and (iv) provide sufficient staffing, leading to a backlog of alerts and decreased ability to file suspicious activity reports (SARs).
According to the SEC's investigation, from at least 2011 to 2013, the broker-dealer allegedly failed to file SARs as required by the Bank Secrecy Act’s reporting requirements and Section 17(a) of the Securities Exchange Act of 1934. Among other things, the SEC also claimed that the broker-dealer (i) provided customers with other services, such as cross-border wires, internal transfers between accounts and check writing, which increased its susceptibility to risks of money laundering and other types of associated illicit financial activity; and (ii) “did not properly review suspicious transactions flagged by its internal monitoring systems and failed to detect suspicious transactions involving the movement of funds between certain accounts in suspicious long-term patterns.”
After factoring in remedial actions, the broker-dealer has been assessed total civil money penalties of $14.5 million, including a $500,000 fine against the securities firm.
On November 30, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in October. Included among the actions is an order to pay a civil money penalty of $9,600 issued against a Louisiana-based bank for alleged violations of the Flood Disaster Protection Act in connection with alleged failures to obtain flood insurance coverage on loans at or before origination or renewal.
Consent orders were also issued against three separate banks related to alleged weaknesses in their Bank Secrecy Act (BSA) and/or BSA/anti-money laundering (BSA/AML) compliance programs. (See orders here, here, and here.) Among other things, the banks are ordered to: (i) implement comprehensive written BSA/AML compliance programs, which include revising BSA risk assessment policies, developing a system of BSA internal controls, and enhancing suspicious activity monitoring and reporting and customer due diligence procedures; (ii) conduct independent testing; and (iii) implement effective BSA training programs. The FDIC further requires the Florida and New Jersey-based banks to conduct suspicious activity reporting look-back reviews.
In addition, a Kentucky-based bank was ordered to pay a civil money of $300,000 for allegedly violating TILA by “failing to clearly and conspicuously disclose required information related to the [b]ank’s Elastic line of credit product” and Section 5 of the FTC ACT by “using a processing order for certain deposit account transactions contrary to the processing orders disclosed in the [b]ank’s deposit account disclosures.”
There are no administrative hearings scheduled for December 2018. The FDIC database containing all 17 enforcement decisions and orders may be accessed here.
OCC announces enforcement action against bank for previously identified BSA/AML compliance deficiencies
On October 23, the OCC issued a consent order assessing a civil money penalty (CMP) against a national bank for deficiencies in the bank’s Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program. The deficiencies allegedly resulted in violations of the BSA compliance program and suspicious activity reporting (SAR) rules that led to the issuance of a 2015 consent order, violations of the 2015 order, and additional violations of the SAR rule and wire transfer “travel rule.” According to the 2018 order, the bank allegedly, among other things, (i) failed to “timely achieve compliance” with the 2015 order; (ii) failed to file the required additional SARs; and (iii) initiated wire transfer transactions containing inadequate or incomplete information.
Under the terms of the 2018 order, the bank agreed to pay a $100 million CMP. The order notes that the bank has undertaken corrective actions to remedy the identified BSA/AML-related deficiencies and enhance its BSA/AML compliance program.
FATF updates standards to prevent misuse of virtual assets; reviews progress on jurisdictions with AML/CFT deficiencies
On October 19, the Financial Action Task Force (FATF) issued a statement urging all countries to take measures to prevent virtual assets and cryptocurrencies from being used to finance crime and terrorism. FATF updated The FATF Recommendations to add new definitions for “virtual assets” and “virtual asset service providers” and to clarify how the recommendations apply to financial activities involving virtual assets and cryptocurrencies. FATF also stated that virtual asset service providers are subject to Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) regulations, which require conducting customer due diligence, such as ongoing monitoring, record-keeping, and suspicious transaction reporting, and commented that virtual asset service providers should be licensed or registered and will be subject to compliance monitoring. However, FATF noted that its recommendations “require monitoring or supervision only for purposes of AML/CFT, and do not imply that virtual asset service providers are (or should be) subject to stability or consumer/investor protection safeguards.”
The same day, FATF announced that several countries made “high-level political commitment[s]” to address AML/CFT strategic deficiencies through action plans developed to strengthen compliance with FATF standards. These jurisdictions are the Bahamas, Botswana, Ethiopia, Ghana, Pakistan, Serbia, Sri Lanka, Syria, Trinidad and Tobago, Tunisia, and Yemen. FATF also issued a public statement calling for continued counter-measures against the Democratic People's Republic of Korea due to significant AML/CFT deficiencies and the threats posed to the integrity of the international financial system, and enhanced due diligence measures with respect to Iran. However, FATF will continue its suspension of counter-measures due to Iran’s political commitment to address its strategic AML/CFT deficiencies.
On October 4, the Financial Crimes Enforcement Network (FinCEN) issued advisory FIN-2018-A005 to U.S. financial institutions to increase awareness of the growing risk that certain Nicaraguan senior foreign political figures may potentially move assets using the U.S. financial system in reaction to a “perceived threat of further unrest, potential sanctions, or other factors.” FinCEN warns that the assets could be the proceeds of corruption and may be directed into U.S. accounts, or laundered through the U.S. financial system. The advisory—which is underscored by actions taken against Nicaraguan officials involved in corruption and human rights abuse pursuant to the Global Magnitsky sanctions program, as previously covered by InfoBytes—provides due diligence guidance for U.S. financial institutions consistent with existing Bank Secrecy Act obligations. It also reminds financial institutions of their suspicious activity report filing obligations and of the potential need to refer to advisory FIN-2018-A003 released last June on the use of financial facilitators to gain access to global financial systems for the purpose of moving or hiding illicit proceeds and evading U.S. and global sanctions. (See previous InfoBytes coverage here.)
FinCEN issues Spanish language version of its advisory on politically exposed persons and their financial facilitators
On September 11, the Financial Crimes Enforcement Network (FinCEN) released a Spanish version of its advisory for U.S. financial institutions to increase awareness of the connection between high-level political corruption and human rights abuses. As previously covered in InfoBytes, FinCEN issued regulatory guidance in June to remind financial institutions of their risk-based, due diligence obligations, which include (i) identifying legal entities owned or controlled by “politically exposed persons” (as required by FinCEN’s Customer Due Diligence Rule); (ii) complying with anti-money laundering program obligations; and (iii) filing Suspicious Activity Reports related to illegal activity undertaken by senior foreign political figures.
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Brandy A. Hood to discuss "How to ace your TRID exam" at the Mortgage Bankers Association Regulatory Compliance Conference
- Katherine L. Halliday to discuss "UDAP, UDAAP & the Map rule compliance basics" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Melissa Klimkiewicz to discuss "Navigating FHA rules and regs" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jeffrey P. Naimon to discuss "Washington regulatory overview" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Consenting views: Achieving positive outcomes from consent order recovery" at the ACAMS AML & Financial Crime Conference
- APPROVED Webcast: Preparing for 2020 license renewals
- Kathryn L. Ryan to discuss "The state’s role in fintech: Providing an industry framework for innovation" at Lend360
- Daniel P. Stipano to discuss "AML developments: The latest trends, challenges and opportunities" at the American Conference Institute Financial Crime Executive Roundtable
- Marshall T. Bell and Jeffrey P. Naimon to discuss "Truth in lending" at the American Bar Association National Institute on Consumer Financial Services Basics
- Amanda R. Lawrence and Michael A. Rome to discuss "California Consumer Privacy Act compliance" at the Capital Area Compliance Roundtable
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions" at the Institute of International Bankers Risk Management and Regulatory Examination/Compliance Seminar
- Daniel P. Stipano to discuss "Customer identification program/customer due diligence/enhanced due diligence" at a National Association of Federal Credit Unions webinar
- Jonice Gray Tucker to discuss "MCCA's blueprint for selling & buying - A pitch workshop for outside counsel" at the Minority Corporate Counsel Association Creating Pathways to Diversity Conference
- Kathryn L. Ryan and Moorari K. Shah to discuss "Today's regulatory environment - Are you in the know?" at the Equipment Leasing and Finance Association Annual Convention
- Kathryn L. Ryan and Tim Lange to discuss "Temporary authority to operate - Are you prepared? Hear what the states are doing" at the RegList Annual Workshop
- Jonice Gray Tucker to discuss "Fintech regulatory developments, crypto-assets, blockchain and digital banking, and consumer issues" at the Practising Law Institute Banking Law Institute
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference