InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN issues requests for comments on renewal of BSA currency transaction and suspicious activity reporting requirements
On February 9, the Financial Crimes Enforcement Network (FinCEN) issued two notices and requests for comments in the Federal Register seeking renewals without change of currently approved Bank Secrecy Act (BSA) regulatory requirements for covered financial institutions. The first notice concerns the continuance of currency transaction reporting requirements, and the second notice addresses suspicious activity reporting requirements. Comments must be received by April 10.
See here for additional BSA InfoBytes coverage.
$368 million penalty assessed against California branch for BSA/AML deficiencies
On February 7, the OCC and DOJ announced settlements with a Netherlands-based lender’s California branch, in which the branch pled guilty to one count of conspiracy to defraud the U.S. Government for impeding and obstructing a 2012 OCC examination when it concealed deficiencies in its Bank Secrecy Act and anti-money laundering (BSA/AML) compliance programs. According to the DOJ’s press release, the branch will pay over $368 million as a result of allowing “hundreds of millions of dollars in untraceable cash, sourced from Mexico and elsewhere, to be deposited into its rural bank branches” without conducting adequate BSA/AML review, and for conspiring with several former executives to hide information from OCC officials during the 2012 examination. Among other things, the plea agreement states that the branch “created and implemented a number of policies and procedures that prevented adequate investigations into suspicious customer activity,” which included (i) creating a “Verified List” of customers whose transactions needed no further review even if there was a change in the customer’s activity from when it was verified; and (ii) instructing BSA/AML staff to “aggressively increase the number of bank accounts on the Verified List.” Further, the branch admitted it failed to both monitor and conduct adequate investigations into these transactions and submit suspicious activity reports to the Financial Crimes Enforcement Network, as required by the BSA. Additionally, in an effort to conceal deficiencies in its BSA/AML program, the branch demoted or terminated two employees who risked “contradicting” the branch’s findings. Two months before the branch's guilty plea, a former executive entered into a deferred prosecution agreement for his role in the misconduct, and agreed to cooperate with the DOJ's continuing investigation.
As part of the plea agreement, the OCC announced it had terminated a December 2013 consent order entered into with the branch over its BSA/AML failures and stated, “the OCC has determined that the bank has implemented all of the corrective actions required by the 2013 consent order and has achieved compliance with the requirements set forth in that order.” On February 6, the branch agreed to pay $50 million civil money penalty to the OCC, which will be credited towards the overall amount assessed by the DOJ.
SEC exams to focus on ICOs, cybersecurity, and AML programs
On February 7, the SEC’s Office of Compliance Inspections and Examinations (OCIE) released its 2018 Examination Priorities, which includes cryptocurrency and Initial Coin Offerings (ICOs) for the first time. According to the document, the OCIE’s 2018 priorities reflect “certain practices, products, and services that OCIE believes may present potentially heightened risk to investors and/or the integrity of the U.S. capital markets.” The document highlights five themes:
- Retail Investors. Among other retail investor priorities, OCIE states it will focus on high-risk products, including cryptocurrency and ICO markets due to their rapid growth. Exams in this area will review whether there are adequate controls and safeguards to protect against theft and whether appropriate disclosures about the risks associated with the investments are given to investors.
- Compliance and Risks in Critical Market Infrastructure. OCIE will look at important participants in the market structure, including clearing agencies, national securities exchanges, transfer agents, and entities under Regulation SCI.
- Review of Other Regulatory Bodies. OCIE intends to review the operations and controls of the Financial Industry Regulatory Authority (FINRA) and the Municipal Securities Rulemaking Board (MSRB).
- Cybersecurity. OCIE notes that the scope and severity of cybersecurity risks have increased dramatically. According to the document, examinations will continue to focus on, among other things, data loss prevention, governance and risk assessment, and vendor management.
- AML Programs. Anti-money laundering (AML) program examinations will focus on whether the regulated entities are “appropriately adapting their AML programs to address their obligations.” More specifically, OCIE will look at whether entities are filing accurate Suspicious Activity Reports (SARs) and performing appropriate customer due diligence reviews.
OCC announces recent enforcement actions and terminations, BSA/AML deficiencies targeted
On January 19, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such parties. The new enforcement actions include civil money penalty orders, cease and desist orders, prompt corrective action directives, and removal/prohibition orders. The list also includes recently terminated enforcement actions.
Civil Monetary Penalty. On December 27, the OCC issued a consent order (2017 Order) against a national bank’s South Dakota branch for violating a 2012 OCC issued consent order (2012 Order) related to deficiencies identified in the agency’s Bank Secrecy Act and anti-money laundering (BSA/AML) rules and regulations. According to the 2017 Order, the branch failed to timely comply with the 2012 Order, which required the branch to, among other things, (i) establish a Compliance Committee to oversee the branch’s adherence to the outlined provisions; (ii) submit, implement, and maintain an effective BSA/AML action plan; (iii) ensure the effective implementation of policies and procedures, which would fulfill BSA/AML and Office of Foreign Assets Control obligations; (iv) conduct a BSA/AML compliance program evaluation, risk assessment, and audit program; (v) develop appropriate customer due diligence policies and procedures, along with programs to ensure the timely identification and reporting of suspicious activity; (vi) develop practices governing the use of cash letter services and remote deposit capture; and (vii) conduct independent reviews of account and transaction activity. As a result, the 2017 Order requires the branch to pay a $70 million civil money penalty for failing to comply with the 2012 Order. The bank, while agreeing to the terms of the consent order, has not admitted or denied any wrongdoing.
Federal Reserve fines Taiwanese bank $29 million for anti-money laundering compliance deficiencies
On January 17, the Federal Reserve Board (Fed) ordered a Taiwanese bank to pay a $29 million penalty in connection with alleged Bank Secrecy Act and anti-money laundering (BSA/AML) violations. According to the Fed’s Order, examinations conducted in 2016 identified “significant deficiencies” in three of the bank’s U.S. branches’ BSA/AML compliance and risk management controls. In addition to assessing a penalty, the Order required the bank and its New York, Chicago, and San Jose branches to, among other things, (i) submit a written plan from the board of directors for improving senior management oversight, including building a sustainable governance framework for BSA/AML compliance; (ii) submit compliance plans for enhanced internal controls, independent testing, risk assessment, and employee training; (iii) submit a revised program designed to conduct customer due diligence; (iv) ensure timely, accurate, and complete suspicious activity monitoring and reporting; (v) engage an independent third-party to review the identification and reporting of suspicious activity “involving high risk customers or transactions”; (vi) comply with Office of Foreign Assets Control regulations; and (vii) submit periodic progress reports to the branches’ applicable Federal Reserve Banks detailing actions taken to comply with the provisions of the order.
Senate Banking Committee: The impact of cryptocurrency in AML/BSA enforcement
On January 17, the Senate Committee on Banking, Housing, and Urban Affairs held a second hearing with witnesses from the Treasury and Justice departments to further address the need to modernize and reform the Bank Secrecy Act and anti-money laundering (BSA/AML) regime. The hearing, entitled “Combating Money Laundering and Other Forms of Illicit Finance: Administration Perspectives on Reforming and Strengthening BSA Enforcement,” follows a January 9 hearing before the same Committee on related issues (see previous InfoBytes coverage here). Committee Chairman Mike Crapo, R-Idaho, opened the hearing by stating the need to understand the government’s position on “strengthening enforcement and protecting the integrity of the U.S. financial system in a new technological era,” while also recognizing the challenges technology creates for law enforcement. A primary topic of interest to the Committee was “the rise of cryptocurrencies and their potential to facilitate sanctions evasion and perhaps, other crimes.”
The first witness, Treasury’s undersecretary for terrorism and financial crimes, Sigal Mandelker (testimony), noted that money laundering related to cryptocurrencies is “an area of high focus” for Treasury, and highlighted actions taken by Treasury’s Financial Crimes Enforcement Network (FinCEN), such as the release of guidance announcing that “virtual currency exchangers and administrators” are subject to regulations under the BSA. Regulated entities, Mandelker stated, are required to file suspicious activity reports (SARs) and are subject to FinCEN and IRS examinations and enforcement actions. Mandelker further commented that Treasury is “aggressively tackling” illicit financing entering the U.S. system and elsewhere, and stressed that other countries face consequences if they fail to have an AML/Combating the Financing of Terrorism regime that meets Treasury standards.
The second witness, DOJ acting deputy assistant attorney general M. Kendall Day (testimony), informed the Committee of the recent hiring of a digital currency counsel who is responsible for ensuring prosecutors are up-to-date on the latest money-laundering threats in the digital currency field. Day also commented on recent DOJ prosecutions in this space, and emphasized the need for enhanced information sharing for law enforcement, including the benefit of deriving information from SARs.
Senate Banking Committee: Sharpen the focus of AML/BSA enforcement and oversight
On January 9, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled, “Combating Money Laundering and Other Forms of Illicit Finance: Opportunities to Reform and Strengthen BSA Enforcement” to discuss anti-money laundering and Bank Secrecy Act (AML/BSA) enforcement and compliance. Committee Chairman Mike Crapo (R-Idaho) opened the hearing by stating that Congress and financial regulators must examine and address “decades-old” Bank Secrecy Act and anti-money laundering requirements in order “to sharpen the focus, sustainability and enforcement of a modernized, more efficient U.S. counter-threat-finance architecture.” During the hearing, the Committee stressed the need to move towards a more targeted, strengthened AML framework so that banks, law enforcement, and regulators can focus on specific threats such as the financing of terrorism and sanctions evasions.
The three witnesses offered numerous insights related to reforming AML/BSA enforcement and regulatory structures, including: (i) establishing an approach that would utilize and track intelligence and analysis rather than focusing primarily on quantifiable metrics; (ii) increasing inter-agency coordination and improving information sharing between financial institutions and regulators, and among financial institutions themselves; (iii) recognizing the importance of law enforcement participation, specifically related to the sharing of suspicious activity reports; (iv) encouraging the participation of entities outside of the banking sector, such as persons involved in real estate or those acting as proxies for financial system access; (v) supporting beneficial ownership legislation for companies formed in the United States; and (v) understanding the ways in which financial institutions are addressing the anonymity of cryptocurrencies and blockchain technology. The witnesses were:
FINRA releases 2018 regulatory and examinations priorities letter
On January 8, the Financial Industry Regulatory Authority (FINRA) published its Annual Regulatory and Examination Priorities Letter (2018 Letter), which focused on several broad issues within the securities industry, including improving the examination program to “implement a risk-based framework designed to better align examination resources to the risk profile of [] member firms.” As previously covered in InfoBytes, last July FINRA360 (a comprehensive self-evaluation and organizational improvement initiative) prompted the organization to announce plans currently underway to enhance operations by consolidating its existing enforcement teams into a single unit. In the 2018 Letter, FINRA announced ongoing efforts to work with member firms to understand the risks and benefits of fintech innovation such as blockchain technology, as well as the impact initial coin offerings (ICOs) and digital currencies have on broker-dealers.
Additional areas of regulatory and examination focus for FINRA in 2018 will include: (i) fraudulent activities and suspicious activity report filing requirements; (ii) business continuity planning; (iii) protection and verification of customer assets, including whether firms have implemented adequate controls and supervision methods along with measuring the effectiveness of cybersecurity programs; (iv) anti-money laundering monitoring and surveillance resources and policies and procedures; and (v) the role firms and other registered representatives play when effecting transactions in cryptocurrencies and ICOs—specifically with regard to the supervisory, compliance and operational infrastructure firms implement to “ensure compliance with relevant federal securities laws and regulations and FINRA rules.”
OCC fines national bank for failing to fix BSA deficiencies
On January 4, the OCC issued a consent order assessing a $70 million civil money penalty against a national bank for failing to comply with the agency’s 2012 cease and desist consent order related to Bank Secrecy Act (BSA) and anti-money laundering (AML) deficiencies. The 2012 order cited the bank for, among other things, failing to file suspicious activity reports in a timely manner and weaknesses in controls related to its correspondent banking from deposit capture/international cash letter instrument activity. According to the OCC, the $70 million civil money penalty results from the bank’s failure “to complete corrective actions to address BSA/AML compliance issues as required by the [2012] order.”
NYDFS orders Korean bank to pay $11 million civil money penalty for BSA/AML compliance deficiencies
On December 21, the New York Department of Financial Services (NYDFS) entered into a consent order with a Korean bank and its New York branch to resolve issues regarding alleged deficiencies in the branch’s Bank Secrecy Act and other anti-money laundering (BSA/AML) compliance and risk management. The alleged deficiencies were discovered during three examinations between 2014-2016 by NYDFS and the Federal Reserve Bank of New York. According to the consent order, among other things, the branch failed to maintain adequate transaction monitoring and suspicious activity reporting (SAR), lacked compliance staff with proper BSA/AML background experience, and lacked adequate BSA/AML and OFAC risk assessments.
The Korean bank and its branch are required to pay an $11 million civil money penalty, and in addition must submit the following documentation (i) a BSA/AML compliance program; (ii) a customer due-diligence program; (iii) a SAR program; (iv) a revised internal audit program; and (v) a plan to enhance oversight of the branch’s BSA/AML compliance requirements. The Korean bank and branch are also required to submit quarterly reports for two years with updates on the branch’s compliance progress.