InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
North Dakota passes law on money transmitter licensure
On March 15, the North Dakota governor signed SB 2119, which revises provisions related to money transmitters. The act, among other things, provides that a “person may not engage in the business of money transmission or advertise, solicit, or hold itself out as providing money transmission unless the person is licensed under this chapter.” The provision does not apply to a “person that is an authorized delegate of a person licensed under this chapter acting within the scope of authority conferred by a written contract with the licensee” or to exempt persons provided the person “does not engage in money transmission outside the scope of the exemption.” The act outlines provisions related to consistent state licensure, application for licensure, information requirements for certain individuals, reporting and recordkeeping requirements (including those related to anti-money laundering), and bond requirements. Provisions relating to examinations, investigations, and licensee supervision, as well as unauthorized activities are also discussed. The act also provides a comprehensive list of exemptions.
The act is effective August 1. For current licensees, the provisions take effect upon license renewal but no later than December 31.
Illinois announces new consumer protections for digital assets, proposes new money transmitter licensing provisions
On February 21, the Illinois Department of Financial and Professional Regulation (IDFPR) announced several legislative initiatives to establish consumer protections for cryptocurrencies and other digital assets and provide regulatory oversight of the broader digital asset marketplace. The Fintech-Digital Asset Bill (see HB 3479) would create the Uniform Money Transmission Modernization Act and provide for the regulation of digital asset businesses and modernize regulations for money transmission in the state. Among other things, the Fintech-Digital Asset Bill would require digital asset exchanges and other digital asset businesses to obtain a license from IDFPR to operate in the state. The bill also establishes various requirements for businesses, including investment disclosures, customer asset safeguards, and customer service standards. Companies would also be required to implement cybersecurity measures, as well as procedures for addressing business continuity, fraud, and money laundering. Notably, the Fintech-Digital Asset Bill replaces and supersedes the Transmitters of Money Act (see 205 ILCS 657) with the Money Transmission Modernization Act, in order to harmonize the licensing, regulation, and supervision of money transmitters operating across state lines. Provisions also amend the Corporate Fiduciary Act to allow for the creation of trust companies for the special purpose of acting as a fiduciary to safeguard customers’ digital assets, the announcement noted.
The Consumer Financial Protection Bill (see HB 3483) would grant the IDFPR authority to enforce the Fintech-Digital Asset Bill and strengthen the department’s authority and resources for enforcing existing consumer financial protections. Modeled after the Dodd-Frank Act, the Consumer Financial Protection Bill empowers the IDFPR with the ability to target unfair, deceptive, and abusive acts and practices by unlicensed financial services providers. The bill creates the Consumer Financial Protection Law and the Financial Protection Fund, and establishes provisions related to supervision, registration requirements, consumer protection, cybersecurity, anti-fraud and anti-money laundering, enforcement, procedures, and rulemaking. The Consumer Financial Protection Bill also includes provisions concerning court orders, penalty of perjury, character and fitness of licensees, and consent orders and settlement agreements, and makes amendments to various application, license, and examination fees. The bill does so by amending the Collection Agency Act, Currency Exchange Act, Sales Finance Agency Act, Debt Management Service Act, Consumer Installment Loan Act, and Debt Settlement Consumer Protection Act.
OFAC authorizes certain transactions to aid Syrian earthquake disaster relief
On February 9, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued Syria General License (GL) 23 to authorize, for 180 days, all transactions related to earthquake relief efforts that would ordinarily be prohibited by the Syrian Sanctions Regulations (SySR). Specifically, authorizations under GL 23 include “the processing or transfer of funds on behalf of third-country persons to or from Syria in support of” transactions related to earthquake relief efforts in the country. Additionally, “U.S. financial institutions and U.S. registered money transmitters may rely on the originator of a funds transfer with regard to compliance” for transactions related to earthquake relief efforts in Syria, provided that the financial institution does not know or have reason to know that the funds transfer is not related to such efforts. GL 23 does not permit any transactions prohibited under the SySR related to the importation of petroleum or petroleum products of Syrian origin into the U.S., or any transactions involving persons “whose property and interests in property are blocked pursuant to the SySR, other than persons who meet the definition of the term Government of Syria, as defined in section 542.305(a) of the SySR, unless separately authorized.” Additionally, OFAC advised financial institutions and others who may be engaged in disaster relief activities for Syria to contact OFAC directly to seek specific licenses or guidance should they believe their activities are not covered by existing authorizations or exemptions.
Crypto platform reaches $100 million settlement to resolve alleged compliance failures
On January 4, NYDFS issued a consent order against a cryptocurrency trading platform for engaging in alleged violations of New York virtual currency, anti-money laundering, transaction monitoring, and cybersecurity regulations. According to the consent order, in 2020, NYDFS found significant deficiencies across the respondent’s compliance program, including its Know-Your Customer/Customer Due Diligence (KYC/CDD) procedures, Transaction Monitoring System (TMS), OFAC screening program, and AML risk assessments. As a result of these findings, the respondent agreed to improve its BSA/AML and OFAC compliance programs, including engaging an independent consultant to develop a remediation plan and improve its compliance program.
In 2021, NYDFS launched an investigation to determine whether the respondent’s compliance deficiencies had resulted in any legal violations. The investigation found “substantial lapses in [the respondent’s] KYC/CDD program, its TMS, and in its AML and OFAC sanctions controls systems, as well as issues concerning [the respondent’s] retention of books and records, and with respect to meeting certain of its reporting obligations to the Department.” NYDFS noted that in late 2020 and 2021, the respondent took steps to remediate the issues identified by the Department and the independent consultant; however, substantial weaknesses remained, and its compliance system was inadequate to handle the growing volume of the respondent’s business.
Under the terms of the consent order, the respondent must pay a $50 million civil penalty to NYDFS and invest $50 million in its compliance program. Additionally, an independent third party will continue to work with the respondent for another year, which may be extended at the Department’s sole discretion. NYDFS noted that the respondent has already taken steps to build a more effective and robust compliance program under the supervision of NYDFS and the NYDFS-appointed independent monitor. According to the respondent’s press release, the company “has taken substantial measures to address these historical shortcomings” and “remains committed to being a leader and role model in the crypto space, including partnering with regulators when it comes to compliance and other areas.”
California DFPI concludes MTA licensure not required for crypto exchange
On November 3, the California Department of Financial Protection and Innovation (DFPI) released a new opinion letter covering aspects of the California Money Transmission Act (MTA) related to a cryptocurrency exchange’s transactions. The redacted opinion letter examines whether the inquiring company’s proposed business activities—which “will offer the purchase, sale, and trading of various cryptocurrencies using a platform provided by its affiliate and in conjunction with another affiliate that is a . . . registered broker-dealer”—are exempt from the MTA. Transactions on the company’s platform will involve the use of the company’s tokenized version of the U.S. dollar. Customers will deposit U.S. dollar funds into a company account where an equivalent amount of tokens will be created and used to facilitate a trade for cryptocurrency. The tokens can also be exchanged for U.S. dollars, or customers can hold the tokens in their wallet. According to the letter, the company says it “does not take custody of its client’s currencies or offer digital wallets,” but rather a “client’s digital wallet is directly linked to the platform and transacts on a peer-to-peer basis with other clients.” In addition to trading cryptocurrencies, the company also plans to allow customers to “trade in cryptographic representations of publicly listed securities,” thereby permitting customers to purchase, sell, or trade the securities tokens on the platform. The company will also be able to transfer customers’ shares of securities tokens from the platform to a customer’s traditional brokerage account. The company explained that these transactions of securities tokens will be covered by the company’s affiliate’s broker-dealer license.
DFPI concluded that because the Department has not yet “determined whether the issuance of tokenized versions of the U.S. Dollar or securities, or their use to trade cryptocurrencies, is money transmission,” it will not require the company to obtain an MTA license in order to perform the aforementioned services or to issue tokenized version of the U.S. dollar or securities. DFPI noted, however, that its conclusions are subject to change, and emphasized that its letter does not address whether the proposed activities are subject to licensure or registration under other laws, including the Corporate Securities Law of 1968.
D.C. Department of Insurance, Securities and Banking says certain Bitcoin activity subject to money transmission laws
Recently, the District of Columbia’s Department of Insurance, Securities and Banking (DISB) issued a bulletin informing industry participants engaging in or planning to engage in money transmission involving Bitcoin or other virtual currency “used as a medium of exchange, method of payment or store of value in the District” that such transactions require a money transmitter license. Specifically, the bulletin noted that DISB considers Bitcoin to be money for money transmission purposes. Relying on United States v. Larry Dean Harmon, DISB stated that while “money transmission is vaguely defined in DC Code,” the court’s decision “relied on the common use of the term “money” to mean a “medium of exchange, method of payment or store of value,” and that therefore Bitcoin functions like money. The bulletin also noted that the court found that while the D.C. Money Transmitters Act of 2000 specifically defined certain banking and financial terms, it did not define “money,” thereby reasoning “that the goal of the MTA is to regulate all kinds of transfers of funds, whether fiat currency, virtual currency or cryptocurrencies.”
Additionally, DISB noted that “engaging in the business of ‘money transmission’” includes “transactions where entities receive for transmission, store, and/or take custody, of Bitcoin and other virtual currencies from consumers via kiosks (aka BTMs), mobile applications and/or online transactions.” However, transactions where entities propose to sell and buy Bitcoin and other virtual currencies from consumers in exchange for cash payments via kiosks and/or online transactions are not considered to be money transmission. Entities that plan to engage in covered activities are subject to money transmission licensing requirements, DISB stated, explaining that whether an entity is required to obtain a money transmitter license depends on the individual facts and circumstances of each applicant, which include but are not limited to an applicant’s proposed business plan and flow of funds, as well as an applicant’s business model.
Special Alert: NYDFS fines trading platform for BSA/AML, transaction monitoring, and cybersecurity lapses
The New York Department of Financial Services and a trading platform on Aug. 1 entered into a consent order to resolve deficiencies identified during a 2019 examination and a subsequent investigation by the department’s enforcement section. The consent order focused on deficiencies related to Bank Secrecy Act and anti-money-laundering compliance, transaction monitoring, cybersecurity, and related New York certifications of compliance. The company will pay a $30 million civil monetary penalty and retain an independent consultant that will assist with remediating the issues highlighted in the order and report to NYDFS on remediation progress.
The consent order has far-reaching implications for all financial services companies that come under the jurisdiction of the NYDFS.
The trading platform is a wholly owned subsidiary of a financial services company that offers U.S.-based retail investors the ability to trade stocks, options, and crypto currency on a commission-free basis through its broker-dealer subsidiary. The trading platform is licensed by the NYDFS to engage in virtual currency and money transmitter businesses in New York. Of primary concern for the NYDFS was the platform’s alleged reliance on its parent company’s compliance and cybersecurity programs through enterprisewide systems that the NYDFS found to be inadequate. Additionally, according to NYDFS, the platform allegedly had few to no qualified personnel or management involved in overseeing those programs, which NYDFS has implicitly indicated cannot be outsourced.
NYDFS imposes $30 million fine against trading platform for cybersecurity, BSA/AML violations
On August 2, NYDFS announced a consent order imposing a $30 million fine against a trading platform for alleged violations of the Department’s Virtual Currency Regulation (23 NYCRR Part 200), Money Transmitter Regulation (3 NYCRR Part 417), Transaction Monitoring Regulation (3 NYCRR Part 504), Cybersecurity Regulation (23 NYCRR Part 500), and for failing to maintain adequate Bank Secrecy Act/anti-money laundering (BSA/AML) obligations. According to a Department investigation, the platform’s BSA/AML compliance program contained significant deficiencies, including an inadequate transaction monitoring system. Among other things, the platform failed to timely transition its manual system to an automated transaction monitoring system, which was unacceptable for a program of its size, customer profiles, and transaction volumes, and did not devote sufficient resources to adequately address risks. The Department also found “critical failures” in the platform’s cybersecurity program, which failed to address operational risks, and that specific policies within the program did not fully comply with several provisions of the Department’s cybersecurity and virtual currency regulations. According to the press release, pursuant to NYDFS’s Transaction Monitoring Regulation and Cybersecurity Regulation, companies should only file a Certificate of Compliance with the Department if their programs are fully compliant with the applicable regulation.
In light of the program’s deficiencies, NYDFS stated that the platform’s 2019 certifications to the Department attesting to compliance with these regulations should not have been made and thus violated the law. The platform also “failed to comply with the Supervisory Agreement by failing to promptly notify the Department of (a) actual or material potential actions, proceedings, or similar process that were or may have been instituted against [the platform] or any affiliated entity by any regulatory body or governmental agency; and (b) of the receipt by [the platform], or any affiliated entity, of any subpoena from any regulatory body or governmental agency in which [the platform], or any affiliated entity, was the target of the investigation.” NYDFS determined that in addition to the penalty, the platform will be required to retain an independent consultant that will perform a comprehensive evaluation of its compliance with the Department’s regulations and the platform’s remediation efforts with respect to the identified deficiencies and violations.
A Buckley Special Alert is forthcoming.
Connecticut issues money transmitter advisory
Recently, the Connecticut Department of Banking (Department) issued an advisory on money transmission, providing general guidance on what types of activities and entities must be licensed. According to the advisory, transmission can occur whenever “a person takes possession or control of monetary value belonging to another person” and holds it for a period of time, or transmits it to a third party. The Department noted that “[t]he increased use of technology to enable immediate payment mechanisms, as well as the explosion of virtual currency, has caused significant disruption to traditional money transmission systems.” The Department also acknowledged that many consumers do “not realize or understand the regulatory landscape that applies” to using money transmitters. Among other things, the advisory listed entities that traditionally provide transmission services like bill payers, payroll processors, and issuers and sellers of prepaid cards and money orders. The advisory also discussed Connecticut’s license application and penalties for unlicensed transmission, explaining that licensure goes through the Nationwide Multistate Licensing System and involves disclosing pertinent information concerning all “control persons.”
FTC sues national retailer for allegedly facilitating money transfer fraud
On June 28, the FTC filed a complaint against a national retailer for allegedly allowing its money-transfer services to facilitate fraud. The complaint alleges the retailer knew about the role money transfer services play in scams but failed to properly secure the services offered at its stores, thus allowing money to be sent to “domestic and international fraud rings.” According to the FTC, at least 226,679 complaints totaling more than $197 million were received by several money transfer services companies about fraud-induced money transfers that were sent from or received at one of the retailer’s stores between January 1, 2013 and December 31, 2018. An investigation by the FTC purportedly revealed that the retailer’s practices allegedly harmed consumers by, among other things, (i) allowing the payout of suspicious money transfers, which allowed scammers to retrieve fraud proceeds at one of the retailer’s stores; (ii) failing to have in place a written anti-fraud policy or consumer protection program until November 2014; (iii) allowing cash pickups for large payments, often through the use of fake IDs; (iv) failing to display or provide materials warning consumers about potential frauds; (v) failing to effectively train or retrain employees; and (vi) allowing money transfers to be used for telemarketing purchases, which are prohibited under the Telemarketing Sales Rule (TSR) due to the high risk of fraud.
According to the complaint, the retailer “is well aware that telemarketing and other mass marketing frauds, such as ‘grandparent’ scams, lottery scams, and government agent impersonator scams, induce people to use [the retailer’s] money transfer services to send money to domestic and international fraud rings. Nevertheless, [the retailer] has continued processing fraud-induced money transfers at its stores—funding telemarketing and other scams—without adopting policies and practices that effectively detect and prevent these transfers.”
The complaint seeks a permanent injunction, monetary relief, civil penalties, restitution, and other relief for each violation of the FTC Act and the TSR. The FTC also requests the “rescission or reformation of contracts, the refund of money, the return of property, the payment of damages, public notification, or other relief necessary to redress injury to consumers damages.”
The retailer issued a press release following the FTC’s announcement, stating that it considers the agency’s claims to be “misguided and legally flawed,” and that the civil lawsuit “was approved by the FTC by the narrowest of margins after Chair Lina Khan refused [the retailer] the due process of hearing directly from the company.” The retailer noted that the FTC’s decision comes after DOJ declined to pursue the case in court. Among other thing, the retailer contended that because it maintains robust anti-fraud measures there is no need for injunctive relief requiring the retailer to change its practices. The retailer pointed to the U.S. Supreme Court’s ruling in AMG Capital Management LLC v. FTC, which limited the FTC’s ability to obtain monetary relief in federal court (covered by InfoBytes here), to argue that the FTC “pivoted their focus in this case after AMG to a distorted interpretation of the TSR to effectively try and hold [the retailer] strictly liable for money transfers that third-party criminals reportedly persuaded some consumers to send.” The retailer added that “[s]witching their main legal theory to the TSR is an obvious attempt to get around the Supreme Court’s ruling in AMG.”
Pages
Upcoming Events
- Keisha Whitehall Wolfe to discuss “Tips for successfully engaging your state regulator” at the MBA's State and Local Workshop
- Max Bonici to discuss “Enforcement risk and trends for crypto and digital assets (Part 2)” at ABA’s 2023 Business Law Section Hybrid Spring Meeting
- Jedd R. Bellman to present “An insider’s look at handling regulatory investigations” at the Maryland State Bar Association Legal Summit