Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On September 19, the U.S. Treasury Department issued a request for comment (RFC) seeking feedback on illicit finance and national security risks posed by digital assets. The RFC, issued pursuant to Executive Order 14067 “Ensuring Responsible Development of Digital Assets” (covered by InfoBytes here), requests public input on illicit finance risks, anti-money laundering and combating the financing of terrorism (AML/CFT) regulation and supervision, global implementation of AML/CFT standards, private sector engagement, and central bank digital currencies. The RFC also seeks feedback on actions the U.S. government and Treasury should take to mitigate these risks, in addition to whether public-private collaboration may improve efforts to address risks. Comments on the RFC are due November 3.
“Without appropriate controls and enforcement of existing laws, digital assets can pose a significant risk to national security by facilitating illicit finance, such as money laundering, cybercrime and terrorist actions,” U.S. Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said in the announcement. “As we work to implement the Illicit Finance Action Plan, hold bad actors accountable and identify potential gaps in existing enforcement, we look forward to receiving the public’s input on this urgent work.”
The RFC follows the September 16 release of Treasury’s Action Plan to Address Illicit Financing Risks of Digital Assets (covered by InfoBytes here).
On September 7, speaking before the 2022 Federal Identity Forum & Exposition in Atlanta, Georgia, acting Deputy Director of FinCEN Jimmy Kirby addressed the importance digital identity plays in FinCEN’s mission as it relates to privacy and cybersecurity, particularly with respect to protecting the U.S. financial system from illicit finance. This includes helping financial institutions comply with various reporting requirements, such as filing suspicious activity reports and currency transaction reports and ensuring that recordkeeping requirements under the Customer Identification Program and Customer Due Diligence rules are met. While Kirby recognized that digital identity frameworks have the potential to “spur innovation in financial products and services across the legacy financial system, as well as digital assets and emerging central bank digital currencies,” he stressed it is vital that digital identity is handled correctly through the implementation of “identity solutions that preserve privacy and security, promote financial inclusion, and protect the integrity of the financial system.” Focusing on topics related to emerging threats and responsible innovation, Kirby emphasized the need for financial institutions to implement measures for knowing who their customers are, both on the front end and throughout the customer relationship, and to take steps to prevent identity theft and fraud. Kirby also discussed the importance of fostering responsible innovation and developing infrastructure, information sharing, and standards that mitigate the risks associated with digital identities.
On August 8, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13694 against a virtual currency mixer accused of allegedly laundering more than $7 billion in virtual currency since 2019. According to OFAC, this amount includes more than $455 million stolen by a previously sanctioned Democratic People’s Republic of Korea state-sponsored hacking group (covered by InfoBytes here). OFAC stated that the designations resulted from the company “having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, a cyber-enabled activity originating from, or directed by persons located, in whole or in substantial part, outside the United States that is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that has the purpose or effect of causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.” Under Secretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson, added that the company “repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis,” and stressed that Treasury “will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them.” As previously covered by InfoBytes, in 2020, Treasury’s FinCEN penalized a bitcoin mixer $60 million for violating the Bank Secrecy Act.
As a result of the sanctions, all property and interests in property of the sanctioned entity that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC, as well as “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons.” OFAC noted that its regulations prohibit U.S. persons from participating in transactions with designated persons unless authorized by a general or specific license issued by OFAC or exempt.
Treasury further stressed that players in the virtual currency industry should take a risk-based approach for assessing risks associated with different virtual currency services, implementing measures to mitigate risks, and addressing the challenges anonymizing features can present to anti-money laundering/countering the financing of terrorism sanctions obligations. “[M]ixers should in general be considered as high-risk by virtual currency firms, which should only process transactions if they have appropriate controls in place to prevent mixers from being used to launder illicit proceeds,” Treasury said.
On July 20, EU and U.S. participants, including officials from the Treasury Department, Federal Reserve Board, CFTC, FDIC, SEC, and OCC, participated in the U.S. – EU Joint Financial Regulatory Forum to continue their ongoing financial regulatory dialogue. Matters discussed focused on six themes: “(1) market developments and financial stability risks, (2) sustainable finance and climate-related financial risks, (3) regulatory developments in banking and insurance, (4) regulatory and supervisory cooperation in capital markets, (5) operational resilience and digital finance, and (6) anti-money laundering and countering the financing of terrorism (AML/CFT).”
The statement acknowledged that the Russia/Ukraine conflict, as well as “inflationary pressures”, exposes “a series of downside risks to financial markets both in the EU and in the U.S.” The statement notes that financial markets have so far proven to be “resilient” and stressed that “[i]nternational cooperation in monitoring and mitigating financial stability risks remains essential in the current global environment in light of the negative impacts on global energy and commodities markets.” During the Forum, participants also discussed recent developments related to digital finance and crypto-assets, including so-called stablecoins, as well as potential central bank digital currencies. Additionally, participants discussed various issues related to third-party providers; climate-related financial risks and challenges, including sustainability reporting standards; the transition away from LIBOR; and progress made in strengthening their respective AML/CFT frameworks.
On June 23, FinCEN announced that the Financial Action Task Force (FATF) issued public statements updating its lists of jurisdictions with strategic deficiencies in anti-money laundering (AML), countering the financing of terrorism (CFT), and countering the financing of proliferation of weapons of mass destructions (CPF). FATF’s statements include (i) Jurisdictions under Increased Monitoring, “which publicly identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes that have committed to, or are actively working with, the FATF to address those deficiencies in accordance with an agreed upon timeline,” and (ii) High-Risk Jurisdictions Subject to a Call for Action, “which publicly identifies jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and calls on all FATF members to apply enhanced due diligence, and, in the most serious cases, apply counter-measures to protect the international financial system from the money laundering, terrorist financing, and proliferation financing risks emanating from the identified countries.” FinCEN’s announcement also informs members that FATF removed Malta from its list of Jurisdictions under Increased Monitoring and added Gibraltar, and that its list of High-Risk Jurisdictions Subject to a Call for Action continues to subject Iran and the Democratic People’s Republic of Korea to the FATF’s countermeasures.
FAFT restricts Russia’s membership privileges, takes action against corruption and virtual asset misuse
On June 17, the U.S. Treasury Department announced that the Financial Action Task Force (FATF) concluded another plenary meeting, in which it, among other things, took steps to restrict Russia’s FATF membership privileges. During the meeting, FATF again criticized Russia’s war against Ukraine and issued a statement, stressing that “Russian actions run counter to the FATF core principles aiming to promote security, safety, and the integrity of the global financial system. They also represent a gross violation of the commitment to international cooperation and mutual respect upon which FATF Members have agreed to implement and support the FATF standards.” Treasury Secretary Janet Yellen also stated that she “welcome[s] the serious steps the FATF took to restrict Russia’s presence in its community.” FATF members agreed that Russia can no longer hold any leadership or advisory roles, nor take part in decision making on any standard-setting, peer-review processes, governance, or membership matters. Russia is also prohibited from providing assessors, reviewers, or other experts for FATF peer-review processes. FATF stated it “will monitor the situation and consider at each of its Plenary meetings whether grounds exist for modifying these restrictions.”
FATF also produced policy recommendations for combatting corruption and countering corrupt actors or illicit funds. FATF stated it will continue to fight the abuse of shell companies, trusts, or other legal arrangements employed by bad actors, and intends to seek input on guidance to implement recommendations related to the collection and verification of beneficial ownership information for companies or other legal entities. FATF members will release a white paper for public consultation on important issues concerning “the misuse of trusts and other legal arrangements to facilitate illicit finance,” and will published guidance on ways governments and firms can mitigate money laundering risks within the real estate sector.
Additionally, FATF adopted a report on virtual assets during the meeting, calling “for accelerated compliance by the public and private sectors with the FATF standards, particularly the ‘travel rule,’ for virtual assets and virtual asset service providers.” The travel rule requires virtual asset service providers to collect or send information on the identities of the originator and beneficiary of virtual asset transfers. However, FATF noted that, despite some progress, not all countries have introduced the travel rule, creating significant vulnerabilities for criminal misuse and underscoring the need for universal implementation and enforcement of the travel rule. FATF also approved a new project related to ransomware finance and related money laundering, with an objective of raising global awareness and understanding of how payments for ransomware are made and how these proceeds are often laundered.
On June 3, FinCEN issued an Advance Notice of Proposed Rulemaking (ANPRM) soliciting comments on questions related to implementing a no-action letter process at the agency. The ANPRM is part of FinCEN’s implementation of the Anti-Money Laundering Act of 2020, which directed the agency to conduct an assessment of a no-action letter process concerning how anti-money laundering or countering the financing of terrorism laws may apply to specific conduct. The ANPRM follows FinCEN’s June 2021 report to Congress (covered by InfoBytes here), which concluded that the agency should undertake rulemaking to establish a process for issuing no-action letters that will supplement its current forms of regulatory guidance and relief. FinCEN noted in its announcement that the addition of a no-action letter process (“generally understood to be a form of enforcement discretion where an agency states by letter that it will not take an enforcement action against the submitting party for the specific conduct presented to the agency”) could overlap with and “affect other forms of regulatory guidance and relief that FinCEN already offers, including administrative rulings and exceptive or exemptive relief.” The agency is seeking public input on whether the process should be implemented and, if so, how the process should work. Included in the ANPRM are questions concerning, among other things, FinCEN jurisdiction (specifically “[w]hat is the value of establishing a FinCEN no-action letter process if other regulators with jurisdiction over the same entity do not issue a similar no-action letter”), whether there should be limitations on which factual circumstances could be considered, and whether the scope of a no-action letter should be limited so that requests may not be submitted during a Bank Secrecy Act examination. The ANPRM also asked questions related to changes in circumstances, revocations, denials and withdrawals, confidentiality and consultation concerns, and criteria for distinguishing no-action letters from administrative rulings or exceptive/exemptive relief.
Comments on the ANPRM are due August 5.
On June 6, the U.S. Treasury Department announced that member nations of the Terrorist Financing Targeting Center (TFTC) have jointly designated 16 individuals, entities, and groups affiliated with a variety of regional terrorist organizations. This marks the fifth year of coordinated TFTC sanctions actions targeting terrorist financing, Treasury stated. The sanctioned persons, who were all previously designated by the U.S., include three individuals associated with Iran’s Islamic Revolutionary Guard Corps-Qods Force, four ISIS-associated individuals and one company, six Boko Haram financiers, and two terrorist groups. The TFTC was created to counter regional money laundering and terrorist financing networks by “identifying, tracking, and sharing information about terrorist financing networks; coordinating joint disruptive actions; and offering capacity-building training and assistance in countering the financing of terrorism,” and serves to enhance multilateral efforts among the U.S. and the Gulf countries of Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates.
On May 13, the U.S. Treasury Department issued the 2022 National Strategy for Combatting Terrorist and Other Illicit Financing (2022 Strategy). As required by federal law, the 2022 Strategy describes current U.S. government efforts to combat domestic and international illicit finance threats from terrorist financing, proliferation financing, and money laundering, and discusses potential risks, priorities and objectives, as well as areas for improvement. Among other things, the 2022 Strategy reflects challenges posed by the Covid-19 pandemic, the increasing digitization of financial services, and rising levels of corruption and fraud. Specifically, Treasury noted that 2022 risk assessments highlights threats “posed by the abuse of legal entities, the complicity of professionals that misuse their positions or businesses, small-sum funding of domestic violent extremism networks, the effective use of front and shell companies in proliferation finance, and the exploitation of the digital economy.”
According to Treasury, the 2022 Strategy, along with the agency’s 2022 National Money Laundering Risk Assessment (covered by InfoBytes here), “will assist financial institutions in assessing the illicit finance risk exposure of their businesses and support the construction and maintenance of a risk-based approach to countering illicit finance for government agencies and policymakers.”
Specifically, to protect the U.S. financial system from corruption and other illicit finance threats, the 2022 Strategy outlined four priorities and 14 supporting actions to address these threats. These include:
- closing legal and regulatory gaps in the U.S. anti-money laundering/counter the financing of terrorism (AML/CFT) framework that are used to anonymously access the U.S. financial system through shell companies and all-cash real estate purchases;
- increasing the efficiency of the U.S. AML/CFT regulatory framework “by providing clear compliance guidance, sharing information appropriately, and fully funding supervision and enforcement”;
- enhancing the operational effectiveness of law enforcement, other U.S. government agencies, and international partnerships to prevent illicit actors from accessing safe havens; and
- enabling technological innovation while mitigating risk to stay ahead of new avenues for abuse through virtual assets and other new financial products, services, and activities.
The same day the U.S. and Mexico announced their commitment to establish a working group on anti-corruption, which will primarily focus on high-level strategic responses to public corruption. The announcement follows a recent agreement between delegates from the two countries to continue expanding information-sharing efforts to improve bilateral efforts for countering illicit finance.
On March 10, the Financial Crimes Enforcement Network (FinCEN) announced updates to the Financial Action Task Force (FATF) statements concerning jurisdictions with strategic anti-money laundering, countering the financing of terrorism, and combating weapons of mass destruction proliferation financing (AML/CFT/CPF) deficiencies. Specifically, to ensure compliance with international standards, FAFT updated the following two statements: (i) Jurisdictions under Increased Monitoring, which identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes that have committed to, or are actively working with, FATF to address those deficiencies in accordance with an agreed upon timeline and; (ii) High-Risk Jurisdictions subject to a Call for Action, which identifies jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and instructs FATF members to apply enhanced due diligence, and in the most serious cases, apply counter-measures to protect the international financial system from such risks. Among other things, through the announcement, FinCEN reminded covered financial institutions of their obligations to comply with due diligence obligations for foreign financial institutions (in addition to their general obligations) to ensure their due diligence programs “include appropriate, specific, risk-based, and, where necessary, enhanced policies, procedures, and controls that are reasonably designed to detect and report known or suspected money laundering activity conducted through or involving any correspondent account established, maintained, administered, or managed in the United States.” Money service businesses are also required to establish appropriate policies to address money laundering and terrorism financing risks posed by their relationships with foreign agents or foreign counterparties. FinCEN further instructed financial institutions to comply with U.S. prohibitions against the opening or maintaining of any correspondent accounts, whether directly or indirectly, for North Korean or Iranian financial institutions, which are already prohibited under existing U.S. sanctions and FinCEN regulations. As previously covered by InfoBytes, FinCEN last announced updates to the FATF statements in October.
- Jedd R. Bellman to provide an “Attorney exemption/medical debt update” at the North American Collection Agency Regulatory Association annual conference
- Kathryn L. Ryan to discuss “What should crypto regulation look like: Legislation, regulation and consumer issues” at WCL's First Annual Virtual Currency Law Institute
- Elizabeth E. McGinn to discuss “How to mitigate and manage third-party risks: Leveraging tools and best practices” at The Knowledge Group’s webcast
- Elizabeth E. McGinn, Benjamin W. Hutten, and James C. Chou to discuss “The evolving regulatory landscape: Third-party and cyber risk management” at the 2022 mWISE Conference
- Jeffrey P. Naimon to discuss “Truth in lending” at ABA’s Consumer Financial Services Basics 2022 virtual conference
- Sherry-Maria Safchuk to discuss “For your eyes only: Privacy updates for 2022-2023” at CCFL’s Annual Consumer Financial Services Conference
- James T. Parkinson to present a “Global anti-corruption update” at IBA’s annual conference