InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN hosts exchange on environmental crimes and related financial activity
On November 16, the Financial Crimes Enforcement Network (FinCEN) held a virtual “FinCEN Exchange” with representatives from financial institutions, other key industry stakeholders, and federal government agencies to discuss identifying and combating illicit financial flows related to environmental crimes and related money laundering. As previously covered by InfoBytes, FinCEN released the “FinCEN Exchange” program in 2017, which established regular briefings between FinCEN, law enforcement, and financial institutions to share high-priority information regarding potential national security threats and illicit financial transactions. Topics discussed at the recent FinCEN Exchange included, among other things: (i) illicit financial flows related to wildlife trafficking; (ii) illegal logging, fishing, and mining; (iii) waste and hazardous substances trafficking; and (vi) potential solutions for better understanding the associated illicit flows. According to FinCEN, the agency “is focusing on environmental crimes because of an upward trend in these activities and their related financial flows; their strong association with two of FinCEN’s national anti-money laundering and countering the financing of terrorism (AML/CFT) priorities, specifically corruption and transnational criminal organizations; and their contribution to the climate and biodiversity crises.”
FATF updates virtual assets and service provider guidance
On October 28, the Financial Action Task Force (FATF) updated pre-existing guidance on its risk-based approach to virtual assets (VAs) and virtual asset service providers (VASPs). The updated guidance revises guidance originally released in 2019. According to FATF standards, countries are required to “assess and mitigate their risks associated with virtual asset financial activities and providers; license or register providers and subject them to supervision or monitoring by competent national authorities.” The guidance includes updates on certain key areas, such as: (i) expanding the definitions of VAs and VASPs; (ii) applying FAFT standards to stablecoins; (iii) adding guidance regarding the risks and the tools available to countries for the purpose of addressing money laundering and terrorist financing risks for peer-to-peer transactions; (iv) revising VASP licensing and registration guidance; (v) adding guidance for the public and private sectors on the implementation of the “travel rule”; and (vi) adding a section for principles of information-sharing and co-operation amongst VASP Supervisors. FATF also noted that the “guidance addresses the areas identified in the FATF’s 12-Month Review of the Revised FATF Standards on virtual assets and VASPs requiring further clarification and also reflects input from a public consultation in March - April 2021.”
FATF advances work on virtual assets, beneficial ownership transparency, and illicit finance risks
On October 22, the Financial Action Task Force (FATF) announced that it concluded its October plenary, which is the sixth session since the beginning of the Covid-19 pandemic. According to the announcement, utilizing a hybrid approach of both virtually and in-person participation, FATF “advanced its core work on virtual assets, beneficial ownership transparency, and illicit finance risks.” Among other things, the FATF: (i) approved an updated version of its Guidance on a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers for publication; (ii) proposed changes to beneficial ownership standards; (iii) approved the commencement of a study on Illicit Proceeds Generated from the Fentanyl and Related Synthetic Opioids Supply Chain; (iv) adopted an update to its 2016 confidential report on terrorist financing risk indicators; and (v) issued a statement regarding Afghanistan that reaffirmed the “United Nations Security Council Resolutions that Afghanistan should not be used to plan or finance terrorist acts, emphasiz[ing] the importance of supporting the work of non-governmental organizations in the country and maintaining the flow of humanitarian assistance to the Afghan people, and for governments to facilitate information sharing with their financial institutions on any emerging illicit finance risks related to Afghanistan.”
Agencies announce new measures to combat ransomware
On October 15, the U.S. Treasury Department announced additional steps to help the virtual currency industry combat ransomware and prevent exploitation by illicit actors. The guidance builds upon recent “whole-of-government” actions focused on confronting “criminal networks and virtual currency exchanges responsible for laundering ransoms, encouraging improved cyber security across the private sector, and increasing incident and ransomware payment reporting to U.S. government agencies, including both Treasury and law enforcement.” (Covered by InfoBytes here.) The newest industry-specific guidance—part of the Biden administration’s efforts to counter ransomware threats—outlines sanctions compliance best practices tailored to the unique risks associated with this space. According to Treasury, there is a “need for a collaborative approach to counter ransomware attacks, including public-private partnerships and close relationships with international partners.”
The same day, the Financial Crimes Enforcement Network (FinCEN) released new data analyzing ransomware trends in Bank Secrecy Act reporting filed between January 2021 and June 2021. The report follows FinCEN’s government-wide priorities for anti-money laundering and countering the financing of terrorism priorities released in July (covered by InfoBytes here). Issued pursuant to the Anti-Money Laundering Act of 2020, the report flags “ransomware as a particularly acute cybercrime concern,” and states that in the first half of 2021, FinCEN identified $590 million in ransomware-related suspicious activity reports (SARs)—an amount exceeding the entirety of the value report in 2020 ($416 million). If this trends continues, FinCEN warns that ransomware-related SARs submitted in 2021 will have a higher transaction value than similar SARs filed in the previous 10 years combined. FinCEN attributes this uptick in activity to several factors, including an increasing overall prevalence of ransomware-related incidents, improved detection and incident reporting, and an increased awareness of reporting obligations and willingness to report by financial institutions.
In conjunction with the “growing prevalence of virtual currency as a payment method,” Treasury’s Office of Foreign Assets Control (OFAC) issued sanctions compliance guidance for companies in the virtual currency industry, including technology companies, exchangers, administrators, miners, wallet providers, and financial institutions. OFAC warned that “sanctions compliance obligations apply equally to transactions involving virtual currencies and those involving traditional fiat currencies,” and that participants “are responsible for ensuring that they do not engage, directly or indirectly, in transactions prohibited by OFAC sanctions, such as dealings with blocked persons or property, or engaging in prohibited trade- or investment-related transactions.” Among other things, the guidance will assist participants on ways to evaluate risks and build a risk-based sanctions compliance program. OFAC also updated related FAQs 559 and 646.
FINRA advises firms to incorporate FinCEN’s AML/CFT priorities
On October 8, the Financial Industry Regulatory Authority (FINRA) encouraged member firms to consider ways to incorporate recently issued anti-money laundering and countering the financing of terrorism priorities (AML/CFT Priorities) into their risk-based compliance programs. As previously covered by InfoBytes, the Financial Crimes Enforcement Network’s (FinCEN) AML/CFT Priorities—issued pursuant to the Anti-Money Laundering Act of 2020—highlighted key threat trends and provided informational resources to help covered institutions manage their risks and meet their obligations under laws and regulations designed to combat money laundering and counter terrorist financing.
FINRA reminded member firms that FINRA Rule 3310 requires the development and implementation of a written AML program to achieve compliance with the Bank Secrecy Act (BSA). While FinCEN’s issuance of the AML/CFT Priorities “does not trigger an immediate change in the BSA requirements or supervisory expectations for member firms,” FINRA advised member firms to evaluate how they plan to incorporate these priorities into their risk-based AML programs. Among other things, FINRA advised member firms to: (i) review red flags based on potential risks presented by their business activities, size, geographic location, and types of accounts and transactions; and (ii) consider potential technical changes, including those used to monitor and investigate suspicious activity.
EU and U.S. release statement on Joint Financial Regulatory Forum
On September 29 and 30, EU and U.S. participants, including officials from the Treasury Department, Federal Reserve Board, CFTC, FDIC, SEC, and OCC, participated in the U.S. – EU Joint Financial Regulatory Forum to continue their ongoing financial regulatory dialogue. Matters discussed focused on six different themes: “(1) market developments and current assessment of financial stability risks, (2) sustainable finance, (3) multilateral and bilateral engagement in banking and insurance, (4) regulatory and supervisory cooperation in capital markets, (5) financial innovation, and (6) anti-money laundering and countering the financing of terrorism (AML/CFT).”
While acknowledging that both the EU and U.S. are experiencing “robust economic recoveries,” participants cautioned that the uncertainty around the Covid-19 pandemic and the economic outlook has not dissipated. “[C]ooperative international engagement to mitigate financial stability risks remains essential,” participants warned. Participants also explored issues concerning climate-related challenges for the financial sector and mandates for addressing climate-related financial risks, and touched upon the EU’s strategy for financing its transition to a sustainable economy. Regarding financial innovation, participants discussed potential central bank digital currencies and exchanged views on topics such as new types of digital payments, crypto-assets, and stablecoins, with all participants recognizing the “benefits of greater international supervisory cooperation” and “promot[ing] responsible innovation globally.” In addition, participants discussed progress made in strengthening their respective AML/CFT frameworks, “exchanged views on the opportunities and challenges arising from financial innovation in the AML/CFT area and explored potential areas for enhanced cooperation to combat money laundering and terrorist financing bilaterally and in the framework of [the Financial Action Task Force].”
FinCEN hosts second ransomware exchange
On August 10, the Financial Crimes Enforcement Network (FinCEN) held a virtual “FinCEN Exchange” with representatives from financial institutions, other key industry stakeholders, and federal government agencies to discuss continuing concerns regarding ransomware. As previously covered by InfoBytes, in July, FinCEN announced the event, which builds upon FinCEN’s November 2020 event regarding ransomware. Topics discussed at the FinCEN Exchange included “cybercrime, trends and typologies, detection and reporting, and the recovery of funds after ransomware attacks.” FinCEN’s recent efforts against ransomware attacks include: (i) issuing an advisory in October 2020 to aid U.S. individuals and businesses in combating ransomware scams and attacks (covered by InfoBytes here); and (ii) highlighting ransomware in June as a particularly acute cybercrime concern in its issuance of the first government-wide priorities for anti-money laundering and countering the financing of terrorism policy. According to FinCEN, the agency will host a “ransomware technical workshop to discuss ways to establish an enhanced and more effective way to communicate, monitor, and receive information related to the use of cryptocurrency connected to a ransomware incident.”
FATF updates statements concerning jurisdictions with AML/CFT/CPF deficiencies
On July 1, the Financial Crimes Enforcement Network (FinCEN) announced updates to the Financial Action Task Force (FATF) statements concerning jurisdictions with strategic anti-money laundering, countering the financing of terrorism, and combating weapons of mass destruction proliferation financing (AML/CFT/CPF) deficiencies. Specifically, to ensure compliance with international standards, the FAFT updated the following two statements: (i) High-Risk Jurisdictions Subject to a Call for Action, which identifies jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and instructs FATF members to apply enhanced due diligence, and in the most serious cases, apply counter-measures to protect the international financial system from such risks; and (ii) Jurisdictions under Increased Monitoring, which “publicly identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes that have committed to, or are actively working with, the FATF to address those deficiencies in accordance with an agreed upon timeline.” Notably, Haiti, Malta, the Philippines, and South Sudan have been added to the Jurisdictions under Increased Monitoring, while Ghana has been removed from the list. Among other things, through the announcement, FinCEN further instructs financial institutions to comply with U.S. prohibitions against the opening or maintaining of any correspondent accounts, whether directly or indirectly, for North Korean or Iranian financial institutions, which are already prohibited under existing U.S. sanctions and FinCEN regulations.
FinCEN plans to undertake future no-action letter rulemaking
On June 30, the Financial Crimes Enforcement Network (FinCEN) announced the completion of a report on whether to establish a process for issuing no-action letters in response to inquiries concerning the application of the Bank Secrecy Act (BSA) and other anti-money laundering and countering the financing of terrorism laws to specific conduct, “including a request for a statement as to whether FinCEN or any relevant Federal functional regulator intends to take an enforcement action with respect to such conduct.” As required pursuant to Section 6305 the Anti-Money Laundering Act of 2020 (included as part of the National Defense Authorization Act for Fiscal Year 2021 and covered by InfoBytes here), FinCEN submitted its no-action letter assessment to Congress. The assessment involved consultation with the Attorney General and other entities including the federal functional regulators, state bank and credit union supervisors, and other federal agencies.
The agency analyzed various issues when conducting its assessment, including “whether a formal no-action process would help to mitigate or accentuate illicit finance risks in the United States.” Among other things, the report concluded that the majority of the consulting parties agreed that FinCEN should implement a no-action letter policy. “The primary benefits identified by those in favor of a no-action letter process are that it could promote a robust and productive dialogue with the public, spur innovation among financial institutions, and enhance the culture of compliance and transparency in the application and enforcement of the BSA,” FinCEN stated. According to FinCEN acting Director Michael Mosier, the agency concluded “that a no-action letter process would be a useful complement to its current forms of regulatory guidance and relief.” The agency stated it intends to undertake a future rulemaking “subject to resource limitations and competing priorities” to establish a process for issuing no-action letters that will supplement its current forms of regulatory guidance and relief. However, FinCEN noted that the no-action letter process would be most effective and workable if it were limited to the agency’s exercise of its own enforcement authority, instead of also addressing other regulators’ exercise of their own enforcement authorities.
FinCEN issues first government-wide AML/CFT priorities
On June 30, the Financial Crimes Enforcement Network (FinCEN) issued the first government-wide priorities for anti-money laundering and countering the financing of terrorism (AML/CFT) policy (AML/CFT Priorities) pursuant to the Anti-Money Laundering Act of 2020 (AML Act). The AML/CFT Priorities were established in consultation with the Treasury Department’s Office of Foreign Assets Control, SEC, CFTC, IRS, state financial regulators, law enforcement, and national security agencies, and highlight key threat trends as well as informational resources to assist covered institutions manage their risks and meet their obligations under laws and regulations designed to combat money laundering and counter terrorist financing. According to the AML/CFT Priorities, the most significant AML/CFT threats currently facing the U.S. (in no particular order) are corruption, cybercrime, domestic and international terrorist financing, fraud, transnational criminal organization activity, drug trafficking organization activity, human trafficking and human smuggling, and proliferation financing. FinCEN further noted it will update the AML/CFT Priorities to highlight new or evolving threats at least once every four years as required under the AML Act, and issued a separate statement providing additional clarification for covered institutions.
Separately, the Federal Reserve Board, FDIC, NCUA, OCC, state bank and credit union regulators, and FinCEN also issued a joint statement providing clarity for banks on the AML/CFT Priorities. The statement emphasized that the publication of the AML/CFT Priorities “does not create an immediate change to Bank Secrecy Act (BSA) requirements or supervisory expectations for banks.” Rather, within 180 days of the establishment of the AML/CFT Priorities, FinCEN will promulgate regulations, as appropriate, in consultation with the federal functional regulators and relevant state financial regulators. The federal banking agencies noted that they intend to revise their BSA regulations as needed to address how the AML/CFT priorities will be incorporated into BSA requirements for banks, adding that banks will not be required to incorporate the AML/CFT Priorities into their risk-based BSA compliance programs until the effective date of the final revised regulations. However, banks may choose to begin considering how they intend to incorporate the AML/CFT Priorities, “such as by assessing the potential related risks associated with the products and services they offer, the customers they serve, and the geographic areas in which they operate.” Moreover, the statement confirmed that federal and state examiners will not examine banks for the incorporation of the AML/CFT Priorities into their risk-based BSA programs until the final revised regulations take effect.