Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN, federal banking agencies clarify CDD requirements for charities and non-profit organizations
On November 19, the Financial Crimes Enforcement Network (FinCEN), in concurrence with the Federal Reserve Board, FDIC, NCUA, and OCC (collectively, “federal banking agencies”), released a fact sheet clarifying that Bank Secrecy Act (BSA) customer due diligence (CDD) requirements for charities and nonprofit organizations (NPOs) should be based on the money laundering risks posed by customer relationships. FinCEN and the federal banking agencies remind banks that “the application of a risk-based approach for charities and other NPOs is consistent with existing CDD and other [BSA/anti-money laundering] compliance requirements.” The fact sheet further emphasizes that while “the U.S. government does not view the charitable sector as a whole as presenting a uniform or unacceptably high risk of being used or exploited for money laundering, terrorist financing , or sanctions violations,” banks must adopt risk-based procedures for conducting CDD that will allow banks to (i) understand the nature and purpose of a customer relationship in order to develop a customer risk profile, and (ii) conduct ongoing monitoring for the purposes of identifying and reporting suspicious transactions “on a risk basis, to maintain and update customer information.” The fact sheet does not alter existing BSA/AML legal or regulatory requirements, nor does it establish new supervisory expectations. (See also OCC Bulletin 2020-101 and FDIC FIL-106-2020.)
On September 14, the Financial Crimes Enforcement Network (FinCEN) issued a final rule, under its sole authority, to remove the anti-money laundering (AML) program exemption for non-federally regulated banks. According to FinCEN, the rulemaking was prompted by the “gap in AML coverage” between banks that have a federal functional regulator and those that do not, which has created “a vulnerability to the U.S. financial system that could be exploited by bad actors.” The final rule would bring non-federally regulated banks that are currently required to comply with certain Bank Secrecy Act (BSA) obligations, such as filing currency transaction reports and suspicious activity reports to detect unusual activity, into compliance with the same standards applicable to all other banks. Specifically, the final rule outlines minimum standards for non-federally regulated banks to ensure the establishment and implementation of required AML programs, and extends customer identification program (CIP) requirements, as well as beneficial ownership requirements outlined in FinCEN’s 2016 customer due diligence (CDD) rule (covered by InfoBytes here), to banks not already subject to these requirements. FinCEN believes that non-federally regulated banks will be able to take a risk-based approach when tailoring their AML and CIP programs to fit their size, needs, and operational risks, and that those banks should be able to build on “existing compliance policies and procedures and prudential business practices to ensure compliance. . .with relatively minimal cost and effort.” The final rule takes effect November 16.
For more details, please see a Buckley Special Alert on the final rule.
On August 3, the Financial Crimes Enforcement Network (FinCEN), in consultation with the federal functional regulators, issued responses to three frequently asked questions (FAQs) concerning customer due diligence (CDD) requirements under the Bank Secrecy Act for covered financial institutions. As previously covered by InfoBytes, the 2016 CDD Rule imposed standardized requirements for financial institutions to identify and verify beneficial owners of legal entity customers, subject to certain exclusions and exemptions. The FAQs follow those issued by FinCEN in July 2016 and April 2018 (covered by InfoBytes here and here), and address procedures to collect customer information, methods to establish a customer risk profile, and obligations to update customer information.
On June 29, the Financial Crimes Enforcement Network (FinCEN) issued guidance for hemp-related business customers to explain due diligence requirements and identify the types of information financial institutions can collect to comply with Bank Secrecy Act (BSA) regulatory requirements. The guidance supplements a December 2019 interagency statement (covered by a Buckley Special Alert), which confirmed that financial institutions are no longer required to file a suspicious activity report (SARs) on customers solely because they are “engaged in the growth or cultivation of hemp in accordance with applicable laws and regulations.” Among other things, the guidance reiterates FinCEN’s expectation that financial institutions conduct customer due diligence (CDD) for hemp-related businesses, as they would for other customers, and establish appropriate on-going risk-based CDD procedures. This may include confirming that the hemp business is complying with applicable state, tribal government, or United States Department of Agriculture licensing requirements. Financial institutions should also tailor BSA/Anti-Money Laundering programs to appropriately reflect the risks associated with a customer’s particular risk profile and file the required reports. The guidance further provides that while financial institutions are not required to file SARs on customers solely because they are engaged in a hemp business, “financial institutions are expected to follow standard SAR procedures.” Examples of suspicious activity that may warrant the filing of a SAR are provided. Finally, the guidance states that financial institutions must report currency transactions connected to hemp-related businesses as they would for any other customer for transactions above $10,000 in aggregate on a single business day.
On September 24, Financial Crimes Enforcement Network (FinCEN) Director Kenneth Blanco spoke at the Federal Identity (FedID) Forum and Exposition, discussing the role of FinCEN in combatting fraud and cybercrime and highlighting concerns regarding identity crimes. Blanco noted that FinCEN sees approximately 5,000 account takeover reports each month, a crime that “involves the targeting of financial institution customer accounts to gain unauthorized access to funds.” Moreover, FinCEN sees a high amount of fraud through account takeovers via fintech platforms, where cybercriminals use fintech data aggregators to facilitate account takeovers and fraudulent wires. Blanco stated that cybercriminals create fraudulent accounts and are able to “exploit the platforms’ integration with various financial services to initiate seemingly legitimate financial activity while creating a degree of separation from traditional fraud detection efforts.”
Additionally, Blanco discussed how cybercriminals use business email compromise (BEC) fraud schemes to target financial institutions and relayed FinCEN’s efforts to combat these schemes. As previously covered by InfoBytes, in July, FinCEN issued an updated advisory, describing general trends in BEC schemes, information concerning the targeting of non-business entities, and risks associated with the targeting of vulnerable business processes. Blanco also discussed (i) FinCEN’s final rule titled the “Customer Due Diligence Requirements for Financial Institutions,” (the CDD Rule) (prior coverage by InfoBytes here); and (ii) FinCEN’s December 2018 joint statement with federal banking agencies encouraging innovative approaches to combatting money laundering, terrorist financing, and other illicit financial threats when safeguarding the financial system (previously covered by InfoBytes here).
On May 21, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “Combating Illicit Financing By Anonymous Shell Companies Through the Collection of Beneficial Ownership Information.” The Committee heard from the same panel of witnesses who testified in November on the need for modernization of the Bank Secrecy Act/Anti-Money Laundering regime. (Covered by InfoBytes here.) Committee Chairman Mike Crapo opened the hearing by stressing the need to discuss ways in which beneficial ownership information collected in an effort to deter money laundering and terrorist financing through anonymous shell companies can be made more useful. Panelists from the Financial Crimes Enforcement Network, the FBI, and Office of the Comptroller of the Currency all emphasized the importance of creating a regime in which beneficial ownership is collected at the corporate formation stage and, for foreign entities, upon the time of registration with U.S. states to conduct business or upon establishing an account with a U.S. financial institution.
On January 22, the Financial Industry Regulatory Authority (FINRA) issued new guidance on areas member firms should consider when seeking to improve their compliance, supervisory, and risk management programs. The 2019 FINRA Risk Monitoring and Examination Priorities Letter (2019 Priorities Letter) examines both new priorities as well as areas of ongoing concern, including the adequacy of firms’ cybersecurity programs. FINRA notes, however, that the 2019 Priorities Letter does not repeat topics previously addressed in prior letters, and advises member firms that it will continue to review ongoing obligations for compliance. Topics FINRA plans to focus on in the coming year include:
- Firms’ use of regulatory technology to help compliance efforts become “more efficient, effective, and risk-based.” FINRA will work with firms to understand risks and concerns related to supervision and governance systems, third party vendor management, and safeguarding customer data;
- Supervision of digital assets, including coordinating with the SEC to review how firms determine whether a given digital asset is a security and whether firms are implementing adequate controls and supervisions related to digital assets, such as complying with anti-money laundering and Bank Secrecy Act rules and regulations;
- Assessment of firms’ compliance with FinCEN’s Customer Due Diligence rule, which requires firms to identify beneficial owners of legal entity customers (as previously covered by InfoBytes here); and
- Financial risks, including credit risks, funding and liquidity planning.
FinCEN issues Spanish language version of its advisory on politically exposed persons and their financial facilitators
On September 11, the Financial Crimes Enforcement Network (FinCEN) released a Spanish version of its advisory for U.S. financial institutions to increase awareness of the connection between high-level political corruption and human rights abuses. As previously covered in InfoBytes, FinCEN issued regulatory guidance in June to remind financial institutions of their risk-based, due diligence obligations, which include (i) identifying legal entities owned or controlled by “politically exposed persons” (as required by FinCEN’s Customer Due Diligence Rule); (ii) complying with anti-money laundering program obligations; and (iii) filing Suspicious Activity Reports related to illegal activity undertaken by senior foreign political figures.
FinCEN grants permanent relief from Beneficial Ownership Rule for CDs and certain automatic renewal products
On September 7, the Financial Crimes Enforcement Network (FinCEN) issued a notice granting permanent relief for financial institutions from the Beneficial Ownership Rule’s requirements to obtain and verify the identity of beneficial owners of legal entity customers, with respect to certificate of deposit rollovers (CDs) and loans that renew automatically. The exception applies only to the rollover, renewal, modification, or extension of the following types of accounts occurring on or after May 11, 2018: CDs; existing loans, commercial lines of credit, and credit card accounts that do not require underwriting reviews; and safe deposit box rental renewals. The exception does not apply to the initial opening of these types of new accounts. FinCEN noted that it will not provide any other exception from a financial institution's anti-money laundering compliance obligations under the Bank Secrecy Act.
Visit here for continuing InfoBytes coverage on beneficial ownership and customer due diligence requirements here.
FinCEN issues extension to continue suspension of beneficial ownership requirements for automatic renewal products
On August 8, the Financial Crimes Enforcement Network (FinCEN) issued a notice to provide an additional 30 days of limited exceptive relief for covered financial institutions that are required to obtain and verify the identity of beneficial owners of legal entity customers with respect to certificate of deposit rollovers and loans that renew automatically. As previously covered in InfoBytes, the extension—which was set to expire August 9 and applies to qualified products and services that were established before the Beneficial Ownership Rule’s May 11 compliance date—will now continue until September 8. FinCEN noted it will continue to evaluate the requirement to determine whether additional relief is needed.
Find continuing InfoBytes coverage on beneficial ownership and customer due diligence requirements here.
- Sherry-Maria Safchuk to discuss “Hot topics outside of CA” at the California Mortgage Bankers Association Conference
- Jon David D. Langlois to discuss “LIBOR Transition: How will the pieces come together in time?” at the American Bar Association In the Know-Live webinar
- Dissecting the annual federal agency fair lending summit
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek