Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On October 8, the U.S. Treasury Department announced that the Secretary of the Treasury, in consultation with the Secretary of State, sanctioned 18 major Iranian banks, consistent with E.O. 13902, which identified Iran’s financial sector “as an additional avenue that funds the Iranian government’s malign activities.” E.O. 13902 provides Treasury with the authority to sanction any Iranian financial institution. The sanctioned banks include 16 banks operating in Iran’s financial sector and one bank that is owned or controlled by a sanctioned Iranian bank. In addition, OFAC sanctioned an Iranian military-affiliated bank under Treasury’s counter-proliferation authority pursuant to E.O. 13382. “Today’s action to identify the financial sector and sanction eighteen major Iranian banks reflects our commitment to stop illicit access to U.S. dollars,” Treasury Secretary Steven T. Mnuchin stated. OFAC noted that the sanctions under E.O. 13902 do not affect existing authorizations and exceptions for humanitarian trade (covered by a Buckley Special Alert), “which remain in full force and effect for these seventeen banks.”
As a result, all property and interests in property of the designated entities that are in the U.S. or in the possession or control of U.S. persons must be blocked and reported to OFAC. U.S. persons are also generally prohibited from engaging in transactions with the designated entities. OFAC is providing a 45-day period for non-U.S. persons to wind down non-humanitarian transactions that may become subject to sanctions as a result of the designations. OFAC further warned that “financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities after a 45-day wind-down period may expose themselves to secondary sanctions or be subject to an enforcement action.”
Concurrent with the action, OFAC issued General License L, which outlines transactions and activities involving the sanctioned entities “that are authorized, exempt, or otherwise not prohibited under the Iranian Transactions and Sanctions Regulations.” Additional guidance is also provided in recently issued FAQs.
On October 9, the Financial Crimes Enforcement Network (FinCEN), in concurrence with the OCC, Federal Reserve, FDIC, and NCUA (collectively, “federal banking agencies”), issued an interagency order granting an exemption from the requirements of the customer identification program (CIP) rules for insurance premium finance loans extended by banks to all customers. The exemption is intended to facilitate insurance premium finance lending for the purchase of property and casualty insurance policies and will apply to loans extended by banks and their subsidiaries, subject to the federal banking agencies’ jurisdiction. According to FinCEN, insurance premium finance loans present a low risk for money laundering due to the purpose for which the loans are extended and the limitations on how such funds may be used. Moreover, FinCEN emphasized that “property and casualty insurance policies themselves are not an effective means for transferring illicit funds.” Banks, however, must still comply with all other regulatory requirements, including those implementing the Bank Secrecy Act that require the filing of suspicious activity reports. Furthermore, the federal banking agencies determined that the order is consistent with safe and sound banking practices. The order supersedes a September 2018 order, which previously granted an exemption from the CIP rule requirements for commercial customers (covered by InfoBytes here).
On October 1, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a more than $5.8 million settlement with a New York-incorporated travel assistance services company to resolve 2,593 apparent violations of the Cuban Assets Control Regulations (CACR). According to OFAC’s web notice, from roughly June 2010 to January 2015, the company formally codified an indirect payment process in its procedures manual, in which it “intentionally referred” Cuba-related payments to a Canadian affiliate to avoid “processing reimbursement payments directly to Cuban parties and to travelers while they were located in Cuba.” Reimbursements were then sent from the company to the Canadian affiliate for those payments. While the company had a sanctions compliance policy during the time of the apparent violations to screen for individuals or entities on OFAC’s List of Specially Designated Nationals and Blocked Persons, it allegedly failed to comply with screening requirements for countries and regions subject to OFAC prohibitions.
In arriving at the settlement amount, OFAC considered various aggravating factors, including that the company (i) knew it was illegal to make direct payments to Cuban service providers and therefore formalized the aforementioned referral process; (ii) provided “prohibited post-travel claim reimbursements directly to unauthorized Canadian subscribers who travelled to Cuba”; and (iii) knew of the conduct at issue because the indirect payment process was codified and approved by its CEO.
OFAC also considered various mitigating factors, including that (i) the CACR was later amended to authorize some of the apparent violations; (ii) the company enhanced its sanctions compliance program by, among other things, implementing a formal structure for compliance personnel and conducting sanctions training for all employees; (iii) the company voluntarily disclosed the violations and signed a tolling agreement, including multiple extensions; and (iv) the company terminated the conduct leading to the apparent violations and has undertaken remedial measures to minimize the risk of similar violations from occurring in the future.
On October 6, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued Venezuela General License (GL) 5E, which supersedes GL 5D and authorizes certain transactions otherwise prohibited under Executive Orders 13835 and 13857 related to, or that provide financing for, dealings in the Petróleos de Venezuela, S.A. 2020 8.5 Percent Bond on or after January 19, 2021. Concurrently, OFAC amended a Venezuela-related frequently asked question regarding GL 5E.
On September 30, the Federal Reserve Board issued a notice of proposed rulemaking (NPRM) to tailor the requirements in the Fed’s capital plan rule applicable to large bank holding companies and U.S. intermediate holding companies of foreign banking organizations. The changes would conform the capital planning, regulatory reporting, and stress capital buffer requirements for firms with $100 billion or more in total assets (Category IV) with the tailored regulatory framework approved by the Fed last October (covered by InfoBytes here). The NPRM would also make additional changes to the Fed’s stress testing rules, stress testing policy statement, and regulatory reporting requirements related to “business plan change assumptions, capital action assumptions, and the publication of company-run stress test results for savings and loan holding companies” to be consistent with a final rule issued last year that amended resolution planning requirements for large domestic and foreign firms (covered by InfoBytes here). These changes include removing company-run stress test requirements and implementing biennial, rather than annual, supervisory stress tests for firms subject to Category IV standards. Additionally, the Fed seeks comments on its existing capital planning guidance for firms of all sizes. Notably, the Fed states that the NPRM would not affect the calculation of firms’ capital requirements. Comments on the NPRM are due November 20.
On October 1, the U.S. Treasury Department’s Office of Terrorism and Financial Intelligence issued two advisories to aid U.S. individuals and businesses in combating ransomware scams and attacks. In issuing the advisories, Treasury emphasized that “[e]fforts to detect and report ransomware payments are vital to prevent and deter cyber actors from deploying malicious software to extort individuals and businesses, and to hold ransomware attackers accountable for their crimes.” The advisory released by FinCEN, titled the Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments, provides information on the role of financial intermediaries in payments, ransomware trends and typologies, and related financial red flags indicators. Among other things, the advisory urges financial institutions to file suspicious activity reports when handling any transfer of funds related to a ransomware-related activity, and provides information on effectively reporting and sharing information related to ransomware attacks.
The advisory released by Treasury’s Office of Foreign Assets Control (OFAC), titled the Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, cautions that companies that facilitate ransomware payments to cyber actors on behalf of victims targeted by ransomware activities may face potential sanctions risks. Among other things, the advisory encourages financial institutions and other companies that engage with victims of ransomware attacks to implement risk-based compliance programs “to mitigate exposure to sanctions-related violations,” and to report such attacks to law enforcement. These sanctions compliance programs, OFAC emphasizes, “should account for the risk that a ransomware payment may involve [a specially designated national] or blocked person, or a comprehensively embargoed jurisdiction.” OFAC also cautions companies to consider whether they also need to comply with FinCEN’s regulatory obligations. Furthermore, the advisory provides U.S. government resources for reporting ransomware attacks, as well as guidance on factors OFAC generally considers when determining an appropriate enforcement response to an apparent violation.
On September 30, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced three individuals and 13 entities were added to the Specially Designated Nationals and Blocked Persons List, pursuant to Syria sanctions authorities. As a result, all property and interests in property belonging to the designated individuals and entities subject to U.S. jurisdiction are blocked and must be reported to OFAC. OFAC further noted that its regulations “generally prohibit all dealings by U.S. persons or within (or transiting) the United States that involve any property or interests in property of blocked or designated persons,” and warned that non-U.S. persons that engage in transactions with the designated persons may expose themselves to designation.
Moreover, OFAC issued a new Syria General License 20, “Authorizing Transactions and Activities Necessary for Wind Down of Transactions with Emma Tel LLC,” and updated the FAQs to reflect the new issuance.
On September 29, FinCEN Director Kenneth A. Blanco spoke at the Association of Certified Anti-Money Laundering Specialists (ACAMS) virtual AML conference, noting that FinCEN has received over 91,000 suspicious activity reports (SARs) referencing Covid-19 and the federal stimulus programs under the CARES Act. Blanco stated that the vast majority (about 71 percent) of the Covid-19 SARs have come from depository institutions, while 17 percent have come from credit unions and five percent have come from the Money Services Business (MSB) industry. The securities and casino industries account for the final three percent. Blanco urged financial institutions to be “as specific as possible” when filling out their Covid-19-related SARs to ensure it gets to the right investigative team expeditiously. Blanco noted that “vague references to ‘stimulus’ or ‘CARES Act’ or ‘benefit,’” hinders the agency’s ability to get the SAR to the right team. Additionally, Blanco emphasized FinCEN’s advisories and guidance related to Covid-19 fraud (covered by InfoBytes here, here, and here) and encouraged the audience to review the agency’s dedicated Covid-19 webpage.
On September 25, the FDIC released a list of administrative enforcement actions taken against banks and individuals in August. During the month, the FDIC issued 13 orders, consisting of “one consent order under 8(b), four orders of prohibition under 8(e), and eight Section 19 orders.” The consent order, issued against a Kansas-based bank, relates to alleged violations of the Bank Secrecy Act (BSA). Among other things, the bank was ordered to (i) terminate all activity related to its foreign financial institution customers, including such activity as funds transfers, remote deposit capture, money service business remittances, Automated Clearing House transfers, and funds transfers to or from any foreign central bank accounts; (ii) establish a directors’ BSA/anti-money laundering (AML) compliance committee; (iii) implement a revised BSA compliance program to address BSA/AML deficiencies, including incorporating internal controls to assure ongoing compliance, as well as training for appropriate personnel; (iv) maintain a BSA/AML internal control structure, including suspicious activity monitoring and reporting, risk assessment, and customer due diligence; (v) contract with a third-party consulting firm to conduct an independent test of the bank’s BSA/AML compliance program; (vi) implement an effective, comprehensive BSA training program for appropriate personnel regarding specific compliance responsibilities; and (vii) conduct a look-back review to ensure certain reportable transactions and suspicious activities were appropriately identified and reported.
On September 24, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $473,157 settlement with a California-based equipment and software company for six apparent violations of the Iranian Transactions and Sanctions Regulations (ITSR). According to OFAC’s web notice, from roughly January 2016 to June 2016, the company—through a former subsidiary it had since merged with—allegedly reexported U.S. export-controlled test measurement equipment to Iran. Among other things, OFAC noted that prior to the merger, the subsidiary “committed to cease all existing and future business” with certain sanctioned countries, including Iran. However, after the acquisition, certain subsidiary personnel continued to engage in transactions with Iran, with three employees taking “measures to obfuscate from [the company] their dealings with Iran.”
In arriving at the settlement amount, OFAC considered various aggravating factors, including that (i) the subsidiary willfully violated the ITSR by shipping products in order to bypass the company’s directive to cease Iran-related business; and (ii) some of the subsidiary’s senior branch and sales managers knowingly participated in the apparent violations.
OFAC also considered various mitigating factors, including that the company (i) fully cooperated with OFAC’s investigation; (ii) undertook several remedial measures, such as terminating the appropriate employees; (iii) “assess[ed] past and current transactions for compliance with OFAC regulations, implement[ed] mechanisms to halt current transactions, and ensur[ed] that no further transactions involved restricted countries”; and (iv) enhanced its sanctions compliance program to minimize the risk of similar violations from occurring in the future.
- Thomas A. Sporkin to discuss "Managing internal investigations and advanced government defense" at the Securities Enforcement Forum
- Jeffrey P. Naimon to discuss "2021 - A new beginning/what's to come" at the QuestSoft Lending Compliance & Risk Management Virtual Conference
- H Joshua Kotin to discuss "Mortgage servicing in a recession: Early intervention, loss mitigation and more" at the NAFCU Virtual Regulatory Compliance Seminar
- Daniel R. Alonso to discuss "Independent monitoring in the United States" at the World Compliance Association Peru Chapter IV International Conference on Compliance and the Fight Against Corruption
- Jonice Gray Tucker to discuss "Cyber security, incident response, crisis management" at the Legal & Diversity Summit
- Jonice Gray Tucker to discuss "The future of fair lending" at the Mortgage Bankers Association Regulatory Compliance Conference
- Michelle L. Rogers to discuss "Major litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Pandemic fallout – Navigating practical operational challenges" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Daniel P. Stipano to discuss "BSA/AML - Covid impact and regulatory/guidance roundup" at an NAFCU webinar