InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN issues final rule replacing obsolete BSA civil penalty regulations
On December 23, the Financial Crimes Enforcement Network (FinCEN) published a final rule amending the Bank Secrecy Act civil penalty regulations concerning requirements for reporting foreign financial accounts and transactions with foreign financial agencies. Specifically, the final rule removes civil penalty language that was made obsolete by the American Jobs Creation Act of 2004’s enactment of statutory revisions to the computation of a civil money penalty, which included provisions for increasing the maximum penalty for willful violations. The final rule took effect immediately.
CFTC revises LIBOR transition no-action letters
On December 22, the CFTC announced that the Division of Clearing and Risk (DCR), Division of Market Oversight (DMO), and Market Participants Division each issued revised no-action letters (see 21-26, 21-27, and 21-28) to swap dealers and other market participants associated with the transition from swaps that reference LIBOR and other interbank rates to swaps that reference alternative benchmarks. As previously covered by InfoBytes, the United Kingdom’s Financial Conduct Authority announced the dates that all LIBOR settings will cease to be provided by any administrator and will no longer be representative. All sterling, euro, Swiss franc and Japanese yen settings, and one-week and two-month U.S. dollar settings ceased immediately after December 31, 2021, while all remaining U.S. dollar settings will cease immediately after June 30, 2023. Therefore, according to the recent CFTC announcement, the DMO and the DCR letters are effective until June 30, 2023 “for swaps otherwise covered by such letters to the extent such swaps reference one of the 2023 USD LIBOR Settings.”
OFAC sanctions Chinese tech firms
On December 16, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) added eight Chinese companies to OFAC’s Non-SDN Chinese Military-Industrial Complex Companies sanctions list. The eight Chinese technology firms were identified by OFAC pursuant to E.O. 13959, as expanded by E.O. 14032, for “actively support[ing] the biometric surveillance and tracking of ethnic and religious minorities in China.” As previously covered by InfoBytes, last month President Biden extended, for one year, the national emergency declared pursuant to E.O. 13959, as expanded by E.O. 14032, involving securities investments related to Non-SDN Chinese Military-Industrial Complex Companies. Among other things, E.O. 14032 generally prohibits U.S. persons from “the purchase or sale of any publicly traded securities, or any securities that are derivative of such securities, or are designed to provide investment exposure to such securities, of” any such companies.
Additionally, the U.S. Commerce Department’s Bureau of Industry and Security issued a final rule, amending the Export Administration Regulations through the addition of 37 new foreign entities to the Entity List after determining the entities have engaged in activities that are “contrary to the foreign policy or national security interests of the United States.” According to OFAC’s announcement, these 37 entities “include 25 PRC entities that contribute to Beijing’s efforts to develop and deploy biotechnology and other technologies for military applications and human rights abuses, including four entities previously identified in E.O. 13959, as amended.”
OFAC sanctions Central African Republic leader
On December 17, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) added a leader of a Central African Republic based militia group to OFAC’s SDN sanctions list. According to OFAC, the militia group leader was identified pursuant to E.O. 13667 for serious human rights abuses. The sanctioned individual is a leader of an entity that has engaged in the targeting of women, children, or any civilians through the commission of acts of violence, among other things, that would constitute a serious abuse or violation of human rights or a violation of international humanitarian law. As a result of the sanction, all property and interests in property of the designated individual generally must be blocked and reported to OFAC. OFAC also noted that its regulations generally prohibit all dealings by U.S. persons that involve any property or interests in property of designated persons.
U.S.-UK financial regulators discuss bilateral issues
On December 17, the U.S. Treasury Department issued a joint statement covering the recently held fifth meeting of the U.S.-UK Financial Regulatory Working Group (Working Group). Participants included officials and senior staff from both countries’ treasury departments, as well as regulatory agencies including the Federal Reserve Board, CFTC, FDIC, OCC, SEC, the Bank of England, and the Financial Conduct Authority. The Working Group discussed, among other things, (i) international and bilateral cooperation; (ii) “emerging regulatory approaches and the need to promote multilateral cooperation and alignment given that a number of third-party providers operate cross-border to provide services to the financial sector and there are potential risks of regulatory fragmentation”; (iii) “risks associated with regulatory driven fragmentation in derivatives clearing and banking markets”; (iv) “efforts in relation to the LIBOR transition, market developments, the risks associated with newly created credit-sensitive rates, and transition implications for other jurisdictions;” and (v) the management of climate-related financial risks and other sustainable finance issues. According to the statement, Working Group participants will continue to engage bilaterally on these issues and others ahead of the next meeting planned for this spring.
FinCEN says wildlife trafficking threatens financial system integrity
On December 20, the Financial Crimes Enforcement Network (FinCEN) issued a Financial Threat Analysis concerning suspicious activity reports (SARs) related to wildlife trafficking trend information identified in Bank Secrecy Act (BSA) data. FinCEN identified wildlife trafficking as a major transnational organized crime involving “the illicit trade of protected animals, animal parts, and derivatives thereof, including procurement, transport, and distribution, in violation of international or domestic law, and money laundering related to this activity.” The proceeds related to wildlife trafficking is estimated to be between $7 and $23 billion annually. According to FinCEN, traffickers damage the integrity of the financial system. FinCEN also stated that financial institutions play a critical role in “identifying wildlife trafficking and protecting the U.S. financial system from associated illicit finance through compliance with their BSA obligations.”
FinCEN stated that the issues with wildlife trafficking are: “(1) its strong association with corruption and transnational criminal organizations, two of FinCEN’s national anti-money laundering and countering the financing of terrorism priorities published in June 2021; (2) a need to enhance reporting and analysis of related illicit financial flows; and, (3) wildlife trafficking’s contribution to biodiversity loss, damage to fragile ecosystems, and the increased likelihood of spreading of zoonotic diseases.”
Global tech corporation fined for GDPR violations fends off daily fines
According to sources, the Luxembourg President of the Administrative Tribunal issued an ordinance on December 17 partially suspending a July decision issued by the Luxembourg National Commission for Data Protection (CNPD) against a global technology corporation for alleged violations of the EU’s General Data Protection Regulations (GDPR). As previously covered by InfoBytes, the CNPD fined the corporation $746 million euro (approximately $888 million USD), issuing a decision against the corporation’s European headquarters, claiming the corporation’s “processing of personal data did not comply with the [GDPR].” The decision—which required corresponding practice revisions, the details of which were not disclosed—followed an investigation started in 2018 when a French privacy group claiming to represent the interests of Europeans filed complaints against several large technology companies to ensure European consumer data is not manipulated for commercial or political purposes. The December ordinance suspends orders that required the corporation to make a number of changes to its data processes by January 15 or risk additional daily fines. Sources stated that the CNPD’s order “had not been formulated in clear, precise and free of uncertainty terms” that would allow the corporation to meet the conditions. The corporation’s appeal is still pending.
Biden issues executive order expanding Treasury sanction authority; OFAC issues sanctions pursuant to the Kingpin Act
On December 15, President Biden issued an Executive Order (E.O.), “Imposing Sanctions on Foreign Persons Involved in the Global Illicit Drug Trade.” The E.O. was issued due to the threat of drug trafficking into the U.S of illicit drugs, which “is causing the deaths of tens of thousands of Americans annually, as well as countless more non-fatal overdoses with their own tragic human toll.” Among other provisions, the E.O authorizes the Department of Treasury to impose certain sanctions on any foreign person determined by the Secretary of the Treasury, in consultation with the Secretary of State, the Attorney General, and the Secretary of Homeland Security to have engaged in activities contributing to the international proliferation of drugs or to have knowingly received property derived from drug proliferation.
According to an announcement issued by Treasury, the E.O provides “the Treasury Department with new tools to tackle changes in the global illicit drug trade that substantially contributed to over 100,000 American overdose deaths in the 12-month period ending in April 2021.” Among other things, the E.O. “enhances the Department of Treasury’s authorities to target any foreign person engaged in drug trafficking activities, regardless of whether they are linked to a specific kingpin or cartel” and “enables Treasury to sanction foreign persons who knowingly receive property that constitutes, or is derived from, proceeds of illicit drug trafficking activities.” Under the E.O., Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to the Foreign Narcotics Kingpin Designation Act against 10 individuals and 15 entities in 4 countries “for having engaged in, or attempted to engage in, activities or transactions that have materially contributed to, or pose a significant risk of materially contributing to, the international proliferation of illicit drugs or their means of production.”
CFPB orders companies to submit BNPL information
On December 16, the CFPB issued a series of orders to five companies seeking information regarding the risks and benefits of the “buy now, pay later” (BNPL) credit model. BNPL is a “fast-growing” form of deferred payment that permits a consumer to divide a purchase into smaller installment payments, which are usually four or less and are often with a down payment of 25 percent due at the time of checkout. The Bureau issued the orders under Section 1022(c)(4) of the Consumer Financial Protection Act (12 U.S.C. § 5512(c)(4)), which, as part of the agency’s rulemaking authority, authorizes it to “monitor consumer financial markets and enables the agency to require market players to submit information to inform this monitoring.” The Bureau stated that it is “concerned about accumulating debt, regulatory arbitrage, and data harvesting in a consumer credit market already quickly changing with technology.” The Bureau expects to “publish aggregated findings on insights learned from this inquiry” and intends for the orders “to illuminate the range of these consumer credit products and their underlying business practices.”
The Bureau made available an example order that contains 20 requests seeking various information and data on several topics, including: (i) “Business Model/Metrics”; (ii) “Loan Performance Metrics”; (iii) “Consumer Protections”; (iv) “User Contacts and Demographics”; and (v) “Data Harvesting.” With respect to data harvesting, the CFPB noted that “[a]s competitive forces pressure the merchant discount, lenders will need to find other sources of revenue to maintain growth and profitability,” and the Bureau “would like to better understand practices around data collection, behavioral targeting, data monetization and the risks they may create for consumers.” The Bureau also noted that as part of the inquiry, it is collaborating with Australia, Sweden, Germany, and the UK (specifically, the Financial Conduct Authority), and will additionally be coordinating with the rest of the Federal Reserve System, and its state partners.
The same day, the Bureau issued a blog post for consumers on common risks to be aware of before using a BNPL loan. The blog noted, among other cautions, that: (i) “BNPL products often carry fees”; (ii) “[y]our loan repayment agreement is with the BNPL lender rather than the retailer”; (ii) “BNPL loans have fewer protections than credit cards”; and (iii) “[m]ost BNPL lenders don’t report payments to the major credit reporting companies,” nor “generally perform hard credit inquiries when deciding whether or not to give you the loan.”
Norwegian Data Protection Authority fines U.S. dating app $7.1 million for alleged GDPR violations
On December 13, the Norwegian Data Protection Authority issued a reduced administrative fine against a U.S. company operating a GPS-based mobile dating app for allegedly violating the EU’s General Data Protection Regulation (GDPR). The regulator’s 2020 complaint stated that the company allegedly forced users to accept a full privacy policy in order to use the app, rather than providing users the option to independently and specifically consent to the sharing of their data with third parties and the company’s other data processing operations. This consent mechanism, the regulator claimed, “infringed most of the requirements for valid consent” under GDPR Articles 4(11), 6(1)(a), 7 and 9(2)(a). According to the regulator, the company allegedly shared user data with third parties for marketing purposes, including IP addresses, GPS location information, gender, age, and device information, among others, without a valid legal basis and disclosed “special category personal data to advertising partners without a valid exemption.” The regulator reduced the originally proposed $11.1 million fine to approximately $7.2 million, noting that the company’s efforts “to remedy the deficiencies in [its] previous [consent mechanism were] a mitigating factor.” However, the regulator noted that the company benefited financially from its GDPR violations, which was an “aggravating factor” in its deliberations.