Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On August 6, the U.S. Court of Appeals for the D.C. Circuit affirmed a district court ruling that ordered three Chinese banks to comply with subpoenas seeking customer records stemming from a DOJ investigation into a now-defunct Chinese company’s evasion of North Korean sanctions, or face contempt fines each of $50,000 per day. According to the DOJ, the banks allegedly facilitated transactions for the Chinese company that may have operated as a front for the North Korean government in violation of U.S. sanctions. In 2017, the DOJ obtained grand jury subpoenas seeking records related to U.S. correspondent banking transactions of the defunct company from two of the banks with U.S. branches, and served the third bank, which did not have U.S. branches, with a Patriot Act subpoena. After the banks refused to comply with the subpoenas, the district court granted the DOJ’s motion to compel.
On appeal, the D.C. Circuit concluded that the district court had personal jurisdiction to enforce the subpoenas. The appellate court held that the two banks with U.S. branches consented to jurisdiction when they opened those branches because they had executed agreements with the Federal Reserve which required compliance with relevant provisions of federal law. For the bank without U.S. branches, the D.C. Circuit determined that “it had sufficient contact with the [U.S.] as a whole and the subpoena sufficiently related to that contact so as to support the court’s personal jurisdiction.” The court also held that the foreign records sought from the bank without U.S. branches were within the scope of the PATRIOT Act subpoena, noting that the PATRIOT Act authorized the DOJ to issue a “subpoena to any foreign bank that maintains a correspondent account in the [U.S.] and request records related to such correspondent account, including records maintained outside of the [U.S.] relating to the deposit of funds into the foreign bank.” The appellate court also affirmed the district court’s decision to hold the banks in contempt, dismissing the banks’ argument that this move was improper because they had done all they could to obtain approval from the Chinese government to produce the subpoenaed records.
On October 25, FinCEN issued advisory bulletin FIN-2016-A005 reminding financial institutions of their Bank Secrecy Act (BSA) obligations to report certain cyber-events and cyber-enabled crime. The advisory highlights the importance of (i) reporting cyber-events and cyber-enabled crime through Suspicious Activity Reports (SARs); (ii) including cyber-related information such as IP addresses with timestamps, virtual-wallet information, device identifiers, and cyber-event information, in SAR reporting; (iii) collaborating with BSA/AML, cybersecurity, and other in-house units to facilitate “a more comprehensive threat assessment and develop appropriate risk management strategies to identify, report, and mitigate cyber-events and cyber-enabled crime”; and (iv) sharing cyber-related information – including specific malware signatures, IP addresses and device identifiers, and virtual currency addresses that seem anonymous – amongst financial institutions for the “purpose of identifying and, where appropriate, reporting money laundering or terrorist activities.” Importantly, the advisory distinguishes between mandatory SAR reporting of cyber-events, providing three specific examples, and voluntary reporting of cyber-events. Per the advisory, “[c]yber-events targeting financial institutions that could affect a transaction or series of transactions would be reportable as suspicious transactions because they are unauthorized, relevant to a possible violation of law or regulation, and regularly involve efforts to acquire funds through illegal activities.”
FinCEN simultaneously issued FAQs to supplement advisory bulletin FIN-2016-A005. The FAQs, which supersede 2001 FAQs regarding computer intrusion, provide answers to a set of nine questions. The FAQs address, among other things, (i) when cyber-related SAR reports should be filed; (ii) the type of information that should be included in cyber-related SARs; and (iii) cyber-event and cyber-enabled crime information sharing, pursuant to Section 314(b) of the USA PATRIOT Act, between financial institutions.
On September 21, the U.S. District Court for the District of Columbia stayed enforcement of FinCEN’s second attempt to cut off a Tanzania-based bank’s access to the U.S. banking system. The dispute originated from FinCEN’s attempt to prohibit domestic financial institutions from opening or maintaining correspondent accounts on behalf of the foreign bank under the authority of Section 311 of the USA PATRIOT ACT, which authorizes FinCEN take special measures against banks of primary money laundering concern. FinCEN first promulgated a final rule imposing the prohibition in July 2015, which was enjoined by the court in August, 2015. FinCEN agreed to a voluntary remand to correct deficiencies in its rulemaking process, such as providing the bank access to declassified information and considering the use of less drastic measures to address its concerns. In March 2016, FinCEN promulgated a revised final rule in which it indicated that the bank’s AML compliance remained inadequate and that the bank continued to engage in “illicit financial activity.” Upon a second review, the court again found that FinCEN had failed to adequately disclose declassified information to the bank prior to releasing the revised final rule, and did not properly respond to other of the bank’s concerns. In addition, the court was not satisfied that FinCEN had made the required consultations with other executive-branch agencies as required by statute.
On March 31, FinCEN published a final rule imposing the fifth special measure against FBME Bank Ltd. (FBME). Pursuant Section 311 of the USA PATRIOT Act, the fifth special measure prohibits U.S. financial institutions from opening or maintaining a correspondent account for, or on behalf of, FBME. As previously covered in InfoBytes, on July 29, 2015, FinCEN published a similar final rule, which did not take effect as, one day before its effective date, a U.S. district court granted FBME’s motion for a preliminary injunction to stop the rule from taking effect. In November 2015, FinCEN subsequently re-opened its comment period for the final rule, soliciting additional comments “particularly with respect to the unclassified, non-protected documents that support the rulemaking and whether any alternatives to the prohibition of the opening or maintaining of correspondent accounts with FBME would effectively mitigate the risk to domestic financial institutions.” According to FinCEN, its recently issued final rule will “guard against the international money laundering and terrorist financing risks that FBME poses to the U.S. financial system.” The Final Rule is effective July 29, 2016.
On February 19, FinCEN withdrew three findings and proposed rulemakings under Section 311 of the USA PATRIOT Act. FinCEN determined that the three entities subject to the proposed rulemakings “no longer pose a money laundering threat to the U.S. financial system.” FinCEN withdrew its findings and proposed rulemakings against (i) a Costa Rica-based financial institution; (ii) a Belarus-based financial institution; and (iii) an Andorra-based financial institution. Regarding the Costa Rica-based institution, FinCEN noted that the DOJ “seized [its] accounts and Internet domain names and charged seven of its principals and employees with money laundering;” the institution stopped functioning after such actions were taken. According to FinCEN, the Belarus-based entity, along with its successor, no longer operates as a foreign financial institution and does not operate in a way that poses a threat to the U.S. financial system. Finally, concerning the third entity, FinCEN noted that Andorran authorities assumed control of the management and operations of the entity, arrested its chief executive officer on money laundering charges, and “are in the final stages of implementing a resolution plan that is isolating the assets, liabilities, and clients of [the entity] that raise money laundering concerns.”
On November 27, FinCEN published in the Federal Register a Notice to re-open the comment period for its previously issued Final Rule imposing the fifth special measure against FBME Bank Ltd. (FBME). On August 27, the day before the Rule was scheduled to take effect, the United States Court for the District of Columbia Court granted FBME’s motion for a preliminary injunction and enjoined the Final Rule from taking effect. On November 6, the Court granted the Government’s motion for voluntary remand to allow for further rulemaking proceedings. FinCEN’s most recent Federal Register Notice to re-open the comment period for the Final Rule solicits additional comments “particularly with respect to the unclassified, non-protected documents that support the rulemaking and whether any alternatives to the prohibition of the opening or maintaining of correspondent accounts with FBME would effectively mitigate the risk to domestic financial institutions.” Comments are due by January 26, 2016.
On September 28, FinCEN announced its intention to withdraw its February 2011 Notice of Finding and Notice of Proposed Rulemaking identifying a Lebanon-based bank as a “financial institution of primary money laundering concern” under Section 311 of the USA PATRIOT Act. The bank had been linked with Hezbollah and found to be involved in international narcotics and money laundering networks. Accordingly, through the Notice of Finding, FinCEN sought to impose certain “special measures” on the bank which are designed to, among other things, weaken foreign banks suspected of money laundering and financing terrorism, as well as protect American financial institutions. However, given that the bank’s license was revoked in September 2011 by Lebanon’s central bank, the Banque du Liban, and all of its assets were subsequently liquidated, the bank no longer exists as a foreign financial institution and, as such, is no longer subject to the prohibitions set forth in the proposed rule. The withdrawal of FinCEN’s Notice of Finding does not require a comment period and will be effective upon publication in the Federal Register.
On July 23, FinCEN issued a final rule pursuant to Section 311 of the USA PATRIOT Act to impose “special measure five” against FBME Bank Ltd. (“FBME”), formerly known as the Federal Bank of the Middle East. Special measure five prohibits U.S. financial institutions from opening or maintaining correspondent accounts or payable through accounts for or on behalf of FBME. The action follows a July 17, 2014 notice of proposed rulemaking in which FinCEN stated that it had found FBME to be of primary money laundering concern under Section 311 and issued a related notice of proposed rulemaking (NPRM) proposing the imposition of special measure five against FBME. Supporting the proposed rule were the following factors: (i) FBME is used by its customers to facilitate money laundering, terrorist financing, transnational organized crime, fraud, sanctions evasion, and other illicit activity internationally and through the U.S. financial system; (ii) FBME has systemic failures in its anti-money laundering controls that attract high-risk shell companies, that is, companies formed for the sole purpose of holding property or funds and that do not engage in any legitimate business activity; and (iii) FBME performs a significant volume of transactions and activities that have little or no transparency and often no apparent legitimate business purpose. The final rule will be effective August 28, 2015.
Second Circuit Rules National Security Agency's Collection of Phone Data Unlawful Under USA PATRIOT Act
In ACLU et al. v. Clapper et al., No. 14-42-CV, --- F.3d ----, 2015 WL 2097814, (2d Cir. May 7, 2015), the Second Circuit reversed a lower court’s ruling that the NSA’s bulk collection of phone data can be lawfully conducted under the USA Patriot Act. The district court had dismissed the ACLU’s complaint, holding that the program was authorized under the Patriot Act. The Second Circuit vacated that ruling and remanded the matter back to the District Court.
In remanding the matter back to the district court, the Court held “the district court erred in ruling that § 215 [of the USA Patriot Act] authorizes the telephone metadata collection program, and instead hold that the telephone metadata program exceeds the scope of what Congress has authorized and therefore violates § 215.” Id. at *33. The Court found that “[s]uch expansive development of government repositories of formerly private records would be an unprecedented contraction of the privacy expectations of all Americans.” Id. at *25. Because the Court decided the issue on statutory grounds, it declined to determine the constitutionality of the program. Id. at *1, *31. Although the Second Circuit vacated the lower court judgment, it fell short of stopping the program and affirmed the District Court’s denial of a request for a preliminary injunction, given that parts of Section 215 were set to expire on June 1, 2015. Id. at *32.
On March 30, the DOJ filed a criminal complaint against two former federal agents on charges of wire fraud and money laundering of digital currency stolen during the investigation of Silk Road. According to the DOJ, both agents were assigned to the Baltimore Silk Road Task Force – one a Special Agent with the Drug Enforcement Administration (DEA), the other with the U.S. Secret Service (USSS). The individual working with the DEA allegedly developed multiple online personas during his undercover investigation of Robert Ulbricht, the alleged operator of Silk Road, and “engaged in a broad range of illegal activities calculated to bring him personal financial gain.” Among other things, the complaint alleges that the DEA agent “sought to extort [Ulbricht] by seeking monetary payment, offering in exchange not to provide the government with certain information if [he] paid $250,000.” The DOJ is accusing the USSS agent of stealing a large amount of bitcoins from the Silk Road website, transferring the bitcoins into a Japanese-based digital currency exchange, and then completing wire transfers from the Japanese exchange into a newly created bank account. The USSS agent self-surrendered on March 30 and the DEA agent was arrested on Friday, March 27.
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Benjamin W. Hutten to discuss "BSA program reporting, management and board of directors responsibilities" at the Georgia Bankers Association BSA Experience Program
- Hank Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates and Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- H Joshua Kotin to discuss "Recent developments in fair lending and avoiding the pitfalls" at the Arkansas Community Bankers/Bankers Assurance 2019 Compliance Conference
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at the American Bar Association Business Law Section Annual Meeting
- Valerie L. Hletko to discuss "Banking on guns ‘n drugs: Social policy meets financial services" at the American Bar Association Business Law Section Annual Meeting
- Daniel P. Stipano to discuss "Navigating the conflicting federal and state laws for doing business with cannabis companies" at the American Bar Association Business Law Section Annual Meeting
- Tim Lange to discuss "Services and value" at the North American Collection Agency Regulatory Association Annual Conference
- Katherine L. Halliday to discuss "UDAP, UDAAP & the Map rule compliance basics" at the Mortgage Bankers Association Regulatory Compliance Conference
- Brandy A. Hood to discuss "How to ace your TRID exam" at the Mortgage Bankers Association Regulatory Compliance Conference
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Melissa Klimkiewicz to discuss "Navigating FHA rules and regs" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jeffrey P. Naimon to discuss "Washington regulatory overview" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Kathryn L. Ryan to discuss "The state’s role in fintech: Providing an industry framework for innovation" at Lend360
- Jeffrey P. Naimon to discuss "Truth in lending" at the American Bar Association National Institute on Consumer Financial Services Basics
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions" at the Institute of International Bankers Risk Management and Regulatory Examination/Compliance Seminar
- Jonice Gray Tucker to discuss "Fintech regulatory developments, crypto-assets, blockchain and digital banking, and consumer issues" at the Practising Law Institute Banking Law Institute
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference