Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 7, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced the release of its 2020 Examination Priorities. The annual release of exam priorities provides transparency into the risk-based examination process and lists areas that pose current and potential risks to investors. OCIE’s 2020 examination priorities include:
- Retail investors, including seniors and those saving for retirement. OCIE places particular emphasis on disclosures and recommendations provided to investors.
- Information security. In addition to cybersecurity, top areas of focus include: risk management, vendor management, online and mobile account access controls, data loss prevention, appropriate training, and incident response.
- Fintech and innovation, digital assets and electronic investment advice. OCIE notes that the rapid pace of technology development, as well as new uses of alternative data, presents new risks and will focus attention on the effectiveness of compliance programs.
- Investment advisers, investment companies, broker-dealers, and municipal advisers. Risk-based exams will continue for each of these types of entities, with an emphasis on new registered investment advisers (RIA) and RIAs that have not been examined. Other themes in exams of these entities include board oversight, trading practices, advice to investors, RIA activities, disclosures of conflicts of interest, and fiduciary obligations.
- Anti-money laundering. Importance will be placed on beneficial ownership, customer identification and due diligence, and policies and procedures to identify suspicious activity.
- Market infrastructure. Particular attention will be directed to clearing agencies, national securities exchanges and alternative trading systems, and transfer agents.
- FINRA and MSRB. OCIE exams will emphasize regulatory programs, exams of broker-dealers and municipal advisers, as well as policies, procedures and controls.
On January 9, the Federal Reserve Board announced that it entered into a cease and desist order on December 30 with a Texas state-chartered bank due to “significant deficiencies” in the bank’s Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance program that were discovered in its latest examination of the bank. The requirements set out for the bank in the order include:
- Board oversight. The bank must submit a board-approved, written plan to improve oversight of BSA/AML requirements.
- BSA/AML compliance program. The bank must submit a written BSA/AML compliance program that includes BSA/AML training; independent testing of the compliance program; management of the program by a qualified compliance officer with adequate staffing support; BSA/AML compliance internal controls; and a BSA/AML risk assessment of the bank, its products and services, and its customers.
- Customer due diligence. The bank must submit a revised customer due diligence program that includes policies and procedures to ensure accurate client account information; a plan to bring existing accounts into compliance with due diligence requirements; a method to assign risk ratings to account holders; policies and procedures to ensure proper customer information is obtained according to the risk of the account holder; and risk-based monitoring procedures and updates to accounts.
- Suspicious activity monitoring and reporting. The bank must submit a written suspicious activity monitoring and reporting program that includes a documented process for establishing monitoring rules; policies and procedures for review of monitoring rules; customer and transaction monitoring; and policies and procedures for the review of suspicious activity.
On December 27, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in November. The 14 orders include “two consent orders; one civil money penalty; one order terminating consent order; one supervisory prompt corrective directive action; five section 19 orders (prohibiting persons who have been convicted of any criminal offense involving dishonesty, breach of trust, or money laundering from serving as institution-affiliated parties with respect to an insured depository institution); two removal and prohibition orders; and two orders terminating prompt supervisory corrective action directives.” In one action, the FDIC issued a consent order against an Illinois-based bank related to alleged weaknesses in its Bank Secrecy Act (BSA) compliance program. Among other things, the bank is ordered to (i) implement a revised, written BSA compliance program to address BSA and FinCEN regulation provisions, such as suspicious activity reporting, customer due diligence, and beneficial ownership; (ii) update its Customer Due Diligence Program to assure the reasonable detection of suspicious activity; (iii) implement a process for account transaction monitoring; (iv) retain qualified BSA management to ensure compliance with applicable laws and regulations; (v) implement a comprehensive BSA training program for appropriate personnel; (vi) address automated clearing house (ACH) activity and update policies and procedures to monitor credit risk associated with ACH transactions; and (vii) refrain from entering into any new lines of business prior to conducting appropriate due diligence.
On November 12, the Financial Crimes Enforcement Network (FinCEN) issued an advisory on the Financial Action Task Force (FATF)-identified jurisdictions with “strategic deficiencies” in their anti-money laundering and combating the financing of terrorism (AML/CFT) regimes. As previously covered by InfoBytes, in October, FATF updated the list of jurisdictions to include the Bahamas, Botswana, Cambodia, Ghana, Iceland, Mongolia, Pakistan, Panama, Syria, Trinidad and Tobago, Yemen, and Zimbabwe. At the time, FATF noted that several jurisdictions had not yet been reviewed, and that it “continues to identify additional jurisdictions, on an ongoing basis, that pose a risk to the international financial system.”
The FinCEN advisory reminds financial institutions of the FATF October updates and emphasizes that financial institutions should consider both the FATF Public Statement and the Improving Global AML/CFT Compliance: On-going Process documents when reviewing due diligence obligations and risk-based policies, procedures, and practices. Moreover, the advisory includes public statements on the status of, and obligations involving, the Democratic People’s Republic of Korea (DPRK) and Iran, in particular. The advisory reminds jurisdictions of the actions the United Nations and the U.S. have taken with respect to sanctioning the DPRK and Iran and emphasizes that financial institutions must comply “with the extensive U.S. restrictions and prohibitions against opening or maintaining any correspondent accounts, directly or indirectly, with foreign banks licensed by the DPRK or Iran.”
On October 18, the Financial Action Task Force (FATF) published its updated list of jurisdictions identified as having “strategic deficiencies” in their anti-money laundering and combating the financing of terrorism (AML/CFT) regimes that have also developed action plans with the FATF to address the deficiencies. The list of jurisdictions includes the Bahamas, Botswana, Cambodia, Ghana, Iceland, Mongolia, Pakistan, Panama, Syria, Trinidad and Tobago, Yemen, and Zimbabwe. Notably, Ethiopia, Sri Lanka, and Tunisia have been removed from the list and are no longer subject to the FATF’s AML/CFT compliance process due to making “significant progress” in their regimes, while Iceland, Mongolia, and Zimbabwe have been added since the last update in June (covered by InfoBytes here). The FATF further notes that several jurisdictions have not yet been reviewed, and that it “continues to identify additional jurisdictions, on an ongoing basis, that pose a risk to the international financial system.” While the FATF does not instruct members to apply enhanced due diligence to these jurisdictions, it encourages members to take this information into account when conducting money laundering risk assessments and due diligence.
FATF updates standards to prevent misuse of virtual assets; reviews progress on jurisdictions with AML/CFT deficiencies
On October 19, the Financial Action Task Force (FATF) issued a statement urging all countries to take measures to prevent virtual assets and cryptocurrencies from being used to finance crime and terrorism. FATF updated The FATF Recommendations to add new definitions for “virtual assets” and “virtual asset service providers” and to clarify how the recommendations apply to financial activities involving virtual assets and cryptocurrencies. FATF also stated that virtual asset service providers are subject to Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) regulations, which require conducting customer due diligence, such as ongoing monitoring, record-keeping, and suspicious transaction reporting, and commented that virtual asset service providers should be licensed or registered and will be subject to compliance monitoring. However, FATF noted that its recommendations “require monitoring or supervision only for purposes of AML/CFT, and do not imply that virtual asset service providers are (or should be) subject to stability or consumer/investor protection safeguards.”
The same day, FATF announced that several countries made “high-level political commitment[s]” to address AML/CFT strategic deficiencies through action plans developed to strengthen compliance with FATF standards. These jurisdictions are the Bahamas, Botswana, Ethiopia, Ghana, Pakistan, Serbia, Sri Lanka, Syria, Trinidad and Tobago, Tunisia, and Yemen. FATF also issued a public statement calling for continued counter-measures against the Democratic People's Republic of Korea due to significant AML/CFT deficiencies and the threats posed to the integrity of the international financial system, and enhanced due diligence measures with respect to Iran. However, FATF will continue its suspension of counter-measures due to Iran’s political commitment to address its strategic AML/CFT deficiencies.
On August 28, the OCC issued Bulletin 2018-25, which provides guidance regarding the role of informal or implied expressions of support from foreign governments (implied sovereign support) in determining a borrower’s obligor and facility credit risk ratings. The Bulletin expands on Appendix E of the “Rating Credit Risk” booklet of the Comptroller’s Handbook and encourages banks to analyze, among other things, the sovereign’s legal and financial obligations and the relationship between the obligor and the sovereign. The OCC notes that the obligor’s importance to the sovereign’s local economy does not necessarily demonstrate “willingness to provide an obligor with financial support.” Additionally, the Bulletin provides guidance regarding bank policies regarding the use and application of implied sovereign support to determine a final regulatory risk rating. The OCC states that a sound policy would incorporate the following three elements: (i) defined criteria on how a risk rating may be changed for an obligor due to recognition of implied sovereign support; (ii) methods for determining whether implied sovereign support will be considered in the risk rating decision, including periodic reevaluations of the assessment; and (iii) appropriate documentation standards, including a tracking process that promotes “consistent and appropriate” application of the defined criteria.
FinCEN issues extension to continue suspension of beneficial ownership requirements for automatic renewal products
On August 8, the Financial Crimes Enforcement Network (FinCEN) issued a notice to provide an additional 30 days of limited exceptive relief for covered financial institutions that are required to obtain and verify the identity of beneficial owners of legal entity customers with respect to certificate of deposit rollovers and loans that renew automatically. As previously covered in InfoBytes, the extension—which was set to expire August 9 and applies to qualified products and services that were established before the Beneficial Ownership Rule’s May 11 compliance date—will now continue until September 8. FinCEN noted it will continue to evaluate the requirement to determine whether additional relief is needed.
Find continuing InfoBytes coverage on beneficial ownership and customer due diligence requirements here.
On May 3, FINRA issued a Regulatory Notice 18-19 amending Rule 3310—Anti-Money Laundering (AML) Compliance Program rule—to reflect the Financial Crimes Enforcement Network’s final rule concerning customer due diligence requirements for covered financial institutions (CDD rule), which becomes applicable on May 11. According to Regulatory Notice 18-19, member firms should ensure that their AML programs are updated to include, among other things, appropriate risk-based procedures for conducting ongoing customer due diligence including (i) “understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile,” and (ii) “conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.” The announcement also makes reference to FINRA’s Regulatory Notice 17-40, issued last November, which provides additional guidance for member firms complying with the CDD rule. (See previous InfoBytes coverage here.). The notice further states that the “provisions are not new and merely codify existing expectations for firms.”
On April 27, the House Financial Services Committee’s Subcommittee on Financial Institutions and Consumer Credit held a hearing entitled “Implementation of FinCEN's Customer Due Diligence Rule—Financial Institution Perspective” to discuss challenges facing financial institutions when complying with FinCEN’s Customer Due Diligence Rule (CDD Rule). As previously covered in InfoBytes, the CDD Rule takes effect May 11, and imposes standardized customer due diligence (CDD) requirements under the Bank Secrecy Act (BSA) for covered financial institutions, including the identification and verification of the beneficial owners of legal entity customers. The hearing’s four witnesses expressed certain concerns regarding the effects of implementation on financial institutions, as well as the timing of additional guidance released April 3 in the form of frequently asked questions.
In prepared remarks, Executive Director of The Financial Accounting and Corporate Transparency (FACT) Coalition, Gary Kalman, commented that the CDD Rule, which calls for additional AML requirements, is a “positive step forward but falls short of what is needed to protect the integrity of [the] financial system”—particularly in terms of what defines a “beneficial owner.” Greg Baer, President of The Clearing House Association, expressed concerns that the CDD Rule (i) requires financial institutions to verify beneficial owners for each account that is opened, instead of verifying on a per-customer basis; and (ii) does not explicitly state in its preamble that FinCEN possesses sole authority to set CDD standards, which may present opportunities for examiners to make ad hoc interpretations.
Additionally, Executive Vice President of the International Bank of Commerce Dalia Martinez, observed, among other things, that compliance with the CDD Rule is costly and burdensome, and that banks have not been provided with the tools or guidance to determine whether the information provided by legal entity customers is accurate when verifying beneficial owners. The “gray areas” within the CDD Rule, Martinez noted, present challenges for compliance. A fourth witness, Carlton Green, a partner at Crowell & Morning, expressed concerns with the relationship between FinCEN and the federal functional regulators, stating that because FinCEN has delegated examination authority to these regulators, there is a chance regulators will “create and enforce their own interpretations of or additions to BSA rules” that may “diverge from FinCEN’s priorities.”
- Jonice Gray Tucker to discuss "Trends in regulatory enforcement" at the ABA Banking Law Committee Meeting
- Jonice Gray Tucker to discuss "Fair access to credit in today’s innovative environment" at the ABA Banking Law Committee Meeting
- Andrew W. Schilling to moderate "Expectations of in-house counsel from their law firm partners" at the ACI's 7th Annual Advanced Forum on False Claims and Qui Tam
- Buckley Webcast: Tips for navigating changes to the FHA recertification process
- Daniel P. Stipano to discuss "A 20/20 view on 2020’s legislative and regulatory outlook" at the ACAMS Anti-Financial Crime and Public Policy Conference
- Kari K. Hall and Michelle L. Rogers to discuss "Overdrafts and regulatory trends" at the CLE Alabama Banking Law Update
- Kathryn L. Ryan to discuss "Industry open forum session on NMLS usage" at the NMLS Annual Conference & Training
- Kathryn L. Ryan to discuss "Regulating innovative consumer lending products" at the NMLS Annual Conference & Training
- Daniel P. Stipano to moderate "Washington update" at the 17th Puerto Rican Symposium of Anti Money Laundering 2020 conference
- APPROVED Checkpoint Webcast: CFL overview
- Daniel P. Stipano to discuss "Pathway of the SARs: Tracking trajectories of suspicious activity reports from alerts to prosecution" at the ACAMS moneylaundering.com 25th Annual International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Which bud’s for you? A deep-dive into evolving marijuana laws" at the ACAMS moneylaundering.com 25th Annual International AML & Financial Crime Conference