InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
NYDFS and international bank enter into second supplemental consent order over BSA/AML compliance deficiencies
On November 21, NYDFS and an international bank entered into a second supplemental consent order covering its settlement over alleged deficiencies in the bank’s Bank Secrecy Act/anti-money laundering and Office of Foreign Assets Control (OFAC) compliance program controls. As previously covered by Infobytes, in 2012, the bank agreed to engage an independent on-site monitor for 24 months to evaluate the New York branch’s BSA/AML and OFAC compliance programs and operations and was issued a $340 million civil money penalty. In 2014 NYDFS issued a subsequent consent order outlining the monitor’s findings, including reports of significant failures in the bank’s transaction monitoring. The 2014 order extended the engagement of the monitor for another two years, outlined remedial measures to address continued deficiencies, and required the bank to pay an additional $300 million civil money penalty. In April 2017, NYDFS and the bank entered into the first supplemental consent order to modify the 2012 and 2014 orders, acknowledging the bank made significant improvements in its BSA/AML compliance program but extended the monitor through December 2018 with all the other terms and conditions of the 2012 and 2014 consent orders remaining in full effect.
Now, beginning January 1, 2019, the second supplemental order issued by NYDFS requires the bank to engage an independent consultant, selected by the regulator, for a period of up to one year, with a possible extension of one additional year, to provide guidance for completing remediation called for in the 2012 and 2014 consent orders. In response to the second supplemental order, the bank stated it remained “committed to completing the remaining tasks necessary for that remediation.”
French bank agrees to $1.3 billion settlement to resolve U.S. sanctions investigations
On November 19, the Federal Reserve Board, Office of Foreign Assets Control (OFAC), DOJ, Manhattan District Attorney’s Office, and NYDFS announced that a French bank agreed to pay approximately $1.34 billion in total penalties to resolve federal and state investigations into the bank’s allegedly intentional violation of U.S. sanctions laws and other federal and New York state laws from approximately 2003 to 2013.
The bank entered into a deferred prosecution agreement (DPA) with the U.S. Attorney’s Office for the Southern District of New York to settle charges of conspiring to violate U.S. sanctions against Cuba by “structuring, conducting, and concealing U.S. dollar transactions using the U.S. financial system.” The DPA requires the bank to forfeit more than $717 million. The bank also agreed to “accept responsibility for its conduct by stipulating to the accuracy of an extensive Statement of Facts, pay penalties totaling [$1.34 billion] to federal and state prosecutors and regulators, refrain from all future criminal conduct, and implement remedial measures as required by its regulators.” According to the DOJ, the bank “admitted its willful violations of U.S. sanctions laws—and longtime concealment of those violations—which resulted in billions of dollars of illicit funds flowing through the U.S. financial system.” As factors mitigating the penalty, the DPA acknowledges the bank’s efforts to collect and produce “voluminous evidence located in other countries to the full extent permitted under applicable laws and regulations, and its enhancement of its compliance program and sanctions-related internal controls both before and after it became the subject of a U.S. law enforcement investigation.” Among other factors, the bank’s willingness to enter into the terms of the DPA, outweighed its “failure to self-report all of its violations of [U.S.] sanctions laws in a timely manner.”
The bank also entered into agreements to pay almost $163 million to the New York County District Attorney’s Office, nearly $54 million to OFAC, approximately $81 million to the Federal Reserve Board, and $325 million to NYDFS. Among other things, NYDFS noted that branch employees “responsible for originating USD transactions outside of the U.S. had a minimal understanding of U.S. sanctions laws and regulations as they related to Sudan, Iran, Cuba, North Korea, or other U.S. sanctions targets.”
Separate from the resolution of alleged sanctions violations, NYDFS imposed an additional $95 million penalty to resolve findings that the bank’s New York branch allegedly failed to “implement and maintain an effective Bank Secrecy Act/Anti-Money Laundering Law compliance program and transaction monitoring system.”
According to a bank statement issued the same day, the bank acknowledges and regrets the identified shortcomings, and “has already taken a number of significant steps in recent years and dedicated substantial resources to enhance its sanctions and AML compliance programs.”
NYDFS updates cybersecurity FAQs to address use of utilization review agents
On October 25, NYDFS provided a new update to its answers to FAQs relating to 23 NYCRR Part 500, which took effect March 1, 2017, and establishes cybersecurity requirements for banks, insurance companies, and other financial services institutions. The original promulgation of the FAQs was covered in Infobytes, as were the last updates in February, March, and August.
The new update states that when a covered entity uses an independent “Utilization Review” agent (UR agent) who receives nonpublic information, the covered entity should treat the UR agent as a third-party service provider in order to properly assess and address any potential risks to their data and systems. NYDFS emphasizes that covered entities bear the responsibility for these protections.
NYDFS orders United Arab Emirates-based bank to pay $40 million for BSA/AML violations
On October 10, NYDFS entered into a consent order with a United Arab Emirates-based bank and its New York branch to resolve alleged violations of the Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) laws related to the branch’s U.S. dollar clearing operations for foreign customers located in high risk jurisdictions. The alleged violations were discovered during examinations conducted in 2016 by the NYDFS and 2017 by the NYDFS and Federal Reserve Bank of New York. During this time, NYDFS downgraded the bank’s score due to certain alleged deficiencies identified in the branch’s BSA/AML programs and policies designed to ensure compliance with OFAC regulations. According to the consent order, among other things, the branch (i) failed to maintain adequate transaction monitoring and had deficient recordkeeping practices; (iii) “maintained insufficient documentation concerning its dispositions of OFAC alerts and cases”; (iv) failed to substantiate its rationales for waiving specific alerts and cases; and (v) failed to sufficiently oversee the third-party auditor who conducted the branch’s 2017 BSA/AML audit and remedial work evaluation.
The United Arab Emirates-based bank and its New York branch are required to pay a $40 million civil money penalty, and must also engage an independent third party to assist the branch in addressing its BSA/AML compliance deficiencies and develop (i) a BSA/AML compliance program; (ii) a suspicious activity monitoring and reporting program; (iii) a customer due-diligence program; and (iv) a plan to enhance oversight of the branch’s BSA/AML corporate governance and management oversight.
NYDFS issues best practices guidance for state-chartered institutions issuing loans to multi-family residential owners and landlords
On September 25, NYDFS released new guidance to assist regulated, state-chartered institutions when engaging in permissible lending activities involving New York rent-stabilized or rent-regulated multifamily residential buildings. According to the press release, the department received complaints concerning certain owners/landlords of rent-stabilized multifamily residential buildings who allegedly engaged in “inappropriate practices including tenant harassment and unsafe living conditions” and may have obtained loans to purchase or renovate buildings directly or indirectly from regulated institutions. The guidance is intended to ensure that regulated institutions apply best practices, including pre-loan and post-loan due diligence, to prevent the possibility of knowingly or unknowingly facilitating these types of practices. Among other things, pre-loan due diligence best practices include (i) conducting due diligence on property owners, including when the bank’s role is to provide indirect financing to the property owner; (ii) conducting due diligence on properties and property owners, including enhanced diligence on properties with a high number of violations; (iii) ensuring “realistic and sound underwriting terms” for loans involving multifamily residential buildings; and (iv) establishing a debt service coverage ratio subject to documentation based on the specific facts of each loan as well as realistic assumptions, consistent with safe and sound underwriting standards and practices. The best practices for post-loan monitoring should include (i) establishing covenants or procedures to ensure emergency and hazard repairs are completed within six months of a loan’s closing; and (ii) considering the property owner’s level of responsiveness and willingness to address building code violation when factoring future loans to the property owner.
NYDFS adds check cashing and virtual currency businesses to nationwide licensing system
On October 1, NYDFS announced the commencement of the final phase of its initiative to manage the license application and regulation of all non-depository financial institutions operating in the state through the Nationwide Multistate Licensing System and Registry (NMLS). As such, NYDFS now allows financial services companies holding check casher and virtual currency business activity licenses to transition those licenses to NMLS. Additionally, companies applying for new licenses may now submit applications through NMLS. As previously covered in InfoBytes, licensed budget planners, sales finance agencies, money transmitter licensees, and mortgage providers have already made the transition to NMLS.
New York Attorney General issues Virtual Markets Integrity Report, following cryptocurrency integrity initiative
On September 18, the New York Attorney General’s office announced the results of its Virtual Markets Integrity Initiative, a fact-finding inquiry into the policies and practices of platforms used by consumers to trade virtual or “crypto” currencies. As previously covered in InfoBytes, last April questionnaires were sent to 13 virtual asset trading platforms to solicit information on their operations, policies, internal controls, and safeguards to protect consumer assets. The resulting Virtual Markets Integrity Report finds that virtual asset trading platforms vary significantly in the comprehensiveness of their response to the risks facing the virtual markets, and presents three broad areas of concern: (i) the potential for conflicts of interest due to platforms engaging in various overlapping business lines that are not restricted or monitored in the same way as traditional trading environments; (ii) a lack of protection from abusive trading platforms and practices; and (iii) limited protections for customer funds, such as the insufficient availability of insurance for virtual asset losses and platforms that do not conduct any type of independent auditing of virtual assets. According to the report, the Attorney General’s office also referred three platforms to the New York Department of Financial Services for potential violations of the state’s virtual currency regulations.
NYDFS files lawsuit over OCC’s fintech charter decision
On September 14, New York Department of Financial Services (NYDFS) Superintendent, Maria T. Vullo, filed a lawsuit against the OCC arguing that the agency’s decision to allow fintech companies to apply for a Special Purpose National Bank Charter (SPNB) is a “lawless” and “ill-conceived” move that will destabilize financial markets more effectively regulated by the state. As previously covered in InfoBytes, last December the U.S. District Court for the Southern District of New York dismissed NYDFS’ previous challenge because the court lacked subject matter jurisdiction over NYDFS’ claims since the OCC had yet to finalize its plans to actually issue SPNBs. However, in light of the OCC’s July announcement welcoming nondepository fintech companies engaged in one or more core banking functions to apply for a SPNB (previously covered by Buckley Special Alert here), Superintendent Vullo once again issued a challenge to the OCC’s decision, arguing that it is unlawful and grants federal preemptive powers over state law. Among other things, NYDFS requests the court to (i) declare that the OCC’s decision to grant SPNBs exceeds its statutory authority under the National Bank Act, and specifically that the decision improperly defines the “‘business of banking’ to include non-depository institutions,” and (ii) enjoin the OCC “from taking further actions to implement its provisions.”
State banking supervisors ask congressional leaders for marijuana banking services clarity
On August 24, 13 state banking supervisors sent a letter asking congressional leaders “to consider legislation that creates a safe harbor for financial institutions to serve state-compliant [marijuana] business, or entrusts sovereign states with the full oversight and jurisdiction of marijuana-related activity.” According to the letter, while 31 states, the District of Columbia, and two territories have legalized medical and/or recreational marijuana use as of August 1, many financial institutions choose not serve marijuana businesses due to a perceived threat of asset forfeitures or criminal penalties. The letter notes that this results in inadequate regulation, cash transactions that are difficult to track, “a diminished ability to identify operators acting to circumvent federal and state licensing and regulatory frameworks,” and concerns for public safety. In addition, according to the state regulators, the rescission of the 2013 “Cole Memo”—which outlined the DOJ’s marijuana enforcement priorities and was relied upon by a limited number of financial institutions—has led to greater uncertainty for banks that serve marijuana businesses. The letter also discusses the Financial Crimes Enforcement Network’s 2014 guidance—which clarifies expectations under the Bank Secrecy Act for financial institutions providing services to marijuana businesses—and further stresses that “the Rohrabacher amendment prohibiting federal funds being used to inhibit state medicinal marijuana programs [is] an impermanent approach that requires a permanent resolution.”
In July, and as previously covered in InfoBytes, the New York Department of Financial Services (NYDFS) issued guidance which encouraged New York state chartered banks and credit unions to consider establishing relationships with regulated and compliant medical marijuana and industrial hemp-related businesses operating in New York. NYDFS stated it will not impose any regulatory action on a New York financial institution that establishes a relationship with a regulated marijuana business as long as the institution also complies with other applicable guidance and regulations.
NYDFS releases updated guidance regarding indirect auto lending fair lending compliance
On August 23, the New York Department of Finance Services (NYDFS) released updated guidance reminding institutions engaged in indirect auto lending through third parties that they must comply with the state’s Fair Lending Law, despite the May repeal of the CFPB’s Bulletin 2013-02 on indirect auto lending and compliance with the Equal Credit Opportunity Act (ECOA). (The repeal was previously covered by InfoBytes here.) The updated guidance “consolidates, streamlines and reinforces previous guidance issued by [NYDFS]’s predecessor, the New York State Banking Department,” which applies to supervised financial institutions and their subsidiaries and affiliates (lenders). The guidance provides a list of actions lenders should take to develop a fair lending compliance program for indirect auto lending, including (i) submitting all applications for loans that are rejected or withdrawn to an automatic review by a higher-level supervisor; (ii) implementing a fair lending training program for both new hires and current employees; (iii) obtaining written agreements from all dealers that certify that the dealer acknowledges its responsibility to comply with fair lending laws and the policies and procedures contained in the fair lending plan; and (iv) extending fair lending plan principles to refinancing and collection practices.