Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CFTC subcommittee issues report on responsible AI use


    On May 2, a CFTC subcommittee on Emerging and Evolving Technologies issued a report on the responsible use of artificial intelligence (AI) by exchanges, clearinghouses, futures commission merchants, brokers, and data repositories, among others, interested in using AI in financial markets. The report examined AI use cases in financial services, reviewed the risks of AI for CFTC-registered entities, and set out five recommendations for the CFTC: (1) the CFTC should host a public roundtable discussion with industry leaders; (2) the CFTC should define and adopt an AI risk management framework to assess consumer harms and benefits of AI use by CFTC-registered entities; (3) the CFTC should create an inventory of existing AI regulations and identify gaps where staff guidance or rulemaking would be needed; (4) the CFTC should establish a process to align its policies with other federal agencies; and (5) the CFTC should increase staff participation in domestic and international dialogues around AI.

    Fintech Artificial Intelligence Department of Treasury Governance Anti-Money Laundering

  • FinCEN renews real estate GTOs

    Financial Crimes

    On April 17, FinCEN renewed its Geographic Targeting Orders (GTOs) which require title insurance companies to identify the real owners of shell companies involved in cash real estate purchases. This renewal is effective from April 19, through October 15, and applies to specified counties and cities across various states, including California, Florida, New York, and the District of Columbia. The GTOs aim to gather data on potential illicit activities in the housing market and support regulatory initiatives. The minimum property purchase price for reporting remains at $300,000, except in Baltimore, where it is $50,000. FinCEN is also processing feedback from a February proposed rulemaking on anti-money laundering measures for the residential real estate sector.

    FinCEN FAQs regarding the GTOs are available here.

    Financial Crimes Of Interest to Non-US Persons FinCEN GTO Anti-Money Laundering

  • FinCEN seeks public comment for changing SSN requirements during customer identification

    Agency Rule-Making & Guidance

    On March 29, FinCEN published a request for information (RFI) and comment in the Federal Register, in consultation with the OCC, FDIC, NCUA, and the Fed, to receive more information on the Customer Identification Program (CIP) Rule requirement. This announcement extended the comment period as the regulators explored how banks can better collect a customer’s social security number (SSN). Specifically, FinCEN sought information on the “potential risks and benefits” if banks were to be allowed to collect partial SSNs from customers, and then used a “reputable” third-party source to obtain the full SSN. FinCEN noted there has been “expressed interest” in permitting this practice. Written comments must be received on or before May 28.

    Agency Rule-Making & Guidance Customer Identification Program FinCEN Anti-Money Laundering

  • Fed finds CEO engaged in crypto “pig butchering” scam which led to bank failure

    On February 7, the Federal Reserve issued an evaluation report, as required by the Federal Deposit Insurance Act (where a loss to the deposit insurance fund is considered material), on a recently failed bank; the Fed concluded the bank failed due to alleged fraudulent activity by the bank’s CEO. In particular, the Fed found that the CEO initiated a series of wire transfers over the course of three months totaling about $47.1 million of the bank’s money as part of a cryptocurrency scam known as “pig butchering.” According to a FinCEN alert, “pig butchering” occurs when a scammer convinces its victims to invest in purportedly legitimate cryptocurrency investments but then steals the victim’s money.

    The Fed found that the bank’s employees neglected to follow proper internal controls and policies that could have “prevented or detected” the alleged fraudulent activity, attributing the failure to a reluctance to challenge the CEO given the CEO’s “dominant role in the bank and prominent role in the community.” Specifically, the employees did not comply with the bank’s BSA/AML policy or file suspicious activity reports as outlined under the policy. As a result, the Fed recommended (i) increasing the awareness among state member banks of cryptocurrency scams; and (ii) providing training to examiners on cryptocurrency scams.

    Bank Regulatory Federal Issues Cryptocurrency FinCEN Federal Reserve Bank Secrecy Act Anti-Money Laundering

  • Broker-dealer settles AML allegations with FINRA

    Financial Crimes

    On February 12, FINRA settled allegations with a Florida-based broker-dealer for failing to implement reasonable procedures requiring escalation of potentially suspicious trading activity. Closely following the SEC and DFPI’s recent enforcement action (covered by InfoBytes here), the company, without admitting or denying the allegations, agreed to pay a $700,000 fine to settle claims regarding its failure to effectively implement anti-money laundering (AML) programs. FINRA claimed that the company did not adequately equip its analysts to review and address trading alerts related to suspicious activities by customers, which could total up to 100 alerts per trading day. Additionally, the company allegedly lacked proper written procedures in connection with the acceptance and resale of low-priced securities as required to comply with Section 5 of the Securities Act of 1933 in violation of FINRA Rules. FINRA also noted that, despite being aware that improvements to the AML program were necessary as early as 2016, the company did not fully implement recommended improvements until March 2022. In issuing the fine, FINRA highlighted that the company was fined for similar AML violations back in 2011 and emphasized instances where the company’s analysts failed to escalate suspicious activity to the AML department in a timely manner, leading to regulatory inquiries and subpoenas regarding certain customers’ practices.

    Financial Crimes Broker-Dealer FINRA Anti-Money Laundering Enforcement

  • FDIC issues December 2023 enforcement actions

    On January 26, the FDIC released a list of administrative enforcement actions taken against banks and individuals in December 2023. During that month, the FDIC made public 12 orders consisting of “four orders of termination of deposit insurance; three orders terminating consent orders; two consent orders; one order terminating supervisory prompt corrective action directive; one order of prohibition from further participation; one order to pay a civil money penalty (CMP); and one Decision and Order to Prohibit from Further Participation and Assessment of Civil Money Penalty.”

    Included is a consent order with a Mississippi-based bank for alleged Bank Secrecy Act violations, along with violations of a previous consent order from 2020, imposing a $600,000 civil money penalty. Also included is a consent order with a Kentucky-based bank, alleging the bank engaged in “unsafe or unsound banking practices and violations of law or regulation” relating to, among other things, the Bank Secrecy Act. The bank neither admitted nor denied the allegations but agreed to create a written plan to recover its losses from the bank’s relationship with a third-party loan program, to reduce the bank’s risk position in the program, and to stop granting any extensions of credit through adversely classified or criticized loans related to the third-party loan program. The consent order additionally requires the bank’s board to assess the sufficiency of the bank’s allowance for credit losses (ACL), ensuring the establishment of an appropriate ACL and to uphold and accurately report it. Specifically, “management shall review updated credit risk metrics and loss data for the third-party loan programs referenced in the ROE and ensure appropriate provisions to the ACL relative to this information.”

    Bank Regulatory Federal Issues FDIC Enforcement Bank Secrecy Act Anti-Money Laundering

  • NYDFS orders digital currency trading company to pay $8 million

    State Issues

    On January 12, NYDFS announced that it had entered into a consent order with a digital currency trading company after an investigation that found the company responsible for compliance failures that violated NYDFS’s virtual currency and cybersecurity regulations, leaving the company vulnerable to illicit activity and cybersecurity threats.  

    NYDFS found that the company failed to meet its compliance obligations due to (i) deficiencies in the company’s AML program; (ii) failure to file compliant suspicious activity reports; (iii) failure to conduct required OFAC screening; and (iv) failure to maintain an adequate cybersecurity program. In connection with the settlement, the company will surrender its BitLicense, the license required to be held by any company conducting virtual currency business in New York state and pay an $8 million penalty. 

    State Issues NYDFS Digital Currency Cyber Risk & Data Security Bank Secrecy Act Anti-Money Laundering Cryptocurrency OFAC Enforcement

  • FDIC releases November enforcement actions

    On December 29, the FDIC released a list of administrative enforcement actions taken against banks and individuals in November. The FDIC made 12 orders public including, “five consent orders, three prohibition orders, two orders terminating consent orders, one order to pay a civil money penalty (CMP), and one order dismissing both a notice of assessment of CMPs and an order to pay.” Included is a stipulated order and written agreement with a Tennessee-based bank (the Bank) to resolve alleged violations of the Bank Secrecy Act (BSA) and weaknesses in board and management oversight of its information technology function. The Bank agreed to the conditions of the consent order which requires the Bank to, among other things (i) establish an action plan to correct the bank’s Anti-Money Laundering/Countering the Financing for Terrorism (AML/CFT) program deficiencies and alleged violations; (ii) retain qualified IT management; (iii) perform a cybersecurity assessment; and (iv) designate someone responsible for coordinating and monitoring day-to-day compliance with the BSA.

    Bank Regulatory Federal Issues Enforcement Bank Secrecy Act Anti-Money Laundering

  • NYDFS settles with bank for compliance failures

    State Issues

    On September 29, NYDFS announced a settlement with a South Korean-based bank’s American subsidiary to resolve allegations of repeated violations of AML requirements, the Bank Secrecy Act (BSA), and New York law. According to the consent order, the respondent was repeatedly examined seven times in less than 10 years by DFS and entered into a consent order with the FDIC in 2017 for BSA/AML compliance, among other things. DFS claims that respondents violated (i) New York Banking Law § 44 by conducting their business in an unsafe and unsound manner; (ii) 3 NYCRR § 116.2 by failing to maintain an effective AML compliance program; and (iii) 23 NYCRR § 504.4 by incorrectly certifying compliance with Part 504. To resolve the claims, the respondent agreed to pay a $10 million civil money penalty, and write a written plan detailing improvements to its compliance policies and procedures, among other things.

    State Issues NYDFS Civil Money Penalties Enforcement New York Anti-Money Laundering Bank Secrecy Act Settlement

  • Bank to pay $25 million to settle alleged misleading ESG claims


    On September 25, the SEC announced two enforcement actions against a subsidiary (respondent) of a German multinational investment bank and financial services company, in which the respondent agreed to pay a total of $25 million in penalties arising from (i) purportedly misleading statements respondent made regarding its Environmental, Social, and Governance (ESG) program; and (ii) its failure to develop a mutual fund Anti-Money Laundering (AML) program. According to the order, respondent allegedly marketed itself to clients and investors as a leader in ESG that adhered to specific policies for integrating ESG considerations into its investments but failed to implement certain provisions of its global ESG integration policy. The order contains a number of statements that respondent made concerning its ESG program that the SEC found to be materially misleading.  For example, respondent allegedly represented through its ESG Policy that its research analysts were required to include financially material and reputation relevant ESG aspects into its valuation models, investment recommendations and research reports and consider material ESG aspects as part of their investment decision, but respondent’s internal analyses allegedly showed that research analysts have inconsistent levels of documented compliance with this requirement.  The SEC determined that respondent’s failure to implement certain policies and procedures violated multiple sections of the Advisers Act, including Section 206(2), “which prohibits an investment adviser, directly or indirectly, from engaging ‘in any transaction, practice, or course of business which operates as a fraud or deceit upon any client or prospective client.’”

    Through the ESG order, respondent has agreed to pay a $19 million civil penalty and to cease and desist from committing any further violations of the violated sections of the Advisors Act. The SEC also charged respondent with a separate Anti-Money Laundering order, for failure to comply with the Bank Secrecy Act and FinCen regulations. Respondent did not admit nor deny the SEC’s claims.

    Securities SEC Enforcement ESG Anti-Money Laundering Bank Secrecy Act FinCEN Settlement


Upcoming Events