Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On September 14, the Financial Crimes Enforcement Network (FinCEN) issued a final rule to align Bank Secrecy Act (BSA) requirements applicable to most banks with the requirements applicable to banks lacking a “federal functional regulator.” In particular, the final rule will require all non-federally regulated banks — including private banks, non-federally insured credit unions, and certain trust companies — to establish and implement anti-money-laundering (AML) programs and customer identification programs (CIP).
On September 16, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned two Russian nationals who were allegedly involved in phishing campaigns targeting virtual asset service providers in 2017 and 2018, resulting in losses of at least $16.8 million. Specifically, the Russian nationals spoofed web domains of legitimate virtual currency exchanges to steal customers’ login information and gain access to their real accounts. According to OFAC, they used a “variety of methods to exfiltrate their ill-gotten virtual currency” and subsequently laundered the money to a personal account, attempting to “conceal the nature and source of the funds by transferring them in a layered and sophisticated manner through multiple accounts and multiple virtual currency blockchains.” OFAC designated the individuals pursuant to Executive Order 13694, which targets “malicious cyber-enabled activities, including those related to the significant misappropriation of funds or personal identifiers for private financial gain.”
OFAC emphasized that anti-money laundering and countering the financing of terrorism regimes “pose a critical chokepoint in countering and deterring” this type of cybercriminal activity. As a result, all property and interests in property belonging to the designated individuals subject to U.S. jurisdiction are blocked, and “U.S. persons generally are prohibited from dealing with them.”
On September 16, the Financial Crimes Enforcement Network (FinCEN) issued an Advance Notice of Proposed Rulemaking (ANPRM) soliciting comments on questions concerning potential regulatory amendments under the Bank Secrecy Act (BSA). According to the ANPRM, the proposed amendments “are intended to modernize the regulatory regime to address the evolving threats of illicit finance, and provide financial institutions with greater flexibility in the allocation of resources, resulting in the enhanced effectiveness and efficiency of anti-money laundering programs.” The ANPRM stems from FinCEN’s evaluation of recommendations received from the Bank Secrecy Act Advisory Group, which was established in 2019 to develop recommendations for strengthening the national AML regime. The ANPRM proposes, among other things, that all covered financial institutions subject to ALM program regulations would be required to maintain an “effective and reasonably designed” AML program that: (i) “assesses and manages risk as informed by a financial institution’s risk assessment, including consideration of [AML] priorities to be issued by FinCEN consistent with the proposed amendments”; (ii) “provides for compliance with [BSA] requirements”; and (iii) “provides for the reporting of information with a high degree of usefulness to government authorities.” The ANPRM also seeks comments on whether an explicit requirement for a risk assessment process should be established within the AML program regulations, as well as whether FinCEN’s director should issue a list of national AML priorities (tentatively titled “Strategic Anti-Money Laundering Priorities”) every two years. Comments are due by November 16.
On September 14, the Financial Crimes Enforcement Network (FinCEN) issued a final rule, under its sole authority, to remove the anti-money laundering (AML) program exemption for non-federally regulated banks. According to FinCEN, the rulemaking was prompted by the “gap in AML coverage” between banks that have a federal functional regulator and those that do not, which has created “a vulnerability to the U.S. financial system that could be exploited by bad actors.” The final rule would bring non-federally regulated banks that are currently required to comply with certain Bank Secrecy Act (BSA) obligations, such as filing currency transaction reports and suspicious activity reports to detect unusual activity, into compliance with the same standards applicable to all other banks. Specifically, the final rule outlines minimum standards for non-federally regulated banks to ensure the establishment and implementation of required AML programs, and extends customer identification program (CIP) requirements, as well as beneficial ownership requirements outlined in FinCEN’s 2016 customer due diligence (CDD) rule (covered by InfoBytes here), to banks not already subject to these requirements. FinCEN believes that non-federally regulated banks will be able to take a risk-based approach when tailoring their AML and CIP programs to fit their size, needs, and operational risks, and that those banks should be able to build on “existing compliance policies and procedures and prudential business practices to ensure compliance. . .with relatively minimal cost and effort.” The final rule takes effect November 16.
For more details, please see a Buckley Special Alert on the final rule.
On August 31, the DOJ announced that a company operating in South East Asia has pleaded guilty to “conspiring to launder monetary instruments in connection with evading sanctions on North Korea and deceiving correspondent banks into processing U.S. dollar transactions.” The company admitted and accepted responsibility for the criminal conduct and will pay a $673,714 fine. According to the DOJ, from at least February 2017 until at least May 2018, the company’s dual invoicing practices and false statements concealed the purchase of commodities for North Korean customers, leading to U.S. correspondent banks processing U.S. dollar transactions that would otherwise not have been authorized. Among other things, the company and its co-conspirators admitted to using front companies to “conceal the North Korean nexus,” including utilizing financial cutouts and falsifying shipping records. These actions, the DOJ stated, circumvented the U.S. correspondent banks’ sanction and anti-money laundering filters, which are designed to prevent banks from processing wire transfers on behalf of customers located in North Korea. In addition to paying the financial penalty, the company has agreed to “implement rigorous internal controls” and cooperate fully with the DOJ.
On August 28, the FDIC released a list of administrative enforcement actions taken against banks and individuals in July. During the month, the FDIC issued nine orders, consisting of “one consent order under 8(b) [of the Federal Deposit Insurance Act], one order of prohibition under 8(e) [of the Federal Deposit Insurance Act], six Section 19 orders, and one order terminating deposit insurance.” The consent order, issued against a New Jersey state bank, relates to alleged weaknesses in its Bank Secrecy Act and anti-money laundering (BSA/AML) compliance program. Among other things, the bank was ordered to (i) increase its supervision and direction of its BSA/AML policies, procedures, and processes to ensure compliance with the applicable laws and regulations; (ii) implement a revised BSA compliance program to address BSA/AML deficiencies, including improvements in suspicious activity monitoring and reporting and in customer due diligence; (iii) implement an effective BSA training program for appropriate personnel regarding specific compliance responsibilities; (iv) review and analyze Office of Foreign Assets Control-issued regulations to ensure timely and complete compliance; (v) conduct a look back review to ensure certain reportable transactions and suspicious activities were appropriately identified and reported; and (vi) establish a directors’ BSA/AML compliance committee.
Last month, the U.S. Senate Permanent Subcommittee on Investigations issued a bipartisan report titled “The Art Industry and U.S. Policies that Undermine Sanctions,” which details findings from a two-year investigation related to how Russian oligarchs appear to have used the art industry to evade U.S. sanctions. According to the Subcommittee, the investigation—which focused on major auction houses, private New York art dealers, and seven financial institutions—revealed that the “secretive nature” of the art industry “allowed art intermediaries to purchase more than $18 million in high-value art in the United States through shell companies linked to Russian oligarchs after they were sanctioned by the United States in March 2014,” and that, moreover, “the shell companies linked to the Russian oligarchs were not limited to just art and engaged in a total of $91 million in post-sanctions transactions.” The report claims that the art industry is largely unregulated, and, unlike financial institutions, is not subject to the Bank Secrecy Act (BSA) and is not required to maintain anti-money laundering (AML) and anti-terrorism financing controls. However, the report notes that sanctions imposed by the U.S. Treasury’s Office of Foreign Assets Control (OFAC) do apply to the industry, emphasizing that U.S. persons are not allowed to conduct business with sanctioned individuals or entities.
The Subcommittee’s key findings include that while four of the major auction houses have established voluntary AML controls, they treat an art agent or advisor as the principal purchaser of the art, which allows the auction house to perform due diligence on the art agent or advisor instead of identifying and evaluating a potentially undisclosed client. The auction houses also reportedly rely on financial institutions to identify the source of funds used to purchase the art. Because of these practices, the report concludes that these shell companies continue to have access to the U.S. financial system despite the imposition of sanctions.
The report makes several recommendations including: (i) the BSA should be amended to include businesses that handle transactions involving high-value art; (ii) Treasury should be required to collect beneficial ownership information for companies formed or registered to do business in the U.S., making the information available to law enforcement; (iii) Treasury should consider imposing sanctions on a sanctioned individual’s immediate family members; (iv) Treasury should announce and implement sanctions concurrently “to avoid creating a window of opportunity for individuals to avoid sanctions”; (v) the ownership threshold for blocking companies owned by sanctioned individuals should be lowered or removed; (vi) Treasury should maximize its use of suspicious activity reports filed by financial institutions to, among other things, alert other financial institutions of the risks of transacting with sanctioned entities; (vii) OFAC should issue comprehensive guidance for auction houses and art dealers on steps for determining “whether a person is the principal seller or purchaser of art or is acting on behalf of an undisclosed client, and which person should be subject to a due diligence review”; and (viii) OFAC should issue guidance on “the informational exception to the International Emergency Economic Powers Act related to ‘artworks.’”
Additionally, in June, a bipartisan group of senators introduced the Anti-Money Laundering Act of 2020 (AMLA) as an amendment (S.Amdt 2198 to S.4049) to the National Defense Authorization Act (NDAA), which would, among many other things, require federal agencies to study “the facilitation of money laundering and the financing of terrorism through the trade of works of art or antiquities” and, if appropriate, propose rulemaking to implement the study’s findings within 180 days of the AMLA’s enactment.
On August 12, the U.S. Court of Appeals for the Eleventh Circuit reversed a district court’s denial of a government forfeiture order, concluding that a forfeiture order is still mandatory when a defendant is convicted of a money laundering scheme even when no financial harm is caused to a bank. According to the opinion, between 2000 and 2009 an international businessman engaged in “mirror-image” financial transactions, which includes using phony invoices to launder money between his corporations. The bank involved incurred no financial loss from the transactions, due to the “mirror-image nature of the scheme,” and all financial draws were repaid with interest. The opinion notes that “had the Bank known of the falsehoods that prompted these financial transactions, it would not have approved [them].” In 2017, the defendant pled guilty to conspiracy to commit money laundering and the government requested forfeiture of over $20.8 million. The district court sentenced the defendant to 27-months imprisonment and denied the government’s forfeiture motion, noting that the purpose of forfeiture would not be served since the defendant returned all the money plus interest.
On appeal, the 11th Circuit disagreed, holding that the language of the U.S. money laundering statute (18 U.S.C. § 982(a)(1)), as stated by the Supreme Court, “provides that a district court ‘shall order’ forfeiture, [Congress] ‘could not have chosen stronger words to express its intent that forfeiture be mandatory.’ The appellate court noted that there is no “double counting” merely because the money was returned to the bank, and this is not a case of “double recovery” because the defendant “made no payment to the government body seeking forfeiture.” Moreover, the court agreed with the government that “substitute forfeiture” is permitted, rejecting the defendant’s claim that the bank was the owner of the funds; therefore, not a “third party” to whom the money was transferred within the meaning of e 21 U.S.C. § 853(p). Lastly, the appellate court rejected the district court’s conclusion that the $20.8 million forfeiture order was “excessively punitive,” holding that the court “failed to properly define the harm” when performing the excessiveness analysis. The appellate court noted that on remand, the district court “must consider the adverse impact on society that money laundering generally has as well as the specific conduct that [the defendant] engaged in” when determining the forfeiture amount.
On August 13, the OCC, the Federal Reserve Board, the FDIC, and the NCUA (collectively, the “agencies”) issued a joint statement, which clarifies how the agencies apply the enforcement provisions of the Bank Secrecy Act (BSA) and related anti-money laundering (AML) laws and regulations. Specifically, the statement discusses the conditions that require the issuance of a mandatory cease and desist order under sections 8(s) and 206(q). According to the agencies, there are no new exceptions or standards created by document. Among other things, the statement:
- Provides examples of when an agency shall issue a cease and desist order in accordance with sections 8(s)(3) and 206(q)(3) for “[f]ailure to establish and maintain a reasonably designed BSA/AML Compliance Program. The statement notes that an institution would be subject to a cease and desist order when the one component of their compliance program “fails with respect to either a high-risk area or multiple lines of business… even if the other components or pillars are satisfactory.”
- Describes circumstances in which an agency may use its discretion to issue formal or informal enforcement actions related to unsafe or unsound BSA-related practices. The statement notes that the “form and content” of the enforcement action will depend on a variety factors, including “the capability and cooperation of the institution’s management.”
- Describes how the agencies incorporate customer due diligence regulations and recordkeeping requirements as part of the internal controls pillar of an institutions BSA/AML compliance program.
- Discusses the treatment of isolated or technical compliance program requirements that are generally not issues resulting in an enforcement action.
On August 10, the Financial Industry Regulatory Authority (FINRA), SEC, and the CFTC announced separate settlements with a broker-dealer following investigations into its anti-money laundering (AML) programs. The broker-dealer did not admit or deny any of the charges, and the agencies all considered remedial actions undertaken by the broker-dealer. FINRA fined the broker-dealer $15 million for allegedly failing to establish and implement AML processes reasonably designed to detect and report suspicious transactions as required by the Bank Secrecy Act, including foreign currency wire transfers to and from countries known to be at high risk for money laundering. Additionally, the broker-dealer “lacked sufficient personnel and a reasonably designed case management system.” The broker-dealer consented to the terms of the Letter of Acceptance, Waiver and Consent and agreed to retain a third-party consultant to take steps to remediate its AML program.
In a separate investigation conducted by the SEC, the broker-dealer reached a settlement to resolve allegations that it repeatedly failed to file suspicious activity reports (SARs) as required by the Exchange Act for U.S. microcap securities trades executed on behalf of its customers. According to the SEC, because the broker-dealer’s “AML policies and procedures were not reasonably tailored to the risks of [its] U.S. microcap securities business,” over a one-year period, it failed to (i) recognize red flags; (ii) properly investigate suspicious activity; and (iii) file more than 150 SARs in a timely fashion even after compliance personnel flagged the suspicious transactions. Under the terms of the order, the broker-dealer has agreed to be censured, will cease and desist from committing future violations, and will pay an $11.5 million civil penalty.
The CFTC also announced a settlement to resolve allegations that the broker-dealer failed to (i) diligently supervise the handling of several commodity trading accounts; (ii) sufficiently oversee its employees’ handling of these accounts, leading to its “failure to maintain an adequate [AML] program and to conduct appropriate customer monitoring”; and (iii) identify or conduct adequate investigations necessary to detect and report suspicious transactions. Under the order, the broker-dealer is required to pay an $11.5 million civil penalty and disgorge $706,214 it earned as the futures commission merchant for certain accounts that were the subject of a 2018 CFTC enforcement action.
- Daniel P. Stipano to discuss "Making customers whole: Trends in remediation and restitution expectations" at the American Bar Association Business Law Virtual Section Meeting
- Jonice Gray Tucker to discuss "Fairness gone viral: Fair lending considerations for financial institutions amid Covid-19" at the American Bar Association Business Law Virtual Section Meeting
- Daniel P. Stipano to discuss "High standards: Best practices for banking marijuana-related businesses" at the ACAMS AML & Anti-Financial Crime Conference
- Daniel P. Stipano to discuss "Wait wait ... do tell me! Where the panelists answer to you" at the ACAMS AML & Anti-Financial Crime Conference
- Matthew P. Previn and Walter E. Zalenski to discuss "Is valid when made ... valid?" at the Women in Housing & Finance Partner Series webinar
- Warren W. Traiger and Caroline K. Eisner to discuss "CRA modernization and the OCC final rule" at CBA Live
- Daniel R. Alonso to discuss "Transnational corruption: A chat with former U.S. federal prosecutors in New York" at Marval Live Talks
- Sherry-Maria Safchuk and Lauren Frank to discuss "New CFPB interpretation on UDAAP" at a California Mortgage Bankers Association Mortgage Quality and Compliance Committee webinar
- Thomas A. Sporkin to discuss "Managing internal investigations and advanced government defense" at the Securities Enforcement Forum
- Daniel R. Alonso to discuss "Independent monitoring in the United States" at the World Compliance Association Peru Chapter IV International Conference on Compliance and the Fight Against Corruption
- Jonice Gray Tucker to discuss "The future of fair lending" at the Mortgage Bankers Association Regulatory Compliance Conference
- Michelle L. Rogers to discuss "Major litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Pandemic fallout – Navigating practical operational challenges" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute