InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN Fines Michigan MSB For BSA/AML Violations, Bans Owner From Serving at Any U.S. Financial Institution
On May 29, a Michigan-based money service business (MSB), along with its owner, admitted to repeated violations of the BSA and have agreed to pay FinCEN a civil money penalty in the amount of $12,000. The company violated the BSA in numerous ways, including but not limited to: (i) failing to maintain a sufficient anti-money laundering program; (ii) engaging in high-risk transactions, including wire transfers to Yemen, totaling millions of dollars, without keeping proper records of the transfers or performing due diligence; and (iii) conducting suspicious transactions “with no apparent business or lawful purpose.” According to FinCEN, the MSB failed to monitor the suspicious transactions, had no review process in place, and neglected to file a Suspicious Activity Report or a Currency Transaction Report while operating as a business entity. Furthermore, in addition to the aforementioned MSB, the owner opened an additional MSB in October 2010, containing similar BSA deficiencies. The owner has “agreed to immediately and permanently cease serving as an employee, officer, director, or agent of any financial institution located in the United States or that conducts business within the United States.”
Buckley Sandler FinCrimes Webinar Series Recap: Best Practices in Customer Due Diligence and Know-Your-Customer
BuckleySandler hosted a webinar, Best Practices in Customer Due Diligence and Know-Your-Customer, on May 21, 2015 as part of their ongoing FinCrimes Webinar Series. Panelists included Eric Arciniega, Senior Manager, BSA/AML Due Diligence Operations at First Republic Bank; Janice Mandac, Global Head of KYC at Goldman Sachs; and Nagib Touma, Director Global AML/KYC at Citi. The following is a summary of the guided conversation moderated by Jamie Parkinson, partner at BuckleySandler LLP, and key take-aways you can implement in your company.
Best Practice Tips and Take-Aways:
- Establishing company-wide/global standards for your company’s customer due diligence and KYC program will help to ensure consistency throughout the organization. But, for global institutions, you must also be able to accommodate jurisdictions with requirements that are more stringent than the global standards.
- Be aware of data privacy standards in the countries where you operate. These standards pose a particular challenge to operating a centralized customer due diligence and KYC program.
- Regulators’ recent focus on model risk management extends to your customer risk rating model. Ensure that your model is being tested and tuned rigorously.
Balancing Globalization with Regional Variations
The panelists began the session by discussing how to take advantage of the benefits of a globalized customer due diligence and KYC program while accounting for jurisdictional variations in legal requirements. The panelists observed that a good approach is to first create baseline standards that apply globally and then append local requirements onto the global standards. Panelists felt that it was best to integrate any local requirements into the centralized customer due diligence and KYC system rather than create separate systems for regions with more stringent requirements. To make this possible, the centralized AML function must have ongoing communication with local teams that are on the ground in these jurisdictions.
The panelists discussed the challenges posed by jurisdictions with data privacy requirements that make it impossible to house customers’ information in a centralized database. In Switzerland for example, one panelist explained that the company has created a separate incidence of the customer due diligence and KYC system with firewalls to ensure that the data privacy requirements are fulfilled. Other jurisdictions’ requirements could lead a company to create a duplicate record of a customer’s information for use outside the jurisdiction. The panelists suggested categorizing jurisdictions into buckets based on how open or private they are to create controls that prevent unauthorized access.
The panelists stressed the value of leveraging your company’s technology to acquire a consistent set of information about new customers during the onboarding process. When a customer has one record across the company, that information can be used by different lines of business and different applications can be run off of the database. This same principle applies when a company implements a global case management tool for AML cases.
Effective Customer Risk Rating Models
The panelists identified many different factors that an effective customer risk rating model should take into account. These included:
(1) The kinds of business the customer is engaged in;
(2) Locations in which the customer operates;
(3) Whether the customer maintains custodial accounts;
(4) Reputational risk associated with the customer;
(5) Negative news reports on the customer; and
(6) SARs filed on the customer.
Here, too, the panelists noted the challenge of incorporating jurisdictional variation in requirements, such as a country requiring certain industries to be rated high-risk, into a globalized system. But again, the panelists felt that the best approach was to establish a global model and incorporate jurisdictional-specific requirements. One panelist described a peer-grouping function that compares a customer to similar customers within the company’s portfolio to see if the customer is operating much differently than similar customers.
The panelists observed that regulators have placed particular emphasis on models in general, including customer risk rating models. Accordingly, the panelists stressed the importance of the Supervisory Guidance on Model Risk Management released by the OCC in April 2011 when testing and tuning your customer risk rating model. The panelists generally agreed that testing and tuning the customer risk rating model should be an ongoing process with enhancements made to the model on a regular basis; perhaps annually or quarterly. A regular review should also be conducted to look for new factors that should be considered in the model.
Looking ahead
The panelists concluded the session by discussing what issues related to customer due diligence and KYC they anticipated being especially important in the upcoming year. Several panelists mentioned the anticipated beneficial ownership rules. The panelists said that they are beginning to have internal discussions about the costs and changes that will need to be made to comply with the new requirements. The panelists also mentioned that meeting regulatory expectations for their customer risk rating models will also be an important issue.
FinCrimes Webinar Series Recap: Conducting an Effective Financial Crimes-Related Internal Investigation
BuckleySandler hosted a webinar, Conducting an Effective Financial Crimes-Related Internal Investigation, on April 23, 2015 as part of their ongoing FinCrimes Webinar Series. Panelists included John Mackessy, Anti-Money Laundering & Trade Sanctions Officer at MasterCard and Saverio Mirarchi, Senior Director at Treliant Risk Advisors and former Chief Compliance and Ethics Officer at Northern Trust. The following is a summary of the guided conversation moderated by Jamie Parkinson, partner at BuckleySandler, and key take-aways you can implement in your company. To request a recording of this webinar, please email Nicole Steckman at nsteckman@buckleyfirm.com.
Key Tips and Take-Aways:
- Make sure that the organization has appropriate policies and procedures in place to quickly and efficiently react when an investigation begins.
- Have systems in place to quickly identify the veracity of any allegations and be prepared to begin the internal investigation as soon as possible.
- Be prepared for, and understand the impact of having, a compliance monitor as part of any settlement agreement.
Pre-Investigation Preparation
The session began with a discussion of what an organization can do to prepare for an internal investigation. The panel focused on the benefits of preparation and having established policies and procedures in place before an investigation begins. Specifically, the panelists noted the importance of having individual roles and responsibilities outlined and understood at the outset, in order to make the response more efficient. The panelists further noted that with the significant time constraints associated with such an investigation, it is critical that the team be prepared to act immediately. Finally, the panelists highlighted the significance of having effective routes of communication established in the policies and procedures, to ensure that all parties involved know how to proceed when an investigation is initiated. All of this can be in place in the absence of a concern triggering an internal investigation, so the panelists emphasized the steps to take before any concerns arise.
Internal Investigation Leadership and Logistics
The panelists then discussed the variety of approaches an organization can take when it comes to who leads the internal investigation. Specifically, the panelists noted that while there is no one-size fits all approach, the leadership of an internal investigation needs to be transparent from the outset, even if that role is transitioned during the investigation. The panelists suggested numerous approaches to who should run the investigation, including having either a business unit, outside counsel, or the organization’s general counsel be in charge of the investigation.
Conducting the Internal Investigation
Panelists next shifted to discussing the steps involved in conducting an internal investigation. The panel noted that the first critical component of running an internal investigation is obtaining the key information related to the problem, and identifying whether there is any information that the organization does not have. Specifically, the panel highlighted the importance of validating the initial allegations quickly, in order to fully engage with the investigation. The panel also noted the importance of quickly initiating a document hold, especially if the allegation is coming from a reputable source. The panelists highlighted the fact that putting out a document hold too soon is generally a minor problem, whereas any inadvertent destruction of relevant information could pose significant problems down the line. Financial crimes investigations are extremely data-analytics-intensive and may involve vast amounts of data covering many years, so the panelists focused on the role of a data analytics team.
Corporate Monitors
The panelists then discussed the importance of being prepared to deal with a monitor. The panelists noted that with the recent increase in situations where a monitor will be required, it is key for an organization to know how to implement any agreements regarding the monitorship. Specifically, the panelists noted that the organization needs to make sure that they understand the scope of the monitor’s role and how the organization will be able to interact with the monitor. The panel suggested that before signing any monitoring agreement, the document needs to be discussed with compliance, operations, information technology, and any other departments that may be impacted by the monitorship, so that all parties are aware of the operational implications of a monitorship. Finally, the panel added that organizations should make sure to have a contact person or team that handles interactions with the monitor and is able to manage the monitor’s access to documents, in order to establish an effective relationship with the monitor.
Role of Senior Management and the Board
The panel also discussed the role of senior management and the Board of Directors in the internal investigation process. The panelists noted that in all internal investigations, it is important to make sure senior management and the Board are involved. Specifically, the panelists noted that senior management and the Board need to know the severity of the allegations, any related risks, the costs associated with the investigation, and that the investigation is being run properly. Finally, the panelists noted that if the investigation is being run by the general counsel, any communications to senior management and the Board need to be drafted so as to protect privilege.
FinCEN Resolves First Enforcement Action Against Virtual Currency Exchange
On May 5, a virtual currency company and its subsidiary agreed to pay a $700,000 civil money penalty for violating multiple provisions of the Bank Secrecy Act (BSA), in which both companies acted as a money service business and seller of virtual currency without properly registering with FinCEN, as well as, failed to implement and maintain an adequate anti-money laundering (AML) program. Furthermore, according to a Statement of Facts and Violations, FinCEN also charged the subsidiary for not filing or untimely filing suspicious activity reports related to several financial transactions. In addition to the civil money penalty, terms of the agreement require both companies to, among other things, (i) engage in remedial steps to ensure future compliance with AML statutory obligations; and (ii) enhance their current internal measures for compliance with the BSA. In a separate DOJ announcement, both companies entered into a settlement agreement to resolve potential criminal charges with the U.S. Attorney’s Office in the Northern District of California. Under terms of the DOJ settlement, both companies agreed to forfeit a total of $450,000, which will be credited to satisfy FinCEN’s $700,000 penalty, in exchange for the government not criminally prosecuting the companies for the aforementioned conduct.
FinCEN Eyes Real Estate Industry For Money Laundering Concerns
On May 6, FinCen Director Jennifer Calvery delivered remarks at the West Coast AML Forum, highlighting the agency’s increased focus to ensure transparency within the U.S. financial system. In her remarks, Calvery addressed concerns about potential money laundering activities in the real estate market, particularly for persons involved in real estate closings and settlements. The continued use of shell companies by criminals to purchase luxury residential real estate is of particular concern. Of note, Calvery referenced prior FinCEN efforts to define the scope of BSA obligations involving real estate closings and settlements, and that it has thus far deferred issuing rules likely to cover settlement and closing attorneys and agents, appraisers, title search and insurance companies, escrow companies, and possibly mortgage servicers and corporate service providers until it better identifies the money laundering risks and activities involved. Calvery also described criminal organizations’ use of third-party money launderers, such as accountants or attorneys, to obtain access to U.S. financial institutions, stating “[FinCEN] cannot permit institutions and their associated [third-party money launderers] to act as gateways to the U.S. financial system for criminal and other bad actors.” Calvery also provided an update on FinCEN’s current efforts to address beneficial ownership and ensure BSA compliance in the virtual currency market using the recent Ripple enforcement action as an example.
DOJ Assistant AG Delivers Remarks on Anti-Money Laundering and Financial Crimes
On March 16, DOJ Assistant AG Leslie Caldwell delivered remarks at the annual ACAMS anti-money laundering conference regarding the importance of establishing and maintaining robust compliance programs within financial institutions to prevent criminal activity, and recent DOJ enforcement actions taken against financial institutions in the anti-money laundering space. Caldwell outlined the integral parts of an effective compliance program, to include: (i) providing sufficient funding and access to essential resources; (ii) incentivizing compliance and ensuring that disciplinary measures are even handed for low-level and senior employees; and (iii) ensuring that third parties interacting with the institutions understand the institution’s expectations and are serious about compliance management. Caldwell emphasized that the strength of an institution’s compliance program is “an important factor for prosecutors in determining whether to bring charges against a business entity that has engaged in some form of criminal misconduct.” Caldwell highlighted the Criminal Division’s recent actions involving financial fraud and sanctions violations, observing that many have resulted in deferred prosecution agreements or non-prosecution agreements (DPAs and NPAs), enforcement tools the DOJ utilizes in the Criminal Division’s cases. Finally, addressing concerns that the DOJ and other law enforcement authorities have targeted the financial industry for investigation and prosecution, Caldwell stated, “banks and other financial institutions continue to come up on our radar screens because they, and the individuals through which they act, continue to violate the law, maintain ineffective compliance programs or simply turn a blind eye to criminal conduct to preserve profit.”
FinCEN Assesses $75,000 Penalty Against Check Casher Business for Violating Anti-Money Laundering Laws
On March 18, the Financial Crimes Enforcement Network (FinCEN) assessed a $75,000 civil money penalty against a Colorado check casher and its general manager and ordered it to cease all business activities for “willfully violating” registration, reporting, and anti-money laundering provisions of the Bank Secrecy Act (BSA). The Colorado-based check casher had been the subject of three BSA compliance examinations by the Internal Revenue Service, “all of which found significant and repeated violations.” Under the BSA, money services business are required to implement anti-money laundering controls, conduct internal compliance reviews, and provide compliance training for all staff in an effort to prevent the facilitation of money laundering and the financing of terrorist activities. The Colorado check casher failed to employ such programs, which resulted in a significant amount of untimely and inaccurate currency transaction reports.
New York DFS Takes Action Against Bank for BSA/AML Compliance Deficiencies
On March 12, the New York DFS issued a consent order against a Germany-based global bank for alleged Bank Secrecy Act and other anti-money laundering (BSA/AML) compliance violations that occurred between 2002 and 2008. According to the DFS’s press release, certain bank employees were selected “to manually process Iranian transactions — specifically, to strip from SWIFT payment messages any identifying information that could trigger OFAC-related controls and possibly lead to delay or outright rejection of the transaction in the United States.” The DFS also alleges that the bank’s New York branch failed to implement proper BSA/AML compliance thresholds, allowing certain alerts regarding suspicious transactions to be excluded. Under the terms of the consent order, the bank must pay a $1.45 billion penalty, to be distributed as follows: $610 million to the DFS; $300 million to the U.S. Attorney’s Office for the Southern District of New York; $200 million to the Federal Reserve; $172 million to the Manhattan District Attorney’s Office; and $172 million to the U.S. DOJ. Additionally, the order requires that the bank “terminate individual employees who engaged in misconduct, and install an independent monitor for Banking Law violations in connection with transactions on behalf of Iran, Sudan, and a Japanese corporation that engaged in accounting fraud.”
OCC Comptroller Delivers Remarks Regarding BSA/AML Compliance
On March 2, OCC Comptroller Curry delivered remarks before the Institute of International Bankers regarding BSA/AML compliance obligations for financial institutions. During his remarks, Comptroller Curry emphasized that a top priority for the OCC has been to strengthen BSA/AML compliance at its supervised institutions. In this regard, the OCC has (i) modified its bank examination process so that BSA deficiencies receive proper emphasis in the evaluation of safety and soundness; (ii) focused on the BSA/AML risks posed by third-party relationships; (iii) required that institutions adequately resource their BSA/AML compliance programs; (iv) required institutions to assign accountability for BSA/AML compliance across all business lines presenting BSA/AML risk; and (v) taken enforcement action to enforce BSA/AML compliance when appropriate. Through his remarks, Comptroller Curry also addressed the need to improve the BSA/AML regulatory framework itself. Specifically, Comptroller Curry indicated that the OCC wanted (i) to streamline the SAR reporting process, (ii) to find better ways to use technology to advance BSA/AML goals, and (iii) to increase information sharing by creating safe harbors from civil liability both for financial institutions that file SARs and for financial institutions that share information about financial crimes with each other.
New York Bank Regulator Considering Cybersecurity Regulations, Random Audits of Banks
On February 25, New York DFS Superintendent Benjamin Lawsky delivered remarks at Columbia Law School focusing on how state bank regulators can better supervise financial institutions in a post-financial crisis era. In his remarks, Lawsky stated that “real deterrence” to future misconduct “means a focus not just on corporate accountability, but on individual accountability” at the senior executive level. Lawsky also highlighted measures that DFS is considering to prevent money laundering including conducting random audits of regulated firms’ “transaction monitoring and filtering systems” and making senior executives attest to the adequacy of the systems. Lastly, Lawsky outlined several cybersecurity initiatives and considerations that would require third-party vendors to have cybersecurity protections and regulations in place that would mandate the use of “multi-factor authentication” systems for DFS regulated firms.