InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN Rules Proposed Virtual Currency Exchange, Bitcoin Payment System Subject to BSA
On October 27, FinCEN issued two administrative rulings to companies seeking guidance on whether they must register as MSBs and be subject to the required reporting, recordkeeping, and monitoring obligations. In its first letter, a company queried whether its plans to set up a virtual currency trading and booking platform, similar to a traditional securities or commodities exchange, would make it subject to FinCEN regulations. FinCEN responded that the proposed virtual trading platform would be classified as an MSB. As a result, the company would have to register as an MSB as defined under the BSA. In its second ruling, a company asked whether a bitcoin payment system would be subject to the agency’s regulations. The payment system would accept customers’ credit card payments and transfer the payments to merchants in the form of bitcoin. FinCEN ruled that if the company sets up the payment system, the company would be classified as a money transmitter, and subject to BSA regulations, because “it engages as a business in accepting and converting the customers’ real currency into virtual currency for transmission to the merchant.”
Department Of Treasury Continues Work To Support Money Transmitters
On October 8, the Treasury released a statement regarding its continued efforts to support the legitimate use of money transmitters by fostering financial inclusion and financial transparency, while simultaneously addressing its vulnerabilities of money laundering and terrorist financing. Highlighting its progress in the last 15 years, the statement notes that “record volumes of remittances are being transmitted through legitimate and transparent channels.” Looking forward, the treasury will improve upon its efforts to increase banking access for money transmitters by (i) making its expectations for banks clearer; (ii) improving AML/CFT controls and compliance; (iii) heightening AMC/CFT oversight; and (iv) reaching out to financial institutions and their customers. Finally, the Treasury is working with federal banking agencies to ensure that not all money transmitters are treated as high risk by banking institutions. Ensuring that these efforts are both domestic and international, the Treasury is working with the United Kingdom, the World Bank, and G-20.
Buckley Sandler Webcast Recap: FinCEN's Proposed Rule Amending Customer Due Diligence Obligations
BuckleySandler hosted a webcast entitled “FinCEN’s Proposed Rule Amending Customer Due Diligence Obligations,” on September 18, 2014, as part of the ongoing FinCrimes Webcast Series. Panelists included James Cummans, Vice President of BSA/AML Operations at TCF Bank; Jacqueline Seeman, Managing Director and Global Head of KYC at Citigroup, Inc.; and Sarah K. Runge, Director, Office of Strategic Policy at the U.S. Department of Treasury. The following is a summary of the guided conversation moderated by Jamie Parkinson, partner at BuckleySandler, and key take-aways to prepare for comments to the proposed rule and implementation of the new rule, once final, at your financial institution.
Key Tips and Take-Aways:
- Assess and prepare your organization’s financial and personnel resources to make sure that the appropriate resources are in place to comply with the proposed rule once it is finalized. Certain technical aspects of implementation may be complicated depending on the financial institutions’ existing processes.
- Boards of Directors should participate in and be informed of the process.
- Institutions that are exempt from the rule, including money services businesses (“MSBs”), should also consider how this rule would affect their operations. FinCEN has announced that this is an incremental rule making, meaning the rule could extend to additional entities in the future.
- Covered financial institutions should consider the implications and compliance issues associated with the proposed rule and actively engage in the comment period. It is clear that FinCEN took certain industry concerns into account from the earlier Advance Notice of Proposed Rulemaking (“ANPRM”), so any potential issues should again be raised.
Customer Due Diligence Rule Requirements
The session began with a brief background on the rulemaking process and the overarching goals of the proposed CDD obligations. The panel then addressed the rule’s codification of existing practices and procedures relating to client onboarding procedures and transaction monitoring. Significantly, the panelists outlined the new requirement to identify “beneficial owners” and the two independent prongs—ownership and control—used to determine who would be considered a “beneficial owner” of a legal entity customer. Finally, the panelists noted that the current proposed rule requires financial institutions to use a standard certification form to document the beneficial ownership of legal entity customers.
Potential Compliance Difficulties
The panelists noted that while the proposed rule outlines what would be required of an institution, there are a number of potential compliance challenges. First, the panelists discussed the definition of a “beneficial owner.” Some financial institutions have implemented lower ownership thresholds or additional persons in “control” for CDD purposes based on their assessment of risk. This presents potential compliance and logistical considerations for institutions that determined for compliance risk reasons to identify additional “beneficial owners” under both prongs when considered under their current policies and procedures.
Next, the panelists discussed the certification form that may be required by the rule. Panelists noted that the use of a paper based form could cause logistical challenges and compliance issues for institutions that are moving to digital documentation and banking. Specifically, the panelists expressed concern that the form might present difficulties associated with compiling data and performing additional risk analysis, and may also constrain the flexibility sought by different institutions in the manner of implementation of the new CDD information. The panelists also pointed out that a standard form (and the rule in general) impacts other compliance considerations, for example, those associated with e-signatures and data security. This looks likely to be an area of constructive commentary.
Identity Verification for Beneficial Owners
Panelists next discussed the rule’s requirement that financial institutions verify the identity of a “beneficial owner.” The original ANPRM had required financial institutions to verify not only the identity but also the status of the “beneficial owner.” Panelists noted that verification of an individual’s status would have presented significant compliance issues due to limited reliable resources to confirm such information, and that the required identity verification was a much better standard. The panelists also pointed out that this significant change demonstrates that FinCEN was taking industry opinion and comments to heart, and that this should encourage institutions to actively engage in the ongoing comment period.
Non-Covered Entities
Panelists then shifted to discussing the issue of entities who are not covered by the proposed rule. Panelists noted that there is likely to be commentary over some concern that the rule may create an uneven playing field between those companies that are required to gather this data and those companies that are not affected. Additionally, the panelists highlighted the fact that the current rule-making process has been presented as an incremental rule making, meaning that while certain entities may not currently be covered by the rule, FinCEN may expand the scope of entities covered by the rule in the future. As such, panelists suggested that entities not currently covered—such as MSBs and casinos—should not only pay attention to the proposed rule but perhaps evaluate their own compliance programs in anticipation of potential application later, but also actively engage in the comment portion of the rule making. The panel then warned that if these entities do not participate now, it may be difficult to make significant changes to the rule after it takes effect. Finally, regarding non-covered entities such as MSBs, panelists noted that the CDD requirements may have a practical impact despite the lack of formal mandate, as those covered institutions that bank non-covered entities may inquire about CDD practices and may expect non-covered entities to implement some type of risk-based CDD.
Board Level Responsibilities and Requirements
The panel also discussed the implications the proposed rule has on governance and the responsibilities of boards of directors. Panelists noted that boards have been encouraged to focus on enhanced training and resources regarding AML and BSA matters and that boards of directors need to understand the associated risks and legal requirements. Additionally, the panel pointed out that boards of directors need to monitor the implementation of any procedures dealing with the proposed requirements and that failure to properly implement the procedures or requirements could lead to disciplinary action. Finally, the board needs to ensure the organization’s financial and personnel resources are sufficient to address and implement the requirements of the proposed rule once it is finalized.
Requirements for Existing Accounts
The panel addressed the fact that while the proposed rule is not retroactive, the commentary states that financial institutions should be keeping the required information current and updated. Panelists expressed concern over what would be required with regard to keeping this information current, specifically highlighting concerns with when the financial institution would be required to update pre-existing low and medium risk customer profiles. The panel noted that while there are currently refresh cycles involved with their customers, there is no guidance as to how far back an institution would have to go and whether they would have to update the entire customer profile associated with an account.
Implementation Timeline
The panel concluded by discussing the proposed rule’s implementation timeline of one year. Panelists expressed concern that the one year period would cause certain technology related challenges and would be more burdensome for large institutions. The panelists noted that this is an issue that will likely be addressed in the comment period, with suggestions of between 18 and 24 months to prepare for and implement policies and procedures associated with the new rule.
Special Alert: FinCEN Publishes Long-Awaited Proposed Customer Due Diligence Requirements
On August 4, 2014, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) published a Notice of Proposed Rulemaking ("NPRM") that would amend existing Bank Secrecy Act (“BSA”) regulations intended to clarify and strengthen customer due diligence (“CDD”) obligations for banks, securities broker-dealers, mutual funds, and futures commission merchants and introducing brokers in commodities (collectively, “covered financial institutions”).
In drafting the modifications, FinCEN clearly took into consideration comments responding to its February 2012 Advance Notice of Proposed Rulemaking (“ANPRM”), as the current proposal appears narrower and somewhat less burdensome on financial institutions. Comments on the proposed rulemaking are due October 3, 2014.
Overview: Under the NPRM, covered financial institutions would be obligated to collect information on the natural persons behind legal entity customers (beneficial owners) and the proposed rule would make CDD an explicit requirement. If adopted the NPRM would amend FinCEN’s AML program rule (the four pillars) by making CDD a fifth pillar.
Click here to view the special alert.
Federal District Court Holds Bitcoin Is Money
On August 19, the U.S. District Court for the Southern District of New York found that Bitcoin is “money” in a memorandum order denying a defendant’s motion to dismiss a federal money laundering charge. Faiella et al. v. United States, No. 14-cr-243 (JSR), 2014 WL 4100897 (S.D.N.Y. Aug. 19, 2014). The defendant is a former Bitcoin exchange owner who was charged in 2013 with unlawfully operating an unlicensed money transmitting business. In his motion before the court, the defendant argued that the charge should be dismissed because Bitcoin is not “money” within the meaning of the statute. The court disagreed, relying upon the dictionary definition of “money” to conclude that Bitcoin “clearly qualifies as ‘money’” as it “can be easily purchased in exchange for ordinary currency, acts as a denominator of value, and is used to conduct financial transactions.” The court additionally relied on Congress’ intent that anti-money laundering statutes keep pace with evolving threats, and also cited an opinion from a similar case in the U.S. District Court for the Eastern District of Texas that concluded Bitcoin can be used as money. SEC v. Shavers, No. 4:13-CV-416, 2013 WL 4028182, at *2 (E.D. Tex. Aug. 6, 2013).
FinCEN Permanently Bars Casino Official Over BSA Violations
On August 20, FinCEN announced an action against a casino employee who admitted to violating the Bank Secrecy Act by willfully causing the casino to fail to file certain reports. FinCEN asserted based in part on information obtained from an undercover investigation that the employee helped high-end gamblers avoid detection of large cash transactions by agreeing not to file either Currency Transaction Reports or Suspicious Activity Reports as required under the BSA. FinCEN ordered the employee to pay a $5,000 civil money penalty, and immediately and permanently barred him from participating in the conduct of the affairs of any financial institution located in the U.S. or that does business within the U.S.
FINRA Charges Firm With AML And Systematic Market Access Violations
On August 18, FINRA announced a complaint against a financial services and investment firm, alleging that the firm was responsible for systematic supervisory and AML violations in connection with providing direct market access and sponsored access to broker-dealers and non-registered market participants. Specifically, FINRA claims that from January 2008 through August 2013, the firm failed to “ensure appropriate risk management controls and supervisory systems and procedures,” thereby allowing its market access customers to “self-monitor and self-report” possibly manipulative trades. Moreover, FINRA asserts that during the relevant time period, the firm was made aware of these potential regulatory and compliance risks though numerous industrywide notices, disciplinary decisions taken against other industry participants, and multiple self-regulatory organization inquiries and examinations. The firm may request a hearing before the FINRA disciplinary committee. If FINRA’s charges stand, the firm could face suspension, censure, and/or monetary penalties.
OCC Updates Merchant Processing Booklet
On August 20, the OCC issued Bulletin 2014-41, which announces a new “Merchant Processing” booklet of the Comptroller’s Handbook. This booklet replaces the booklet of the same name issued in December 2001 and provides updated guidance to examiners and bankers on assessing and managing the risks associated with merchant processing activities. Specific updates address: (i) the selection of third-party organizations and due diligence; (ii) technology service providers; (iii) on-site inspections, audits, and attestation engagements, including the “Statement on Standards for Attestation Engagement” (SSAE 16) and the “International Standard on Assurance Engagements” (ISAE 3402); (iv) data security standards in the payment card industry for merchants and processors; (v) the Member Alert to Control High-Risk Merchants (MATCH) list; (vi) BSA/AML compliance programs and appropriate policies, procedures, and processes to monitor and identify unusual activity; and (vii) appropriate capital for merchant processing activities.
New York Sanctions Bank For Alleged Failure To Comply With Prior AML Settlement
On August 19, the New York DFS announced a consent order with a British bank to resolve claims that the bank and its U.S. subsidiary failed to remediate AML compliance deficiencies as required by a prior settlement with the DFS that required the bank to, among other things, implement a transaction monitoring program. The DFS states that the compliance monitor appointed as part of the prior agreement determined that the procedures adopted by the bank to detect high-risk transactions contained errors and other problems that prevented the bank from identifying high-risk transactions for further review. The DFS asserts that the bank failed to detect these problems because of a lack of adequate testing both before and after implementation of the monitoring system. The DFS also claims the bank failed to properly audit its monitoring system. Under the latest consent order, the bank must: (i) suspend its dollar clearing operations for high-risk retail business clients of the bank’s Hong Kong subsidiary; (ii) obtain prior DFS approval to open a U.S. Dollar demand deposit account for any customer who does not already have such an account with the U.S. entity; and (iii) pay a $300 million penalty. The bank also must implement additional compliance enhancements, including enhanced due diligence and know-your customer requirements.
FinCEN Advisory Urges Institutions To Promote Culture Of Compliance
On August 11, FinCEN issued Advisory FIN-2014-A007 to provide guidance regarding BSA/AML compliance programs. Specifically, the guidance recommends that institutions create a “culture of compliance” by ensuring that: (i) leadership actively supports and understands compliance efforts; (ii) efforts to manage and mitigate BSA/AML deficiencies and risks are not compromised by revenue interests; (iii) relevant information from the various departments within the organization is shared with compliance staff to further BSA/AML efforts; (iv) the institution devotes adequate resources to its compliance function; (v) the compliance program is effective by, among other things, ensuring that it is tested by an independent and competent party; and (vi) leadership and staff understand the purpose of the institution’s BSA/AML efforts. The guidance follows numerous public remarks by FinCEN Director Jennifer Shasky Calvery and other financial regulators and enforcement authorities calling for stronger compliance cultures, particularly with regard to BSA/AML compliance. Director Shasky Calvery reinforced that message in an August 12, 2014 speech in which she asserted that, in the enforcement matters she has seen, a culture of compliance “could have made all the difference.” In the same speech, Ms. Shasky Calvery criticized—as Comptroller of the Currency Thomas Curry also did earlier this year—financial institutions which may be “de-risking” by preventing certain categories of businesses from accessing banking services. She stressed that “just because a particular customer may be considered high risk does not mean that it is ‘unbankable’,” and called on banks to develop programs to manage high risk customer relationships.