Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On December 4, the Financial Crimes Enforcement Network (FinCEN) issued Notice 2018-1 announcing a further extension of time for certain Report of Foreign Bank and Financial Accounts (FBAR) filings in light of FinCEN’s notice of proposed rulemaking (NPR) published March 10, 2016. (See previous InfoBytes coverage on the 2016 NPR here.) Specifically, one of the proposed amendments seeks to “expand and clarify the exemptions for certain U.S. persons with signature or other authority over foreign financial accounts,” but with no financial interest, as outlined in FinCEN Notice 2017-1 issued December 22, 2017. FinCEN noted that because the proposal has not been finalized, it is extending the filing due date to April 15, 2020 for individuals who previously qualified for a filing due date extension under Notice 2017-1. All other individuals must submit FBAR filings by April 15, 2019.
Agencies encourage financial institutions to explore innovative industry approaches to BSA/AML compliance
On December 3, the Financial Crimes Enforcement Network (FinCEN) released a joint statement along with federal banking agencies—the Federal Reserve Board, FDIC, NCUA, and OCC (together, the “agencies”)—to encourage banks and credit unions to explore innovative approaches such as artificial intelligence, digital identity technologies, and internal financial intelligence units to combat money laundering, terrorist financing, and other illicit financial threats when safeguarding the financial system. According to the agencies, private sector innovation and the adoption of new technologies can enhance the effectiveness and efficiency of Bank Secrecy Act/anti-money laundering (BSA/AML) compliance programs. Moreover, new innovations and technologies can also enhance transaction monitoring systems. Specifically, the agencies urged banks to test innovative programs to explore the use of artificial intelligence. However, the agencies emphasized that while feedback on innovative programs may be provided, the “pilot programs in and of themselves should not subject banks to supervisory criticism even if the pilot programs ultimately prove unsuccessful. Likewise, pilot programs that expose gaps in a BSA/AML compliance program will not necessarily result in supervisory action with respect to that program.” The joint statement further specifies that the agencies will be willing to grant exceptive relief from BSA regulatory requirements to facilitate pilot programs, “provided that banks maintain the overall effectiveness of their BSA/AML compliance programs.” However, banks that maintain effective compliance programs but choose not to innovate will not be penalized or criticized.
According to Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker, “[a]s money launderers and other illicit actors constantly evolve their tactics, we want the compliance community to likewise adapt their efforts to counter these threats,” pointing to the recent use of innovative technologies to identify and report illicit financial activity related to both Iran and North Korea.
As previously covered by InfoBytes, earlier in October the agencies provided guidance on resource sharing between banks and credit unions in order to more efficiently and effectively manage their BSA/AML obligations.
On November 30, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in October. Included among the actions is an order to pay a civil money penalty of $9,600 issued against a Louisiana-based bank for alleged violations of the Flood Disaster Protection Act in connection with alleged failures to obtain flood insurance coverage on loans at or before origination or renewal.
Consent orders were also issued against three separate banks related to alleged weaknesses in their Bank Secrecy Act (BSA) and/or BSA/anti-money laundering (BSA/AML) compliance programs. (See orders here, here, and here.) Among other things, the banks are ordered to: (i) implement comprehensive written BSA/AML compliance programs, which include revising BSA risk assessment policies, developing a system of BSA internal controls, and enhancing suspicious activity monitoring and reporting and customer due diligence procedures; (ii) conduct independent testing; and (iii) implement effective BSA training programs. The FDIC further requires the Florida and New Jersey-based banks to conduct suspicious activity reporting look-back reviews.
In addition, a Kentucky-based bank was ordered to pay a civil money of $300,000 for allegedly violating TILA by “failing to clearly and conspicuously disclose required information related to the [b]ank’s Elastic line of credit product” and Section 5 of the FTC ACT by “using a processing order for certain deposit account transactions contrary to the processing orders disclosed in the [b]ank’s deposit account disclosures.”
There are no administrative hearings scheduled for December 2018. The FDIC database containing all 17 enforcement decisions and orders may be accessed here.
On November 29, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “Combating Money Laundering and Other Forms of Illicit Finance: Regulator and Law Enforcement Perspectives on Reform” to discuss efforts to improve the Bank Secrecy Act/anti-money laundering (BSA/AML) regulatory, supervisory, and enforcement regime. Committee Chairman Mike Crapro, R-Idaho, opened the hearing by emphasizing the need for a continued dialogue on modernizing the BSA/AML regime to “encourage the innovation necessary to combat illicit financing while also encouraging regulators to focus on more tangible threats, and law enforcement to increase interagency cooperation and improve information sharing throughout the process.”
Among other things, Financial Crimes Enforcement Network (FinCEN) Director Kenneth A. Blanco highlighted the following three key priorities as part of FinCEN’s “multi-prong approach” to the regulatory reform process: (i) examining and understanding the value and effectiveness of the BSA through data-driven analysis in conjunction with both considering changes to enhance efficiency (such as evaluating suspicious activity and currency transaction reporting requirements) and engaging with regulators through, for example, monthly meetings with the FFIEC’s Anti-Money Laundering Working Group; (ii) “promot[ing] responsible innovation and creative solutions to combat money laundering and terrorist financing” by exploring ways to collaborate with financial institutions to improve AML/countering the financing of terrorism compliance, fostering innovation, and leveraging technology while also minimizing vulnerabilities; and (iii) “[e]nhancing public-private partnerships that reveal and mitigate vulnerabilities” and sharing information with the private sector to help identify suspicious activity.
OCC Compliance and Community Affairs Senior Deputy Comptroller Grovetta N. Gardineer discussed the agency’s efforts to enhance the efficiency of its current supervisory practices, and commented on how new technologies such as artificial intelligence and machine learning provide opportunities for banks to cut costs and identify suspicious activity. Gardineer also highlighted the OCC’s Money Laundering Risk System, which allows for the identification of potentially higher-risk community bank areas by “identifying the products and services offered by these institutions, as well as the customers and geographies they serve.” In addition, Gardineer offered recommendations for BSA amendments to improve supervisory efforts, such as (i) requiring a periodic review of BSA/AML regulations to identify those that may be outdated or burdensome; (ii) amending BSA safe harbor rules to clarify that a financial institution can file a suspicious activity report without being exposed to civil liability; and (iii) expanding safe harbor to permit information sharing beyond money laundering and terrorism financing between financial institutions without incurring liability. Moreover, Gardineer stated that FinCEN’s notice requirement with respect to information-sharing under section 314(b) of the USA Patriot Act should be eliminated or modified in order to enhance institutions’ ability to share information.
FBI Criminal Investigative Division Section Chief Steven M. D'Antuono also discussed, among other things, the Treasury Department’s recent Customer Due Diligence Final Rule (see previous InfoBytes coverage here), and stated that the Rule is “a step toward a system that makes it difficult for sophisticated criminals to circumvent the law through use of opaque corporate structures.”
NYDFS and international bank enter into second supplemental consent order over BSA/AML compliance deficiencies
On November 21, NYDFS and an international bank entered into a second supplemental consent order covering its settlement over alleged deficiencies in the bank’s Bank Secrecy Act/anti-money laundering and Office of Foreign Assets Control (OFAC) compliance program controls. As previously covered by Infobytes, in 2012, the bank agreed to engage an independent on-site monitor for 24 months to evaluate the New York branch’s BSA/AML and OFAC compliance programs and operations and was issued a $340 million civil money penalty. In 2014 NYDFS issued a subsequent consent order outlining the monitor’s findings, including reports of significant failures in the bank’s transaction monitoring. The 2014 order extended the engagement of the monitor for another two years, outlined remedial measures to address continued deficiencies, and required the bank to pay an additional $300 million civil money penalty. In April 2017, NYDFS and the bank entered into the first supplemental consent order to modify the 2012 and 2014 orders, acknowledging the bank made significant improvements in its BSA/AML compliance program but extended the monitor through December 2018 with all the other terms and conditions of the 2012 and 2014 consent orders remaining in full effect.
Now, beginning January 1, 2019, the second supplemental order issued by NYDFS requires the bank to engage an independent consultant, selected by the regulator, for a period of up to one year, with a possible extension of one additional year, to provide guidance for completing remediation called for in the 2012 and 2014 consent orders. In response to the second supplemental order, the bank stated it remained “committed to completing the remaining tasks necessary for that remediation.”
On November 19, the Federal Reserve Board, Office of Foreign Assets Control (OFAC), DOJ, Manhattan District Attorney’s Office, and NYDFS announced that a French bank agreed to pay approximately $1.34 billion in total penalties to resolve federal and state investigations into the bank’s allegedly intentional violation of U.S. sanctions laws and other federal and New York state laws from approximately 2003 to 2013.
The bank entered into a deferred prosecution agreement (DPA) with the U.S. Attorney’s Office for the Southern District of New York to settle charges of conspiring to violate U.S. sanctions against Cuba by “structuring, conducting, and concealing U.S. dollar transactions using the U.S. financial system.” The DPA requires the bank to forfeit more than $717 million. The bank also agreed to “accept responsibility for its conduct by stipulating to the accuracy of an extensive Statement of Facts, pay penalties totaling [$1.34 billion] to federal and state prosecutors and regulators, refrain from all future criminal conduct, and implement remedial measures as required by its regulators.” According to the DOJ, the bank “admitted its willful violations of U.S. sanctions laws—and longtime concealment of those violations—which resulted in billions of dollars of illicit funds flowing through the U.S. financial system.” As factors mitigating the penalty, the DPA acknowledges the bank’s efforts to collect and produce “voluminous evidence located in other countries to the full extent permitted under applicable laws and regulations, and its enhancement of its compliance program and sanctions-related internal controls both before and after it became the subject of a U.S. law enforcement investigation.” Among other factors, the bank’s willingness to enter into the terms of the DPA, outweighed its “failure to self-report all of its violations of [U.S.] sanctions laws in a timely manner.”
The bank also entered into agreements to pay almost $163 million to the New York County District Attorney’s Office, nearly $54 million to OFAC, approximately $81 million to the Federal Reserve Board, and $325 million to NYDFS. Among other things, NYDFS noted that branch employees “responsible for originating USD transactions outside of the U.S. had a minimal understanding of U.S. sanctions laws and regulations as they related to Sudan, Iran, Cuba, North Korea, or other U.S. sanctions targets.”
Separate from the resolution of alleged sanctions violations, NYDFS imposed an additional $95 million penalty to resolve findings that the bank’s New York branch allegedly failed to “implement and maintain an effective Bank Secrecy Act/Anti-Money Laundering Law compliance program and transaction monitoring system.”
According to a bank statement issued the same day, the bank acknowledges and regrets the identified shortcomings, and “has already taken a number of significant steps in recent years and dedicated substantial resources to enhance its sanctions and AML compliance programs.”
Federal, state financial regulatory agencies issue guidance for institutions affected by California wildfires; FinCEN encourages financial institutions to communicate BSA filing delays
On November 19, the Financial Crimes Enforcement Network (FinCEN) issued a notice to financial institutions that file Bank Secrecy Act reports encouraging such institutions to communicate with FinCEN and their functional regulators regarding any expected filing delays caused by the California wildfires. FinCEN also reminded financial institutions to review advisory FIN-2017-A007, previously covered by InfoBytes, which discusses potential fraudulent activity related to recent disaster relief schemes.
In a related action, the Federal Reserve Board, California Department of Business Oversight, Conference of State Bank Supervisors, FDIC, NCUA, and OCC (collectively, the “agencies”) issued a joint statement on November 15 providing guidance to financial institutions impacted by the California wildfires. The agencies encouraged lenders to work with borrowers in impacted communities to modify loans as appropriate based on the facts and circumstances of each borrower and loan. In addition, the agencies assured lenders that they would (i) expedite any request to operate temporary facilities to provide more convenient services to those affected by the wildfires; (ii) not generally assess penalties for institutions that take prudent steps to satisfy any publishing or reporting requirements, including by contacting their state or federal regulator to discuss satisfaction of such requirements; and (iii) consider granting institutions favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery.
Find continuing InfoBytes coverage on disaster relief here.
On November 15, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include cease and desist orders, civil money penalty orders, formal agreements, prompt corrective action directives, removal/prohibition orders, and terminations of existing enforcement actions. Two notable enforcement actions are discussed below.
On October 25, the OCC issued a consent order against a Louisiana-based bank related to examination findings from 2018 wherein the bank failed to adopt and implement an adequate Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program. Among other conditions, the consent order requires the bank to (i) develop and implement an ongoing BSA/AML risk assessment program; (ii) adopt an independent audit program to conduct a review of the bank’s BSA/AML compliance program; and (iii) submit a written progress report within 30 days after the end of each calendar quarter that details actions undertaken to ensure compliance with the consent order’s provisions. The bank neither admitted nor denied the OCC’s findings and is not required to pay a civil money penalty.
On October 23, the OCC assessed a $100 million civil money penalty against a national bank for alleged deficiencies in the bank’s BSA/AML compliance programs. Specifically, the alleged deficiencies include the failure to comply with a 2015 consent order in a timely manner, which required the bank to, among other things, adopt and implement an adequate BSA/AML compliance program and file timely Suspicious Activity Reports. The consent order acknowledges that the bank has undertaken corrective action to remedy the deficiencies noted by the OCC.
FDIC releases September enforcement actions, including breaches of fiduciary duty and BSA violations
On October 26, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in September. Included among the actions is a removal and prohibition and civil money penalty assessment issued against a bank’s president, CEO and board chairman (in his individual capacity as an institution-affiliated party) of a Florida-based bank for allegedly engaging in unsafe or unsound practices and breaches of fiduciary duty while employed by the bank. Among other claims, the respondent allegedly created a conflict of interest when he operated a consumer finance company, which he personally owned, out of one of the bank's branches. The FDIC contends that the respondent (i) operated the company through the utilization of bank property and staff without reimbursing the bank; (ii) issued loans to bank customers through the company; (iii) repaid the company using overdraft funds from customers’ bank accounts; and (iv) “caused the release and sale of bank collateral without full repayment to the bank when a portion of the sale proceeds were being used to pay on a finance company loan.” According to the FDIC, the respondent failed to disclose his actions to the bank’s board of directors as required by state law and a consent order the bank entered into in July 2010.
Additionally, a consent order was issued to a South Carolina bank related to alleged weaknesses in its Bank Secrecy Act (BSA) compliance program. The bank was ordered to, among other things, (i) revise and implement internal controls and policies and procedures for BSA compliance, including suspicious activity monitoring and reporting and customer due diligence procedures; (ii) perform an enhanced risk assessment of the bank’s operations; and (iii) take necessary steps to correct or eliminate all cited violations, such as conducting independent testing and implement effective BSA training programs.
There are no administrative hearings scheduled for November 2018. The FDIC database containing all 24 enforcement decisions and orders may be accessed here.
OCC announces enforcement action against bank for previously identified BSA/AML compliance deficiencies
On October 23, the OCC issued a consent order assessing a civil money penalty (CMP) against a national bank for deficiencies in the bank’s Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program. The deficiencies allegedly resulted in violations of the BSA compliance program and suspicious activity reporting (SAR) rules that led to the issuance of a 2015 consent order, violations of the 2015 order, and additional violations of the SAR rule and wire transfer “travel rule.” According to the 2018 order, the bank allegedly, among other things, (i) failed to “timely achieve compliance” with the 2015 order; (ii) failed to file the required additional SARs; and (iii) initiated wire transfer transactions containing inadequate or incomplete information.
Under the terms of the 2018 order, the bank agreed to pay a $100 million CMP. The order notes that the bank has undertaken corrective actions to remedy the identified BSA/AML-related deficiencies and enhance its BSA/AML compliance program.
- Jonice Gray Tucker to discuss "Trends in regulatory enforcement" at the American Bar Association Banking Law Committee Meeting
- Jessica L. Pollet to discuss "Your career is impacting your life..." at the Ark Group Women Legal Conference
- Jon David D. Langlois to discuss "Successors in interest updates" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Brandy A. Hood to discuss "Keeping your head above water in flood insurance compliance" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo