Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Agencies encourage financial institutions to explore innovative industry approaches to BSA/AML compliance
On December 3, the Financial Crimes Enforcement Network (FinCEN) released a joint statement along with federal banking agencies—the Federal Reserve Board, FDIC, NCUA, and OCC (together, the “agencies”)—to encourage banks and credit unions to explore innovative approaches such as artificial intelligence, digital identity technologies, and internal financial intelligence units to combat money laundering, terrorist financing, and other illicit financial threats when safeguarding the financial system. According to the agencies, private sector innovation and the adoption of new technologies can enhance the effectiveness and efficiency of Bank Secrecy Act/anti-money laundering (BSA/AML) compliance programs. Moreover, new innovations and technologies can also enhance transaction monitoring systems. Specifically, the agencies urged banks to test innovative programs to explore the use of artificial intelligence. However, the agencies emphasized that while feedback on innovative programs may be provided, the “pilot programs in and of themselves should not subject banks to supervisory criticism even if the pilot programs ultimately prove unsuccessful. Likewise, pilot programs that expose gaps in a BSA/AML compliance program will not necessarily result in supervisory action with respect to that program.” The joint statement further specifies that the agencies will be willing to grant exceptive relief from BSA regulatory requirements to facilitate pilot programs, “provided that banks maintain the overall effectiveness of their BSA/AML compliance programs.” However, banks that maintain effective compliance programs but choose not to innovate will not be penalized or criticized.
According to Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker, “[a]s money launderers and other illicit actors constantly evolve their tactics, we want the compliance community to likewise adapt their efforts to counter these threats,” pointing to the recent use of innovative technologies to identify and report illicit financial activity related to both Iran and North Korea.
As previously covered by InfoBytes, earlier in October the agencies provided guidance on resource sharing between banks and credit unions in order to more efficiently and effectively manage their BSA/AML obligations.
On December 3, the OCC released its Semiannual Risk Perspective for Fall 2018, identifying and reiterating key risk areas that pose a threat to the safety and soundness of national banks and federal savings associations. The report focuses on risks to the federal banking system based on five areas: the operating environment, bank performance, special topics in emerging risk, trends in key risks, and supervisory actions. Overall, loans and bank profitability grew in 2018 as the U.S. economy continued to grow. Moreover, recent examination findings indicate incremental improvements in banks’ general risk management practices. Specific risk areas of concern noted by the OCC include: (i) the origination quality of new loans and potential embedded risks from previously successive years of relaxed underwriting standards; (ii) an increasingly complex operating environment, including the continually evolving threat to cybersecurity; (iii) elevated money-laundering risks; and (iv) rising market interest rates, including certain risks associated with heightened competition for deposits.
The report also notes that outstanding enforcement actions continue to decline since peaking in 2010, which, according to the OCC, reflects an overall improvement in, among other things, banks’ risk management practices. The leading cause of current enforcement actions continues to be compliance or operational failures.
On November 30, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in October. Included among the actions is an order to pay a civil money penalty of $9,600 issued against a Louisiana-based bank for alleged violations of the Flood Disaster Protection Act in connection with alleged failures to obtain flood insurance coverage on loans at or before origination or renewal.
Consent orders were also issued against three separate banks related to alleged weaknesses in their Bank Secrecy Act (BSA) and/or BSA/anti-money laundering (BSA/AML) compliance programs. (See orders here, here, and here.) Among other things, the banks are ordered to: (i) implement comprehensive written BSA/AML compliance programs, which include revising BSA risk assessment policies, developing a system of BSA internal controls, and enhancing suspicious activity monitoring and reporting and customer due diligence procedures; (ii) conduct independent testing; and (iii) implement effective BSA training programs. The FDIC further requires the Florida and New Jersey-based banks to conduct suspicious activity reporting look-back reviews.
In addition, a Kentucky-based bank was ordered to pay a civil money of $300,000 for allegedly violating TILA by “failing to clearly and conspicuously disclose required information related to the [b]ank’s Elastic line of credit product” and Section 5 of the FTC ACT by “using a processing order for certain deposit account transactions contrary to the processing orders disclosed in the [b]ank’s deposit account disclosures.”
There are no administrative hearings scheduled for December 2018. The FDIC database containing all 17 enforcement decisions and orders may be accessed here.
On November 19, the Federal Reserve Board, Office of Foreign Assets Control (OFAC), DOJ, Manhattan District Attorney’s Office, and NYDFS announced that a French bank agreed to pay approximately $1.34 billion in total penalties to resolve federal and state investigations into the bank’s allegedly intentional violation of U.S. sanctions laws and other federal and New York state laws from approximately 2003 to 2013.
The bank entered into a deferred prosecution agreement (DPA) with the U.S. Attorney’s Office for the Southern District of New York to settle charges of conspiring to violate U.S. sanctions against Cuba by “structuring, conducting, and concealing U.S. dollar transactions using the U.S. financial system.” The DPA requires the bank to forfeit more than $717 million. The bank also agreed to “accept responsibility for its conduct by stipulating to the accuracy of an extensive Statement of Facts, pay penalties totaling [$1.34 billion] to federal and state prosecutors and regulators, refrain from all future criminal conduct, and implement remedial measures as required by its regulators.” According to the DOJ, the bank “admitted its willful violations of U.S. sanctions laws—and longtime concealment of those violations—which resulted in billions of dollars of illicit funds flowing through the U.S. financial system.” As factors mitigating the penalty, the DPA acknowledges the bank’s efforts to collect and produce “voluminous evidence located in other countries to the full extent permitted under applicable laws and regulations, and its enhancement of its compliance program and sanctions-related internal controls both before and after it became the subject of a U.S. law enforcement investigation.” Among other factors, the bank’s willingness to enter into the terms of the DPA, outweighed its “failure to self-report all of its violations of [U.S.] sanctions laws in a timely manner.”
The bank also entered into agreements to pay almost $163 million to the New York County District Attorney’s Office, nearly $54 million to OFAC, approximately $81 million to the Federal Reserve Board, and $325 million to NYDFS. Among other things, NYDFS noted that branch employees “responsible for originating USD transactions outside of the U.S. had a minimal understanding of U.S. sanctions laws and regulations as they related to Sudan, Iran, Cuba, North Korea, or other U.S. sanctions targets.”
Separate from the resolution of alleged sanctions violations, NYDFS imposed an additional $95 million penalty to resolve findings that the bank’s New York branch allegedly failed to “implement and maintain an effective Bank Secrecy Act/Anti-Money Laundering Law compliance program and transaction monitoring system.”
According to a bank statement issued the same day, the bank acknowledges and regrets the identified shortcomings, and “has already taken a number of significant steps in recent years and dedicated substantial resources to enhance its sanctions and AML compliance programs.”
On November 15, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include cease and desist orders, civil money penalty orders, formal agreements, prompt corrective action directives, removal/prohibition orders, and terminations of existing enforcement actions. Two notable enforcement actions are discussed below.
On October 25, the OCC issued a consent order against a Louisiana-based bank related to examination findings from 2018 wherein the bank failed to adopt and implement an adequate Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program. Among other conditions, the consent order requires the bank to (i) develop and implement an ongoing BSA/AML risk assessment program; (ii) adopt an independent audit program to conduct a review of the bank’s BSA/AML compliance program; and (iii) submit a written progress report within 30 days after the end of each calendar quarter that details actions undertaken to ensure compliance with the consent order’s provisions. The bank neither admitted nor denied the OCC’s findings and is not required to pay a civil money penalty.
On October 23, the OCC assessed a $100 million civil money penalty against a national bank for alleged deficiencies in the bank’s BSA/AML compliance programs. Specifically, the alleged deficiencies include the failure to comply with a 2015 consent order in a timely manner, which required the bank to, among other things, adopt and implement an adequate BSA/AML compliance program and file timely Suspicious Activity Reports. The consent order acknowledges that the bank has undertaken corrective action to remedy the deficiencies noted by the OCC.
On October 3, the Financial Crimes Enforcement Network, Federal Reserve Board, FDIC, NCUA, and OCC (together, the agencies) issued an interagency statement outlining instances where banks and credit unions may choose to enter into collaborative arrangements to share resources in order to more efficiently and effectively manage their Bank Secrecy Act (BSA) and anti-money laundering (AML) obligations. The statement noted that collaborative arrangements are most suitable for “banks with a community focus, less complex operations, and lower-risk profiles for money laundering or terrorist financing.” The agencies described several examples in which collaboration between banks may be beneficial, such as (i) conducting internal control functions, including reviewing and drafting BSA/AML policies and procedures and risk-based customer identification and account monitoring processes; (ii) sharing resources for BSA/AML independent testing; and (iii) conducting BSA/AML training on regulatory requirements and internal policies, procedures, and processes. Other potential benefits include cost reductions, increases in operational efficiencies, and the availability to leverage specialized expertise.
However, the agencies cautioned that banks who choose to enter into collaborative agreements should carefully consider the associated risks “in relation to the bank’s risk profile, adequate documentation, consideration of legal restrictions, and the establishment of appropriate oversight mechanisms.” Moreover, banks should ensure that the collaborative arrangement is consistent with sound principles of corporate governance, have in place a contractual agreement, conduct periodic performance reviews, and consult their regulator’s guidance concerning third-party relationship to ensure compliance. The agencies further noted that “each bank is responsible for ensuring compliance with BSA requirements. Sharing resources in no way relieves a bank of this responsibility.” The interagency statement emphasizes that it is not applicable “to collaborative arrangements or consortia formed for the purpose of sharing information under Section 314(b) of the USA PATRIOT Act,” and “banks that form collaborative arrangements as described in this interagency statement are not an association for purposes of Section 314(b) of the USA PATRIOT Act.”
On September 26, the OCC’s Committee on Bank Supervision released its bank supervision operating plan (Plan) for fiscal year 2019. The Plan outlines the agency’s supervision priorities and specifically highlights the following supervisory focus areas: (i) cybersecurity and operational resiliency; (ii) commercial and retail credit loan underwriting, concentration risk management, and the allowance for loan and lease losses; (iii) Bank Secrecy Act/anti-money laundering compliance; (iv) change management to address new regulatory requirements; and (v) internal controls and end-to-end processes necessary for product and service delivery.
The annual plan guides the development of supervisory strategies for individual national banks, federal savings associations, federal branches, federal agencies, and service providers.
The OCC will provide updates about these priorities in its Semiannual Risk Perspective, as InfoBytes previously has covered.
OCC updates Comptroller’s Licensing Manual to revise public comment period calculation for business combination applicants
On July 30, the OCC released Bulletin 2018-22 announcing an updated version of its “Business Combinations” booklet of the Comptroller’s Licensing Manual. As previously covered in InfoBytes, the OCC released a revised version of the booklet last November, which included updates related to regulations addressing applications for national banks and federal savings associations proposing to execute a business combination. Current version 1.1 of the booklet incorporates minor technical corrections and includes a change in the public comment period calculation, which is “generally 30 days after the newspaper publication.” Among other things, the booklet provides a requirement that a notice “must be published three times in a newspaper of general circulation in the community or communities where the main or home offices of the banks involved in the transaction are located.” The OCC further advises applicants to consider the possibility of a processing delay in the event “significant or adverse comments” are received, and stresses potential delays should be a factored in when planning target dates for consummating a business combination.
On July 20, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include cease and desist orders, civil money penalty orders, removal/prohibition orders, and terminations of existing enforcement actions. Two of the more notable actions by the OCC covered in this report are discussed below.
On May 31, the OCC issued a consent order against an international investment bank’s federal branches located in Stamford, Miami, and New York, which identified alleged deficiencies in the branches’ Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance programs. The alleged deficiencies include failure to adopt and implement adequate BSA/AML compliance programs and failure to file timely Suspicious Activity Reports. Among other things, the consent order requires the branches to (i) develop and implement an ongoing BSA/AML risk assessment program; (ii) adopt an independent audit program to conduct a review of the bank’s BSA/AML compliance program; (iii) submit a written progress report within 30 days after the end of each calendar quarter that details actions undertaken to ensure compliance with the consent order’s provisions; and (iii) ensure each branch has permanent, experienced BSA officers responsible for compliance functions. The bank has neither admitted nor denied the OCC’s findings, and a civil money penalty was not assessed against the branches.
In addition, on June 18 the OCC issued an order terminating a 2016 consent order against a national bank following the OCC’s determination that the bank had successfully completed the consent order’s requirements for complying with provisions of the Servicemembers Civil Relief Act.
Federal Reserve issues enforcement actions against New York branch of Pakistani bank, former bank employee
On July 12, the Federal Reserve Board released an enforcement action taken against a Pakistani bank’s New York branch concerning deficiencies in the branch’s Bank Secrecy Act/anti-money laundering (BSA/AML) compliance program. Under the terms of the written agreement, the branch is required to (i) submit a written governance plan to strengthen the board of director’s oversight of BSA/AML compliance; (ii) retain an independent third party to conduct a BSA/AML compliance review; (iii) submit a revised, written compliance program that complies with BSA/AML requirements; (iii) submit an enhanced, written customer due diligence program plan; and (iv) submit a revised program to ensure compliant suspicious activity monitoring and reporting. On a parallel basis, the Federal Reserve terminated an enforcement action taken against the branch in 2013.
The Federal Reserve also issued a separate enforcement action against a former bank employee for engaging in unsafe or unsound banking practices by concealing an unreconciled balance using improper accounting practices. The consent order of prohibition prohibits the former employee from, among other things, participating in any manner in the conduct of the affairs of any insured depository institution, holding company, or subsidiary of an insured depository institution.
- Daniel P. Stipano to discuss "Lessons learned: Integrating FinCEN’s CDD final rule into compliance programs" during an ACAMS webinar
- Jonice Gray Tucker to discuss "Trends in regulatory enforcement" at the American Bar Association Banking Law Committee Meeting
- Jessica L. Pollet to discuss "Your career is impacting your life..." at the Ark Group Women Legal Conference