Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • OCC releases recent enforcement actions

    On July 20, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Among the enforcement actions is a formal agreement with a California-based bank to update its BSA/AML compliance program. According to the agreement, the OCC identified deficiencies and violations relating to the bank’s compliance with BSA/AML laws and regulations. Among other things, the bank agreed to establish a compliance committee and revise its adherence to appropriate policies and procedures for collecting customer due diligence “when opening new accounts, when renewing or modifying existing accounts for customers, and when the [b]ank obtains event-driven information indicating that it needs to obtain updated customer due diligence information.” The bank also agreed to institute an “enhanced written risk-based program of internal controls and processes” to ensure an appropriate review of BSA/AML suspicious activity.

    Bank Regulatory Federal Issues OCC Enforcement Compliance Bank Secrecy Act Anti-Money Laundering Customer Due Diligence

  • EU-U.S. release statement on Joint Financial Regulatory Forum

    Federal Issues

    On July 20, participants in the U.S.-EU Joint Financial Regulatory Forum, including officials from the Treasury Department, Federal Reserve Board, CFTC, FDIC, SEC, and OCC, issued a joint statement regarding the ongoing dialogue that took place from June 27-28, noting that the matters discussed during the forum focused on six themes: “(1) market developments and financial stability risks; (2) regulatory developments in banking and insurance; (3) anti-money laundering and countering the financing of terrorism (AML/CFT); (4) sustainable finance and climate-related financial risks; (5) regulatory and supervisory cooperation in capital markets; and (6) operational resilience and digital finance.”

    Participants acknowledged that the financial sector in both the EU and the U.S. is exposed to risk due to ongoing inflationary pressures, uncertainties in the global economic outlook, and geopolitical tensions as a result of Russia’s war on Ukraine. During discussions, participants emphasized the significance of strong bank prudential standards, effective resolution frameworks, and robust supervision practices. They also stressed the importance of international cooperation and continued dialogue to monitor vulnerabilities and strengthen the resilience of the financial system. Participants took note of recent developments relating to, among other things, recent bank failures, digital finance, the crypto-asset market, and the potential adoption of central bank digital currencies.

    Federal Issues Bank Regulatory Financial Crimes Digital Assets Of Interest to Non-US Persons EU Department of Treasury Federal Reserve CFTC FDIC SEC OCC Anti-Money Laundering Combating the Financing of Terrorism

  • FDIC releases May enforcement actions

    On June 30, the FDIC released a list of administrative enforcement actions taken against banks and individuals in May. The FDIC made public four orders including “two orders of prohibition, one consent order and combined personal consent order, and one to order to pay a civil money penalty.” Included is a cease and desist/consent order against a New York-based bank related to alleged deficiencies and weaknesses in the bank’s anti-money laundering/countering the financing of terrorism program (AML/CFT Program), among other things. Also, among other things, the FDIC required that the bank must ensure it has designated individual(s) with qualifications, who can ensure the bank’s compliance with the AML/CFT Program.

    Bank Regulatory Federal Issues FDIC Enforcement Anti-Money Laundering Combating the Financing of Terrorism

  • FinCEN updates jurisdictions with AML/CFT/CPF deficiencies

    Financial Crimes

    On June 29, FinCEN announced that the Financial Action Task Force (FATF) issued a public statement updating its lists of jurisdictions with strategic deficiencies in anti-money laundering (AML), countering the financing of terrorism (CFT), and countering the financing of proliferation of weapons of mass destructions (CPF). FATF’s statements include (i) Jurisdictions under Increased Monitoring, “which publicly identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes that have committed to, or are actively working with, the FATF to address those deficiencies in accordance with an agreed upon timeline,” and (ii) High-Risk Jurisdictions Subject to a Call for Action, “which publicly identifies jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and calls on all FATF members to apply enhanced due diligence, and, in the most serious cases, apply counter-measures to protect the international financial system from the money laundering, terrorist financing, and proliferation financing risks emanating from the identified countries.”

    FinCEN’s announcement also informed members that FATF added Cameroon, Croatia, and Vietnam it its list to the list of Jurisdictions Under Increased Monitoring and advised jurisdictions to apply enhanced due diligence proportionate to the risks. FATF did not remove any jurisdictions from the list. Additionally, the announcement suggests that money service businesses refer to FinCEN’s Guidance on compliance obligations to employ adequate measures against money laundering and the financing of terrorism posed by their foreign relationships. Also noted in the announcement is that the list of high-risk jurisdictions subject to a call for action, remains the same. FinCEN reminded in the announcement that U.S. financial institutions are still broadly prohibited from engaging in transactions or dealings with Iran, and they should continue to refer to existing FinCEN and Office of Foreign Assets Control guidance on engaging in financial transactions with Burma. With respect to high-risk jurisdictions subject to a call for action — the Democratic People’s Republic of Korea and Iran — “financial institutions must comply with the extensive U.S. restrictions and prohibitions against opening or maintaining any correspondent accounts, directly or indirectly, for North Korean or Iranian financial institutions,” FinCEN said, adding that “[e]xisting U.S. sanctions and FinCEN regulations already prohibit any such correspondent account relationships.”

     

    Financial Crimes Of Interest to Non-US Persons FinCEN Anti-Money Laundering Combating the Financing of Terrorism FATF Combating Weapons of Mass Destruction Proliferation Financing OFAC

  • Anti-ISIS coalition emphasizes international cooperation

    Financial Crimes

    On June 16, the Counter ISIS Finance Group (CIFG) of the Global Coalition to Defeat ISIS released a joint statement by the CIFG co-leads (the US, Italy, and Saudi Arabia), which coordinates efforts to isolate the Islamic State of Iraq and Syria (ISIS) from the international financial system and eliminate its revenue sources. CIFG held its eighteenth meeting on June 7, and during the meeting attendees discussed ISIS’s presence in Africa and partner countries presented on actions taken to disrupt ISIS financing. The presentations also “demonstrated how coordinated action and information-sharing among states, non-governmental organizations (NGOs), and the private sector amplify the impact of law enforcement investigations, targeted sanctions, prosecutions, and other measures against ISIS financing networks.” The CIFG co-leads also mentioned that international cooperation has been vital in disrupting ISIS transactions outside of the formal financial system especially, amongst other things, amid the increasing use of virtual assets and mobile payment systems. CIFG members and observers are seeking, among other things: (i) support from counterterrorism partners, NGOs, and the private sector to increase information sharing; (ii) cooperation from countries prone to exploitation by ISIS financers; (iii) to assist vulnerable jurisdictions in their efforts against money laundering and terrorism financing; (iv) to urge Global Coalition members, particularly in Africa, to support their military to combat ISIS insurgency; and (v) to assist in a risk-based approach to implementing effective regulations, especially in the case of mobile payment platforms and virtual asset service providers. With a focus on international cooperation, CIFG members said they will continue to closely work with counterterrorism partners to disrupt ISIS funding sources and methods.

    Financial Crimes Of Interest to Non-US Persons OFAC OFAC Designations OFAC Sanctions ISIS Anti-Money Laundering Combating the Financing of Terrorism

  • Treasury announces strategy to address financial institution de-risking

    The U.S. Treasury Department recently released its “first of its kind” strategy to address financial institution de-risking. Mandated by the Anti-Money Laundering Act of 2020, the 2023 De-Risking Strategy examines customer categories most often impacted by de-risking and provides findings and policy recommendations to address ongoing problems. Treasury defines de-risking as financial institutions restricting or terminating business relationships indiscriminately with broad classes of customers rather than analyzing and managing specific risks in a targeted manner. The report found that customers most frequently subject to de-risking are small-to-medium-sized money service businesses (MSB) that are often used by immigrant communities to send remittances abroad. Other commonly impacted customer categories include non-profit organizations operating overseas in high-risk jurisdictions and foreign financial institutions with low correspondent banking transaction volumes. De-risking is particularly acute for entities operating in financial environments characterized by significant money laundering/terrorism financing risks, the report notes. Identifying “profitability as the primary factor in financial institutions’ de-risking decisions,” the report found that profitability is influenced by several factors, including the cost to implement anti-money laundering/countering the finance of terrorism (AML/CFT) compliance measures and systems commensurate with customer risk.

    The report presents several recommendations for policymakers, such as promoting consistent supervisory expectations and training federal examiners to consider the effects of de-risking, as well as suggesting that financial institutions analyze account termination notices and notice periods for non-profits and MSBs to identify ways to support longer notice periods where possible. Treasury also encourages heightened international cooperation to strengthen foreign jurisdictions’ AML/CFT regimes, and encourages policymakers to continue assessing the risks and opportunities of innovative and emerging technologies for AML/CFT compliance solutions. Treasury may also consider requiring financial institutions to have “reasonably designed and risk-based AML/CFT programs supervised on a risk basis, possibly taking into consideration the effects of financial inclusion.”

    Financial Crimes Of Interest to Non-US Persons Risk Management De-Risking Anti-Money Laundering Act of 2020 Anti-Money Laundering Combating the Financing of Terrorism

  • FinCEN renews and expands real estate GTOs

    Financial Crimes

    On April 21, FinCEN updated its Geographic Targeting Orders (GTOs). The GTOs require U.S. title insurance companies to identify the natural persons behind shell companies that pay “all cash” (i.e., the transaction does not involve external financing) for residential real estate in certain counties within the following major metropolitan areas: Boston; Chicago; Dallas-Fort Worth; Houston; Laredo; Las Vegas; Los Angeles; Miami; New York City; San Antonio; San Diego; San Francisco; Seattle; the District of Columbia, Northern Virginia, and Maryland (DMV) area; as well as the City and County of Baltimore, the County of Fairfield, Connecticut, and the Hawaiian islands of Honolulu, Maui, Hawaii, and Kauai. FinCEN also expanded the geographic coverage of the GTOs to additional counties in both Connecticut and Colorado, after the agency—in conjunction with law enforcement partners—identified the regions as presenting greater risks for illicit finance activity through non-financed purchases of residential real estate. The purchase price required to trigger the reporting requirements in the relevant areas remains set at $300,000, with the exception of the City and County of Baltimore, which is set at $50,000. The renewed GTOs take effect April 25 and end October 21, 2023.

    FinCEN FAQs regarding the GTOs are available here.

    Financial Crimes Of Interest to Non-US Persons FinCEN GTO Anti-Money Laundering

  • Treasury recommends stronger DeFi supervision

    Financial Crimes

    On April 6, the U.S. Treasury Department published a report on illicit finance risks in the decentralized finance (DeFi) sector, building upon Treasury’s other risk assessments, and continuing the work outlined in Executive Order 14067, Ensuring Responsible Development of Digital Assets (covered by InfoBytes here).

    Written by Treasury’s Office of Terrorist Financing and Financial Crimes, in consultation with numerous federal agencies, the Illicit Finance Risk Assessment of Decentralized Finance is the first report of its kind in the world. The report explained that, while there is no generally accepted definition of DeFi, the term has broadly referred to virtual asset protocols and services that allow for automated peer-to-peer transactions through the use of blockchain technology. Used by a host of illicit actors to transfer and launder funds, the report found that “the most significant current illicit finance risk in this domain is from DeFi services that are not compliant with existing AML/CFT [anti-money laundering and countering the financing of terrorism] obligations.” These obligations include establishing effective AML programs, assessing illicit finance risks, and reporting suspicious activity, the report said.

    The report made several recommendations for strengthening AML/CFT supervision and regulation of DeFi services, such as “closing any identified gaps in the [Bank Secrecy Act (BSA)] to the extent that they allow certain DeFi services to fall outside the scope of the BSA’s definition of financial institutions.” The report also recommended, “when relevant,” the “enforcement of virtual asset activities, including DeFi services, to increase compliance by virtual asset firms with BSA obligations,” and suggested continued research and engagement with the private sector on this subject.

    In addition, the report pointed to a lack of implementation of international AML/CFT standards by foreign countries, “which enables illicit actors to use DeFi services with impunity in jurisdictions that lack AML/CFT requirements,” and commented that “poor cybersecurity practices by DeFi services, which enable theft and fraud of consumer assets, also present risks for national security, consumers, and the virtual asset industry.” To address these concerns, the report recommended “stepping up engagements with foreign partners to push for stronger implementation of international AML/CFT standards and advocating for improved cybersecurity practices by virtual asset firms to mitigate these vulnerabilities.” The report seeks input from the public sector to inform next steps.

    Financial Crimes Agency Rule-Making & Guidance Of Interest to Non-US Persons Department of Treasury Anti-Money Laundering Combating the Financing of Terrorism Illicit Finance Decentralized Finance Supervision Bank Secrecy Act Digital Assets Fintech

  • NYDFS, crypto payment company reach AML/cybersecurity settlement

    State Issues

    On March 16, NYDFS issued a consent order against a payment service provider for allegedly failing to comply with the state’s virtual currency and cybersecurity regulations. The company was licensed to engage in virtual currency business activity in the state pursuant to 23 NYCRR Part 200. Licensees under Part 200 are required to, among other things, comply with federal and state laws mandating effective controls to guard against money laundering and certain other illegal activities. A 2022 NYDFS examination revealed that, although the company made improvements to address deficiencies within its AML and cybersecurity compliance programs that were identified during a 2018 examination, the programs still required additional improvements to achieve regulatory compliance. NYDFS concluded that the company violated sections of Part 200 by allegedly failing to develop adequate internal policies and controls to maintain compliance with applicable AML laws or to develop procedures to ensure compliance with necessary risk management requirements under applicable OFAC regulations. Furthermore, the company violated the state’s cybersecurity regulation (23 NYCRR Part 500) by failing to conduct periodic cybersecurity risk assessments and failing to timely appoint a designated chief information security officer responsible for overseeing, implementing, and reporting on the company’s cybersecurity program. Under the terms of the consent order, the company agreed to pay a $1 million civil monetary penalty and submit an action plan to NYDFS within 180 days detailing its remediation efforts. The company also agreed to conduct a comprehensive cybersecurity risk assessment within 150 days and to continue to strengthen its controls, policies, and procedures to prevent future violations.

    State Issues Digital Assets Privacy, Cyber Risk & Data Security State Regulators NYDFS Anti-Money Laundering Cryptocurrency Virtual Currency Payments Fintech Settlement 23 NYCRR Part 200 23 NYCRR Part 500 OFAC Risk Management

  • OCC releases enforcement actions

    On March 17, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included is a cease and desist order against a New York-based bank for allegedly engaging in unsafe or unsound practices related to its information technology security and controls, as well as its information technology risk governance and board of director/management oversight of its corporate risk governance processes. The OCC also found alleged deficiencies (including unsafe or unsound practices) in the bank’s Bank Secrecy Act (BSA)/anti-money laundering risk management controls in the following areas: “internal controls, BSA officer, customer identification program, customer due diligence, enhanced due diligence, [] beneficial ownership,” and suspicious activity monitoring and reporting. The order requires the bank to, among other things, maintain a compliance committee, develop a corporate governance program to ensure appropriate board oversight, establish a written strategic plan and conduct an internal audit to assess the sufficiency of the bank’s internal controls program, implement information technology governance and security programs, and adopt an automated clearing house risk management program. The bank is also required to appoint a BSA officer to ensure adherence to the bank’s BSA/AML internal controls, conduct a suspicious activity review lookback, implement a customer information program that is reasonably designed to identify and verify beneficial owners of legal entity customers, and develop and adopt a BSA/AML model risk management process.

    Bank Regulatory Federal Issues OCC Enforcement Bank Secrecy Act Anti-Money Laundering Financial Crimes SARs

Pages

Upcoming Events