Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FinCEN issues FAQs on PPP

    Federal Issues

    On January 12, FinCEN and the SBA issued FAQs on the Paycheck Protection Program (“PPP”), established under the CARES Act, to assist borrowers and lenders in interpreting the CARES act and the PPP Interim Final Rule. Among the issues addressed in the FAQs, FinCEN and the SBA provided guidance regarding whether under the CDD Rule, lenders are required to collect, certify, or verify beneficial ownership information for existing customers, stating that it is not necessary to re-verify “[i]f the PPP loan is being made to an existing customer, and the existing customer and the necessary information was previously verified. Additionally, FinCEN and the SBA addressed the question of whether a lender’s collection of the information required with respect to owners of 20% or greater interest in PPP applicants is sufficient to satisfy a lender’s obligation to collect beneficial ownership information under the Bank Secrecy Act. FinCEN and the SBA stated that for lenders with existing customers the lender does not need to reverify beneficial ownership information for owners that hold ownership interests of at least 20 percent, and with respect to new customers with the same ownership interest, all natural persons will need to provide the same information in order to satisfy BSA requirements. FinCEN also answered more FAQs on its April 2020 FAQs regarding the PPP on Second Draw PPP Loans, on BSA/AML compliances, and on SBA Procedural Notice 5000-835955, the last stating that a “PPP lender may reveal the existence of a SAR to the SBA when requesting a guaranty purchase (without charge-off) from the SBA.” 

    Federal Issues SBA FinCEN Department of Treasury PPP CARES Act Bank Secrecy Act Anti-Money Laundering Act of 2020

  • FinCEN issues proposed beneficial ownership information access and safeguards rulemaking

    Financial Crimes

    On December 15, FinCEN issued a notice of proposed rulemaking (NPRM) to implement provisions of the Corporate Transparency Act (CTA) that govern the access to and protection of beneficial ownership information. (See also FinCEN fact sheet here.) The NPRM follows a final rule issued by FinCEN at the end of September (effective January 1, 2024), which establishes a beneficial ownership information reporting requirement (Reporting Rule) and requires most corporations, limited liability companies, and other entities created in or registered to do business in the U.S. to report information about their beneficial owners to FinCEN. (Covered by InfoBytes here.)

    In accordance with CTA requirements related to beneficial ownership information access and safeguard provisions, FinCEN’s NPRM proposes regulations for establishing who may request beneficial ownership information, how the information must be secured, and non-compliance penalties. Specifically, the proposal would limit the disclosure of beneficial information to “[f]ederal agencies engaged in national security, intelligence, or law enforcement activities; state, local, and Tribal law enforcement agencies with court authorization; financial institutions with customer due diligence requirements and regulators supervising them for compliance with such requirements; foreign law enforcement agencies, prosecutors, judges, and other agencies that meet specific criteria; and Treasury officers and employees under certain circumstances.” The proposal would also require authorized recipients to maintain security and confidentiality protocols that align with the scope of access and use provisions.

    Among other things, the NPRM addresses aspects of the secure, non-public beneficial ownership database that is currently in development, and specifies when and how reporting companies may report FinCEN identifiers tied to entities. Under the proposal, foreign requesters would be required to make their requests for beneficial ownership information through intermediary federal agencies, and financial institutions would only be allowed to request this information from FinCEN for purposes of complying with customer due diligence (CDD) requirements and only after receiving consent from the reporting company to which the information pertains.

    Comments on the NPRM are due by February 14, 2023. FinCEN explained that this is the second of three rulemakings planned to implement the CTA. The third rulemaking, which will revise FinCEN’s CDD rule, will occur no later than one year after the effective date of the Reporting Rule.

    Financial Crimes Agency Rule-Making & Guidance FinCEN Of Interest to Non-US Persons Corporate Transparency Act CDD Rule Beneficial Ownership

  • FinCEN issues statement on independent ATM customer due diligence

    Financial Crimes

    On June 22, FinCEN issued a statement providing clarity to banks on the application of a risk-based approach to conducting customer due diligence (CDD) on independent Automated Teller Machine (ATM) owners or operators, consistent with FinCEN’s 2016 CDD Rule. As previously covered by InfoBytes, FinCEN issued a final rule imposing standardized CDD requirements for banks, broker-dealers, mutual funds, futures commission’s merchants, and brokers in commodities in May 2016. The rule established that covered institutions must identify any natural person that owns, directly or indirectly, 25 percent or more of a legal entity customer or that exercises control over the entity. The rule also established ongoing monitoring for reporting suspicious transactions and, on a risk basis, updating customer information. The recently released statement explained that the level of money laundering and terrorism financing risk varies with these customers, and that they do not automatically present a higher level of risk. FinCEN pointed to certain customer information that may be useful for banks in making determinations on the risk profile of independent ATM owner or operator customers, including, among other things: (i) organizational structure and management; (ii) operating policies, procedures, and internal controls; (iii) currency servicing arrangements; (iv) source of funds if a bank account is not used to replenish the ATM; and (v) description of expected and actual ATM activity levels.

    Financial Crimes Agency Rule-Making & Guidance FinCEN Customer Due Diligence ATM Terrorist Financing

  • Agencies clarify BSA/AML due diligence requirements for “politically exposed persons”

    Financial Crimes

    On August 21, the FDIC, Federal Reserve Board, FinCEN, NCUA, and OCC issued a joint statement clarifying that banks should ensure customers who may be considered “politically exposed persons” (PEPs) be subject to customer due diligence matching the risk levels posed by the relationships. In general, while PEPs are not defined within the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) regulations, they commonly refer to “foreign individuals who are or have been entrusted with a prominent public function, as well as their immediate family members and close associates.” U.S. public officials are not included. Specifically, the agencies emphasized that not all individuals who might qualify as PEPs “are high risk solely by virtue of their status.” While FinCEN’s customer due diligence rule (CDD rule), requires banks to identify and verify the identities of new account holders, assess the riskiness of these customer relationships, and conduct ongoing monitoring (see InfoBytes coverage of the CDD Rule here), the agencies note that “the CDD rule does not create a regulatory requirement, and there is no supervisory expectation, for banks to have unique, additional due diligence steps for customers who are considered PEPs. Instead, the level and type of CDD should be appropriate for the customer risk.”

    The joint statement also outlines a number of considerations for banks to take into account when evaluating a PEP’s risk level, including the type of products and services used, the volume and nature of transactions, the nature of the customer’s authority or influence over government activities or officials, and the customer’s access to significant government assets or funds. Among other impacts, the agencies note that the customer risk profile may effect “how the bank complies with other regulatory requirements, such as suspicious activity monitoring, since the bank structures its BSA/AML compliance program to address its risk profile, based on the bank’s assessment of risks.” The joint statement also rescinds the 2001 Guidance on Enhanced Scrutiny for Transactions that May Involve the Proceeds of Foreign Corruption related to foreign PEPs.

    The agencies emphasized, however, that the joint statement does not change existing BSA/AML legal or regulatory requirements, nor does it “require banks to cease existing risk management practices if the bank considers them necessary to effectively manage risk.”

    Financial Crimes OFAC Department of Treasury Sanctions Iran DOJ Of Interest to Non-US Persons

  • FinCEN clarifies customer due diligence FAQs

    Agency Rule-Making & Guidance

    On August 3, the Financial Crimes Enforcement Network (FinCEN), in consultation with the federal functional regulators, issued responses to three frequently asked questions (FAQs) concerning customer due diligence (CDD) requirements under the Bank Secrecy Act for covered financial institutions. As previously covered by InfoBytes, the 2016 CDD Rule imposed standardized requirements for financial institutions to identify and verify beneficial owners of legal entity customers, subject to certain exclusions and exemptions. The FAQs follow those issued by FinCEN in July 2016 and April 2018 (covered by InfoBytes here and here), and address procedures to collect customer information, methods to establish a customer risk profile, and obligations to update customer information.

    Agency Rule-Making & Guidance FinCEN CDD Rule Bank Secrecy Act

  • FinCEN Director warns of account takeovers via fintech data aggregators

    Financial Crimes

    On September 24, Financial Crimes Enforcement Network (FinCEN) Director Kenneth Blanco spoke at the Federal Identity (FedID) Forum and Exposition, discussing the role of FinCEN in combatting fraud and cybercrime and highlighting concerns regarding identity crimes. Blanco noted that FinCEN sees approximately 5,000 account takeover reports each month, a crime that “involves the targeting of financial institution customer accounts to gain unauthorized access to funds.” Moreover, FinCEN sees a high amount of fraud through account takeovers via fintech platforms, where cybercriminals use fintech data aggregators to facilitate account takeovers and fraudulent wires. Blanco stated that cybercriminals create fraudulent accounts and are able to “exploit the platforms’ integration with various financial services to initiate seemingly legitimate financial activity while creating a degree of separation from traditional fraud detection efforts.”

    Additionally, Blanco discussed how cybercriminals use business email compromise (BEC) fraud schemes to target financial institutions and relayed FinCEN’s efforts to combat these schemes. As previously covered by InfoBytes, in July, FinCEN issued an updated advisory, describing general trends in BEC schemes, information concerning the targeting of non-business entities, and risks associated with the targeting of vulnerable business processes. Blanco also discussed (i) FinCEN’s final rule titled the “Customer Due Diligence Requirements for Financial Institutions,” (the CDD Rule) (prior coverage by InfoBytes here); and (ii) FinCEN’s December 2018 joint statement with federal banking agencies encouraging innovative approaches to combatting money laundering, terrorist financing, and other illicit financial threats when safeguarding the financial system (previously covered by InfoBytes here).

     

     

    Financial Crimes Fintech Bank Secrecy Act Anti-Money Laundering CDD Rule Fraud Of Interest to Non-US Persons

  • FFIEC releases customer due diligence and beneficial ownership examination procedures

    Financial Crimes

    On May 11, the Federal Financial Institutions Examination Council released updated examination procedures for the Financial Crimes Enforcement Network's (FinCEN) final rule, “Customer Due Diligence Requirements for Financial Institutions” (CDD rule). Compliance with the CDD rule became mandatory on  May 11. The updated customer due diligence exam procedures were developed in close collaboration with FinCEN and replace those in the current Bank Secrecy Act/Anti-Money Laundering Examination Manual. Additionally, a new set of exam procedures address the CDD rule’s beneficial ownership requirements.

    According to an OCC bulletin released the same day, the examination procedures reflect federal and state banking agencies’ “ongoing commitment to examine financial institutions for compliance with the Bank Secrecy Act . . . in accordance with uniform standards and principles.”

    See here for continuing InfoBytes coverage of the CDD rule.

    Financial Crimes FFIEC CDD Rule OCC FinCEN Beneficial Ownership

  • FINRA amends anti-money laundering rule to comply with FinCEN’s CDD rule

    Financial Crimes

    On May 3, FINRA issued a Regulatory Notice 18-19 amending Rule 3310—Anti-Money Laundering (AML) Compliance Program rule—to reflect the Financial Crimes Enforcement Network’s final rule concerning customer due diligence requirements for covered financial institutions (CDD rule), which becomes applicable on May 11. According to Regulatory Notice 18-19, member firms should ensure that their AML programs are updated to include, among other things, appropriate risk-based procedures for conducting ongoing customer due diligence including (i) “understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile,” and (ii) “conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.” The announcement also makes reference to FINRA’s Regulatory Notice 17-40, issued last November, which provides additional guidance for member firms complying with the CDD rule. (See previous InfoBytes coverage here.). The notice further states that the “provisions are not new and merely codify existing expectations for firms.”

    Financial Crimes FINRA CDD Rule Anti-Money Laundering FinCEN Department of Treasury Customer Due Diligence

  • House Financial Services Committee holds hearing on FinCEN’s CDD rule

    Federal Issues

    On April 27, the House Financial Services Committee’s Subcommittee on Financial Institutions and Consumer Credit held a hearing entitled “Implementation of FinCEN's Customer Due Diligence Rule—Financial Institution Perspective” to discuss challenges facing financial institutions when complying with FinCEN’s Customer Due Diligence Rule (CDD Rule). As previously covered in InfoBytes, the CDD Rule takes effect May 11, and imposes standardized customer due diligence (CDD) requirements under the Bank Secrecy Act (BSA) for covered financial institutions, including the identification and verification of the beneficial owners of legal entity customers. The hearing’s four witnesses expressed certain concerns regarding the effects of implementation on financial institutions, as well as the timing of additional guidance released April 3 in the form of frequently asked questions.

    In prepared remarks, Executive Director of The Financial Accounting and Corporate Transparency (FACT) Coalition, Gary Kalman, commented that the CDD Rule, which calls for additional AML requirements, is a “positive step forward but falls short of what is needed to protect the integrity of [the] financial system”—particularly in terms of what defines a “beneficial owner.” Greg Baer, President of The Clearing House Association, expressed concerns that the CDD Rule (i) requires financial institutions to verify beneficial owners for each account that is opened, instead of verifying on a per-customer basis; and (ii) does not explicitly state in its preamble that FinCEN possesses sole authority to set CDD standards, which may present opportunities for examiners to make ad hoc interpretations.

    Additionally, Executive Vice President of the International Bank of Commerce Dalia Martinez, observed, among other things, that compliance with the CDD Rule is costly and burdensome, and that banks have not been provided with the tools or guidance to determine whether the information provided by legal entity customers is accurate when verifying beneficial owners. The “gray areas” within the CDD Rule, Martinez noted, present challenges for compliance. A fourth witness, Carlton Green, a partner at Crowell & Morning, expressed concerns with the relationship between FinCEN and the federal functional regulators, stating that because FinCEN has delegated examination authority to these regulators, there is a chance regulators will “create and enforce their own interpretations of or additions to BSA rules” that may “diverge from FinCEN’s priorities.”

    Federal Issues House Financial Services Committee FinCEN Customer Due Diligence Financial Crimes CDD Rule

  • FINRA revises anti-money laundering template for small firms

    Agency Rule-Making & Guidance

    On April 4, the Financial Industry Regulatory Authority (FINRA) released a revised template to assist FINRA-registered small firms in developing and implementing risk-based anti-money laundering (AML) programs as required by the Bank Secrecy Act and FINRA Rule 3310. Changes to the template reflect FinCEN’s final rule concerning customer due diligence requirements for covered financial institutions (CDD rule), which goes into effect May 11. (See previous InfoBytes coverage on the CDD rule here.) The CDD rule requires covered financial institutions, including FINRA-registered firms, to identify the beneficial owners of legal entity customers who open new accounts.

    Agency Rule-Making & Guidance FINRA FinCEN Anti-Money Laundering Customer Due Diligence Department of Treasury Bank Secrecy Act Financial Crimes CDD Rule

Pages

Upcoming Events