InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN warns of Covid-19 unemployment insurance fraud
On October 13, the Financial Crimes Enforcement Network (FinCEN) issued an advisory for financial institutions to assist in detecting and preventing Covid-19-related unemployment insurance (UI) fraud. The advisory highlights specific ways illicit actors are exploiting the pandemic to engage in UI fraud, including, among other things, employees receiving UI payments while still being paid reduced, unreported wages from their employer, and the submission of UI claims using stolen or fake identification information. The advisory includes a specific list of red flag indicators for financial institutions to be aware of, such as (i) UI payments from a different state from the one in which the customer resides; (ii) multiple state UI payments within the same disbursement period; (iii) UI payments in a different name from the account holder; (iv) the withdrawal of UI funds in lump sums by cashier’s check or prepaid debit card; (v) multiple accounts receiving UI payments being associated with the same free, web-based email account; and (vi) a newly opened account that starts to receive numerous UI deposits. Financial institutions are encouraged to perform additional inquiries and investigations where appropriate, consistent with a risk-based approach for compliance with the Bank Secrecy Act. Lastly, should financial institutions need to report any UI fraud in a suspicious activity report, FinCEN encourages the institution to reference the advisory.
Special Alert: FinCEN extends AML program, other requirements to banks without federal regulators
On September 14, the Financial Crimes Enforcement Network (FinCEN) issued a final rule to align Bank Secrecy Act (BSA) requirements applicable to most banks with the requirements applicable to banks lacking a “federal functional regulator.” In particular, the final rule will require all non-federally regulated banks — including private banks, non-federally insured credit unions, and certain trust companies — to establish and implement anti-money-laundering (AML) programs and customer identification programs (CIP).
FinCEN releases ANPRM on enhancing AML programs
On September 16, the Financial Crimes Enforcement Network (FinCEN) issued an Advance Notice of Proposed Rulemaking (ANPRM) soliciting comments on questions concerning potential regulatory amendments under the Bank Secrecy Act (BSA). According to the ANPRM, the proposed amendments “are intended to modernize the regulatory regime to address the evolving threats of illicit finance, and provide financial institutions with greater flexibility in the allocation of resources, resulting in the enhanced effectiveness and efficiency of anti-money laundering programs.” The ANPRM stems from FinCEN’s evaluation of recommendations received from the Bank Secrecy Act Advisory Group, which was established in 2019 to develop recommendations for strengthening the national AML regime. The ANPRM proposes, among other things, that all covered financial institutions subject to ALM program regulations would be required to maintain an “effective and reasonably designed” AML program that: (i) “assesses and manages risk as informed by a financial institution’s risk assessment, including consideration of [AML] priorities to be issued by FinCEN consistent with the proposed amendments”; (ii) “provides for compliance with [BSA] requirements”; and (iii) “provides for the reporting of information with a high degree of usefulness to government authorities.” The ANPRM also seeks comments on whether an explicit requirement for a risk assessment process should be established within the AML program regulations, as well as whether FinCEN’s director should issue a list of national AML priorities (tentatively titled “Strategic Anti-Money Laundering Priorities”) every two years. Comments are due by November 16.
FinCEN removes AML exemption for non-federally regulated banks
On September 14, the Financial Crimes Enforcement Network (FinCEN) issued a final rule, under its sole authority, to remove the anti-money laundering (AML) program exemption for non-federally regulated banks. According to FinCEN, the rulemaking was prompted by the “gap in AML coverage” between banks that have a federal functional regulator and those that do not, which has created “a vulnerability to the U.S. financial system that could be exploited by bad actors.” The final rule would bring non-federally regulated banks that are currently required to comply with certain Bank Secrecy Act (BSA) obligations, such as filing currency transaction reports and suspicious activity reports to detect unusual activity, into compliance with the same standards applicable to all other banks. Specifically, the final rule outlines minimum standards for non-federally regulated banks to ensure the establishment and implementation of required AML programs, and extends customer identification program (CIP) requirements, as well as beneficial ownership requirements outlined in FinCEN’s 2016 customer due diligence (CDD) rule (covered by InfoBytes here), to banks not already subject to these requirements. FinCEN believes that non-federally regulated banks will be able to take a risk-based approach when tailoring their AML and CIP programs to fit their size, needs, and operational risks, and that those banks should be able to build on “existing compliance policies and procedures and prudential business practices to ensure compliance. . .with relatively minimal cost and effort.” The final rule takes effect November 16.
For more details, please see a Buckley Special Alert on the final rule.
Special Alert: FinCEN outlines approach to BSA enforcement
On August 18, the Financial Crimes Enforcement Network, which has overall responsibility for administering the Bank Secrecy Act, issued a short statement that, for the first time, publicly outlined its approach to BSA enforcement. Of note, FinCEN indicated that it will not base enforcement actions on an institution’s failure to comply with standards announced solely in a guidance document. Additionally, for the first time, FinCEN listed a nonexhaustive set of factors it will use to determine what enforcement steps should be taken. The statement leaves FinCEN with considerable flexibility in enforcing the BSA, and raises a number of questions for legal and compliance professionals.
The statement will be of most interest to “financial institutions,” which under the BSA include a wide swath of financial services companies, that are not subject to supervision by a federal prudential regulator authorized to enforce compliance with the BSA; most prudential regulators have their own enforcement guidelines, and the federal banking agencies recently issued a joint statement on BSA enforcement. Companies subject to FinCEN’s BSA enforcement authority, particularly those such as money services businesses without federal prudential regulators, may wish to familiarize themselves with FinCEN’s enforcement factors and tailor their compliance efforts accordingly. The statement also provides implicit guidance on what actions institutions should take upon identification of a potential violation.
FinCEN clarifies customer due diligence FAQs
On August 3, the Financial Crimes Enforcement Network (FinCEN), in consultation with the federal functional regulators, issued responses to three frequently asked questions (FAQs) concerning customer due diligence (CDD) requirements under the Bank Secrecy Act for covered financial institutions. As previously covered by InfoBytes, the 2016 CDD Rule imposed standardized requirements for financial institutions to identify and verify beneficial owners of legal entity customers, subject to certain exclusions and exemptions. The FAQs follow those issued by FinCEN in July 2016 and April 2018 (covered by InfoBytes here and here), and address procedures to collect customer information, methods to establish a customer risk profile, and obligations to update customer information.
FinCEN advisory warns of Covid-19 scams and money-mule schemes
On July 7, the Financial Crimes Enforcement Network (FinCEN) issued an advisory alerting financial institutions to potential indicators of Covid-19 imposter scams and money mule schemes (where actors impersonate federal government agencies, international organizations, and charities). The advisory outlines numerous red flag indicators and examples of these types of schemes in order to assist financial institutions in detecting, preventing, and reporting suspicious transactions. FinCEN emphasizes that “no single financial red flag indicator is necessarily indicative of illicit or suspicious activity,” and encourages financial institutions to consider additional contextual information, such as a customer’s historical financial activity and whether a customer exhibits multiple indicators, before making a determination that a transaction is suspicious or otherwise indicative of a potentially fraudulent Covid-19-related activity. FinCEN further advises financial institutions—in line with their risk-based approach to Bank Secrecy Act compliance—to perform additional inquiries and conduct investigations as necessary.
FinCEN outlines BSA due diligence requirements for hemp-related businesses
On June 29, the Financial Crimes Enforcement Network (FinCEN) issued guidance for hemp-related business customers to explain due diligence requirements and identify the types of information financial institutions can collect to comply with Bank Secrecy Act (BSA) regulatory requirements. The guidance supplements a December 2019 interagency statement (covered by a Buckley Special Alert), which confirmed that financial institutions are no longer required to file a suspicious activity report (SARs) on customers solely because they are “engaged in the growth or cultivation of hemp in accordance with applicable laws and regulations.” Among other things, the guidance reiterates FinCEN’s expectation that financial institutions conduct customer due diligence (CDD) for hemp-related businesses, as they would for other customers, and establish appropriate on-going risk-based CDD procedures. This may include confirming that the hemp business is complying with applicable state, tribal government, or United States Department of Agriculture licensing requirements. Financial institutions should also tailor BSA/Anti-Money Laundering programs to appropriately reflect the risks associated with a customer’s particular risk profile and file the required reports. The guidance further provides that while financial institutions are not required to file SARs on customers solely because they are engaged in a hemp business, “financial institutions are expected to follow standard SAR procedures.” Examples of suspicious activity that may warrant the filing of a SAR are provided. Finally, the guidance states that financial institutions must report currency transactions connected to hemp-related businesses as they would for any other customer for transactions above $10,000 in aggregate on a single business day.
FinCEN advisory warns of Covid-19 medical scams, provides guidance on reporting suspicious activity
On May 18, the Financial Crimes Enforcement Network (FinCEN) issued an advisory and companion notice on medical scams related to the Covid-19 pandemic that provide detailed instructions for financial institutions filing reports of Covid-19-related suspicious activities. The advisory outlines numerous red flag indicators and case studies addressing Covid-19 medical-related fraudulent activity to assist financial institutions in detecting, preventing, and reporting suspicious transactions. FinCEN also encourages financial institutions to consider additional contextual information, such as a customer’s historical financial activity and whether a customer exhibits multiple indicators, before making a determination that a transaction is suspicious. FinCEN further advises financial institutions—when taking a risk-based approach to Bank Secrecy Act compliance—to perform additional inquiries and conduct investigations as necessary.
The companion notice provides, among other things, that suspicious activity reports (SAR) should only include Covid-19 statements tied to suspicious activity and that statements related to Covid-19’s impact on SAR filing abilities should not be included. However, FinCEN states that filers who previously included these references are not required to file corrected reports. For fraud schemes, including those that exploit the Covid-19 pandemic, FinCEN reiterates that full details related to SAR filings and supporting documentation should be submitted as quickly as possible. The notice also addresses information sharing among financial institutions and provides contact information for reporting Covid-19-related criminal activity to other agencies.
FDIC updates Covid-19 FAQs for financial institutions
On April 15, the FDIC released updates to its list of Covid-19 frequently asked questions (FAQs) for financial institutions. The FAQs were originally released on March 19, covering bank operational issues and urging banks to work with borrowers who are experiencing payment difficulties due to Covid-19, as reported by InfoBytes here. New FAQs discuss credit reporting of payment accommodations, reminding lenders to report borrower accounts as current, provided the borrowers continue to observe the terms of the accommodations. The guidance also points financial institutions to a recent CFPB statement (covered here) for guidance on the FCRA under the CARES Act. The FDIC also updated the Troubled Debt Restructurings (TDRs) guidance, emphasizing that financial institutions do not need to classify Covid-19 borrower payment accommodations as TDRs if certain criteria are met, and that examiners “will not criticize prudent efforts to modify the terms on existing loans to affected customers.” Other updates to the FAQs include, among other things: (i) obligations to obtain updated real estate valuation information for Covid-19 related loan modifications; (ii) the use of alternative signatures for Part 363 annual reports and other notices; (iii) real estate loans in excess of loan-to-value percentages for loans refinanced by borrowers impacted by Covid-19; (iv) risk-based capital rules regarding multi-family loan modifications; (v) eligible Community Reinvestment Act activities during the Covid-19 pandemic; and (vi) Bank Secrecy Act issues regarding filing requirements, raising compliance challenges with FinCEN, and whether loans under the Small Business Administration’s Paycheck Protection Program are considered new accounts for customer due diligence purposes.