Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FinCEN highlights use of BSA reporting data

    Financial Crimes

    On April 25, FinCEN released its year-in-review for FY 2022. The annual summary provided insights into the agency’s efforts to support law enforcement and national security agencies, as well as statistics from Bank Secrecy Act (BSA) filings. FinCEN reported that BSA data was used to advance several law enforcement missions, including in 36.3 percent of active complex financial crimes investigations, 27.5 percent of active public corruption investigations, and 20.6 percent of active international terrorism investigations. Additionally, FinCEN noted that in FY 2022 there were over 7,600 Section 314(b)-registered financial institutions. Section 314(b) of the USA PATRIOT Act allows registered entities to share information about financial activity with one another to help entities of all sizes identify and report suspicious activity. FinCEN further reported that 92 percent of domestic law enforcement agencies that query BSA data “find the resulting financial intelligence valuable to the detection and deterrence of illicit activity.”

    Financial Crimes Of Interest to Non-US Persons FinCEN Bank Secrecy Act Enforcement

  • FinCEN fines trust company $1.5 million for BSA violations

    Financial Crimes

    On April 26, FinCEN announced its first enforcement action against a trust company, in which it assessed a $1.5 million civil money penalty against a South Dakota-chartered trust company for willful violations of the Bank Secrecy Act (BSA) and its implementing regulations. According to the consent order, the trust company admitted that it willfully failed to timely and accurately report hundreds of transactions to FinCEN involving suspicious activity by its customers, including transactions with connections to a trade-based money-laundering scheme and several securities fraud schemes. The agency cited the trust company’s “severely underdeveloped” process for identifying and reporting potentially suspicious activity as part of “an overall failure to build a culture of compliance.”

    According to FinCEN acting Director Himamauli Das, the trust company “had virtually no process to identify and report suspicious transactions, resulting in it processing over $4 billion in international wires with essentially no controls.” FinCEN said that the trust company should have realized that a large volume of activity from high-risk customers played a role in the closure of numerous correspondent accounts it maintained at other financial institutions, and pointed out that the trust company only began closing accounts flagged during an audit after several forced closures of its own accounts by other financial institutions and after receiving law enforcement inquiries about the accounts referred by the audit. However, at the time, the trust company made no effort to file suspicious activity reports (SARs), FinCEN found, claiming that the trust company processed hundreds of suspicious transactions worth tens of millions of dollars for risky customers that, among other things, appeared to operate in unrelated business sectors. FinCEN added that “personnel with [anti-money laundering (AML)] responsibilities have acknowledged not fully understanding federal SAR filing requirements and that they may have missed important information about some of their riskiest clients as the result of maintaining other, non-AML responsibilities.”

    The consent order requires the trust company to hire an independent consultant to review its AML program and transactions from all referenced accounts, as well as any other accounts the trust company maintained for customer referrals, and conduct a SAR lookback review. The trust company is also required to implement recommendations made by the independent consultant and file SARs for any flagged covered transactions. FinCEN recognized the close collaboration and assistance provided by the DOJ and the FBI on this matter.

    Financial Crimes Of Interest to Non-US Persons FinCEN Enforcement Bank Secrecy Act DOJ FBI SARs

  • FinCEN renews and expands real estate GTOs

    Financial Crimes

    On April 21, FinCEN updated its Geographic Targeting Orders (GTOs). The GTOs require U.S. title insurance companies to identify the natural persons behind shell companies that pay “all cash” (i.e., the transaction does not involve external financing) for residential real estate in certain counties within the following major metropolitan areas: Boston; Chicago; Dallas-Fort Worth; Houston; Laredo; Las Vegas; Los Angeles; Miami; New York City; San Antonio; San Diego; San Francisco; Seattle; the District of Columbia, Northern Virginia, and Maryland (DMV) area; as well as the City and County of Baltimore, the County of Fairfield, Connecticut, and the Hawaiian islands of Honolulu, Maui, Hawaii, and Kauai. FinCEN also expanded the geographic coverage of the GTOs to additional counties in both Connecticut and Colorado, after the agency—in conjunction with law enforcement partners—identified the regions as presenting greater risks for illicit finance activity through non-financed purchases of residential real estate. The purchase price required to trigger the reporting requirements in the relevant areas remains set at $300,000, with the exception of the City and County of Baltimore, which is set at $50,000. The renewed GTOs take effect April 25 and end October 21, 2023.

    FinCEN FAQs regarding the GTOs are available here.

    Financial Crimes Of Interest to Non-US Persons FinCEN GTO Anti-Money Laundering

  • FinCEN looks at business email threat in real estate

    Financial Crimes

    On March 30, FinCEN released a Financial Trend Analysis examining threat patterns and trends identified in Bank Secrecy Act (BSA) data relating to business email compromise (BEC) in the real estate sector during 2020 and 2021. According to the analysis, BEC attackers target businesses and financial institutions that routinely conduct large wire transfers and rely on email for communication about these wires. FinCEN explained in its announcement that attackers “may obtain unauthorized access to networks and systems to misappropriate confidential and proprietary information,” noting in its analysis that “[p]erpetrators typically compromise a key email account by using computer intrusions or social engineering and send an email that fraudulently directs funds to criminal-controlled accounts” where many times “the victim is tricked into thinking a legitimate email from a trusted person or entity is directing them to make a payment.” According to the Federal Bureau of Investigation’s Internet Crime Compliant Center, BEC incidents resulted in more than $43 billion in worldwide losses between June 2016 and December 2021.

    FinCEN’s analysis found that attackers most commonly impersonated title and closing entities and personnel, and that 1,767 incidents involved initial domestic transfers of fraudulent funds to accounts at U.S. depository institutions (151 incidents involved initial transfers of fraudulent funds to international institutions). Additionally, the analysis found that 83 of the 2,103 reported real estate-related BEC incidents involved convertible virtual currency.

    FinCEN reiterated that financial institutions, real estate sector entities, and the public “may all play an important role in protecting the U.S. financial system from [real estate] BEC attacks through awareness of actions to detect and mitigate attacks, information sharing mechanisms that can prevent attacks, and various ways to report incidents when they occur.” FinCEN further encouraged these entities to “[a]ssess the vulnerability of their business processes with respect to BEC and consider actions to ‘harden’ or increase the resiliency of their processes and systems against email fraud schemes.” This includes understanding quantifiable risks associated with the authentication of participants involved in communications, the authorization of transactions, and the communication of information and changes about transactions. Additionally, entities should “[a]dopt a multi-faceted transaction verification process—as well as training and awareness-building—to identify and evade spear phishing attempts.” FinCEN emphasized that “[i]dentifying fraudulent transaction payment instructions before payments are issued is essential to preventing and reducing unauthorized transactions.”

    Financial Crimes FinCEN Of Interest to Non-US Persons Bank Secrecy Act Real Estate Business Email Compromise Digital Assets

  • FinCEN releases beneficial ownership reporting guidance

    Financial Crimes

    On March 24, FinCEN released its first set of guidance materials to aid the public and small businesses in reporting beneficial ownership information (i.e., individuals who directly or indirectly own or control a company). As previously covered by InfoBytes, last September, FinCEN published a final rule establishing beneficial ownership information requirements, as required by the Corporate Transparency Act. The final rule, which becomes effective January 1, 2024, will require most corporations, limited liability companies, and other entities created in or registered to do business in the United States, to report information about their beneficial owners to FinCEN. Reporting companies created or registered before January 1, 2024, will have until January 1, 2025, to file their initial reports, while reporting companies created or registered after January 1, 2024, will have 30 days after creation or registration to file their initial reports. The guidance materials include FAQs, information on key filing dates, and informational videos. Additional guidance will be published in the coming months, including a Small Entity Compliance Guide, FinCEN said in the announcement.

    Financial Crimes Agency Rule-Making & Guidance Of Interest to Non-US Persons FinCEN Beneficial Ownership Corporate Transparency Act

  • FinCEN comments on Russia’s suspended FATF membership; issues statements on jurisdictions with AML/CFT/CPF deficiencies

    Financial Crimes

    On March 9, FinCEN informed U.S. financial institutions that last month the Financial Action Task Force (FATF) suspended the Russian Federation’s membership after determining that the country’s “actions unacceptably run counter to the FATF core principles aiming to promote security, safety, and the integrity of the global financial system.” (Covered by InfoBytes here.) FATF also urged jurisdictions to monitor for and mitigate emerging risks resulting “from the circumvention of measures taken in order to protect the international financial system.”

    Additionally, FinCEN noted that at the end of February, FATF issued public statements updating its lists of jurisdictions with strategic deficiencies in anti-money laundering (AML), countering the financing of terrorism (CFT), and countering the financing of proliferation of weapons of mass destructions (CPF) regimes. These include (i) Jurisdictions under Increased Monitoring, “which publicly identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes that have committed to, or are actively working with, the FATF to address those deficiencies in accordance with an agreed upon timeline,” and (ii) High-Risk Jurisdictions Subject to a Call for Action, “which publicly identifies jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and calls on all FATF members to apply enhanced due diligence, and, in the most serious cases, apply counter-measures to protect the international financial system from the money laundering, terrorist financing, and proliferation financing risks emanating from the identified countries.”

    With respect to jurisdictions under increased monitoring, FinCEN’s announcement reminded U.S. covered financial institutions of their due diligence obligations for foreign financial institutions (including correspondent accounts maintained for foreign banks), and instructed them to ensure that they implement “appropriate, specific, risk-based, and, where necessary, enhanced policies, procedures, and controls that are reasonably designed to detect and report known or suspected money laundering activity conducted through or involving any correspondent account established, maintained, administered, or managed in the United States.” Money services business are reminded of parallel requirements with respect to foreign agents or counterparties. Members were informed that FATF removed Cambodia and Morocco from its list of Jurisdictions under Increased Monitoring but added Nigeria and South Africa to the list.

    FinCEN’s announcement also informed members that Burma remains on the list of High-Risk Jurisdictions Subject to a Call for Action, and advised U.S. financial institutions to apply enhanced due diligence. Moreover, U.S. financial institutions should continue to refer to existing FinCEN and OFAC guidance on engaging in financial transactions with Burma. With respect to the Democratic People’s Republic of Korea and Iran, “financial institutions must comply with the extensive U.S. restrictions and prohibitions against opening or maintaining any correspondent accounts, directly or indirectly, for North Korean or Iranian financial institutions,” FinCEN said, adding that “[e]xisting U.S. sanctions and FinCEN regulations already prohibit any such correspondent account relationships.”

    Financial Crimes Of Interest to Non-US Persons FATF Russia Anti-Money Laundering Combating the Financing of Terrorism FinCEN OFAC

  • FinCEN warns financial institutions of surge in mail theft-related check fraud

    Financial Crimes

    On February 27, FinCEN issued an alert to financial institutions on the nationwide surge in check fraud schemes targeting the U.S. mail. Mail theft-related check fraud, FinCEN explained, generally relates to the fraudulent negotiation of checks stolen from the U.S. postal service, and represents one of the most significant money laundering threats to the U.S. The alert is intended to ensure financial institutions file suspicious activity reports (SARs) that appropriately identify and report suspected check fraud schemes possibly linked to mail theft. The alert highlighted red flags to help financial institutions identify and report suspicious activity, and reminded financial institutions of their Bank Secrecy Act (BSA) reporting requirements. According to FinCEN, BSA reporting for check fraud has increased significantly over the past three years. “In 2021, financial institutions filed over 350,000 [SARs] to FinCEN to report potential check fraud, a 23 percent increase over the number of check fraud-related SARs filed in 2020,” the agency said, adding that in 2022, SARs related to check fraud reached over 680,000. When suspecting this type of fraud, financial institutions are advised to refer customers to the United States Postal Inspection Service in addition to filing a SAR.

    Financial Crimes Of Interest to Non-US Persons FinCEN Fraud Anti-Money Laundering SARs Bank Secrecy Act

  • CSBS says state regulators need access to FinCEN’s beneficial ownership database

    State Issues

    On February 14, the Conference of State Bank Supervisors commented that FinCEN should be more explicit in its inclusion of state regulators as agencies that can request access to FinCEN’s forthcoming secure, non-public beneficial ownership information database. (See comment letter here.) As previously covered by InfoBytes, last December FinCEN issued a notice of proposed rulemaking (NPRM) to implement provisions of the Corporate Transparency Act (CTA) that govern the access to and protection of beneficial ownership information (BOI). The NPRM proposed regulations for establishing who may request beneficial ownership information, how the information must be secured, and non-compliance penalties, and also addressed aspects of the database that are currently in development. Agreeing that the new database would help enhance anti-money laundering and countering the financing of terrorism standards and help prevent the use of privacy to hide illicit activity from law enforcement and government authorities, CSBS asked that the final rule “explicitly define state regulators so that there is no confusion about their ability to access BOI when examining state-chartered banks and non-depository trust companies for compliance with customer due diligence requirements under the Bank Secrecy Act (BSA).” According to CSBS, state regulators conducted over 1,200 BSA exams in 2021. CSBS further pointed out that being able request BOI on an as needed basis would aid investigative and enforcement responsibilities for both state-chartered banks and state-licensed nonbank financial services providers. 

    State Issues Financial Crimes State Regulators CSBS Beneficial Ownership FinCEN Corporate Transparency Act Customer Due Diligence Anti-Money Laundering Combating the Financing of Terrorism Bank Secrecy Act

  • OFAC, UK announce joint sanctions on Russia-based cybercrime gang

    Financial Crimes

    On February 9, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), in coordination with the UK, announced sanctions against seven individuals who allegedly are involved in a Russia-based cybercrime gang and are associated with the development or deployment of a range of ransomware strains designed to steal financial data. (See also UK’s announcement here.) The sanctions, taken pursuant to Executive Order (E.O.) 13694 as amended by E.O. 13757, represent the first sanctions of their kind for the UK, and come as a result of a partnership between OFAC and the U.K.’s Foreign, Commonwealth, and Development Office, the UK National Crime Agency, and His Majesty’s Treasury—all of which serve to disrupt Russian cybercrime and ransomware. “Cyber criminals, particularly those based in Russia, seek to attack critical infrastructure, target U.S. businesses, and exploit the international financial system,” Treasury Under Secretary Brian E. Nelson said in the announcement, stressing that “international cooperation is key to addressing Russian cybercrime.” Referring to an action taken by FinCEN last month, which identified a Russia-based virtual currency exchange “as a ‘primary money laundering concern’ in connection with Russian illicit finance” (covered by InfoBytes here), OFAC reiterated that the U.S. and UK are “committed to using all available authorities and tools to defend against cyber threats.” The designations follow other joint sanctions actions taken by the two countries and reflect findings that sanctions are most effective in coordination with international partners, OFAC said.

    As a result of the sanctions, all property and interests in property belonging to the sanctioned individuals that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. U.S. persons are generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons. Persons that engage in certain transactions with the designated individuals may themselves be exposed to sanctions, and “any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals or entities designated today could be subject to U.S. correspondent or payable-through account sanctions.”

    Financial Crimes Of Interest to Non-US Persons OFAC Department of Treasury OFAC Sanctions OFAC Designations SDN List UK Privacy, Cyber Risk & Data Security FinCEN Russia

  • Luetkemeyer accuses DOJ of incomplete BSA/AML data

    Federal Issues

    On February 1, Representative Blaine Luetkemeyer (R-MO) sent a letter to Attorney General Merrick Garland asking for an explanation as to why the DOJ has not complied with a provision in the 2021 National Defense Authorization Act (2021 NDAA), which requires the Department to report metrics on its use of Bank Secrecy Act (BSA) data to the Treasury Department. According to Luetkemeyer, section 6201 of the 2021 NDAA requires the DOJ to also report “on the use of data derived from financial institutions reporting under the [BSA]” in order to increase transparency on the usefulness of BSA data filed with FinCEN from financial institutions and ensure bad actors are not using the U.S. financial system to fund illicit activities.

    Specifically, the DOJ is required by the 2021 NDAA to examine how often the reported data contains actionable information, the number of legal entities and individuals identified within the reported data, and information on investigations resulting from the reported data that are conducted by state and federal authorities, the letter said. Citing a Government Accountability Office report (which found that the DOJ’s report failed to “include new statistics on the use and impact of BSA reports, including the summary statistics required under the act”), Luetkemeyer claimed the lack of transparency “begs the question if the burdensome reporting is worthwhile” and prevents “FinCEN and Congress from determining the effectiveness of the U.S. anti-money laundering regime.” Luetkemeyer asked the DOJ for an explanation as to why it failed to provide the required information.

    Federal Issues Financial Crimes U.S. House DOJ Anti-Money Laundering Bank Secrecy Act FinCEN Illicit Finance

Pages

Upcoming Events