InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN updates FATF-identified jurisdictions with AML/CFT deficiencies
On April 27, the Financial Crimes Enforcement Network (FinCEN) issued an advisory to financial institutions concerning the Financial Action Task Force’s (FATF) updated list of jurisdictions identified as having “strategic deficiencies” in their anti-money laundering/combatting the financing of terrorism (AML/CFT) regimes. FinCEN urges financial institutions to consider this list when reviewing due diligence obligations and risk-based policies, procedures, and practices.
As further described in the Improving Global AML/CFT Compliance: On-going Process, FATF identified the following jurisdictions as having developed action plans to address AML/CFT deficiencies: Ethiopia, Iraq, Sri Lanka, Syria, Trinidad and Tobago, Tunisia, Vanuatu, and Yemen. Notably Serbia has been added to the list for failing to effectively implement its AML/CFT framework, whereas Bosnia and Herzegovina has been removed from the list due to “significant progress in improving its AML/CFT regime . . . [and] establishing the legal and regulatory framework to meet the commitments in its action plan.” The Democratic People’s Republic of Korea and Iran remain the two jurisdictions subject to countermeasures and enhanced due diligence due to AML/CFT deficiencies.
House Financial Services Committee holds hearing on FinCEN’s CDD rule
On April 27, the House Financial Services Committee’s Subcommittee on Financial Institutions and Consumer Credit held a hearing entitled “Implementation of FinCEN's Customer Due Diligence Rule—Financial Institution Perspective” to discuss challenges facing financial institutions when complying with FinCEN’s Customer Due Diligence Rule (CDD Rule). As previously covered in InfoBytes, the CDD Rule takes effect May 11, and imposes standardized customer due diligence (CDD) requirements under the Bank Secrecy Act (BSA) for covered financial institutions, including the identification and verification of the beneficial owners of legal entity customers. The hearing’s four witnesses expressed certain concerns regarding the effects of implementation on financial institutions, as well as the timing of additional guidance released April 3 in the form of frequently asked questions.
In prepared remarks, Executive Director of The Financial Accounting and Corporate Transparency (FACT) Coalition, Gary Kalman, commented that the CDD Rule, which calls for additional AML requirements, is a “positive step forward but falls short of what is needed to protect the integrity of [the] financial system”—particularly in terms of what defines a “beneficial owner.” Greg Baer, President of The Clearing House Association, expressed concerns that the CDD Rule (i) requires financial institutions to verify beneficial owners for each account that is opened, instead of verifying on a per-customer basis; and (ii) does not explicitly state in its preamble that FinCEN possesses sole authority to set CDD standards, which may present opportunities for examiners to make ad hoc interpretations.
Additionally, Executive Vice President of the International Bank of Commerce Dalia Martinez, observed, among other things, that compliance with the CDD Rule is costly and burdensome, and that banks have not been provided with the tools or guidance to determine whether the information provided by legal entity customers is accurate when verifying beneficial owners. The “gray areas” within the CDD Rule, Martinez noted, present challenges for compliance. A fourth witness, Carlton Green, a partner at Crowell & Morning, expressed concerns with the relationship between FinCEN and the federal functional regulators, stating that because FinCEN has delegated examination authority to these regulators, there is a chance regulators will “create and enforce their own interpretations of or additions to BSA rules” that may “diverge from FinCEN’s priorities.”
FINRA revises anti-money laundering template for small firms
On April 4, the Financial Industry Regulatory Authority (FINRA) released a revised template to assist FINRA-registered small firms in developing and implementing risk-based anti-money laundering (AML) programs as required by the Bank Secrecy Act and FINRA Rule 3310. Changes to the template reflect FinCEN’s final rule concerning customer due diligence requirements for covered financial institutions (CDD rule), which goes into effect May 11. (See previous InfoBytes coverage on the CDD rule here.) The CDD rule requires covered financial institutions, including FINRA-registered firms, to identify the beneficial owners of legal entity customers who open new accounts.
Buckley Sandler Insights: FinCEN updates FAQs regarding customer due diligence requirements for financial institutions
On April 3, the Financial Crimes Enforcement Network released an update to its FAQs in advance of the upcoming Customer Due Diligence Requirements for Financial Institutions final rule (issued in 2016 and amended last September for various technical corrections) that goes into effect May 11. As previously covered in InfoBytes, the final rule imposes standardized customer due diligence (CDD) requirements under the Bank Secrecy Act for covered financial institutions and requires financial institutions to identify and verify beneficial owners of legal entity customers, subject to certain exclusions and exemptions. The supplemental FAQs (see InfoBytes coverage on an earlier set of FAQs issued in 2016) assist covered financial institutions in understanding the scope of their CDD requirements, as well as the CDD rule’s impact on broader anti-money laundering (AML) program obligations, and cover a broad range of interpretations including the following:
- Question 1 specifies covered financial institutions will satisfy the requirements to identify and verify beneficial owners of legal entity customers by collecting and verifying the identity of individuals who directly or indirectly own 25 percent or more of the equity interests in a legal entity customer, as well as “one individual who has managerial control of a legal entity customer.” However, they may choose to implement stricter written internal policies and procedures and expand their information collection to include more than one individual with managerial control or persons owning a lower percentage of equity interests.
- Question 3 clarifies that covered financial institutions may reasonably rely on a legal entity customer to provide the identities of individuals who satisfy the definition of beneficial ownership, whether indirectly or directly, and “need not independently investigate the legal entity customer’s ownership structure.”
- Question 7 states that for existing customers, a covered financial institution may rely on information in its possession subject to its Customer Identification Program (CIP) to fulfill the beneficial ownership identification and verification requirements, “provided the existing information is up-to-date, accurate, and the legal entity customer’s representative certifies or confirms (verbally or in writing) the accuracy of the pre-existing CIP information.”
- Question 10 states that if a legal entity customer opens multiple accounts, the covered financial institution may rely on information obtained from a previously issued certification form (or equivalent), provided the legal entity customer certifies or confirms—verbally or in writing—that such information is up-to-date and accurate at the time each subsequent account is opened. Records of such certification or confirmation must also be maintained.
- Question 12 confirms that covered financial institutions seeking to renew a loan or roll over a certificate of deposit must treat these as new accounts and require their legal entities customers to certify or confirm beneficial owners, “even if the legal entity is an existing customer.”
- Question 18 stipulates that covered financial institutions are not required to identify and verify the identity of beneficial owners that own 25 percent or more of the equity interests of a pooled investment vehicle, whether or not such vehicle is managed by a “financial institution,” due to the typical fluctuation of ownership. However, Question 18 notes that covered financial entities must collect beneficial ownership information for an individual who has significant control or management over the vehicle as required under the control prong to comply with the CDD rule.
- Question 19 concerns trusts overseen by multiple trustees and states that in circumstances where a trust owns 25 percent or more of the equity interests of a legal entity customer, covered financial institutions are required, at a minimum, to collect beneficial ownership information on a single trustee but may choose to identify additional co-trustees based on risk assessment or a risk profile.
- Question 21 specifies that a covered financial institution may rely on information provided by a legal entity customer to determine eligibility for exclusion from the definition of a legal entity customer, provided the financial institution has no knowledge of facts that would reasonably call into question the reliability of such information. Covered financial institutions should also ensure that their risk-based written policies and procedures address and specify the type of information to be used when reasonably determining exclusion eligibility.
- Question 28 stipulates which non-U.S. governmental entities qualify for exclusion from the definition of a legal entity customer. It specifies that state-owned enterprises that engage in profit-seeking activities, such as sovereign wealth funds, airlines, and oil companies, are not excluded from the definition of a legal entity.
- Questions 29-31 provide guidance on account level beneficial owner exceptions related to (i) point of sale products for certain low-risk retail credit accounts; and (ii) certain equipment finance and lease accounts with low money laundering risks. Question 31 also stipulates that an equipment lease and purchase exemption would apply in circumstances where a customer leases necessary equipment directly from a covered financial institution.
- Questions 32-33 provide guidance on circumstances where beneficial ownership information should be aggregated for purposes of complying with Currency Transaction Report (CTR) requirements, and state that “absent indications that the businesses are not operating independently . . . , financial institutions should not aggregate transactions involving those businesses with those of each other or with those of the common owner for CTR filing.” Furthermore, covered financial institutions are generally not required to list beneficial owners on a CTR.
- Question 35 specifies what information covered financial institutions should collect and consider as part of on-going CDD when developing customer risk profiles. Specifically, covered financial institutions should develop an understanding of the “nature and purpose of a customer relationship,” and review information obtained at the opening of an account such as type of customer, account, service, or product.
FinCEN adjusts civil penalties for inflation
On March 19, the Financial Crimes Enforcement Network (FinCEN) published a final rule adjusting upward the maximum amount of the civil monetary penalties within its jurisdiction, as required by the Inflation Adjustment Act. As explained in the rule, the new maximum penalty amounts for 2018 are calculated by multiplying the corresponding 2017 penalty by a “cost-of-living adjustment” multiplier—which for 2018 has been set by the OMB at 1.02041—and then rounding to the nearest dollar. The rule is effective March 19.
GAO studies effect of Southwest border banks "derisking" due to BSA/AML concerns
On February 26, the Government Accountability Office (GAO) released a report, which describes Bank Secrecy Act/anti-money laundering (BSA/AML) compliance challenges facing Southwest border banks, examines the impact “derisking” has had on banking services in this region, and evaluates responses by regulators to “derisking” concerns. “Derisking” is defined by GAO as “the practice of banks limiting certain services or ending their relationships with customers to, among other things, avoid perceived regulatory concerns about facilitating money laundering.” According to GAO, because the region has a high volume of cash and cross-border transactions, as well as a large number of foreign accountholders, banks are required to engage in more intensive and frequent monitoring and investigating to comply with BSA/AML requirements. Due to some Southwest border residents and businesses reporting challenges when trying to access banking services in the region, GAO was asked to undertake a review to determine if the access problems were due to “derisking” and branch closures.
Among other things, the report found that (i) the average number of suspicious activity reports filed in the region was two and a half times the number for high-risk counties outside the region; (ii) 80 percent of banks in the region terminated accounts due to risks related to BSA/AML; (iii) 80 percent limited or did not offer accounts to certain businesses considered high risk for money laundering and terrorist financing because those customers drew heightened BSA/AML regulatory oversight; and (iv) money-laundering risks were a more important driver of branch closures in the region than elsewhere. GAO discovered that BSA/AML regulatory concerns may be a factor in banks’ decisions to engage in “derisking” in the region, and that “the actions taken to address derisking by the federal bank regulators and the Financial Crimes Enforcement Network (FinCEN) and the retrospective reviews conducted on BSA/AML regulations have not fully considered or addressed these effects.” The account terminations and limitations, along with branch closures in the region, have raised concerns that the closures have “affected key businesses and local economies and . . . economic growth.”
GAO recommended that FinCEN, FDIC, Federal Reserve Board, and the OCC (the agencies) conduct a comprehensive review of their BSA/AML regulatory framework to assess how banks’ regulatory concerns may be affecting their decisions to provide banking services. It also recommended that the agencies jointly conduct a retrospective review of BSA/AML regulations and their implementation and revise BSA regulations as necessary to “ensure that BSA/AML regulatory objectives are being met in the most efficient and least burdensome way.”
Agencies assess $613 million in total penalties against national bank and its parent for BSA/AML deficiencies
On February 15, a national bank and its parent corporation were assessed $613 million in total penalties by the OCC, DOJ, Federal Reserve, and Financial Crimes Enforcement Network (FinCEN) as part of a deferred prosecution agreement over Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance program deficiencies. According to the announcement by the DOJ, the agency’s settlements cover a range of alleged AML deficiencies back to 2009, including an alleged effort not to disclose known Suspicious Activity Report (SAR) deficiencies to the OCC. Additionally, the DOJ cited the bank for failing to timely file SARs related to the banking activity of a customer who used the bank to launder proceeds from a fraudulent payday lending scheme, when the bank was allegedly on notice of the activity (previously covered by InfoBytes here).
The $613 million in penalties include: a $453 million forfeiture as part of the deferred prosecution agreement with the DOJ; a $75 civil money penalty from the OCC; a $15 million civil money penalty from the Federal Reserve; and a $70 million civil money penalty from FinCEN.
FinCEN proposes measure against Latvian bank for alleged money laundering schemes, blocks U.S. accounts
On February 13, the Financial Crimes Enforcement Network (FinCEN) issued a finding and notice of proposed rulemaking (NPRM), pursuant to Section 311 of the USA PATRIOT Act, seeking to prohibit the opening or maintaining of correspondent accounts in the United States for, or on behalf of, a Latvian-based bank. The NPRM is being issued based on findings that the bank has “institutionalized money laundering as a pillar of [its] business practices.” According to the NPRM, the bank’s management (i) “permits the bank and its employees to orchestrate and engage in money laundering schemes”; (ii) “solicits the high-risk shell company activity that enables the bank and its customers to launder funds”; (iii) “maintains inadequate controls over high-risk shell company accounts”; and (iv) “seeks to obstruct enforcement of Latvian anti-money laundering and combating the financing of terrorism (AML/CFT) rules in order to protect these business practices.” Specifically, Secretary of the Treasury Steven T. Mnuchin asserted that the bank’s failure to implement effective AML/CFT and sanctions policies and procedures has become a conduit for widespread illicit activity, “including activity linked to North Korea’s weapons program and corruption connected to Russia and Ukraine.” The measures set forth under the NPRM are designed to protect the U.S. financial system from money laundering and terrorist financing threats. Comments are due 60 days after publication in the Federal Register.
FinCEN issues advisory updating FATF-identified jurisdictions with AML/CFT deficiencies
On February 9, the Financial Crimes Enforcement Network (FinCEN) issued an advisory to financial institutions based on November 3, 2017 updates to the Financial Action Task Force’s (FATF) list of jurisdictions identified as having “strategic deficiencies” in their anti-money laundering/combating the financing of terrorism (AML/CFT) regimes. FinCEN urges financial institutions to consider this list when reviewing due diligence obligations and risk-based policies, procedures, and practices.
The current jurisdictions (as further described in the Improving Global AML/CFT Compliance: On-going Process) that have AML/CFT deficiencies for which the jurisdictions have developed action plans are: Bosnia and Herzegovina, Ethiopia, Iraq, Sri Lanka, Syria, Trinidad and Tobago, Tunisia, Vanuatu, and Yemen. Notably, Uganda has been removed from this list for making “significant technical progress in improving its AML/CFT regime and . . . establish[ing] the legal and regulatory framework to meet the commitments in its action plan.” However, Sri Lanka, Trinidad and Tobago, and Tunisia were added to the list due to the ineffective implementation of their AML/CFT frameworks. The Democratic People’s Republic of Korea and Iran remain the two jurisdictions subject to countermeasures and enhanced due diligence due to AML/CFT deficiencies.
FinCEN issues requests for comments on renewal of BSA currency transaction and suspicious activity reporting requirements
On February 9, the Financial Crimes Enforcement Network (FinCEN) issued two notices and requests for comments in the Federal Register seeking renewals without change of currently approved Bank Secrecy Act (BSA) regulatory requirements for covered financial institutions. The first notice concerns the continuance of currency transaction reporting requirements, and the second notice addresses suspicious activity reporting requirements. Comments must be received by April 10.
See here for additional BSA InfoBytes coverage.