InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Congress overrides veto of NDAA with significant BSA/AML provisions
On January 1, the U.S. Senate voted to override President Trump’s veto of the National Defense Authorization Act (NDAA) for Fiscal Year 2021, following a similar vote in the House a few days prior. As previously covered by InfoBytes, the NDAA includes significant changes to the Bank Secrecy Act (BSA) and anti-money laundering (AML) laws under the Anti-Money Laundering Act of 2020, such as:
- Establishing federal disclosure requirements of beneficial ownership information, including a requirement that reporting companies submit, at the time of formation and within a year of any change, their beneficial owner(s) to a “secure, nonpublic database at FinCEN”;
- Expanding the declaration of purpose of the BSA and establishing national examinations and supervision priorities;
- Requiring streamlined, real-time reporting of Suspicious Activity Reports;
- Establishing a Subcommittee on Innovation and Technology within the Bank Secrecy Act Advisory Group to encourage and support technological innovation in the area of AML and countering the financing of terrorism and proliferation (CFT);
- Expanding the definition of financial institution under the BSA to include dealers in antiquities;
- Requiring federal agencies to study the facilitation of money laundering and the financing of terrorism through the trade of works of art; and
- Including digital currency in AML-CFT enforcement by, among other things, expanding the definition of financial institution under the BSA to include businesses engaged in the transmission of “currency, funds or value that substitutes for currency or funds.”
OCC: Banks may use independent node verification networks and stablecoins for payment activities
On January 4, the OCC published an interpretive letter addressing the legal permissibility of certain payment-related activities involving the use of new technologies, including using independent node verification networks (INVN) and related stablecoins to conduct payment activities and other bank-permissible functions. Specifically, the letter clarifies that a national bank or federal savings association “may validate, store, and record payments transactions by serving as a node on an INVN,” and may also “use INVNs and related stablecoins to carry out other permissible payment activities” provided the bank or federal savings association complies with applicable laws and safe, sound, and fair banking practices. Due to the decentralized nature of INVNs—which not only “allows a comparatively large number of nodes to verify transactions in a trusted manner” but also “limits tampering or adding inaccurate information to the database because information is only added to the network after consensus is reached among the nodes validating the information”—the OCC believes that INVNs may enhance payment activities’ efficiency, effectiveness, and stability within the federal banking system. The letter also outlines potential risks associated with INVN-related activities, such as operational and compliance risks and fraud related to the possibility of money laundering and terrorist financing, and warns banks and federal savings associations to expand their programs to ensure compliance with Bank Secrecy Act reporting and recordkeeping requirements and to address cryptocurrency transaction risks.
FinCEN proposes new reporting requirements for certain CVC and digital asset transactions
On December 18, the Financial Crimes Enforcement Network (FinCEN) issued a notice of proposed rulemaking (NPRM) that would require financial institutions and money service businesses (MSBs) to maintain records and submit reports to verify customer identities for certain transactions involving convertible virtual currency (CVC) or digital assets with legal tender status (LTDA). Under the NPRM, the requirements would apply to transactions involving CVC and LTDA that are held in certain “hosted” wallets at financial institutions, as well as in “unhosted” wallets, which are not held in an exchange or bank. Banks and MSBs would be required to file transaction reports within 15 days with FinCEN verifying the identity of customers if a counterparty to the transaction is using an unhosted or otherwise covered wallet and the transaction is greater than $10,000. Banks and MSBs would also be required to maintain records of customers’ CVC or LTDA transactions and counterparties—“including verifying the identity of their customers, if a counterparty uses an unhosted or otherwise covered wallet and the transaction is greater than $3,000.” According to Treasury Secretary Steven T. Mnuchin, the proposed rule “is intended to protect national security, assist law enforcement, and increase transparency while minimizing impact on responsible innovation” by “closing loopholes that malign actors may exploit.” FinCEN notes that, while the NPRM “proposes to prescribe by regulation that CVC and LTDA are ‘monetary instruments’ for purposes of the” Bank Secrecy Act (BSA), it does not “modify the regulatory definition of ‘monetary instruments’ or otherwise alter existing BSA regulatory requirements applicable to ‘monetary instruments’ in FinCEN’s regulations.” Comments on the NPRM were due January 4.
Fed targets Swiss bank for BSA/AML compliance deficiencies
On December 22, the Federal Reserve Board announced an enforcement action against a Swiss bank for alleged Bank Secrecy Act/anti-money laundering (BSA/AML) compliance risk management deficiencies found during a 2019 examination of the bank’s New York branch. The consent order outlines a number of corporate compliance and governance measures that the bank is required to undertake, such as: (i) submitting a joint written plan by the board of directors, risk committee, and senior management within 90 days that outlines measures for strengthening their respective oversight of the bank’s U.S. operations’ compliance, including “provid[ing] for a sustainable governance framework that, at a minimum, addresses, considers, and includes actions to improve policies, procedures, and controls for BSA/AML compliance across the U.S. operations”; (ii) providing a written revised customer due diligence program for the New York branch within 90 days, which must outline measures such as risk-based policies and procedures to ensure complete and accurate customer information is collected, retained, and analyzed for all account holders; (iii) submitting a revised suspicious activity monitoring and reporting program demonstrating that the New York branch is engaging in timely suspicious activity monitoring and reporting; and (iv) implementing independent testing within the New York branch to ensure compliance with all applicable BSA/AML requirements.
Agencies proposes SAR filing exemptions
On December 15, the FDIC issued a proposed rule (with accompanying Financial Institution Letter FIL-114-2020), which would amend the agency’s Suspicious Activity Report (SAR) regulation to permit additional, case-by-case, exemptions from SAR filing requirements. The proposed rule would allow the FDIC, in conjunction with the Financial Crimes Enforcement Network (FinCEN), to grant supervised institutions exemptions to SAR filing requirements when developing “innovative solutions to meet Bank Secrecy Act (BSA) requirements more efficiently and effectively.” The FDIC would seek FinCEN’s concurrence with an exemption when the exemption request involves the filing of a SAR for potential money laundering, violations of the BSA, or other unusual activity covered by FinCEN’s SAR regulation. The proposal allows the FDIC to grant the exemption for a specified time period and allows the FDIC to extend or revoke the exemption if circumstances change. The proposal is intended to reduce the regulatory burden on supervised financial institutions that are likely to leverage existing or future technologies to report suspicious activity in a different and innovative manner. Comments on the proposed rule must be submitted within 30 days of publication in the Federal Register.
The OCC also issued a proposal that would similarly allow the OCC to issue exemptions from SAR filing requirements to support national banks or federal savings associations developing innovative solutions intended to meet BSA requirements more efficiently and effectively.
FinCEN clarifies financial crime information sharing program
On December 10, FinCEN Director Kenneth A. Blanco spoke at the Financial Crimes Enforcement Conference hosted by the American Bankers Association and American Bar Association to discuss the importance of information sharing in identifying, reporting, and preventing financial crime. Specifically, Blanco addressed recently updated guidance designed to provide additional clarity on FinCEN’s information sharing program under Section 314(b) of the USA PATRIOT Act, which provides financial institutions “the ability to share information with one another, under a safe harbor provision that offers protections from civil liability, in order to better identify and report potential money laundering or terrorist financing.”
FinCEN provided three main clarifications:
- While financial institutions may share information about suspected terrorist financing or money laundering, they “do not need to have specific information that these activities directly relate to proceeds of [a specified unlawful activity (SUA)], or to have identified specific laundered proceeds of an SUA.” FinCEN also stated that a conclusive determination that an activity is suspicious does not need to be made in order for a financial institution to benefit from the statutory safe harbor. Furthermore, information may be shared “even if the activities do not constitute a ‘transaction,’” such as “an attempted transaction, or an attempt to induce others engage in a transaction.” FinCEN added that there is no limitation under Section 314(b) on the sharing of personally identifiable information and no restrictions on the type of information shared or how the information can be shared, including verbally.
- “An entity that is not itself a financial institution under the Bank Secrecy Act [(BSA)] may form and operate an association of financial institutions whose members share information under Section 314(b),” FinCEN noted, adding that this includes compliance service providers.
- An unincorporated association of financial institutions governed by a contract between its members “may engage in information sharing under Section 314(b).”
In prepared remarks, Blanco reiterated, among other things, that companies should be specific in describing the activity they see in their suspicious activity reports (SAR), and discussed FinCEN’s Advance Notice of Proposed Rulemaking issued in September (covered by InfoBytes here), which solicited comments on questions concerning potential regulatory amendments under the BSA. Blanco also highlighted recent FinCEN’s advisories and guidance related to Covid-19 fraud (covered by InfoBytes here, here, and here) and encouraged the audience to review the agency’s dedicated Covid-19 webpage.
Senate passes NDAA with significant AML provisions
On December 11, the U.S. Senate passed the National Defense Authorization Act (NDAA) for Fiscal Year 2021 in a 84-13 vote, which was passed by the U.S. House of Representatives earlier in the week. As previously covered by InfoBytes, the NDAA includes a number of anti-money laundering provisions, such as (i) establishing federal disclosure requirements of beneficial ownership information, including a requirement that reporting companies submit, at the time of formation and within a year of any change, their beneficial owner(s) to a “secure, nonpublic database at FinCEN”; (ii) expanding the declaration of purpose of the Bank Secrecy Act (BSA) and establishing national examinations and supervision priorities; (iii) requiring streamlined, real-time reporting of Suspicious Activity Reports; (iv) expanding the definition of financial institution under the BSA to include dealers in antiquities; and (v) including digital currency in the AML-CFT enforcement regime by, among other things, expanding the definition of financial institution under the BSA to include businesses engaged in the transmission of “currency, funds or value that substitutes for currency or funds.” The NDAA has been sent to President Trump, who has publicly threatened to veto the measure; however, the legislation passed both the Senate and the House with majorities large enough to override a veto.
House passes NDAA with significant AML/CFT provisions
On December 8, the U.S. House of Representatives passed the National Defense Authorization Act (NDAA) for Fiscal Year 2021 in a 335-78 vote, which includes significant language from the September 2019 proposed legislation, the “Improving Laundering Laws and Increasing Comprehensive Information Tracking of Criminal Activity in Shell Holdings (ILLICIT CASH) Act,” among other proposed laws. Highlights of the anti-money laundering (AML) provisions include:
- Establishing federal disclosure requirements of beneficial ownership information, including a requirement that reporting companies submit, at the time of formation and within a year of any change, their beneficial owner(s) to a “secure, nonpublic database at FinCEN”;
- Expand the declaration of purpose of the Bank Secrecy Act (BSA) and establish national examinations and supervision priorities;
- Require streamlined, real-time reporting of Suspicious Activity Reports;
- Establish a Subcommittee on Innovation and Technology within the Bank Secrecy Act Advisory Group to encourage and support technological innovation in the area of AML and countering the financing of terrorism and proliferation (CFT);
- Expand the definition of financial institution under the BSA to include dealers in antiquities;
- Require federal agencies to study the facilitation of money laundering and the financing of terrorism through the trade of works of art; and
- Inclusion of digital currency in AML-CFT enforcement by, among other things, expanding the definition of financial institution under the BSA to include businesses engaged in the transmission of “currency, funds or value that substitutes for currency or funds.”
2nd Circuit: SEC within authority to bring actions for SAR failings
On December 4, the U.S. Court of Appeals for the Second Circuit affirmed summary judgment in favor of the SEC in an action brought by the agency against a penny stock broker-dealer, concluding the agency has the authority to bring an action under Section 17(a) of the Securities Exchange Act of 1934 (Exchange Act) and Rule 17a-8 promulgated thereunder for failure to comply with the Suspicious Activity Report (SAR) provisions of the Bank Secrecy Act (BSA). According to the opinion, the SEC filed an action against the broker-dealer for violating the Exchange Act and Rule 17a-8’s reporting, recordkeeping, and record-retention obligations by failing to file SARs as required by the BSA. Both parties moved for summary judgment, with the broker-dealer arguing that the SEC was improperly enforcing the BSA. The district court granted summary judgment in favor of the SEC in part (deferring “its resolution of categories of allegedly deficient SARs pending discovery and additional briefing”) and denied summary judgment for the broker-dealer, concluding that the SEC had authority to bring the action under the Exchange Act. After discovery and additional briefing, the SEC moved for summary judgment on the Rule 17a-8 violations and the district court granted summary judgment as to nearly 3,000 violations on the basis of the broker-dealer’s SARs-reporting and recordkeeping practices and imposed a $12 million civil penalty.
On appeal, the 2nd Circuit agreed with the district court, rejecting the broker-dealer’s argument that the SEC is attempting to enforce the BSA, which only the U.S. Treasury Department has the authority to do. The appellate court noted that the SEC is enforcing the requirements of Rule 17a-8, which requires broker-dealers to adhere to the BSA in order to comply with requirements of the Exchange Act, which does not constitute the agency’s enforcement of the BSA. Moreover, the appellate court concluded that the SEC did not overstep its authority when promulgating Rule 17a-8, as SARs “serve to further the aims of the Exchange Act by protecting investors and helping to guard against market manipulation,” and that the broker-dealer did not meet its “‘heavy burden’ to show that Congress ‘clearly expressed [its] intention’ to preclude the SEC from examining for SAR compliance in conjunction with FinCEN and pursuant to authority delegated under the Exchange Act.” In affirming the $12 million civil penalty, the appellate court stated that the district court acted “within its discretion to impose the [] penalty” considering the broker-dealer’s “systematic and widespread evasion of the law.”
FinCEN, federal banking agencies clarify CDD requirements for charities and non-profit organizations
On November 19, the Financial Crimes Enforcement Network (FinCEN), in concurrence with the Federal Reserve Board, FDIC, NCUA, and OCC (collectively, “federal banking agencies”), released a fact sheet clarifying that Bank Secrecy Act (BSA) customer due diligence (CDD) requirements for charities and nonprofit organizations (NPOs) should be based on the money laundering risks posed by customer relationships. FinCEN and the federal banking agencies remind banks that “the application of a risk-based approach for charities and other NPOs is consistent with existing CDD and other [BSA/anti-money laundering] compliance requirements.” The fact sheet further emphasizes that while “the U.S. government does not view the charitable sector as a whole as presenting a uniform or unacceptably high risk of being used or exploited for money laundering, terrorist financing [], or sanctions violations,” banks must adopt risk-based procedures for conducting CDD that will allow banks to (i) understand the nature and purpose of a customer relationship in order to develop a customer risk profile, and (ii) conduct ongoing monitoring for the purposes of identifying and reporting suspicious transactions “on a risk basis, to maintain and update customer information.” The fact sheet does not alter existing BSA/AML legal or regulatory requirements, nor does it establish new supervisory expectations. (See also OCC Bulletin 2020-101 and FDIC FIL-106-2020.)