InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC releases recent enforcement actions
On November 19, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included among the actions is an October 9 consent order to resolve the OCC’s claims that a Washington, D.C.-based branch of a Caribbean bank (bank) engaged in Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program violations. According to the consent order, the OCC identified “critical deficiencies” in certain elements of the bank’s BSA/AML compliance program, including failure to implement a compliance program that “adequately covered the required BSA/AML program elements,” and failure to timely file Suspicious Activity Reports (SARs). Among the compliance program failures, the consent order states that the bank had (i) “systemic deficiencies in its transaction monitoring systems and alert management processes, which resulted in monitoring gaps”; (ii) “systemic deficiencies in its customer due diligence, enhanced due diligence, and customer risk rating processes”; and (iii) “an inadequate system of internal controls, ineffective independent testing, a weak BSA Officer function, and insufficient staffing and training.” The consent order requires the bank to pay a $5 million civil money penalty as a result of the deficiencies.
Agencies propose lowering threshold for certain fund transfers and transmittals of funds under Bank Secrecy Act
On October 23, the Federal Reserve Board and the Financial Crimes Enforcement Network (FinCEN) announced a proposed rule that would, among other things, amend the Recordkeeping Rule and the Travel Rule under the Bank Secrecy Act (BSA) by reducing the data collection threshold from $3,000 to $250 for certain fund transfers that begin or end outside of the U.S. In addition, the proposed rule would set the threshold at $250 for financial institutions “to transmit to other financial institutions in the payment chain information on fund transfers and transmittals of funds that begin or end outside of the [U.S.]” The proposed rule’s $250 threshold for data collection would also apply to digital currency transactions, both for international transfers and those within the U.S. The agencies also propose to clarify the meaning of “money” as used in certain defined terms to ensure the rules apply to domestic and cross-border transactions involving convertible virtual currencies. By proposing to lower the current threshold, the agencies “specifically considered Suspicious Activity Reports filed by money transmitters, which indicate that a substantial volume of potentially illicit funds transfers and transmittals of funds occur below the $3,000 threshold.” The agencies also note that the threshold for domestic transactions would remain unchanged at $3,000. Comments are due 30 days after publication in the Federal Register.
FinCEN penalizes first bitcoin “mixer” $60 million for violating BSA
On October 19, the Financial Crimes Enforcement Network (FinCEN) announced a civil money penalty against an individual exchanger who founded and operated two convertible virtual currency (CVC) platforms known as “mixers” or “tumblers” for allegedly violating the Bank Secrecy Act’s (BSA) registration, program, and reporting requirements. According to FinCEN, the exchanger, among other things, (i) accepted and transmitted CVC through a variety of means, which “contain[ed] the proceeds of various acts of cybercrime”; (ii) conducted over 1,225,000 transactions for customers; and (iii) “is associated with virtual currency wallet addresses that have sent or received over $311 million.” FinCEN also contends that the exchanger advertised his services to customers on the dark web and circumvented BSA’s requirements by disregarding his obligations and operating the platforms as unregistered money service businesses (MSB).
Under FinCEN’s 2013 guidance and 2019 clarification, exchangers and administrators of CVC are money transmitters and therefore subject to BSA regulations, with mixers and tumblers subject to the same rules. (Previously covered by InfoBytes here and here.) According to FinCEN, the exchanger’s activities qualified him as a virtual currency exchanger, MSB, and a financial institution under the BSA. As such, the exchanger was required to register as an MSB with FinCEN, establish and implement an effective written anti-money laundering program, detect and file suspicious activity reports, and report currency transactions, which he failed to do. The order requires the exchanger to pay a $60 million civil money penalty.
FinCEN, federal banking agencies provide CIP program relief
On October 9, the Financial Crimes Enforcement Network (FinCEN), in concurrence with the OCC, Federal Reserve, FDIC, and NCUA (collectively, “federal banking agencies”), issued an interagency order granting an exemption from the requirements of the customer identification program (CIP) rules for insurance premium finance loans extended by banks to all customers. The exemption is intended to facilitate insurance premium finance lending for the purchase of property and casualty insurance policies and will apply to loans extended by banks and their subsidiaries, subject to the federal banking agencies’ jurisdiction. According to FinCEN, insurance premium finance loans present a low risk for money laundering due to the purpose for which the loans are extended and the limitations on how such funds may be used. Moreover, FinCEN emphasized that “property and casualty insurance policies themselves are not an effective means for transferring illicit funds.” Banks, however, must still comply with all other regulatory requirements, including those implementing the Bank Secrecy Act that require the filing of suspicious activity reports. Furthermore, the federal banking agencies determined that the order is consistent with safe and sound banking practices. The order supersedes a September 2018 order, which previously granted an exemption from the CIP rule requirements for commercial customers (covered by InfoBytes here).
FinCEN warns of Covid-19 unemployment insurance fraud
On October 13, the Financial Crimes Enforcement Network (FinCEN) issued an advisory for financial institutions to assist in detecting and preventing Covid-19-related unemployment insurance (UI) fraud. The advisory highlights specific ways illicit actors are exploiting the pandemic to engage in UI fraud, including, among other things, employees receiving UI payments while still being paid reduced, unreported wages from their employer, and the submission of UI claims using stolen or fake identification information. The advisory includes a specific list of red flag indicators for financial institutions to be aware of, such as (i) UI payments from a different state from the one in which the customer resides; (ii) multiple state UI payments within the same disbursement period; (iii) UI payments in a different name from the account holder; (iv) the withdrawal of UI funds in lump sums by cashier’s check or prepaid debit card; (v) multiple accounts receiving UI payments being associated with the same free, web-based email account; and (vi) a newly opened account that starts to receive numerous UI deposits. Financial institutions are encouraged to perform additional inquiries and investigations where appropriate, consistent with a risk-based approach for compliance with the Bank Secrecy Act. Lastly, should financial institutions need to report any UI fraud in a suspicious activity report, FinCEN encourages the institution to reference the advisory.
CFTC charges cryptocurrency derivatives platform and owners with AML violations
On October 1, the CFTC filed charges against five entities and three individuals for allegedly owning and operating an unregistered cryptocurrency derivatives platform and failing to implement required anti-money laundering procedures. The complaint alleges that the platform “illegally offer[ed] leveraged retail commodity transactions, futures, options, and swaps” on cryptocurrencies without implementing key safeguards required by the Commodity Exchange Act and several CFTC regulations compliance measures, such as know-your-customer procedures or actions designed to detect and prevent illicit activities. The CFTC also claims that the exchange operated as an unregistered futures commission merchant and did not have CFTC approval to operate as a designated contract market or swap execution facility. The complaint requests civil monetary penalties and remedial ancillary relief in the form of (i) permanent trading and registration bans; (ii) disgorgement; (iii) restitution; (iv); pre- and post-judgment interest; and (v) a permanent injunction from future violations.
In a parallel action, the U.S. Attorney for the District of New York indicted the three individuals along with a fourth individual on federal charges of violating, and conspiring to violate, the Bank Secrecy Act “by willfully failing to establish, implement, and maintain an adequate anti-money laundering [] program” at the exchange.
Fed issues enforcement order for BSA/AML and OFAC regulation compliance
On October 1, the Federal Reserve announced an enforcement action against a Pennsylvania state-chartered bank for deficiencies in the bank’s Bank Secrecy Act (BSA), anti-money laundering (AML), and U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) regulations. The order requires the bank to submit, among other things, (i) a board-approved, written plan to improve oversight of BSA/AML requirements and OFAC regulations; (ii) a written BSA/AML compliance program; (iii) a revised customer due diligence program; (iv) a written suspicious activity monitoring and reporting program; and (iv) a written plan for independent testing of compliance with BSA/AML requirements. The bank was not assessed any monetary penalties.
FinCEN Director encourages specificity in Covid-19 SARs filings
On September 29, FinCEN Director Kenneth A. Blanco spoke at the Association of Certified Anti-Money Laundering Specialists (ACAMS) virtual AML conference, noting that FinCEN has received over 91,000 suspicious activity reports (SARs) referencing Covid-19 and the federal stimulus programs under the CARES Act. Blanco stated that the vast majority (about 71 percent) of the Covid-19 SARs have come from depository institutions, while 17 percent have come from credit unions and five percent have come from the Money Services Business (MSB) industry. The securities and casino industries account for the final three percent. Blanco urged financial institutions to be “as specific as possible” when filling out their Covid-19-related SARs to ensure it gets to the right investigative team expeditiously. Blanco noted that “vague references to ‘stimulus’ or ‘CARES Act’ or ‘benefit,’” hinders the agency’s ability to get the SAR to the right team. Additionally, Blanco emphasized FinCEN’s advisories and guidance related to Covid-19 fraud (covered by InfoBytes here, here, and here) and encouraged the audience to review the agency’s dedicated Covid-19 webpage.
FDIC releases August enforcement actions
On September 25, the FDIC released a list of administrative enforcement actions taken against banks and individuals in August. During the month, the FDIC issued 13 orders, consisting of “one consent order under 8(b), four orders of prohibition under 8(e), and eight Section 19 orders.” The consent order, issued against a Kansas-based bank, relates to alleged violations of the Bank Secrecy Act (BSA). Among other things, the bank was ordered to (i) terminate all activity related to its foreign financial institution customers, including such activity as funds transfers, remote deposit capture, money service business remittances, Automated Clearing House transfers, and funds transfers to or from any foreign central bank accounts; (ii) establish a directors’ BSA/anti-money laundering (AML) compliance committee; (iii) implement a revised BSA compliance program to address BSA/AML deficiencies, including incorporating internal controls to assure ongoing compliance, as well as training for appropriate personnel; (iv) maintain a BSA/AML internal control structure, including suspicious activity monitoring and reporting, risk assessment, and customer due diligence; (v) contract with a third-party consulting firm to conduct an independent test of the bank’s BSA/AML compliance program; (vi) implement an effective, comprehensive BSA training program for appropriate personnel regarding specific compliance responsibilities; and (vii) conduct a look-back review to ensure certain reportable transactions and suspicious activities were appropriately identified and reported.
Special Alert: FinCEN extends AML program, other requirements to banks without federal regulators
On September 14, the Financial Crimes Enforcement Network (FinCEN) issued a final rule to align Bank Secrecy Act (BSA) requirements applicable to most banks with the requirements applicable to banks lacking a “federal functional regulator.” In particular, the final rule will require all non-federally regulated banks — including private banks, non-federally insured credit unions, and certain trust companies — to establish and implement anti-money-laundering (AML) programs and customer identification programs (CIP).