InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN issues OCC-backed statement on risk-based BSA reporting during pandemic
On April 3, the Financial Crimes Enforcement Network (FinCEN) updated its guidance from March 16 regarding Bank Secrecy Act (BSA) reporting and Covid-19-related fraudulent transactions and scams, covered by InfoBytes here. The update provides that banks making Small Business Administration Paycheck Protection Program loans will not be required to re-verify beneficial ownership for existing customers. In addition, the update advised that a February Currency Transaction Report ruling regarding filing obligations was suspended until further notice. FinCEN reminded financial institutions that BSA compliance obligations are still in place, and also introduced an online contact mechanism to communicate with FinCEN regarding BSA obligations during the Covid-19 pandemic.
On April 7, the OCC issued Bulletin 2020-34 in support of “FinCEN’s Regulatory Relief and Risk-Based Approach.” The agency urged all financial institutions to observe FinCEN’s risk-based approach to BSA/AML compliance obligations, adding that “[c]ompliance with the BSA remains crucial to protecting national security by combating money laundering and related crimes, including terrorism and its financing, during national emergencies such as the COVID-19 pandemic.” The OCC also stated that it will work with financial institutions impacted by Covid-19 regarding reporting obligations, exams and other concerns.
NCUA issues FAQs regarding Covid-19 and credit union operations
On March 25, the National Credit Union Administration (NCUA) issued FAQs regarding the impact of Covid-19 on the NCUA and credit union operations. The FAQs answer questions regarding, among other things, flexibility for federal credit unions in planning annual meetings and monthly board of director meetings, restrictions on access to or closure of facilities, the impact of Covid-19 on the NCUA’s examination and supervision program, and deadlines for submission of certain filings (e.g., Call Reports, annual capital plan and/or stress testing, Bank Secrecy Act reports).
FinCEN issues guidance on BSA reports
On March 16, the Financial Crimes Enforcement Network (FinCEN) issued a release reminding financial institutions affected by Covid-19 to contact the agency and their functional regulator as soon as practicable if they anticipate delays in filing their Bank Secrecy Act reports. Financial institutions were also advised to be on alert for malicious or fraudulent transactions connected to Covid-19, particularly with respect to emerging trends such as imposter scams, investment scams, product scams, and insider trading. Financial institutions were also directed to review FinCEN advisory FIN-2017-A007—which discusses other relevant typologies, including benefits fraud, charities fraud, and cyber-related fraud—and encouraged to review guidance from their functional regulators as available.
FDIC releases January enforcement actions
On February 28, the FDIC released a list of administrative enforcement actions taken against banks and individuals in January. The FDIC issued 18 orders, which “consisted of two consent orders; one civil money penalty; three removal and prohibition orders; eight section 19 orders; three terminations of consent orders and cease and desist orders; and one order terminating prompt corrective action.” Among the actions was a civil money penalty assessed against a Montana-based bank for allegedly violating the Flood Disaster Protection Act by failing to obtain adequate flood insurance coverage on certain loans and failing to provide borrowers with notice of the availability of federal disaster relief assistance. Separately, in a joint action with the California Department of Business Oversight, the agency issued a consent order against a California-based bank related to alleged weaknesses in its Bank Secrecy Act and anti-money laundering (BSA/AML) compliance program. Among other things, the bank was ordered to (i) retain qualified management to ensure compliance with applicable laws and regulations; (ii) “correct all violations of law to the extent possible”; (iii) implement a revised, written BSA compliance program to address BSA/AML deficiencies; (iv) establish a written Customer Due Diligence Program to ensure the reasonable detection of suspicious activity and the identification of higher-risk customers; (v) adopt a process for reviewing transaction monitoring alerts; and (vi) “ensure that suspicious activity monitoring system is independently validated.”
OCC releases January enforcement actions
On February 20, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include four civil money penalty orders, three cease and desist orders, five removal/prohibition orders, and a termination of an existing enforcement action. Included among the actions is a January 30 Consent Order to resolve the OCC’s claims that a New York-based bank engaged in Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program violations. According to the consent order, an OCC examination identified alleged deficiencies in the bank’s BSA/AML compliance program, including (i) failure to “assess and monitor high risk customer activity flowing to or from high risk jurisdictions”; (ii) deficient BSA/AML policies, procedures, systems and controls; (iii) inadequate suspicious activity monitoring and suspicious activity reporting (SAR) to FinCEN; (iv) deficient Customer Due Diligence processes, including failure to appoint a BSA officer; and (v) failure to sufficiently monitor or provide controls for increased wire and ACH transactions. The consent order requires the bank to, among other things, (i) appoint a compliance committee within 30 days; (ii) submit a written strategic plan to the OCC covering at least the next three years; (iii) appoint a “permanent, qualified, and experienced BSA Officer” with sufficient staff; (iv) create and adopt a “written program of internal control policies and procedures to provide for the compliance with the BSA”; and (v) adopt and deploy a “written system of internal controls and processes to ensure compliance with the requirements to file SARs.”
FinCEN focuses on securities industry BSA/AML information sharing
On February 6, Financial Crimes Enforcement Network (FinCEN) Deputy Director Jamal El-Hindi delivered remarks at the Securities Industry and Financial Markets Association’s 20th Anti-Money Laundering (AML) and Financial Crimes Conference discussing, among other things, the agency’s focus on the Bank Secrecy Act (BSA). Specifically, El-Hindi stressed the importance of information sharing in the BSA context, remarking that the financial sector is “in an evolutionary state” dealing with “new technologies and new payment systems, such as those that involve virtual currency.” He asserted that innovators in the development of cryptocurrencies and messaging systems “cannot turn a blind eye to illicit transactions that they may be fostering,” and noted that FinCEN will regulate these emerging systems in accordance with existing principles that underlie the BSA and AML rules and regulations for the financial sector. El-Hindi encouraged the securities industry to share information, observing that only 14 percent of eligible securities companies are registered to take part in the 314(b) business-to-business information sharing program. He suggested that the industry needs better communication and cooperation to increase the effectiveness of BSA information collection. El-Hindi also discussed how cooperation has helped FinCEN’s cross-agency coordination and enhanced the agency’s rulemaking and guidance—specifically in the establishment of the Customer Due Diligence and Beneficial Ownership rule, but recognized that the lack of information collected regarding the formation of new corporations can frustrate the agency’s risk assessment abilities. To motivate information sharing, El-Hindi emphasized the importance of BSA information financial companies collect, sharing that SARs filings by securities companies have “increased roughly eight-fold” from 2003 to 2019, and that data provided from BSA filings is used frequently by law enforcement and regulators to inform their investigations and examinations and to “identify trends and focus resources.”
FinCEN rules on currency transaction reporting
On February 10, the Financial Crimes Enforcement Network (FinCEN) issued administrative ruling FIN-2020-R001 to clarify requirements for financial institutions’ reporting of currency transactions involving sole proprietorships and legal entities operating under a “doing business as” (DBA) name. The ruling replaces and rescinds two prior rulings (FIN-2006-R003 and FIN-2008-R001), and addresses reporting requirements when filing current Currency Transaction Report (CTR) FinCEN Form 112. In the ruling, FinCEN defines a sole proprietorship as “a business in which one person, operating in his or her own personal capacity, owns all of the business’s assets and is responsible for all of the business’s liabilities.” To remain consistent with the Bank Secrecy Act definition of a “person” (where a sole proprietorship is not separate from its individual owner), FinCEN instructs financial institutions to complete CTR FinCEN Form 112 for transactions involving a sole proprietorship with the individual owner’s name and information. The ruling also instructs institutions that additional entries may be required in instances where an individual owner operates a business under a DBA, or multiple DBAs. FinCEN also advises that when a CTR is prepared for a legal entity such as a partnership, incorporated business, or limited liability company, the form should contain, among other things, the entity’s home office or headquarters information. According to the ruling, “[w]hen multiple entity locations are involved in an aggregated CTR, a separate Part I section should be prepared for each location involved.”
NYDFS to take action against check cashing companies for BSA/AML violations
On February 3, NYDFS announced it intends to take enforcement action through an administrative proceeding against several check cashing entities for alleged violations of New York Banking Law and federal laws and regulations related to the business of check cashing. According to NYDFS, examinations revealed multiple concerns related to the entities’ Bank Secrecy Act/anti-money laundering (BSA/AML) program and transaction monitoring, including (i) inaccurate books and records; (ii) cashing post-dated checks; (iii) insufficient BSA/AML compliance; and (iv) inadequate risk-assessment procedures and customer identification and Know Your Customer programs. NYDFS also stated that management at the identified entities failed to implement effective controls to mitigate and manage BSA/AML compliance programs and Office of Foreign Assets Control risks despite “repeated criticism of the entities’ performance.”
NYDFS conducted a subsequent investigation, which found additional alleged violations that circumvented Federal and state banking laws, such as (i) hiring undisclosed employees who were paid “off the books”; (ii) conducting an unlicensed mobile check-cashing business; and (iii) and engaging in an illegal check-cashing scheme that structured transactions and falsified business records to give the appearance that checks were cashed on multiple dates, when in fact they were all cashed on a single date. The administrative proceeding to revoke the entities’ licenses and seek civil penalties will begin February 24.
SEC announces 2020 OCIE exam priorities
On January 7, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced the release of its 2020 Examination Priorities. The annual release of exam priorities provides transparency into the risk-based examination process and lists areas that pose current and potential risks to investors. OCIE’s 2020 examination priorities include:
- Retail investors, including seniors and those saving for retirement. OCIE places particular emphasis on disclosures and recommendations provided to investors.
- Information security. In addition to cybersecurity, top areas of focus include: risk management, vendor management, online and mobile account access controls, data loss prevention, appropriate training, and incident response.
- Fintech and innovation, digital assets and electronic investment advice. OCIE notes that the rapid pace of technology development, as well as new uses of alternative data, presents new risks and will focus attention on the effectiveness of compliance programs.
- Investment advisers, investment companies, broker-dealers, and municipal advisers. Risk-based exams will continue for each of these types of entities, with an emphasis on new registered investment advisers (RIA) and RIAs that have not been examined. Other themes in exams of these entities include board oversight, trading practices, advice to investors, RIA activities, disclosures of conflicts of interest, and fiduciary obligations.
- Anti-money laundering. Importance will be placed on beneficial ownership, customer identification and due diligence, and policies and procedures to identify suspicious activity.
- Market infrastructure. Particular attention will be directed to clearing agencies, national securities exchanges and alternative trading systems, and transfer agents.
- FINRA and MSRB. OCIE exams will emphasize regulatory programs, exams of broker-dealers and municipal advisers, as well as policies, procedures and controls.
Fed issues enforcement order for BSA/AML compliance
On January 9, the Federal Reserve Board announced that it entered into a cease and desist order on December 30 with a Texas state-chartered bank due to “significant deficiencies” in the bank’s Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance program that were discovered in its latest examination of the bank. The requirements set out for the bank in the order include:
- Board oversight. The bank must submit a board-approved, written plan to improve oversight of BSA/AML requirements.
- BSA/AML compliance program. The bank must submit a written BSA/AML compliance program that includes BSA/AML training; independent testing of the compliance program; management of the program by a qualified compliance officer with adequate staffing support; BSA/AML compliance internal controls; and a BSA/AML risk assessment of the bank, its products and services, and its customers.
- Customer due diligence. The bank must submit a revised customer due diligence program that includes policies and procedures to ensure accurate client account information; a plan to bring existing accounts into compliance with due diligence requirements; a method to assign risk ratings to account holders; policies and procedures to ensure proper customer information is obtained according to the risk of the account holder; and risk-based monitoring procedures and updates to accounts.
- Suspicious activity monitoring and reporting. The bank must submit a written suspicious activity monitoring and reporting program that includes a documented process for establishing monitoring rules; policies and procedures for review of monitoring rules; customer and transaction monitoring; and policies and procedures for the review of suspicious activity.