InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN data reveals Russian oligarchs’ financial activity
On December 22, the Financial Crimes Enforcement Network (FinCEN) issued a Financial Trend Analysis on the financial activity of Russian oligarchs. In the analysis, FinCEN examined Bank Secrecy Act (BSA) reports from March 2022 to October 2022 involving Russian oligarchs, high-ranking officials, and sanctioned individuals. FinCEN identified 454 reports detailing suspicious activity and reported that some of the trends in the data by Russian oligarchs included: (i) the movement of funds around the start of the invasion of Ukraine in February 2022; (ii) the purchase of high-value goods or property in 2022; and (iii) based on the movement of funds from accounts in Russia to other countries, an indication of potential changes in longstanding oligarch-linked financial flows related to U.S. properties and companies. FinCEN noted that 78 percent of the 454 BSA reports were filed by U.S.-based depository institutions. Other types of financial institutions—such as holding companies or financial technology companies—submitted roughly 19 percent of reports, mainly on suspicious electronic funds transfers or wire transfers and suspicions concerning the source of funds.
CFTC orders respondent to pay $6.5 million for CEA violations
On December 20, the CFTC announced a settlement with a registered futures commission merchant (respondent) for allegedly violating the Commodity Exchange Act, Commission regulations, and Bank Secrecy Act compliance requirements. According to the CFTC, the respondent allegedly “failed to implement an adequate anti-money laundering [] program, particularly as applied to a futures and options trading account controlled by [a customer],” and “failed to implement risk-based limits concerning trading by [a customer].” The CFTC also alleged supervisory and recordkeeping failures stemming from the inadequate anti-money laundering program. The respondent is ordered to pay a $6.5 million civil money penalty and undertake certain remedial measures relating to the violations.
FinCEN further extends FBAR filing deadline for certain individuals
On December 9, the Financial Crimes Enforcement Network (FinCEN) issued Notice 2022-1 to further extend the time for certain Report of Foreign Bank and Financial Accounts (FBAR) filings in light of the agency’s March 2016 notice of proposed rulemaking, which proposed to revise the Bank Secrecy Act’s implementing regulations regarding FBARs. (See previous InfoBytes coverage on the 2016 NPR here.) Specifically, one of the proposed amendments seeks to “expand and clarify the exemptions for certain U.S. persons with signature or other authority over foreign financial accounts,” but with no financial interest, as outlined in FinCEN Notice 2021-1 issued December 9, 2021. FinCEN noted that because the proposal has not been finalized, it is further extending the filing due date to April 15, 2024, for individuals who previously qualified for a filing due date extension under Notice 2021-1. All other individuals must submit FBAR filings by April 15, 2023.
Senators request information from California bank on its relationship with collapsed crypto exchange
On December 5, Senators Elizabeth Warren (D-MA), John Kennedy (R-LA), and Roger Marshall (R-KS) asked the CEO of a California-based bank for information regarding its relationship with several cryptocurrency firms founded by the CEO of a now-collapsed crypto exchange. In their letter, the senators pressed the CEO for an explanation for why the bank failed to monitor for and report suspicious transactions to the Financial Crimes Enforcement Network, and asked for information about how deposits it was holding on behalf of the collapsed exchange and related firm were being handled. The senators stressed that the bank has a legal responsibility under the Bank Secrecy Act to maintain an effective anti-money laundering program that may have flagged suspicious activity. “Your bank's involvement in the transfer of [the collapsed exchange’s] customer funds to [the related firm] reveals what appears to be an egregious failure of your bank’s responsibility to monitor for and report suspicious financial activity carried out by its clients,” the letter said. The senators asked the bank to respond to a series of questions by December 19.
FDIC releases October enforcement actions
On November 25, the FDIC released a list of administrative enforcement actions taken against banks and individuals in October. During the month, the FDIC made public ten orders consisting of “one consent order; one amended and restated consent order; one personal cease and desist order; three orders to pay civil money penalties; two Section 19 orders; and two orders terminating consent orders.” Among the orders is an order to pay a civil money penalty imposed against a Mississippi-based bank related to 128 alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank failed to obtain the required flood insurance or obtain an adequate amount of insurance coverage, at or before loan origination, for all structures in a flood zone. The order requires the payment of a $320,500 civil money penalty.
The FDIC also issued a consent order to a New York-based bank, which alleged that the bank had unsafe or unsound banking practices relating to weaknesses in the Bank’s Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) Program. The bank neither admitted nor denied the alleged violations but agreed to, among other things, increase its supervision, direction, and oversight of AML/CFT personnel and its AML/CFT program.
FinCEN reports significant increase in ransomware-related BSA filings in 2021
On November 1, FinCEN reported that ransomware continues to pose a significant threat to U.S. infrastructure, businesses, and the public, with ransomware-related Bank Secrecy Act (BSA) filings in 2021 accounting for nearly $1.2 billion. Issued pursuant to the Anti-Money Laundering Act of 2020, FinCEN’s Financial Trend Analysis examines ransomware activities for calendar year 2021, with a particular focus on ransomware trends in BSA data from July-December 2021. According to FinCEN, reported ransomware-related incidents have substantially increased from 2020, with roughly 75 percent of these incidents reported during the second half of 2021 emanating from or connected to actors in Russia. Highlights from the report include: (i) the number and total U.S. dollar value for ransomware-related incidents during 2021 far exceeds data for any previous year, with FinCEN reporting a 188 percent increase from 2020 to 2021 (possibly reflecting either an increase of ransomware-related incidents or improved reporting and detection); (ii) an average of 132 and a median of 136 ransomware-related incidents per month were reported during the review period (Treasury’s October 2021 measures to combat ransomware — covered by InfoBytes here — and potentially associated reporting obligations may have contributed to the overall rise in 2021 filings, FinCEN noted); and (iii) of the 793 ransomware-related incidents reported during the second half of 2021, 594 (roughly 75 percent) pertained to Russia-related variants.
The same day, Deputy Secretary of the Treasury Wally Adeyemo hosted participants from 36 countries during the second International Counter Ransomware Initiative Summit where attendees examined the challenges presented by ransomware and discussed the U.S.’s whole-of-government approach for responding to serious threats posed by bad actors.
OCC releases enforcement actions
On October 20, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included among the actions is a cease and desist order against an New York branch of an India-based bank for allegedly engaging in Bank Secrecy Act/anti-money laundering (BSA/AML) program violations. The bank allegedly “failed to establish and maintain a reasonably designed BSA/AML compliance program ('BSA/AML Program') that adequately covers the required BSA/AML Program components. Deficiencies include (i) a weak system of internal controls; (ii) a weak BSA Officer function; and (iii) an insufficient training program.” The order requires the bank to, among other things, submit a BSA/AML action plan and develop a written suspicious activity monitoring and reporting program.
FINRA alerts firms about rising ACATS fraud
On October 6, FINRA issued Regulatory Notice 22-21, alerting member firms to the rising trend of fraudulent account transfers of customer accounts using the Automated Customer Account Transfer Service (ACATS)—an automated system that facilitates the transfer of customer account assets from one member firm to another. FINRA explained that “ACATS fraud is related to the growing threat of new accounts being opened online or through mobile applications using stolen or synthetic identities,” and may occur when the identity of a legitimate customer of a carrying member is stolen by a bad actor to open a brokerage account online or through a mobile app at a receiving member. Bad actors, FINRA warned, may open a new account using stolen information only or through a combination of stolen and false information, and will try to move the ill-gotten assets to an external account at a different financial institution. FINRA reminded members of regulatory obligations that may apply to ACATS fraud, including know-your-customer rules, Bank Secrecy Act/AML requirements, and the Identity Theft Red Flags Rule.
OCC releases bank supervision operating plan for FY 2023
On October 6, the OCC’s Committee on Bank Supervision released its bank supervision operating plan for fiscal year 2023. The plan outlines the agency’s supervision priorities and highlights several supervisory focus areas including: (i) strategic and operational planning; (ii) operational resiliency; (iii) third-party oversight and risk management; (iv) credit risk management with a focus on new products, areas of highest growth, and portfolios representing concentrations; (v) allowances for credit losses (ACL), including instances where ACL processes use third-party modeling techniques; (vi) interest rate risk; (vii) liquidity risk management; (viii) consumer compliance management systems with a focus on how programs are disclosed in relation to UDAP and UDAAP statutes; (ix) Bank Secrecy Act/AML compliance; (x) fair lending risks; (xi) Community Reinvestment Act strategies and the potential for modernization rulemaking; (xii) new products and services in areas such as payments, fintech, and digital assets; and (xiii) climate-change risk management. The plan will be used by OCC staff to guide the development of supervisory strategies for individual national banks, federal savings associations, federal branches and agencies of foreign banking organizations, and certain identified third-party service providers subject to OCC examination.
The OCC will provide updates about these priorities in its Semiannual Risk Perspective, as InfoBytes has previously covered here.
FDIC releases August enforcement actions
On September 30, the FDIC released a list of administrative enforcement actions taken against banks and individuals in August. During the month, the FDIC made public seven orders consisting of “one consent order, one order terminating consent order, two orders of prohibition from further participation and three orders granting permission to file application and approving application for consent to participate in the conduct of the affairs of any insured depository institution.” Among the orders is a consent order imposed against a Mississippi-based bank by the FDIC and the Mississippi Department of Banking and Consumer Finance, which alleged that the bank engaged in unsafe or unsound banking practices or violations of law relating to the Bank Secrecy Act (BSA). While the bank consented to the action, it did so without admitting or denying any charges. Under the consent order, the bank must, among other things: (i) develop, adopt, and implement a written customer due diligence program; (ii) develop and establish a system of internal controls; and (iii) establish and maintain an independent testing program for compliance with the BSA and its implementing rules and regulations. The bank must also “conduct a lookback review all transactions of $3M or more starting with July 1, 2020, through February 28, 2022, to ensure all suspicious activity is identified, investigated and/or a SAR filed or a documented decision not to file is completed.”