InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FDIC releases August enforcement actions
On September 30, the FDIC released a list of administrative enforcement actions taken against banks and individuals in August. During the month, the FDIC made public seven orders consisting of “one consent order, one order terminating consent order, two orders of prohibition from further participation and three orders granting permission to file application and approving application for consent to participate in the conduct of the affairs of any insured depository institution.” Among the orders is a consent order imposed against a Mississippi-based bank by the FDIC and the Mississippi Department of Banking and Consumer Finance, which alleged that the bank engaged in unsafe or unsound banking practices or violations of law relating to the Bank Secrecy Act (BSA). While the bank consented to the action, it did so without admitting or denying any charges. Under the consent order, the bank must, among other things: (i) develop, adopt, and implement a written customer due diligence program; (ii) develop and establish a system of internal controls; and (iii) establish and maintain an independent testing program for compliance with the BSA and its implementing rules and regulations. The bank must also “conduct a lookback review all transactions of $3M or more starting with July 1, 2020, through February 28, 2022, to ensure all suspicious activity is identified, investigated and/or a SAR filed or a documented decision not to file is completed.”
OCC issues $6 million penalty against national bank, terminates formal agreement
On September 27, the OCC announced a $6 million civil money penalty against a national bank for alleged unsafe or unsound practices related to a low-document mortgage loan program offered by the bank. According to the OCC, from mid-2011 to December 2019, the bank allegedly, among other things: (i) originated numerous loans that had false or fraudulent loan applications; (ii) falsified applicants’ information on supporting loan documents; (iii) failed to make a reasonable and good faith determination of applicants’ ability to repay; (iv) failed to ensure that documents used to verify applicants’ employment, income, and assets obtained from third parties, were reasonably reliable and accurate; (v) failed to properly disclose fees to third-party mortgage brokers on loan estimates and closing disclosures; and (vi) failed to implement an adequate system of Bank Secrecy Act/anti-money laundering internal controls and failed to file Suspicious Activity Reports in a timely manner. The bank must pay a $6 million civil penalty to the U.S. Treasury Department. The OCC also terminated a 2019 formal agreement between the OCC and the bank to remediate unsafe or unsound practices and violations of law. The OCC found that the bank implemented corrective actions required by the agreement and is in compliance with the enforcement action. The OCC also noted that it is continuing “to review the conduct of institution-affiliated parties subject to OCC jurisdiction who were associated with the now-ceased [program],” and that the “work remains ongoing.”
OCC orders bank to improve oversight of fintech partnerships
Recently, a national bank disclosed an agreement reached with the OCC that requires the bank to improve its oversight and management of third-party fintech partnerships. According to an SEC filing, the OCC found unsafe or unsound practices related to the bank’s third-party risk management, Bank Secrecy Act (BSA)/anti-money laundering risk management, suspicious activity reporting, and information technology control and risk governance. Under the terms of the agreement, the bank must, within 10 days of the agreement, appoint a compliance committee comprised mostly of members from outside the bank to meet at least quarterly and provide progress reports outlining the results and status of the mandated corrective actions. Within 60 days of the agreement, the bank must also adopt and implement guidelines for assessing risks posed by third-party fintech partnerships and address how the bank “identifies and assesses the inherent risks of the products, services, and activities performed by the third-parties, including but not limited to BSA, compliance, operational, liquidity, counterparty and credit risk as applicable.” Additionally, the bank must establish criteria for their board of directors' review and approval of third-party fintech relationship partners, as well as how it will assess “BSA risk for each third-party fintech relationship partner, including risk associated with money laundering, terrorist financing, and sanctions risk as well as the third-party’s processes for mitigating such risks and complying with applicable laws and regulations.” The agreement also requires due diligence, monitoring, and contingency plan measures.
The agreement further stipulates that the bank’s board and management shall, within 90 days, (i) set up written BSA risk assessment guidelines; (ii) adopt an independent audit program; (iii) implement expanded risk-based policies, procedures, and processes to obtain and analyze appropriate customer due diligence, enhanced due diligence, and beneficial ownership information, including for fintech businesses; (iv) develop and adhere to a set of standards to ensure timely suspicious activity monitoring and reporting; and (v) establish a program to assess and manage the bank’s information technology activities, including those conducted by third-party partners. The bank must also conduct a suspicious activity review lookback within 30 days.
FinCEN issues warning on elder financial exploitation
On June 15, FinCEN issued an advisory alerting financial institutions about the increase of elder financial exploitation (EFE). EFE involves the illegal or improper use of an older adult’s funds, among other things, and is often perpetrated either through theft or scams. According to the advisory, financial institutions filed 72,000 suspicious activity reports in 2021 related to EFE—an increase of 10,000 reports from 2020. The advisory provides updated typologies since FinCEN issued its first advisory on the issue in 2011, and highlights behavioral and financial red flags to aid financial institutions with identifying, preventing, and reporting suspected EFE. The announcement also refers to the risk-based approach to compliance under the Bank Secrecy Act, which provides that “[f]inancial institutions should perform additional due diligence where appropriate and remain alert to any suspicious activity that could indicate that their customers are perpetrators, facilitators, or victims of EFE.”
SEC charges broker-dealer with SAR violations
On May 20, the SEC announced charges against the broker-dealer affiliate of a national bank for allegedly failing to file Suspicious Activity Reports (SARs) in a timely manner in violation of the Securities Exchange Act and Rule 17a-8. According to the SEC’s order, the broker-dealer’s internal anti-money laundering (AML) transaction monitoring and alert system allegedly failed to reconcile the different country codes used to monitor foreign wire transfers due to an alleged failure to test a new version of the system. The broker-dealer also allegedly did not timely file SARs related to suspicious transactions in its customers’ brokerage accounts involving the wire transfers to or from foreign countries that it determined to be at a high or moderate risk for money laundering, terrorist financing, or other illegal money movements. Additionally, in April 2017, the broker-dealer allegedly failed to timely file additional SARs due to a failure to appropriately process wire transfer data into its AML transaction monitoring system in certain other situations. In addition to the $7 million penalty, the institution, without admitting or denying the SEC’s findings, agreed to a censure and a cease-and-desist order.
OCC releases enforcement actions
On May 19, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included is a cease and desist order against an Alaska-based bank for allegedly engaging in Bank Secrecy Act/anti-money laundering (BSA/AML) program violations. The bank allegedly “failed to adopt and implement a compliance program that adequately covers the required BSA/AML program elements, including, in particular, internal controls for customer due diligence and procedures for monitoring suspicious activity, BSA officer and staff, and training.” The order requires the bank to, among other things, establish a compliance committee, submit a BSA/AML action plan, and develop a written suspicious activity monitoring and reporting program.
OCC issues consent order against digital asset bank for AML deficiencies
On April 21, the OCC issued a consent order against the first federally-chartered bank focused on cryptocurrencies, just 15 months after granting the institution a national bank charter for purposes of taking custody of cryptocurrency. The consent order alleged failure to adopt and implement a compliance program that adequately covers required BSA/AML program elements. In January 2021, the OCC granted conditional approval to convert the bank’s charter to a national association with the “enforceable condition of approval” that the bank would, among other things, meet BSA/AML requirements.
OCC issues final rule on authority for SAR requirements
On April 14, the OCC issued a bulletin reminding regulated banks of a final rule amending the agency’s suspicious activity report (SAR) regulations. The final rule takes effect May 1 (covered by InfoBytes here). Generally, the final rule clarifies the processes by which the OCC may issue exemptions from the requirements of the SAR regulations “based on a request … [for an exemption] that meets the criteria specified in the final rule.” The bulletin notes, however, that the final rule does not itself create any exemptions from the SAR regulations.
FinCEN advises banks to detect foreign corrupt activity
On April 14, FinCEN issued an advisory on kleptocracy and foreign public corruption, urging financial institutions to direct their efforts on detecting the proceeds of foreign public corruption. The advisory provides typologies and potential indicators of kleptocracy and other forms of foreign public corruption, including bribery, embezzlement, extortion, and the misappropriation of public assets, and highlights financial red-flag indications of kleptocracy and foreign public corruption to assist banks in preventing, detecting, and reporting suspicious transactions. The announcement also refers to the U.S. Treasury Department’s Kleptocracy Asset Recovery Rewards Program, which offers rewards for information leading to seizure, restraint, or forfeiture of assets linked to foreign government corruption, including the Government of the Russian Federation (covered by InfoBytes here).
FinCEN’s interactive SAR stats now include 2021 data
On March 28, FinCEN announced that its Interactive SAR Stats webpage now includes Filing Trend Data by industry updated through December 31, 2021. As previously covered by InfoBytes, SAR Stats—formerly called By the Numbers—is an annual compilation of numerical data gathered from the Suspicious Activity Reports (SARs) filed by financial institutions using FinCEN’s new unified SAR form and e-filing process. Interactive SAR Stats provide users the opportunity to find FinCEN’s trend data for aggregated counts of defined suspicious activities that financial institutions file with FinCEN as required by the Bank Secrecy Act.