InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN reiterates criminality of unauthorized SAR disclosures
On September 1, the Financial Crimes Enforcement Network (FinCEN) released a statement reiterating that “the unauthorized disclosure of [suspicious activity reports] (SARs) is a crime that can impact the national security of the United States, compromise law enforcement investigations, and threaten the safety and security of the institutions and individuals who file such reports.” FinCEN stated it is aware that a series of articles will be published by various media outlets based on unlawfully disclosed SARs and other sensitive government documents and has referred the matter to the DOJ and the U.S. Treasury Department’s Office of Inspector General.
Agencies clarify BSA/AML enforcement
On August 13, the OCC, the Federal Reserve Board, the FDIC, and the NCUA (collectively, the “agencies”) issued a joint statement, which clarifies how the agencies apply the enforcement provisions of the Bank Secrecy Act (BSA) and related anti-money laundering (AML) laws and regulations. Specifically, the statement discusses the conditions that require the issuance of a mandatory cease and desist order under sections 8(s) and 206(q). According to the agencies, there are no new exceptions or standards created by document. Among other things, the statement:
- Provides examples of when an agency shall issue a cease and desist order in accordance with sections 8(s)(3) and 206(q)(3) for “[f]ailure to establish and maintain a reasonably designed BSA/AML Compliance Program. The statement notes that an institution would be subject to a cease and desist order when the one component of their compliance program “fails with respect to either a high-risk area or multiple lines of business… even if the other components or pillars are satisfactory.”
- Describes circumstances in which an agency may use its discretion to issue formal or informal enforcement actions related to unsafe or unsound BSA-related practices. The statement notes that the “form and content” of the enforcement action will depend on a variety factors, including “the capability and cooperation of the institution’s management.”
- Describes how the agencies incorporate customer due diligence regulations and recordkeeping requirements as part of the internal controls pillar of an institutions BSA/AML compliance program.
- Discusses the treatment of isolated or technical compliance program requirements that are generally not issues resulting in an enforcement action.
Broker dealer assessed $38 million in penalties for AML violations
On August 10, the Financial Industry Regulatory Authority (FINRA), SEC, and the CFTC announced separate settlements with a broker-dealer following investigations into its anti-money laundering (AML) programs. The broker-dealer did not admit or deny any of the charges, and the agencies all considered remedial actions undertaken by the broker-dealer. FINRA fined the broker-dealer $15 million for allegedly failing to establish and implement AML processes reasonably designed to detect and report suspicious transactions as required by the Bank Secrecy Act, including foreign currency wire transfers to and from countries known to be at high risk for money laundering. Additionally, the broker-dealer “lacked sufficient personnel and a reasonably designed case management system.” The broker-dealer consented to the terms of the Letter of Acceptance, Waiver and Consent and agreed to retain a third-party consultant to take steps to remediate its AML program.
In a separate investigation conducted by the SEC, the broker-dealer reached a settlement to resolve allegations that it repeatedly failed to file suspicious activity reports (SARs) as required by the Exchange Act for U.S. microcap securities trades executed on behalf of its customers. According to the SEC, because the broker-dealer’s “AML policies and procedures were not reasonably tailored to the risks of [its] U.S. microcap securities business,” over a one-year period, it failed to (i) recognize red flags; (ii) properly investigate suspicious activity; and (iii) file more than 150 SARs in a timely fashion even after compliance personnel flagged the suspicious transactions. Under the terms of the order, the broker-dealer has agreed to be censured, will cease and desist from committing future violations, and will pay an $11.5 million civil penalty.
The CFTC also announced a settlement to resolve allegations that the broker-dealer failed to (i) diligently supervise the handling of several commodity trading accounts; (ii) sufficiently oversee its employees’ handling of these accounts, leading to its “failure to maintain an adequate [AML] program and to conduct appropriate customer monitoring”; and (iii) identify or conduct adequate investigations necessary to detect and report suspicious transactions. Under the order, the broker-dealer is required to pay an $11.5 million civil penalty and disgorge $706,214 it earned as the futures commission merchant for certain accounts that were the subject of a 2018 CFTC enforcement action.
FinCEN warns of virtual currency social media scam
On July 16, the Financial Crimes Enforcement Network (FinCEN) issued an alert warning financial institutions about a scam using social media accounts to solicit fraudulent payments denominated in convertible virtual currency (CVC). According to FinCEN, high-profile social media accounts were compromised and used to solicit payments to CVC accounts, with claims that any CVC sent would be “doubled and returned to the sender.” The alert reminds financial institutions to report suspicious transactions involving this type of activity as soon as possible, and that “[a]ny data or information that helps identify the activity as suspicious can be included as an indicator” on their Suspicious Activity Report (SAR) form. The alert notes several indicators to assist financial institutions in identifying activity related to the scam, including (i) communications soliciting payments with misspellings; (ii) social media posts soliciting donations from unverified accounts; and (iii) multiple accounts communicating the same message soliciting funds for an unknown purpose.
FinCEN advisory warns of Covid-19 medical scams, provides guidance on reporting suspicious activity
On May 18, the Financial Crimes Enforcement Network (FinCEN) issued an advisory and companion notice on medical scams related to the Covid-19 pandemic that provide detailed instructions for financial institutions filing reports of Covid-19-related suspicious activities. The advisory outlines numerous red flag indicators and case studies addressing Covid-19 medical-related fraudulent activity to assist financial institutions in detecting, preventing, and reporting suspicious transactions. FinCEN also encourages financial institutions to consider additional contextual information, such as a customer’s historical financial activity and whether a customer exhibits multiple indicators, before making a determination that a transaction is suspicious. FinCEN further advises financial institutions—when taking a risk-based approach to Bank Secrecy Act compliance—to perform additional inquiries and conduct investigations as necessary.
The companion notice provides, among other things, that suspicious activity reports (SAR) should only include Covid-19 statements tied to suspicious activity and that statements related to Covid-19’s impact on SAR filing abilities should not be included. However, FinCEN states that filers who previously included these references are not required to file corrected reports. For fraud schemes, including those that exploit the Covid-19 pandemic, FinCEN reiterates that full details related to SAR filings and supporting documentation should be submitted as quickly as possible. The notice also addresses information sharing among financial institutions and provides contact information for reporting Covid-19-related criminal activity to other agencies.
FINRA reminds firms to be aware of fraud during Covid-19
On May 5, FINRA issued Regulatory Notice 20-13, reminding firms to be aware of the heightened threat of frauds and scams during the Covid-19 pandemic. The notice sets forth practices that firms may wish to implement to address risks relating to fraudulent account openings and money transfers, including a customer identification program, steps to monitor for fraud during account opening, bank account verification and restrictions on funds transfers, ongoing monitoring of accounts, collaboration with clearing firms, and compliance with Suspicious Activity Report filing requirements. The notice also sets forth methods that firms may employ to address risks relating to firm imposter scams and IT help desk scams.
OCC releases January enforcement actions
On February 20, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include four civil money penalty orders, three cease and desist orders, five removal/prohibition orders, and a termination of an existing enforcement action. Included among the actions is a January 30 Consent Order to resolve the OCC’s claims that a New York-based bank engaged in Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program violations. According to the consent order, an OCC examination identified alleged deficiencies in the bank’s BSA/AML compliance program, including (i) failure to “assess and monitor high risk customer activity flowing to or from high risk jurisdictions”; (ii) deficient BSA/AML policies, procedures, systems and controls; (iii) inadequate suspicious activity monitoring and suspicious activity reporting (SAR) to FinCEN; (iv) deficient Customer Due Diligence processes, including failure to appoint a BSA officer; and (v) failure to sufficiently monitor or provide controls for increased wire and ACH transactions. The consent order requires the bank to, among other things, (i) appoint a compliance committee within 30 days; (ii) submit a written strategic plan to the OCC covering at least the next three years; (iii) appoint a “permanent, qualified, and experienced BSA Officer” with sufficient staff; (iv) create and adopt a “written program of internal control policies and procedures to provide for the compliance with the BSA”; and (v) adopt and deploy a “written system of internal controls and processes to ensure compliance with the requirements to file SARs.”
FinCEN focuses on securities industry BSA/AML information sharing
On February 6, Financial Crimes Enforcement Network (FinCEN) Deputy Director Jamal El-Hindi delivered remarks at the Securities Industry and Financial Markets Association’s 20th Anti-Money Laundering (AML) and Financial Crimes Conference discussing, among other things, the agency’s focus on the Bank Secrecy Act (BSA). Specifically, El-Hindi stressed the importance of information sharing in the BSA context, remarking that the financial sector is “in an evolutionary state” dealing with “new technologies and new payment systems, such as those that involve virtual currency.” He asserted that innovators in the development of cryptocurrencies and messaging systems “cannot turn a blind eye to illicit transactions that they may be fostering,” and noted that FinCEN will regulate these emerging systems in accordance with existing principles that underlie the BSA and AML rules and regulations for the financial sector. El-Hindi encouraged the securities industry to share information, observing that only 14 percent of eligible securities companies are registered to take part in the 314(b) business-to-business information sharing program. He suggested that the industry needs better communication and cooperation to increase the effectiveness of BSA information collection. El-Hindi also discussed how cooperation has helped FinCEN’s cross-agency coordination and enhanced the agency’s rulemaking and guidance—specifically in the establishment of the Customer Due Diligence and Beneficial Ownership rule, but recognized that the lack of information collected regarding the formation of new corporations can frustrate the agency’s risk assessment abilities. To motivate information sharing, El-Hindi emphasized the importance of BSA information financial companies collect, sharing that SARs filings by securities companies have “increased roughly eight-fold” from 2003 to 2019, and that data provided from BSA filings is used frequently by law enforcement and regulators to inform their investigations and examinations and to “identify trends and focus resources.”
Fed issues enforcement order for BSA/AML compliance
On January 9, the Federal Reserve Board announced that it entered into a cease and desist order on December 30 with a Texas state-chartered bank due to “significant deficiencies” in the bank’s Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance program that were discovered in its latest examination of the bank. The requirements set out for the bank in the order include:
- Board oversight. The bank must submit a board-approved, written plan to improve oversight of BSA/AML requirements.
- BSA/AML compliance program. The bank must submit a written BSA/AML compliance program that includes BSA/AML training; independent testing of the compliance program; management of the program by a qualified compliance officer with adequate staffing support; BSA/AML compliance internal controls; and a BSA/AML risk assessment of the bank, its products and services, and its customers.
- Customer due diligence. The bank must submit a revised customer due diligence program that includes policies and procedures to ensure accurate client account information; a plan to bring existing accounts into compliance with due diligence requirements; a method to assign risk ratings to account holders; policies and procedures to ensure proper customer information is obtained according to the risk of the account holder; and risk-based monitoring procedures and updates to accounts.
- Suspicious activity monitoring and reporting. The bank must submit a written suspicious activity monitoring and reporting program that includes a documented process for establishing monitoring rules; policies and procedures for review of monitoring rules; customer and transaction monitoring; and policies and procedures for the review of suspicious activity.
FinCEN report: SARs help prevent elder financial exploitation
On December 4, FinCEN announced the release of a Financial Trend Analysis titled, “Elders Face Increased Financial Threat from Domestic and Foreign Actors.” In compiling the report, FinCEN reviewed Bank Secrecy Act (BSA) elder financial exploitation suspicious activity reports (SARs) from 2013 to 2019 to detect patterns and trends. Among other things, the study found that (i) elder financial exploitation filings nearly tripled during the study period, from around 2,000 per month in 2013 to nearly 7,500 in 2019, the majority of which were filed by money services businesses (MSBs) and depository institutions; (ii) while the amount of SARs filed by MSBs ebbed and flowed from 2013 to 2019, those of depository institutions steadily increased; (iii) MSBs filed nearly 80 percent of all SARs describing financial scams, while securities and futures firms filed just over 70 percent of all SARs describing theft; (iv) financial theft from elders is most frequently perpetrated by family members or caregivers; (v) SARs indicated that the most common scams included lottery, person-in-need, and romance scams, the majority of which saw elder victims transferring funds through MSBs; and (vi) money transfer scam SARs were most commonly filed by MSBs who transferred money to a receiver located outside the U.S.