InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC, FinCEN take action against virtual currency exchange
On October 11, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), together with the Financial Crimes Enforcement Network (FinCEN), announced two settlements for more than $24 million and $29 million, respectively, with a Washington state-based virtual currency exchange. According to OFAC’s announcement, this is the agency’s largest virtual currency enforcement action to date, and represent the first parallel actions taken by FinCEN and OFAC in this space.
OFAC settlement. OFAC’s web notice stated that between March 28, 2014 and December 31, 2017, the exchange operated 1,730 accounts that processed 116,421 virtual currency-related transactions totaling roughly $263,451,600.13, in apparent violation of OFAC sanctions against Cuba, Ukraine, Iran, Sudan, and Syria. Specifically, due to alleged deficiencies in the exchange’s sanctions compliance procedures, the exchange failed to prevent persons located in the sanctioned jurisdictions from using its platform to engage in more than $263,000,000 worth of virtual currency-related transactions. OFAC claimed that while the IP addresses and physical address information collected on each customer at onboarding should have given the exchange reason to know that the persons were located in jurisdictions subject to sanctions, the exchange did not “screen customers or transactions for a nexus to sanctioned jurisdictions.” Rather, the exchange only screened transactions for hits against lists including OFAC’s List of Specially Designated Nationals and Blocked Persons. In arriving at the settlement amount of $24,280,829.20, OFAC considered various aggravating factors, including that the exchange did not exercise due caution or care for its sanctions compliance obligations and conveyed economic benefit to persons located in jurisdictions subject to OFAC sanctions, thus causing harm to the integrity of multiple sanctions programs. OFAC also considered various mitigating factors, including that the exchange provided substantial cooperation throughout the investigation, most of the transactions were for a relatively small amount and represented a small percentage when compared to the exchange’s annual volume of transactions, and the exchange has undertaken remedial measures intended to minimize the risk of recurrence of similar conduct.
FinCEN settlement. According to FinCEN’s press release, an investigation found that from February 2014 through December 2018, the exchange failed to maintain an effective AML program, resulting in its inability to appropriately address risks associated with its products and services, including anonymity-enhanced cryptocurrencies. The exchange also failed to effectively monitor transactions on its trading platform, and relied “on as few as two employees with minimal anti-money laundering training and experience to manually review all of the transactions for suspicious activity, which at times were over 20,000 per day.” FinCEN claimed that the exchange conducted more than 116,000 transactions valued at over $260 million with persons located in jurisdictions subject to OFAC sanctions, including those operating in Iran, Cuba, Sudan, Syria, and the Crimea region of Ukraine, and failed to file suspicious activity reports (SARs) between February 2014 and May 2017. The exchange also “failed to file SARs on a significant number of transactions involving sanctioned jurisdictions, including the processing of over 200 transactions that involved $140,000 worth of virtual assets—nearly 100 times larger than the average withdrawal or deposit on the Bittrex platform—and 22 transactions involving over $1 million worth of virtual assets,” FinCEN said in its announcement. Under the terms of the consent order, the exchange—which admitted to willfully violating the Bank Secrecy Act (BSA) and its implementing regulations—will pay a $29,280,829.20 civil money penalty. FinCEN stated it will credit the $24,280,829.20 the exchange has agreed to pay for the OFAC violations.
During remarks delivered at the Association of Certified Anti-Money Laundering Specialists, Under Secretary for Terrorism and Financial Intelligence Brian Nelson discussed, among other topics, Treasury’s efforts to counter illicit finance. Nelson highlighted the aforementioned settlements, stressing that failing to comply with BSA/AML requirements and SARs filing obligations “are not something that companies focused on growth can simply put off to a later day.” He also emphasized that Treasury will continue to strengthen ties with interagency partners and international counterparts to identify and pursue potential violations.
FINRA fines broker dealer for AML failures
On September 9, FINRA settled charges with a broker dealer (respondent) for alleged failures in its anti-money laundering (AML) compliance program. According to the letter of acceptance, waiver, and consent, the respondent allegedly failed to, among other things: (i) establish a reasonably designed AML program; (ii) implement a customer identification program; (iii) reasonably supervise for potentially manipulative trading; and (iv) preserve and maintain certain electronic communications. Additionally, FINRA found that the respondent unreasonably relied on manual reviews of the daily trade blotter to identify market manipulation. FINRA’s order includes alleged violations of FINRA Rule 2010, Rule 3110, Rule 3310(a)-(b) and Rule 4511. FINRA also determined that the respondent violated Securities Exchange Act of 1934 Section 17(a) and Rule 17a-4(b)(4). The respondent agreed to pay a $450,000 civil monetary penalty to FINRA and is prohibited from providing market access for two years.
FDIC updates risk management, consumer compliance examination policies
Recently, the FDIC updated Section 2.1 of its Risk Management Manual of Examination Policies related to capital. The FDIC noted that since capital adequacy assessments are central to the supervisory process, examination staff “evaluate all aspects of a financial institution’s risk profile and activities to determine whether its capital levels are appropriate and in compliance with minimum regulatory requirements.” This includes examining a financial institution’s capital ratios, risk-weighted assets, regulatory capital requirements, community bank leverage ratios, capital adequacy (including liquidity, earnings, and market risk), and adherence to laws and regulations. The FDIC also announced updates to the Privacy—Telephone Consumer Protection Act section within its Consumer Compliance Examination Manual (CEM). The CEM includes supervisory policies and examination procedures for FDIC examination staff evaluating financial institutions’ compliance with federal consumer protection laws and regulations.
FINRA reminds firms of their obligation to supervise digital signatures
Recently, FINRA issued Regulatory Notice 22-18 reminding member firms of their obligation to supervise for digital signature forgery and falsification. FINRA reported it has received a rising number of reports claiming registered representatives and associated persons have been forging or falsifying customer signatures, as well as those of colleagues or supervisors in some instances. Issues have been flagged in “account opening documents and updates, account activity letters, discretionary trading authorizations, wire instructions and internal firm documents related to the review of customer transactions.” FINRA advised member firms to review outlined methods and scenarios for identifying digital signature forgery or falsification in order to mitigate risk and meet regulatory obligations.
OCC updates bank accounting guidance
On August 15, the OCC released an annual update to its Bank Accounting Advisory Series (BAAS). (See also OCC Bulletin 2022-20.) Intended to address a variety of accounting topics relevant to national banks and federal savings associations and to promote consistent application of accounting standards and regulatory reporting among OCC-supervised banks, the BAAS reflects updates that clarify accounting standards issued by the Financial Accounting Standards Board related to, among other things, (i) “the amortization of premiums on debt securities with a call option over a preset period”; and (ii) “lessors’ classification of certain leases with variable lease payments.” The 2022 edition also includes answers to frequently asked questions from industry and bank examiners. The OCC notes that the BAAS does not represent OCC rules or regulations but rather “represents the Office of the Chief Accountant’s interpretations of generally accepted accounting principles and regulatory guidance based on the facts and circumstances presented.”
OCC reports on key risks facing the federal banking system
On June 23, the OCC released its Semiannual Risk Perspective for Spring 2022, which reports on key risks threatening the safety and soundness of national banks, federal savings associations, and federal branches and agencies. The OCC reported that as “banks continue to navigate the operational- and market-related impacts of the pandemic along with substantial government stimulus, current geopolitics have tightened financial conditions and increased downside risk to economic growth.” However, the OCC noted that banks’ financial conditions remain strong and that banks are well-positioned to “deal with the economic headwinds arising from geopolitical events, higher interest rates and increased inflation.”
The OCC highlighted operational, compliance, interest rate, and credit risks as key risk themes in the report. Observations include: (i) operational risk, including evolving cyber risk, is elevated, with an observed increase in attacks on the financial services industry given current geopolitical tensions; (ii) compliance risk remains heightened as banks navigate the current operational environment, regulatory changes, and policy initiatives; and (iii) credit risk remains moderate, with banks facing certain areas of weakness and potential longer-term implications resulting from the Covid-19 pandemic, inflation, and direct and indirect effects of the war in Ukraine. Staffing challenges among banks also present risks, with challenges posed by “strong competition” in the labor market.
The report also discussed the importance of appropriate due diligence of new digital asset products and services. The OCC said that it “continues to engage on an interagency basis to analyze various crypto-asset use cases,” and is looking to “provide further clarity on legal permissibility, as well as safety and soundness and compliance considerations related to crypto-assets” in the banking industry.
The OCC further stated it “will continue to monitor the development of climate-related financial risk management frameworks at large banks,” and reported that “OCC large-bank examination teams will integrate the examination of climate-related financial risk into supervision strategies and continue to engage with bank management to better understand the challenges banks face in this effort, including identifying and collecting appropriate data and developing scenario analysis capabilities and techniques.”
FDIC updates Consumer Compliance Examination Manual’s UDAAP provisions
On June 17, the FDIC announced updates to its Consumer Compliance Examination Manual (CEM). The CEM includes supervisory policies and examination procedures for FDIC examination staff when evaluating financial institutions’ compliance with federal consumer protection laws and regulations. The June update modifies Section VII Unfair, Deceptive, or Abusive Acts or Practices to reflect the FDIC’s existing supervisory authority regarding UDAP and UDAAP under Section 5 of the FTC Act, and Sections 1031 and 1036 of the Dodd-Frank Act, respectively. Among other updates, the new Section VII changes language related to the Equal Credit Opportunity Act and Fair Housing Act to add a reference to Dodd-Frank UDAAP provisions. The updated section provides the following:
ECOA prohibits discrimination in any aspect of a credit transaction against persons on the basis of race, color, religion, national origin, sex, marital status, age (provided the applicant has the capacity to contract), the fact that an applicant’s income derives from any public assistance program, and the fact that the applicant has in good faith exercised any right under the Consumer Credit Protection Act. The FHA prohibits creditors involved in residential real estate transactions from discriminating against any person on the basis of race, color, religion, sex, handicap, familial status, or national origin. FTC UDAPs and Dodd-Frank UDAAPs that target or have a disparate impact on consumers in one of these prohibited basis groups may violate the ECOA or the FHA, as well as the FTC Act or the Dodd-Frank Act. Moreover, some state and local laws address discrimination against additional protected classes, e.g., handicap in non-housing transactions, or sexual orientation. Such conduct may also violate the FTC Act or the Dodd-Frank Act.
With respect to the legal standards for “unfair” and “deceptive” under the FTC Act and Dodd-Frank, Section VII notes that these standards are “substantially similar.”
FDIC highlights NSF/overdraft fees, fair lending in 2022 Consumer Compliance Supervisory Highlights
On March 31, the FDIC released the spring 2022 edition of the Consumer Compliance Supervisory Highlights to provide information and observations related to the FDIC’s consumer compliance supervision of state non-member banks and thrifts in 2021. Topics include:
- A summary of the FDIC’s supervisory approach in response to the Covid-19 pandemic, including efforts made by banks to meet the needs of consumers and communities.
- An overview of the most frequently cited violations (approximately 78 percent of total violations involved TILA, the Flood Disaster Protection Act (FDPA), EFTA, Truth in Savings Act, and RESPA). During 2021, the FDIC initiated 20 formal enforcement actions and 24 informal enforcement actions addressing consumer compliance examination observations, and issued civil money penalties totaling $2.7 million against institutions to address violations of the FDPA and Section 5 of the FTC Act.
- Information on the charging of multiple non-sufficient funds fees (NSF) for re-presented items, and risk-mitigating activities taken by banks to avoid potential violations. According to the FDIC, “failure to disclose material information to customers about re-presentment practices and fees” may be deceptive. The failure to disclose material information to customers “may also be unfair if there is the likelihood of substantial injury for customers, if the injury is not reasonably avoidable, and if there is no countervailing benefit to customers or competition. For example, there is risk of unfairness if multiple fees are assessed for the same transaction in a short period of time without sufficient notice or opportunity for consumers to bring their account to a positive balance.” Recommendations on addressing overdraft issues are discussed in the report.
- An overview of fair lending concerns highlighting ways to mitigate risk, including “[m]aintaining written policies and procedures that include information for lending staff to reference when applying credit decision criteria and determining whether borrowers are creditworthy” and reviewing requirements used to screen potential applicants to make sure there is no “discriminatory impact.”
- Information on regulatory developments, such as (i) rulemaking related to the Community Reinvestment Act, flood insurance, false advertising/misuse of the FDIC’s name or logo rulemaking, deposit insurance, and LIBOR; and (ii) guidance on fintech due diligence, artificial intelligence/machine learning, and third-party risk management.
- A summary of consumer compliance resources available to financial institutions.
- An overview of consumer complaint trends.
SEC 2022 examination priorities include information security, emerging technologies, and crypto-assets
On March 30, the SEC’s Division of Examinations announced that its 2022 examination priorities will focus on key risk factors related to private funds, environmental, social and governance investing, retail investor protections, information security and operational resiliency, emerging technologies, and crypto-assets. SEC registrants, including investment advisers, broker-dealers, self-regulatory organizations, clearing firms, and other registrants, are reminded of their obligations to address, manage, and mitigate these key risk areas. The SEC stated that examiners will continue to review whether firms are taking appropriate measures to safeguard customer accounts to prevent intrusions. Firms are expected to implement procedures to respond to incidents, identify and detect red flags for identity theft, and manage operational risk, including oversight of vendors and service providers. With respect to emerging technologies and crypto-assets, the SEC announced it will review whether firms are considering emerging financial technologies when designing their regulatory compliance programs. The SEC will also focus on firms that offer new products and services or employ new practices “to assess whether operations and controls in place are consistent with disclosures made and the standard of conduct owed to investors and other regulatory obligations.” Additionally, examinations of market participants engaged in crypto-assets will continue to focus on custody arrangements for such assets, as well as “the offer, sale, recommendation, advice, and trading of crypto-assets” offered by these participants. The SEC also warned that it will be investigating whether registered investment advisors are “overstating or misrepresenting” environmental, social, and governance factors in their portfolios or disclosures.
Treasury official says it’s time to reconsider “culture of compliance”
On March 21, the U.S. Treasury Department’s Assistant Secretary for Terrorist Financing and Financial Crimes Elizabeth Rosenberg delivered remarks before the Association of Certified Anti-Money Laundering Specialists (ACAMS) Hollywood Conference, asking attendees to consider “[w]hat must a culture of compliance look like in a world where autocracy is on the rise” and how financial institutions should adapt their Bank Secrecy Act/anti-money laundering (AML) obligations to ensure they are effective. Rosenberg praised the quick responses taken by financial institutions and financial service providers in implementing the growing list of sanctions against Russia and Russian President Vladimir Putin’s support structure in light of the recent invasion of Ukraine. “Russia’s war has meaningfully expanded AML and sanctions obligations,” Rosenberg cautioned, stressing it was time for an updated approach to considering and managing risk. “Geopolitical events are evolving fast, and we need financial institutions more than ever to act swiftly as we in the government are pushing out new designations and advisories almost daily.” She instructed attendees to “think about risk and enhanced due diligence when it comes to Russian oligarchs and kleptocrats who may not have been priorities for [entities’] compliance efforts in early February but are now crucial players, supporting Putin’s power structure.”
Rosenberg further noted that Treasury’s efforts would be aided if public and private sectors were faster about sharing information and if information sharing was improved “across borders, between financial institutions, and with the government.” Closing money laundering and global passport loopholes through which sanctioned actors can move funds and assets around the globe is also critical, Rosenberg stated. She also highlighted the U.S. government’s recent collaboration with foreign partners to help countries effectively take measures to “find, restrain, freeze, and where appropriate, to confiscate the assets of those who have been sanctioned in connection with Russia’s invasion of Ukraine.” These multilateral efforts include the recent launch of the Russian Elites, Proxies, and Oligarchs multilateral task force, and Treasury’s Kleptocracy Asset Recovery Rewards Program, as well as recently issued FinCEN advisories to help compliance officials better identify Russian sanctions evasion and suspicious financial activity including through real estate, luxury goods, and other high-value assets. (Covered by InfoBytes here.)
Find continuing InfoBytes coverage on the U.S. sanctions response to Russia’s invasion of Ukraine here.