Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Treasury seeks to mitigate digital asset financial risks

    Federal Issues

    On November 18, Assistant Secretary for Terrorist Financing and Financial Crimes at the U.S. Department of Treasury Elizabeth Rosenberg spoke before the Crypto Council for Innovation. In her prepared remarks, Rosenberg discussed an Action Plan to Mitigate the Illicit Finance Risks of Digital Assets (the “Action Plan”), which, according to Rosenberg, is a roadmap for how the U.S. government, led by Treasury, will bring greater transparency to the digital asset sector. The Action Plan is issued pursuant to President Biden’s Executive Order 14067 “Ensuring Responsible Development of Digital Assets” (covered by InfoBytes here). Rosenburg noted that the Action Plan identifies seven priority actions, including improving global anti-money laundering/countering the financing of terrorism (AML/CFT) regulation and enforcement, strengthening U.S. supervision of the virtual asset service providers sector, and engaging with the private sector. She emphasized that it is “critical” to work with the private sector, and between private sector entities, to detect and counter illicit finance. Rosenberg noted that to deepen Treasury’s insight, the agency released a Request for Comment (RFC) in September, seeking feedback on the Action Plan, the assessment of illicit financing risks, and opportunities to strengthen public-private collaboration.

    As previously covered by InfoBytes, the RFC also sought public feedback on AML/CFT regulation and supervision, global implementation of AML/CFT standards, and central bank digital currencies. Rosenberg discussed two issues addressed in the comment letters: (i) a need for regulatory clarity; and (ii) more public-private engagement. Specifically, she noted that “[m]any of the comments acknowledged that in the United States, virtual asset service providers are subject to a regulatory framework for AML/CFT and have sanctions obligations.” She further noted that “industry commenters identified specific areas, such as questions around decentralized finance (DeFi), where they could benefit from additional regulatory clarity or guidance.” Rosenberg also emphasized that Treasury wants to “ensure that safeguards are in place to promote the responsible development of virtual assets to maintain privacy and shield against arbitrary or unlawful surveillance.” She further noted that the goal and intention of Treasury “is not to deter the development of technologies that provide privacy for virtual asset transfers,” and that Treasury “welcome[s] opportunities to further engage with industry on how these technologies can both promote privacy while also mitigating illicit finance risks and complying with regulatory and sanctions obligations.”

    Federal Issues Digital Assets Financial Crimes Department of Treasury Cryptocurrency Decentralized Finance Anti-Money Laundering Combating the Financing of Terrorism

  • OFAC updates FAQs related to sanctioned virtual currency “mixer”

    Financial Crimes

    On November 8, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published one new and three amended cyber-related FAQs related to sanctions issued in August against a virtual currency mixer accused of allegedly laundering more than $7 billion. As previously covered by InfoBytes, OFAC claimed the company “repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis.” Newly added FAQ 1095 clarifies that a designated “person” under Executive Order 13722 or 13694 is a “partnership, association, joint venture, corporation, group, subgroup, or other organization.” Amended FAQs 1076, 1078, and 1079 (i) explain how persons can complete transactions or withdraw virtual currency without violating U.S. sanctions regulations; (ii) clarify whether OFAC reporting obligations apply to “dusting” transactions (wherein “certain U.S. persons may have received unsolicited and nominal amounts of virtual currency or other virtual assets from [the sanctioned company’s] smart contracts”; and (iii) outline prohibitions resulting from the sanctions.

    Financial Crimes Of Interest to Non-US Persons OFAC Department of Treasury OFAC Sanctions OFAC Designations Anti-Money Laundering Digital Assets Virtual Currency

  • FinCEN reports significant increase in ransomware-related BSA filings in 2021

    Financial Crimes

    On November 1, FinCEN reported that ransomware continues to pose a significant threat to U.S. infrastructure, businesses, and the public, with ransomware-related Bank Secrecy Act (BSA) filings in 2021 accounting for nearly $1.2 billion. Issued pursuant to the Anti-Money Laundering Act of 2020, FinCEN’s Financial Trend Analysis examines ransomware activities for calendar year 2021, with a particular focus on ransomware trends in BSA data from July-December 2021. According to FinCEN, reported ransomware-related incidents have substantially increased from 2020, with roughly 75 percent of these incidents reported during the second half of 2021 emanating from or connected to actors in Russia. Highlights from the report include: (i) the number and total U.S. dollar value for ransomware-related incidents during 2021 far exceeds data for any previous year, with FinCEN reporting a 188 percent increase from 2020 to 2021 (possibly reflecting either an increase of ransomware-related incidents or improved reporting and detection); (ii) an average of 132 and a median of 136 ransomware-related incidents per month were reported during the review period (Treasury’s October 2021 measures to combat ransomware — covered by InfoBytes here — and potentially associated reporting obligations may have contributed to the overall rise in 2021 filings, FinCEN noted); and (iii) of the 793 ransomware-related incidents reported during the second half of 2021, 594 (roughly 75 percent) pertained to Russia-related variants.

    The same day, Deputy Secretary of the Treasury Wally Adeyemo hosted participants from 36 countries during the second International Counter Ransomware Initiative Summit where attendees examined the challenges presented by ransomware and discussed the U.S.’s whole-of-government approach for responding to serious threats posed by bad actors.

    Financial Crimes Of Interest to Non-US Persons FinCEN Privacy, Cyber Risk & Data Security Ransomware Department of Treasury Bank Secrecy Act Anti-Money Laundering Act of 2020 Anti-Money Laundering Russia

  • FinCEN issues statements on its lists of jurisdictions with AML/CFT/CPF deficiencies

    Financial Crimes

    On October 31, FinCEN announced that the Financial Action Task Force (FATF) issued public statements updating its lists of jurisdictions with strategic deficiencies in anti-money laundering (AML), countering the financing of terrorism (CFT), and countering the financing of proliferation of weapons of mass destructions (CPF). FATF’s statements include (i) Jurisdictions under Increased Monitoring, “which publicly identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes that have committed to, or are actively working with, the FATF to address those deficiencies in accordance with an agreed upon timeline,” and (ii) High-Risk Jurisdictions Subject to a Call for Action, “which publicly identifies jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and calls on all FATF members to apply enhanced due diligence, and, in the most serious cases, apply counter-measures to protect the international financial system from the money laundering, terrorist financing, and proliferation financing risks emanating from the identified countries.”

    FinCEN’s announcement also informed members that FATF added Burma to the list of High-Risk Jurisdictions Subject to a Call for Action, and advised jurisdictions to apply enhanced due diligence proportionate to the risks. Moreover, U.S. financial institutions should continue to refer to existing FinCEN and Office of Foreign Assets Control guidance on engaging in financial transactions with Burma. Removed from the list of jurisdictions subject to increased monitoring are Nicaragua and Pakistan. With respect to high-risk jurisdictions subject to a call for action — the Democratic People’s Republic of Korea and Iran — “financial institutions must comply with the extensive U.S. restrictions and prohibitions against opening or maintaining any correspondent accounts, directly or indirectly, for North Korean or Iranian financial institutions,” FinCEN said, adding that “[e]xisting U.S. sanctions and FinCEN regulations already prohibit any such correspondent account relationships.”

    Financial Crimes Of Interest to Non-US Persons FinCEN Anti-Money Laundering Combating the Financing of Terrorism FATF Combating Weapons of Mass Destruction Proliferation Financing OFAC

  • FinCEN renews and expands real estate GTOs

    Financial Crimes

    On October 26, FinCEN renewed and expanded its Geographic Targeting Orders (GTOs). The GTOs require U.S. title insurance companies to identify the natural persons behind shell companies that pay “all cash” (i.e., the transaction does not involve external financing) for residential real estate in certain counties within the following major metropolitan areas: “Boston; Chicago; Dallas-Fort Worth; Las Vegas; Los Angeles; Miami; New York City; San Antonio; San Diego; San Francisco; Seattle; the District of Columbia, Northern Virginia, and Maryland (DMV) area; as well as the City and County of Baltimore; the County of Fairfield, Connecticut; and the Hawaiian islands of Honolulu, Maui, Hawaii, and Kauai.” FinCEN also expanded the geographic coverage of the GTOs to counties encompassing Houston and Laredo, Texas, after the agency—in conjunction with law enforcement partners—identified the regions as presenting greater risks for illicit finance activity through non-financed purchases of residential real estate. The purchase amount threshold remains set at $300,000 for residential real estate purchased in the covered areas, with the exception of the City and County of Baltimore for which the purchase threshold is $50,000. The renewed GTOs take effect October 27 and end April 24, 2023. The effective period for the newly added areas begins on November 25.

    FinCEN FAQs regarding the GTOs are available here.

    Financial Crimes Of Interest to Non-US Persons FinCEN GTO Anti-Money Laundering

  • FAFT restricts Russia’s membership, takes action on corruption and drug trafficking

    Financial Crimes

    On October 20, the U.S. Treasury Department announced that the Financial Action Task Force (FATF) concluded its first plenary of the Singaporean presidency, in which it, among other things, took steps to combat corruption and illegal fentanyl trafficking and enhance financial transparency. During the meeting, FATF agreed to seek public input on draft guidance for implementing the FATF standard on beneficial ownership transparency for legal persons. The efforts to improve transparency in beneficial ownership “seek to improve the ability of law enforcement to trace, report, and seize illicit proceeds, and to make it harder for criminals and others to exploit opaque legal structures such as shell companies to hide and launder the proceeds of their crimes.” FATF also adopted a U.S.-led report on money laundering related to the illicit trafficking of synthetic opioids, including fentanyl, which provides information and best practices so that law enforcement and financial investigators around the world can expand their work on complex, cross-border money laundering investigations involving the proceeds of drug trafficking. The FATF also agreed to additional restrictions on the membership rights of the Russian Federation due to its war against Ukraine, including by barring them from participating in current and future FATF project teams.

    Financial Crimes Of Interest to Non-US Persons Department of Treasury Russia Singapore Anti-Money Laundering FATF Beneficial Ownership

  • OCC releases enforcement actions

    On October 20, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included among the actions is a cease and desist order against an New York branch of an India-based bank for allegedly engaging in Bank Secrecy Act/anti-money laundering (BSA/AML) program violations. The bank allegedly “failed to establish and maintain a reasonably designed BSA/AML compliance program ('BSA/AML Program') that adequately covers the required BSA/AML Program components. Deficiencies include (i) a weak system of internal controls; (ii) a weak BSA Officer function; and (iii) an insufficient training program.” The order requires the bank to, among other things, submit a BSA/AML action plan and develop a written suspicious activity monitoring and reporting program.

    Bank Regulatory Federal Issues OCC Enforcement Financial Crimes Anti-Money Laundering SARs Bank Secrecy Act Of Interest to Non-US Persons

  • OFAC, FinCEN take action against virtual currency exchange

    Financial Crimes

    On October 11, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), together with the Financial Crimes Enforcement Network (FinCEN), announced two settlements for more than $24 million and $29 million, respectively, with a Washington state-based virtual currency exchange. According to OFAC’s announcement, this is the agency’s largest virtual currency enforcement action to date, and represent the first parallel actions taken by FinCEN and OFAC in this space.

    OFAC settlement. OFAC’s web notice stated that between March 28, 2014 and December 31, 2017, the exchange operated 1,730 accounts that processed 116,421 virtual currency-related transactions totaling roughly $263,451,600.13, in apparent violation of OFAC sanctions against Cuba, Ukraine, Iran, Sudan, and Syria. Specifically, due to alleged deficiencies in the exchange’s sanctions compliance procedures, the exchange failed to prevent persons located in the sanctioned jurisdictions from using its platform to engage in more than $263,000,000 worth of virtual currency-related transactions. OFAC claimed that while the IP addresses and physical address information collected on each customer at onboarding should have given the exchange reason to know that the persons were located in jurisdictions subject to sanctions, the exchange did not “screen customers or transactions for a nexus to sanctioned jurisdictions.” Rather, the exchange only screened transactions for hits against lists including OFAC’s List of Specially Designated Nationals and Blocked Persons. In arriving at the settlement amount of $24,280,829.20, OFAC considered various aggravating factors, including that the exchange did not exercise due caution or care for its sanctions compliance obligations and conveyed economic benefit to persons located in jurisdictions subject to OFAC sanctions, thus causing harm to the integrity of multiple sanctions programs. OFAC also considered various mitigating factors, including that the exchange provided substantial cooperation throughout the investigation, most of the transactions were for a relatively small amount and represented a small percentage when compared to the exchange’s annual volume of transactions, and the exchange has undertaken remedial measures intended to minimize the risk of recurrence of similar conduct.

    FinCEN settlement. According to FinCEN’s press release, an investigation found that from February 2014 through December 2018, the exchange failed to maintain an effective AML program, resulting in its inability to appropriately address risks associated with its products and services, including anonymity-enhanced cryptocurrencies. The exchange also failed to effectively monitor transactions on its trading platform, and relied “on as few as two employees with minimal anti-money laundering training and experience to manually review all of the transactions for suspicious activity, which at times were over 20,000 per day.” FinCEN claimed that the exchange conducted more than 116,000 transactions valued at over $260 million with persons located in jurisdictions subject to OFAC sanctions, including those operating in Iran, Cuba, Sudan, Syria, and the Crimea region of Ukraine, and failed to file suspicious activity reports (SARs) between February 2014 and May 2017. The exchange also “failed to file SARs on a significant number of transactions involving sanctioned jurisdictions, including the processing of over 200 transactions that involved $140,000 worth of virtual assets—nearly 100 times larger than the average withdrawal or deposit on the Bittrex platform—and 22 transactions involving over $1 million worth of virtual assets,” FinCEN said in its announcement. Under the terms of the consent order, the exchange—which admitted to willfully violating the Bank Secrecy Act (BSA) and its implementing regulations—will pay a $29,280,829.20 civil money penalty. FinCEN stated it will credit the $24,280,829.20 the exchange has agreed to pay for the OFAC violations.

    During remarks delivered at the Association of Certified Anti-Money Laundering Specialists, Under Secretary for Terrorism and Financial Intelligence Brian Nelson discussed, among other topics, Treasury’s efforts to counter illicit finance. Nelson highlighted the aforementioned settlements, stressing that failing to comply with BSA/AML requirements and SARs filing obligations “are not something that companies focused on growth can simply put off to a later day.” He also emphasized that Treasury will continue to strengthen ties with interagency partners and international counterparts to identify and pursue potential violations.

    Financial Crimes Of Interest to Non-US Persons OFAC Department of Treasury OFAC Sanctions OFAC Designations Enforcement FinCEN Digital Assets Anti-Money Laundering Virtual Currency Cuba Ukraine Iran Sudan Syria SARs Compliance Fintech

  • FINRA alerts firms about rising ACATS fraud

    Federal Issues

    On October 6, FINRA issued Regulatory Notice 22-21, alerting member firms to the rising trend of fraudulent account transfers of customer accounts using the Automated Customer Account Transfer Service (ACATS)—an automated system that facilitates the transfer of customer account assets from one member firm to another. FINRA explained that “ACATS fraud is related to the growing threat of new accounts being opened online or through mobile applications using stolen or synthetic identities,” and may occur when the identity of a legitimate customer of a carrying member is stolen by a bad actor to open a brokerage account online or through a mobile app at a receiving member. Bad actors, FINRA warned, may open a new account using stolen information only or through a combination of stolen and false information, and will try to move the ill-gotten assets to an external account at a different financial institution. FINRA reminded members of regulatory obligations that may apply to ACATS fraud, including know-your-customer rules, Bank Secrecy Act/AML requirements, and the Identity Theft Red Flags Rule.

    Federal Issues Financial Crimes Privacy, Cyber Risk & Data Security Fraud FINRA Identity Theft Bank Secrecy Act Anti-Money Laundering

  • OCC releases bank supervision operating plan for FY 2023

    On October 6, the OCC’s Committee on Bank Supervision released its bank supervision operating plan for fiscal year 2023. The plan outlines the agency’s supervision priorities and highlights several supervisory focus areas including: (i) strategic and operational planning; (ii) operational resiliency; (iii) third-party oversight and risk management; (iv) credit risk management with a focus on new products, areas of highest growth, and portfolios representing concentrations; (v) allowances for credit losses (ACL), including instances where ACL processes use third-party modeling techniques; (vi) interest rate risk; (vii) liquidity risk management; (viii) consumer compliance management systems with a focus on how programs are disclosed in relation to UDAP and UDAAP statutes; (ix) Bank Secrecy Act/AML compliance; (x) fair lending risks; (xi) Community Reinvestment Act strategies and the potential for modernization rulemaking; (xii) new products and services in areas such as payments, fintech, and digital assets; and (xiii) climate-change risk management. The plan will be used by OCC staff to guide the development of supervisory strategies for individual national banks, federal savings associations, federal branches and agencies of foreign banking organizations, and certain identified third-party service providers subject to OCC examination.

    The OCC will provide updates about these priorities in its Semiannual Risk Perspective, as InfoBytes has previously covered here.

    Bank Regulatory Federal Issues OCC Supervision Digital Assets Fintech Privacy, Cyber Risk & Data Security UDAP UDAAP Bank Secrecy Act Anti-Money Laundering Climate-Related Financial Risks Fair Lending Third-Party Risk Management Risk Management

Pages

Upcoming Events