On March 16, DOJ Assistant AG Leslie Caldwell delivered remarks at the annual ACAMS anti-money laundering conference regarding the importance of establishing and maintaining robust compliance programs within financial institutions to prevent criminal activity, and recent DOJ enforcement actions taken against financial institutions in the anti-money laundering space. Caldwell outlined the integral parts of an effective compliance program, to include: (i) providing sufficient funding and access to essential resources; (ii) incentivizing compliance and ensuring that disciplinary measures are even handed for low-level and senior employees; and (iii) ensuring that third parties interacting with the institutions understand the institution’s expectations and are serious about compliance management. Caldwell emphasized that the strength of an institution’s compliance program is “an important factor for prosecutors in determining whether to bring charges against a business entity that has engaged in some form of criminal misconduct.” Caldwell highlighted the Criminal Division’s recent actions involving financial fraud and sanctions violations, observing that many have resulted in deferred prosecution agreements or non-prosecution agreements (DPAs and NPAs), enforcement tools the DOJ utilizes in the Criminal Division’s cases. Finally, addressing concerns that the DOJ and other law enforcement authorities have targeted the financial industry for investigation and prosecution, Caldwell stated, “banks and other financial institutions continue to come up on our radar screens because they, and the individuals through which they act, continue to violate the law, maintain ineffective compliance programs or simply turn a blind eye to criminal conduct to preserve profit.”
On March 19, four federal and state agencies –DOJ, the Department of Labor (DOL), the SEC, and New York Attorney General – entered into a proposed $714 million settlement agreement against a large bank to resolve allegations of fraudulent conduct involving the pricing and misleading representation of a specific foreign exchange product. According to the settlement, for over a decade the bank misled clients about the pricing they received on the bank’s automatic platform used to execute trades on the clients’ behalf. The bank quoted clients prices that were at or near the least favorable interbank rate, purchased the most favorable interbank rate for themselves, and sold the highest prices to clients, profiting from the difference. Under the proposed settlement, the bank will pay (i) a $167.5 million civil penalty to the DOJ to resolve allegations brought under federal statutes including FIRREA and the False Claims Act; (ii) $167.5 million to the State of New York to resolve claims brought under the Martin Act; (iii) $14 million to the DOL for ERISA claims, (iv) $30 million to the SEC to resolve violations of the Investment Company Act, and (v) $335 million to settle private class action suits filed by customers. The bank also agreed to end its employment relationship with senior executives involved in the conduct.
FinCEN Assesses $75,000 Penalty Against Check Casher Business for Violating Anti-Money Laundering Laws
On March 18, the Financial Crimes Enforcement Network (FinCEN) assessed a $75,000 civil money penalty against a Colorado check casher and its general manager and ordered it to cease all business activities for “willfully violating” registration, reporting, and anti-money laundering provisions of the Bank Secrecy Act (BSA). The Colorado-based check casher had been the subject of three BSA compliance examinations by the Internal Revenue Service, “all of which found significant and repeated violations.” Under the BSA, money services business are required to implement anti-money laundering controls, conduct internal compliance reviews, and provide compliance training for all staff in an effort to prevent the facilitation of money laundering and the financing of terrorist activities. The Colorado check casher failed to employ such programs, which resulted in a significant amount of untimely and inaccurate currency transaction reports.
On March 17, the FFIEC released a summary of its cybersecurity priorities for the remainder of 2015. The FFIEC intends to enhance its cybersecurity preparedness in seven main ways: (i) issuing a cybersecurity self-assessment tool that will help institutions to evaluate cybersecurity risk and risk management capabilities; (ii) improving council members’ process for “gathering, analyzing, and sharing information with each other during cyber incidents;” (iii) ensuring that test emergency protocols are set to respond to all cyber incidents in coordination with public-private partnerships; (iv) establishing training programs on developing cyber threats and vulnerabilities; (v) updating the Information Technology Examination Handbook; (vi) increasing focus on technology service providers’ ability to respond to cyber threats; and (vii) collaborating and sharing information with law enforcement and intelligence agencies. The seven action items derive from the FFIEC’s 2014 pilot assessment of cybersecurity readiness at over 500 financial institutions.
On March 16, the Federal Reserve Board issued a proposal seeking public comment that would require all banking organizations with existing Legal Entity Identifiers (LEIs) to report their respective LEIs on regulatory reporting forms beginning June 30, 2015. Because an LEI is unique to a single legal entity, requiring disclosure of the LEI would enable regulators to facilitate information sharing and coordination on domestic financial policy, rulemaking, examination, reporting requirements, and enforcement actions
CFPB Releases Winter Issue of Supervisory Highlights, Schedules Date for Field Hearing on Payday Lending
On March 11, the CFPB released its seventh issuance of Supervisory Highlights, which highlights the CFPB’s supervision work completed between July 2014 and December 2014, detailing examination findings and observations in consumer reporting, debt collection, deposits, mortgage origination, and fair lending examinations. The winter issue also reveals recent supervisory resolutions reached in the areas of payday lending, mortgage servicing, and mortgage origination have resulted in remediation of approximately $19.4 million to more than 92,000 consumers during the time reported. Other notable information included within the report is the addition of Credit Card Account Management examination procedures to the CFPB’s Supervision and Examination Manual. In a separate announcement, the CFPB also announced it will host a field hearing on payday lending, scheduled for Thursday, March 26 in Richmond, VA.
OCC Revises Guidance Regarding Consumer Protection Requirements to Overdraft Lines and Protection Services
As previously reported in our March 11 Special Alert Update, on March 6, 2015, the OCC issued its revised “Deposit-Related Credit” booklet (“DRC booklet”) of the Comptroller’s Handbook, which replaced the “Deposit-Related Consumer Credit” booklet issued on February 11, 2015 (previously covered in this Special Alert). While the new booklet covers the same products – check credit (overdraft lines of credit, cash reserves, and special drafts), overdraft protection services, and deposit advances – the OCC made significant amendments to scale back the provisions of the prior version. Specifically, the new DRC booklet no longer contains supervisory principles that could be read to require that banks provide substantive consumer protections that are not currently required by the applicable consumer protection regulations. Read more…
On March 10, the DOJ announced a $4.9 million civil and criminal settlement with a California-based bank. The bank admitted to the DOJ’s allegations that, from December 2011 through July 2013, it ignored warning signs indicating that its third party processor was defrauding hundreds of thousands of consumers by allowing fraudulent merchants to withdraw money from customers’ accounts without consent. The bank chose to ignore the complaints and inquiries it received regarding the third party processor’s activity, failing to terminate its affiliation with the entity or file a Suspicious Activity Report. The DOJ’s complaint alleges that the bank violated FIRREA; the $4.9 million settlement will cover both the criminal and civil charges, however under an agreed deferred prosecution agreement, criminal charges will be deferred for two years contingent upon the bank admitting to wrongdoing and giving up claims to approximately $2.9 million from accounts seized by the government.
On March 11, OFAC updated its Specially Designated Nationals (SDNs) list comprising of individuals and entities including a Russian national bank, Russian National Commercial Bank. The SDN list identifies persons and entities with which U.S. citizens and permanent residents are prohibited from doing business and whose assets or interests in assets that come within U.S. jurisdiction must be frozen.
On March 8, President Obama signed an executive order imposing sanctions on Venezuela in response to the country’s ongoing human rights violations and abuses in anti-governmental protests. Specifically, the Order (i) designates seven Venezuelan government officials as Specially Designated Nationals (SDNs), (ii) provides authorization for the designation of additional parties as SDNs who are determined to be engaged in specified activities, and (iii) suspends entry into the United States of persons designated under the Order. While the Order stems from defending human rights and democratic governance, according to Treasury Secretary Jack Lew, the Order “will be used to protect the U.S. financial system from the illicit financial flows from public corruption in Venezuela.”
On March 12, the New York DFS issued a consent order against a Germany-based global bank for alleged Bank Secrecy Act and other anti-money laundering (BSA/AML) compliance violations that occurred between 2002 and 2008. According to the DFS’s press release, certain bank employees were selected “to manually process Iranian transactions — specifically, to strip from SWIFT payment messages any identifying information that could trigger OFAC-related controls and possibly lead to delay or outright rejection of the transaction in the United States.” The DFS also alleges that the bank’s New York branch failed to implement proper BSA/AML compliance thresholds, allowing certain alerts regarding suspicious transactions to be excluded. Under the terms of the consent order, the bank must pay a $1.45 billion penalty, to be distributed as follows: $610 million to the DFS; $300 million to the U.S. Attorney’s Office for the Southern District of New York; $200 million to the Federal Reserve; $172 million to the Manhattan District Attorney’s Office; and $172 million to the U.S. DOJ. Additionally, the order requires that the bank “terminate individual employees who engaged in misconduct, and install an independent monitor for Banking Law violations in connection with transactions on behalf of Iran, Sudan, and a Japanese corporation that engaged in accounting fraud.”
Special Alert Update: OCC Revises Guidance Regarding Consumer Protection Requirements to Overdraft Lines and Protection Services
On March 6, 2015, the OCC issued its revised “Deposit-Related Credit” booklet (“DRC booklet”) of the Comptroller’s Handbook, which replaced the “Deposit-Related Consumer Credit” booklet issued on February 11, 2015 (previously covered in this Special Alert). While the new booklet covers the same products – check credit (overdraft lines of credit, cash reserves, and special drafts), overdraft protection services, and deposit advances – the OCC made significant amendments to scale back the provisions of the prior version. Specifically, the new DRC booklet no longer contains supervisory principles that could be read to require that banks provide substantive consumer protections that are not currently required by the applicable consumer protection regulations. For example, the DRC booklet no longer requires that banks:
- only enroll customers into an overdraft protection service if they have affirmatively requested that product;
- ensure the ability to repay for all applicants enrolled in an overdraft protection service; and
- ensure that any fees charged in connection with an overdraft protection service are reasonably related to the program’s costs and associated risks.
In making these changes, the OCC requires supervisors to assess DRC products more in line with existing consumer protection laws. The OCC states as much in OCC Bulletin 2015-17, which announced the DRC booklet. There, the OCC acknowledges that the DRC booklet “is intended as a summary restatement of existing laws, regulations, and policies [and] … [n]othing in this booklet should be interpreted as changing existing OCC policy.”
On March 3, the DOJ’s U.S. Trustee Program announced a $50 million settlement with a national bank to resolve allegations that the bank engaged in improper actions during bankruptcy proceedings. Under the terms of the settlement, the bank will provide relief in the form of cash payments, mortgage loan credits, and loan forgiveness to over 25,000 homeowners who are, or were, in bankruptcy. Additionally, the bank will acknowledge that (i) the bank’s former employees and the employees of an outside vendor improperly signed more than 50,000 payment change notices filed in bankruptcy courts around the country; (ii) the bank failed to file timely, accurate payment change notices; and (iii) the bank failed to provide timely, accurate escrow statements. The bank further will agree to enhance its technology, policies, procedures, internal controls and other oversight systems. Finally, the parties will agree to engage an independent reviewer to confirm the bank’s adherence to the terms of the settlement. The settlement is pending court approval.
On March 2, OCC Comptroller Curry delivered remarks before the Institute of International Bankers regarding BSA/AML compliance obligations for financial institutions. During his remarks, Comptroller Curry emphasized that a top priority for the OCC has been to strengthen BSA/AML compliance at its supervised institutions. In this regard, the OCC has (i) modified its bank examination process so that BSA deficiencies receive proper emphasis in the evaluation of safety and soundness; (ii) focused on the BSA/AML risks posed by third-party relationships; (iii) required that institutions adequately resource their BSA/AML compliance programs; (iv) required institutions to assign accountability for BSA/AML compliance across all business lines presenting BSA/AML risk; and (v) taken enforcement action to enforce BSA/AML compliance when appropriate. Through his remarks, Comptroller Curry also addressed the need to improve the BSA/AML regulatory framework itself. Specifically, Comptroller Curry indicated that the OCC wanted (i) to streamline the SAR reporting process, (ii) to find better ways to use technology to advance BSA/AML goals, and (iii) to increase information sharing by creating safe harbors from civil liability both for financial institutions that file SARs and for financial institutions that share information about financial crimes with each other.
On February 27, FinCEN announced a $1.5 million civil money penalty against a Pennsylvania-based community bank for violating the BSA. Of that amount, $500,000 will go to the OCC, the bank’s primary regulator, for BSA violations. According to FinCEN, the bank admitted failing to file suspicious activity reports on transactions involving a former state judge who received over $2.6 million in personal payments in connection with a judicial scheme involving the construction, operation, and expansion of juvenile detention centers.