On June 20, Fannie Mae issued Servicing Guide Announcement SVC-2014-11, which reminds servicers that under a recent FinCEN rule, Fannie Mae is considered a financial institution subject to BSA requirements. The announcement advises servicers subject to the AML provisions of the BSA that they are obligated to be in compliance with the BSA, and to report to Fannie Mae: (i) all instances of noncompliance, compliance failures, or sanctions related to BSA/AML requirements; (ii) suspicious activity related to Fannie Mae loans or business activities; and (iii) changes in ownership interest. Servicers may implement these requirements immediately, but are required to do so no later than August 25, 2014.
On July 17, FinCEN named FBME Bank Ltd., formerly known as the Federal Bank of the Middle East, as a foreign financial institution of primary money laundering concern pursuant to Section 311 of the USA PATRIOT Act. As detailed in a notice of finding, FinCEN asserts that the bank attracts illicit finance businesses by soliciting high-risk customers and promoting its weak AML controls. FinCEN explains that the bank changed its country of incorporation numerous times, partly due to its inability to adhere to regulatory requirements, and has established itself with a nominal headquarters in Tanzania. However, according to FinCEN, it transacts over 90 percent of its global banking business through branches in Cyprus and has taken active steps to evade oversight by the Cypriot regulatory authorities in the recent past. FinCEN is proposing a rule that, once final, will prohibit covered U.S. financial institutions from opening or maintaining correspondent or payable-through accounts for FBME, and for other foreign banks being used to process transactions involving FBME. The proposal also would require covered financial institutions to apply special due diligence to their correspondent accounts maintained on behalf of foreign banks to guard against processing any transactions involving FBME. Comments on the proposed rule are due 60 days after publication in the Federal Register.
On June 25, the OCC published its semiannual risk report, which provides an overview of the agency’s supervisory concerns for national banks and federal savings associations, including operational and compliance risks. As in prior reports and as Comptroller Curry has done in speeches over the past year, the report highlights cyber-threats and BSA/AML risks. The OCC believes cyber-threats continue to evolve and require heightened awareness and appropriate resources to identify and mitigate the associated risks. Specifically, the OCC is concerned that cyber-criminals will transition from disruptive attacks to attacks that are intended to cause destruction and corruption. Extending another recent OCC theme, the report notes that the number, nature, and complexity of both foreign and domestic third-party relationships continue to expand, resulting in increased system and process interconnectedness and additional vulnerability to cyber-threats. The report also states that BSA/AML risks “remain prevalent given changing methods of money laundering and growth in the volume and sophistication of electronic banking fraud.” The OCC adds that “BSA programs at some banks have failed to evolve or incorporate appropriate controls into new products and services,” and again cautions that a lack of resources and expertise devoted to BSA/AML risk management can compound these concerns. Finally, the OCC expressed concern that competitive pressures in the indirect auto market are leading to an erosion of underwriting standards. The OCC’s supervisory staff plans to review retail credit underwriting practices at banks, especially for indirect auto.
On June 5, the FDIC and a Delaware bank entered a consent order that prohibits the bank from entering into any new relationships with third-party prepaid card processors or prepaid card program managers until the FDIC approves a written report from the bank that details the steps taken by the bank to (i) implement new BSA compliance policies and procedures; (ii) improve staff training; (iii) implement controls sufficient to mitigate BSA and safety and soundness risk associated with prepaid card, credit card merchant acquiring, and ACH activities; and (iv) perform a BSA risk assessment. The order similarly restricts the bank’s activities related to credit card merchant acquiring and ACH merchant payment processing. The order does not prohibit the bank from issuing prepaid cards through existing distribution channels under existing contracts with third-parties, but does restrict certain activities related to existing credit card and ACH processing activities. In addition, the bank must (i) retain and designate BSA and OFAC officers; (ii) conduct a suspicious activity reporting look-back review; and (iii) submit periodic progress reports. Finally, the order requires increased board supervision of the bank’s BSA compliance program and mandates the creation of a board-level BSA committee.
On June 18, the U.S. Attorney for the District of Maryland announced that a federal judge ordered a bank to forfeit $560,000 in drug proceeds laundered through the bank on which the bank failed to file currency transaction reports. The DOJ claimed that a member of a drug trafficking organization asked a teller at a Maryland bank branch to convert the proceeds from the sale of illegal drugs from small denomination bills to $100 bills, and paid the teller a one percent fee for each transaction for making the exchange without filing a currency transaction report. The government filed a civil action in February 2014 seeking forfeiture and alleging that the money was subject to forfeiture because the bank failed to file currency transactions reports on bank transactions in amounts in excess of $10,000, as required by law. The teller admitted that on each occasion she converted the bills without filing or causing anyone else at the bank to file a currency transaction report. She was sentenced to a month in prison followed by eight months of home detention for failing to file currency transaction reports on suspected drug proceeds, and must perform community service and forfeit the $5,000 she was paid in the scheme.
On May 28, FinCEN published Advisory FIN-2014-A005, which updates advice related to trade-based money laundering (TBML) to address the increased use of “funnel accounts.” FinCEN explains that individuals or businesses may establish an account in one geographic area that receives multiple cash deposits, and from which the funds are withdrawn in a different geographic area with little time elapsing between the deposits and withdrawals. FinCEN states that criminal organizations may use wires and checks issued from those accounts to move illicit narcotics proceeds to the accounts of businesses offering trade goods and services. The Advisory details this TBML scheme and offers a number of red flags that could indicate a funnel account is being used as part of such a scheme. FinCEN cautions that because some red flag activities may be legitimate financial activities in appropriate circumstances, financial institutions should evaluate indicators of potential TBML activity in combination with other red flags and the expected transaction activity for the customer before making determinations of suspiciousness. The Advisory reminds institutions of their SAR reporting obligations in the event activities are determined to be suspicious.
On April 24, FinCEN released an assessment of civil money penalty against a Florida money services business (MSB) and its owner for failing to comply with the Bank Secrecy Act’s program, reporting, and recordkeeping requirements. FinCEN determined that since at least 2008, the MSB, which operated as both an independent check casher and as a foreign currency exchange dealer, willfully violated the BSA by failing to register with FinCEN and failing to develop and implement an effective AML program. Specifically, FinCEN found that the MSB lacked adequate AML programs to verify the identities of persons conducting transactions, to monitor for suspicious activities, to identify currency transactions exceeding $10,000, and to ensure that the MSB filed the required currency transaction reports (CTRs) in a timely manner. According to FinCEN, the MSB also failed to implement internal controls sufficient for creating and retaining adequate BSA records related to currency exchange, and its owner and compliance officer failed to conduct a BSA/AML risk assessment. As a result of the compliance deficiencies, FinCEN determined the MSB failed to file, or failed to timely file CTRs on $4.5 million worth of transactions. The MSB and its owner admitted to these determinations and agreed to pay a $10,000 penalty.
On April 15, BAFT, an international financial services association for organizations engaged in international transaction banking, announced the creation of a new Anti-Money Laundering and Know Your Customer Trade Finance Sound Practices working group. The group will focus on the needs of the transaction banking industry’s heightened focus on maintaining compliance with increasing regulatory expectations involving AML, combating the financing of terrorism, and KYC practices. The group will review “red flags” identified in different jurisdictions, identify common challenges, and develop best practices, which it will consolidate and publish for use by other trade practitioners.
On April 11, the Treasury Department submitted to the OMB’s Office of Information and Regulatory Affairs (OIRA) FinCEN’s long-awaited proposed rule to establish customer due diligence requirements for financial institutions. Under executive order, each agency is required to submit for regulatory review rules resulting from “significant regulatory actions,” and OIRA has 90 days to complete or waive the review. The public portion of the FinCEN rulemaking has been ongoing since February 2012 when FinCEN released an advance notice of proposed rulemaking to solicit comment on potential requirements for financial institutions to (i) conduct initial due diligence and verify customer identities at the time of account opening; (ii) understand the purpose and intended nature of the account; (iii) identify and verify all customers’ beneficial owners; and (iv) monitor the customer relationship and conduct additional due diligence as needed. FinCEN subsequently held a series of roundtable meetings, summaries of which it later published.
On March 25, California Attorney General (AG) Kamala Harris announced that she and four other state AGs—Suthers (CO), Bondi (FL), Cortez Masto (NV), and King (NM)—signed a letter of intent with the President of the National Banking and Securities Commission of Mexico to establish a bi-national working group on money laundering enforcement. The working group will be tasked with (i) establishing the scope of coordination between Mexico and U.S. state AGs on money laundering enforcement issues; (ii) developing a plan for mutual technical assistance and training on combating money laundering; and (iii) sharing best practices on money laundering enforcement techniques and other enforcement issues of mutual concern, including the impact of money laundering on the border region of the U.S. and Mexico.
On March 25, FinCEN issued an advisory notice, FIN-2014-A003, in which it provided guidance to financial institutions for reviewing their obligations and risk-based approaches with respect to certain jurisdictions. The Financial Action Task Force (FATF) recently updated its lists of jurisdictions that appear in two documents: (i) jurisdictions that are subject to the FATF’s call for countermeasures or Enhanced Due Diligence as a result of the jurisdictions’ Anti-Money Laundering/Counter-Terrorist Financing (AML/CFT) deficiencies, or (ii) jurisdictions identified by the FATF as having AML/CFT deficiencies. The advisory notice (i) summarizes the changes made by the FATF; (ii) provides specific guidance regarding jurisdictions listed in each category; and (iii) reiterates that if a financial institution knows, suspects, or has reason to suspect that a transaction involves funds derived from illegal activity or that a customer has otherwise engaged in activities indicative of money laundering, terrorist financing, or other violation of federal law or regulation, the financial institution must file a Suspicious Activity Report.
Comptroller Curry Addresses Senior Management’s AML Compliance Responsibilities, Criticizes “De-Risking”
On March 17, Comptroller of the Currency Thomas Curry reaffirmed his agency’s views with regard to BSA/AML compliance and the responsibilities of senior bank managers and boards of directors. Mr. Curry asserted that BSA infractions “can almost always be traced back to decisions and actions of the institution’s Board and senior management” and that the deficiencies underlying those infractions tend to involve failures in four areas: (i) the culture of compliance at the organization; (ii) the resources committed to BSA compliance; (iii) the strength of information technology and monitoring process; and (iv) the quality of risk management. Mr. Curry reported a recent positive trend, particularly at OCC-regulated large banks, which have increased spending and added BSA/AML compliance staff. He stated that such actions are one aspect of banks’ efforts to align “good compliance practices and the bank’s system of compensation and incentives.” The Comptroller criticized a separate trend of “de-risking”, in which banks avoid or end relationships with types of businesses deemed too risky. He warned that any business can be used for illicit purposes and “de-risking” is not a shortcut to circumvent a bank’s obligation to evaluate risk on an individual basis. He encouraged banks not to avoid high-risk businesses, but rather to apply stronger risk management and controls as necessary.
On March 4, SWIFT, the bank member-owned cooperative based in Belgium, announced that it signed a Memorandum of Understanding with six of its major member banks to develop a central utility for the collection and distribution of standard information required by banks as part of their know your customer (KYC) due diligence processes. The KYC registry is intended to help banks manage KYC compliance challenges and reduce associated costs by providing bank users centralized access to details on their counterparties, while allowing participating banks to retain ownership of their own information and maintain control over which other institutions can view their data. SWIFT states that an initial working group will establish processes for providing information to the registry and documentation necessary to fulfill KYC requirements across multiple jurisdictions. The group expects more banks to join in the coming months.
On February 26, Senators Jeff Merkley (D-OR), Elizabeth Warren (D-MA), and other Democratic Senators, together with Representatives Elijah Cummings (D-MD), Maxine Waters (D-CA), and other Democratic House members, sent a letter to Attorney General Eric Holder encouraging the DOJ to “continue a vigorous review of potential payment fraud, anti-money-laundering violations, and other illegal conduct involving payments by banks and third-party payment processors.” The lawmakers highlighted a number of specific issues on which the DOJ should focus: (i) know-your-customer obligations, which they believe should include a review of whether a lender holds all required state licenses and follows state lending laws; (ii) use of lead generators, including those that auction consumer data; (iii) high rates of returned, contested, or otherwise failed debits or the regular use of remotely created checks, which they state may indicate payment fraud; and (iv) lenders’ failure to incorporate or maintain a business presence in the U.S., which they assert can be indicative of fraud and other payment system violations, including money-laundering.
On February 20, in remarks to the Florida International Bankers Association Anti-Money Laundering Conference, FinCEN Director Jennifer Shasky Calvery reviewed FinCEN’s key initiatives over the past year and outlined priorities going forward. She discussed FinCEN’s efforts with regard to virtual currency risks and stated that it is important for financial institutions that deal in virtual currency to put effective AML/CFT controls in place. She noted that it is also important for all stakeholders to keep virtual currency concerns in perspective given the relatively small size of the market. FinCEN is growing increasingly concerned with third party money launderers who layer transactions, create or use shell or shelf corporations, use political influence to facilitate financial activity, or engage in other schemes to infiltrate financial institutions and circumvent AML controls. FinCEN intends to pursue such actors regardless of where they are located. Director Shasky Calvery also reiterated concerns about securities firms that offer services similar to banks, and promised continued focus on threats posed by trade-based money laundering. With regard to its policy initiatives, FinCEN intends to engage stakeholders in a discussion of “balancing the policy motivations behind data privacy and secrecy laws in different jurisdictions with the need for an appropriate level of transparency to combat money laundering and terrorist financing.” The Director noted that this issue is particularly critical in the area of correspondent banking.