On November 17, the Comptroller of the Currency, Thomas Curry, delivered remarks at the American Bar Association/American Bankers Association BSA/AML conference in which he identified common BSA/AML compliance risks and failures, and identified steps industry participants and regulators should take to improve compliance. The Comptroller explained that successful BSA/AML compliance is dependent not only on “the strength of the institution’s technology and monitoring processes, and the effectiveness of its risk management,” but also on strong corporate governance processes and management’s willingness to commit adequate resources. Comptroller Curry called on banks to commit sufficient resources and take a “holistic approach” toward BSA/AML compliance, for example, by dispersing accountability throughout the organization instead of concentrating compliance in a single unit. Noting that this is particularly important in the M&A context, the Comptroller stated that it is vital that due diligence go beyond a target’s credit portfolio to include a review of the target’s BSA/AML program. In addition to lack of compliance resources, the Comptroller identified as risk trends: (i) poor management of international activities—foreign correspondent banking, cross-border funds transfers, bulk cash repatriation, and embassy banking; (ii) third-party relationships and payment processors; and (iii) emerging payment technologies, including virtual currencies. He stressed the importance of information sharing among institutions and between institutions and their regulators, and called for (i) legislation that would encourage the filing of SARs by strengthening the statutory safe harbor from civil liability for filing financial institutions, (ii) broadening the Patriot Act safe harbor for institutions that share information with each other about potential crimes and suspicious transactions, and (iii) exploring ways government can provide more robust and granular information about money laundering schemes and typologies to institutions in a more timely way.
On November 18, at an American Bar Association/American Bankers Association conference on the Bank Secrecy Act/Anti-Money Laundering (BSA/AML), Deputy Attorney General (Deputy AG) James Cole challenged financial institutions’ compliance efforts and outlined the DOJ’s financial crimes enforcement approach. Noting that compliance within financial institutions is of particular concern to the DOJ, based in part on recent cases of “serious criminal conduct by bank employees,” the nation’s second highest ranking law enforcement official detailed DOJ’s approach to investigating and deciding in what manner to pursue potential violations. The Deputy AG included among his examples of serious misconduct recent BSA/AML, RMBS, mortgage False Claims Act, and LIBOR cases. He explained that the DOJ is particularly concerned about incentives that encourage excessive risk taking, and stated that “too many bank employees and supervisors value coming as close to the line as possible, or even crossing the line, as being ‘competitive’ or ‘aggressive.’” Read more…
This week, two Senate Committees—Homeland Security and Governmental Affairs and Banking, Housing and Urban Affairs—held hearings to hear from regulators and other stakeholders about how virtual currencies fit within the existing regulatory framework, and to assess whether there is a need to alter that framework in response to potential risks presented by emerging virtual currency technologies. The hearings followed an inquiry initiated by Senate Homeland Security leaders over the summer. Senators who participated in the hearings did not indicate any desire to move quickly to establish new federal regulations to address potential risks presented by innovation in virtual currencies. Rather, the lawmakers generally expressed a desire not to inhibit continued innovation, while supporting market participants who want to play by the rules and protecting the market from those who do not. In both hearings, FinCEN Director Jennifer Shasky Calvery described her agency’s ability to address the BSA/AML and terrorism financing risks presented by virtual currencies by employing FinCEN’s existing statutory authority and regulatory tools. Similarly, during the Senate Banking hearing, the Conference of State Bank Supervisors expressed confidence in the ability of state regulators to address consumer protection and other risks posed by virtual currencies through the existing state regulatory framework and processes. Still, committee members raised broader questions about the how to define or categorize virtual currencies (e.g. as a currency versus as a security) and the impact of such a classification on a range of other issues including monetary policy and tax administration. The breadth of the issues, which may need to be addressed by a range of government actors, formed the basis of Senate Homeland Security Committee Chairman Tom Carper’s (D-DE) call for a “whole government” approach to virtual currency.
On November 14, New York State Department of Financial Services (DFS) Superintendent Benjamin Lawsky issued a notice that the DFS intends to hold a public hearing on virtual currency regulation in New York City “in the coming months.” The hearing will focus on the interconnection between money transmission regulations and virtual currencies. Additionally, the hearing is expected to consider the need for and feasibility of a licensing regime specific to virtual currency transactions and activities (i.e. a “BitLicense”), which would include anti-money laundering and consumer protection requirements for licensed entities. The notice makes clear that no decisions on licensing or other regulation of virtual currencies has been made. Rather the hearing and license notice is part of the agency’s broader inquiry launched in August into the need for a regulatory framework specific to virtual currencies. With regard to potential licensing, the DFS would like stakeholders to consider: (i) what, if any, specific types of virtual currency transactions and activities should require a BitLicense; (ii) whether entities that are issued a BitLicense should be required to follow specifically tailored anti-money laundering or consumer protection guidelines; and (iii) whether entities that are issued a BitLicense should be required to follow specifically tailored regulatory examination requirements.
On November 5, the DOJ announced that a New York check cashing company and its owner pleaded guilty to violating the Bank Secrecy Act in connection with more than $19 million in check-cashing transactions by willfully failing to maintain an effective anti-money laundering program. The plea agreement requires the company to forfeit over $3 million and the owner to pay nearly $1 million in restitution for related tax violations; neither party has yet been sentenced. The DOJ alleges that over a two-year period the company cashed checks written on accounts of shell corporations. The shell corporations and the corresponding bank accounts on which the checks were written were established in the names of foreign nationals, many of whom were no longer in the United States. The check cashing company and its owner allegedly failed to obtain any identification documents or information from the individuals presenting the checks, filed false currency transaction reports (CTRs) that stated the checks were cashed by the foreign nationals who set up the shell corporations, and in certain CTRs, failed to indicate the full amount of cash provided to the individuals. Related charges remain pending against additional defendants. These cases are being prosecuted by, among others, the DOJ’s Money Laundering and Bank Integrity Unit, which investigates and prosecutes complex, multi-district and international criminal cases involving financial institutions and individuals who violate the money laundering statutes, the Bank Secrecy Act and other related statutes.
On October 31, the Federal Reserve Board released a BSA/AML enforcement action against a Pakistani bank and its New York branch. The Written Agreement addresses examiners’ findings of alleged compliance and risk management deficiencies in the branch’s international remittance services. The agreement requires the bank and branch to, among other things, (i) retain an independent consultant to conduct a compliance review, and (ii) implement enhanced BSA/AML compliance and SAR programs. The agreement also requires interim transaction monitoring procedures and a third-party review of the branch’s international remittance transaction activity over a six-month period.
On October 17, the Federal Reserve Board released a cease and desist order against a foreign bank and its New York branch over alleged BSA/AML compliance failures. After entering into a Written Agreement in June 2012 that required the branch to improve compliance with BSA/AML in connection with the branch’s bulk cash transactions business line, the Federal Reserve Bank of New York conducted an examination to assess the effectiveness of the branch’s BSA/AML compliance program in other business lines. This examination identified an alleged failure of the branch to maintain an adequate risk-based compliance program to mitigate the BSA/AML risks associated with the branch’s foreign correspondent accounts. The order requires the bank and the branch to (i) retain an independent consultant to assess, and prepare a compliance report on, the branch’s compliance with the BSA/AML requirements, (ii) submit an enhanced BSA/AML compliance program, (iii) submit an enhanced customer due diligence program and an enhanced suspicious activity reporting program, and (iv) retain an independent consultant to conduct a suspicious activity review of U.S. dollar transactions cleared over a six month period in 2012. In addition, the bank’s board and the branch management must jointly submit a written management oversight plan.
This week, federal authorities announced the assessment of civil money penalties against two financial institutions for alleged Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance failures. In the first action, FinCEN and the OCC alleged that a national bank failed to file suspicious activity reports (SARs) from April 2008 to September 2009 for activity in accounts belonging to a law firm through which one of the firm’s principals ran a Ponzi scheme. The agencies claim that the bank willfully violated the BSA’s reporting requirements by failing to detect and adequately report suspicious activities in a timely manner, even when the bank’s anti-money laundering surveillance software identified the suspicious activity (the bank subsequently filed five late SARs related to this conduct in 2011). FinCEN and the OCC assessed concurrent $37.5 million penalties. The FinCEN penalty is the first assessed by that agency’s recently created Enforcement Division. In addition, the SEC charged the bank and a former executive with related securities violations and ordered the bank to pay an additional $15 million penalty and to cease and desist from the alleged activity, including providing misleading information to investors as to amounts of money in particular accounts and actions the bank had taken to limit fraudulent activity.
In a second action, coordinated among FinCEN, the OCC, and the U.S. Attorney for the District of New Jersey, federal authorities assessed $8.2 million in total penalties against a now defunct community bank for compliance failures related to Mexican and Dominican Republic money exchange houses. The government alleged that the bank willfully violated the BSA by (i) failing to implement an effective AML program reasonably designed to manage risks of money laundering and other illicit activity, (ii) failing to conduct adequate due diligence on foreign correspondent accounts, and (iii) failing to detect and adequately report suspicious activities in a timely manner. FinCEN and the OCC assessed concurrent $4.1 million penalties, and the DOJ will collect an additional $4.1 million through civil asset forfeiture.
On September 17, FinCEN issued Advisory FIN-2013-A006, which provides considerations for financial institutions when reviewing their obligations and risk-based approaches with respect to certain jurisdictions. The Financial Action Task Force (FATF) recently updated its lists of jurisdictions that appear in two documents: (i) jurisdictions that are subject to the FATF’s call for countermeasures or are subject to Enhanced Due Diligence due to their Anti-Money Laundering/Counter-Terrorist Financing (AML/CFT) deficiencies and (ii) jurisdictions identified by the FATF to have AML/CFT deficiencies. The Advisory summarizes the changes made by the FATF, provides specific guidance regarding jurisdictions listed in each category, and reiterates general guidance that if a financial institution knows, suspects, or has reason to suspect that a transaction involves funds derived from illegal activity or that a customer has otherwise engaged in activities indicative of money laundering, terrorist financing, or other violation of federal law or regulation, the financial institution must file a Suspicious Activity Report.
On July 29, FinCEN released a new form for filers who submit Reports of Foreign Bank and Financial Accounts (FBARs) jointly with spouses, or who wish to submit them via third-party preparers. Filers interested in using the form would obtain it from FinCEN or the IRS, and filers and account owners would maintain the form but would not submit it to FinCEN. FinCEN also announced (i) technical adjustments to ease FBAR filing and allow for enhancements such as introducing new space on the form for filers to provide reasons for late filing as well as the addition of third party preparer information, and (ii) the availability of batch filing capability for testing. FinCEN anticipates the revised electronic FBAR and batch capability will be available for general use by September 30, 2013.
On July 1, in the U.S. District Court for the Eastern District of New York held that it has the power to accept or reject a deferred prosecution agreement (DPA), and to retain supervisory power over the implementation of a DPA. U.S. v. HSBC Bank USA, N.A., No. 12-00763, 2013 WL 3306161 (E.D.N.Y. Jul, 1, 2013). In 2012, a major international bank holding company announced agreements with U.S. law enforcement authorities and federal bank regulators to end investigations into alleged inadequate compliance with anti-money laundering and sanctions laws by the holding company and its U.S. subsidiaries. As part of the resolution, the companies entered into a DPA, which the parties filed with the court and asked the court hold the case in abeyance to exclude part of the DPA from the federal Speedy Trial Act. In reviewing the request for abeyance, the court held that it has broader supervisory power to approve or reject the agreement in its entirety and that such power extends to implementation of the agreement. The court approved the DPA, but retained authority to monitor its execution and implementation. The court explained that “by placing a criminal matter on the docket of a federal court, the parties have subjected their DPA to the legitimate exercise of that court’s authority.” Under its supervisory powers holding, which the court characterized as “novel,” the court could later move to modify the agreement. More broadly, the court’s assessment of its supervisory power potentially calls into question the certainty and finality of DPAs, which could impact the use of that prosecutorial tool.
On June 24, FinCEN announced its new organizational structure, effective immediately. The new structure organizes employees based on their job function, whereas previously employees were organized based on the stakeholder that they served. FinCEN believes the change will maximize its ability to efficiently further its anti-money laundering and counterterrorist financing efforts.
On June 20, New York announced a consent order with the New York branch of a foreign bank to resolve charges that the bank — over a five year period that ended more than five years ago — violated Bank Secrecy Act, Anti-Money Laundering and international sanctions rules by stripping from wire transfer messages information that could have been used to identify government and privately owned entities in Iran, Sudan, and Myanmar, and entities on the Specially Designated Nationals list issued by the OFAC and moving billions of dollars through New York on their behalf. The order requires the bank to pay a $250 million penalty, conduct a compliance review, and revise written compliance and management oversight plans. The compliance review must be conducted by an independent consultant that will be subject to the new DFS code of conduct for bank consultants described in a prior Byte. This is at least the second time in the last year that New York has taken a major action against a domestic branch of a foreign bank related to money laundering and international sanctions violations. In a previous instance, federal authorities followed with substantial civil and criminal penalties related to the same conduct.
On June 18, New York announced an agreement with a bank consulting firm in connection with the firm’s work for a state-regulated bank alleged to have engaged in deceptive and fraudulent misconduct on behalf of client Iranian financial institutions in violation of anti-money laundering and sanctions rules. An investigation conducted by the New York Department of Financial Services (DFS) found that the consultant (i) failed to demonstrate autonomy and removed a recommendation aimed at rooting out money laundering from a written final report submitted to the DFS, and (ii) violated New York Banking Law § 36.10 by disclosing confidential information of other consulting firm clients to the bank. To resolve that investigation, the consulting firm agreed to (i) a voluntary one-year suspension from consulting work at any DFS-regulated institution, (ii) pay a $10 million penalty, and (iii) adopt a new code of conduct. The DFS intends for the code of conduct to serve as “a new model that will govern independent consulting firms that seek to be retained or approved by DFS.” The code of conduct states, among other things: (i) the financial institution and consultant must disclose all prior work by the consultant for the institution in the previous three years, (ii) the engagement letter must require that the ultimate conclusions and judgments will be that of the consultant based upon the exercise of its own judgment, (iii) the consultant and institution must submit a work plan for the engagement and timeline for completion of work, (iv) the DFS and the consultant must have ongoing communication, including outside the presence of the institution, and (v) the consultant must implement numerous record keeping, training, reporting, and other policies and procedures.
On June 18, the Federal Reserve Board announced the execution of a written agreement with a bank and its bank and non-bank subsidiaries to resolve alleged shortcomings in the institutions’ BSA/AML compliance programs. The bank previously announced that its planned merger with another institution was delayed due to the Federal Reserve Board’s concerns. The bank retained a consultant to assist with compliance enhancements, which under the written agreement include, among other things: (i) a revised firm-wide written BSA/AML compliance program, (ii) a revised written customer due diligence program, (iii) a written suspicious activity monitoring and reporting program, and (iv) a six month suspicious activity look-back review.