On December 18, Superintendent Lawsky delivered remarks regarding New York’s revised proposal for regulating virtual currency companies. The new proposal stems from the original July 17 proposal and includes certain revisions previously alluded to on October 17. Lawsky noted that the revisions will provide flexibility to virtual currency startups, while simultaneously allowing the New York Department of Financial Services to remain committed to protecting consumers. Most notably, the revised regulation “will offer a two-year transitional BitLicense, which may be issued to those firms who are unable to satisfy all of the requirements of a full license, and will be tailored to startups and small businesses.” According to Lawsky, while the companies will still have to abide by anti-money laundering and consumer protection requirements, the revisions are intended to “strike an appropriate balance between permitting innovation to proceed, while at the same time strongly protecting consumers and helping root out illicit activity.”
On December 18, FINRA announced a joint $1.5 million penalty against two broker-dealers for anti-money laundering failures. According to anti-money laundering compliance program requirements, broker-dealers opening new accounts must identify each customer through an established written Customer Identification Program (CIP). FINRA alleges that the broker-dealers had a deficient CIP system, which over nine years resulted in the failure to conduct customer identity verification for nearly 220,000 new accounts. The firms neither admitted nor denied FINRA’s charges, but agreed to the entry of the agency’s findings.
On December 2, the FFIEC announced the release of its revised BSA/AML examination manual. The updated revisions address supervisory expectations and include regulatory changes since the manual’s last publication in 2010. Significantly modified sections of the examination include (i) Suspicious Activity Reporting, (ii) Currency Transaction Reporting, (iii) Foreign Bank and Financial Accounts Reporting, and (iv) Third-Party Payment Processors. The manual is available on the FFIEC BSA/AML InfoBase.
On November 25, FinCEN fined a small Florida-based credit union $300,000 in civil monetary penalties for violating the Bank Secrecy Act (BSA). From 2009 through 2014, FinCEN charged that, among other deficiencies within its anti-money laundering program, the credit union lacked proper internal controls and failed to designate a BSA compliance officer to monitor suspicious transactions. The credit union admitted that it violated Section 314(a) of the USA PATRIOT ACT, which requires financial institutions to search their records of accounts and transactions of individuals who may be involved in money laundering or terrorist financing activities. The credit union, with assets of $4 million and five employees, contracted with a third party vendor to provide services and subaccounts to 56 money services businesses located in Central America, Middle East, and Mexico. FinCEN stated that 90% of the credit union’s annual revenue was generated from these accounts.
On October 27, FinCEN issued two administrative rulings to companies seeking guidance on whether they must register as MSBs and be subject to the required reporting, recordkeeping, and monitoring obligations. In its first letter, a company queried whether its plans to set up a virtual currency trading and booking platform, similar to a traditional securities or commodities exchange, would make it subject to FinCEN regulations. FinCEN responded that the proposed virtual trading platform would be classified as an MSB. As a result, the company would have to register as an MSB as defined under the BSA. In its second ruling, a company asked whether a bitcoin payment system would be subject to the agency’s regulations. The payment system would accept customers’ credit card payments and transfer the payments to merchants in the form of bitcoin. FinCEN ruled that if the company sets up the payment system, the company would be classified as a money transmitter, and subject to BSA regulations, because “it engages as a business in accepting and converting the customers’ real currency into virtual currency for transmission to the merchant.”
On October 8, the Treasury released a statement regarding its continued efforts to support the legitimate use of money transmitters by fostering financial inclusion and financial transparency, while simultaneously addressing its vulnerabilities of money laundering and terrorist financing. Highlighting its progress in the last 15 years, the statement notes that “record volumes of remittances are being transmitted through legitimate and transparent channels.” Looking forward, the treasury will improve upon its efforts to increase banking access for money transmitters by (i) making its expectations for banks clearer; (ii) improving AML/CFT controls and compliance; (iii) heightening AMC/CFT oversight; and (iv) reaching out to financial institutions and their customers. Finally, the Treasury is working with federal banking agencies to ensure that not all money transmitters are treated as high risk by banking institutions. Ensuring that these efforts are both domestic and international, the Treasury is working with the United Kingdom, the World Bank, and G-20.
BuckleySandler hosted a webinar entitled “FinCEN’s Proposed Rule Amending Customer Due Diligence Obligations,” on September 18, 2014, as part of the ongoing FinCrimes Webinar Series. Panelists included James Cummans, Vice President of BSA/AML Operations at TCF Bank; Jacqueline Seeman, Managing Director and Global Head of KYC at Citigroup, Inc.; Sarah K. Runge, Director, Office of Strategic Policy at the U.S. Department of Treasury; and, Amy Davine Kim, Counsel at BuckleySandler LLP. The following is a summary of the guided conversation moderated by Jamie Parkinson, partner at BuckleySandler, and key take-aways to prepare for comments to the proposed rule and implementation of the new rule, once final, at your financial institution.
Key Tips and Take-Aways:
- Assess and prepare your organization’s financial and personnel resources to make sure that the appropriate resources are in place to comply with the proposed rule once it is finalized. Certain technical aspects of implementation may be complicated depending on the financial institutions’ existing processes.
- Boards of Directors should participate in and be informed of the process.
- Institutions that are exempt from the rule, including money services businesses (“MSBs”), should also consider how this rule would affect their operations. FinCEN has announced that this is an incremental rule making, meaning the rule could extend to additional entities in the future.
- Covered financial institutions should consider the implications and compliance issues associated with the proposed rule and actively engage in the comment period. It is clear that FinCEN took certain industry concerns into account from the earlier Advance Notice of Proposed Rulemaking (“ANPRM”), so any potential issues should again be raised.
On August 4, 2014, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) published a Notice of Proposed Rulemaking (“NPRM”) that would amend existing Bank Secrecy Act (“BSA”) regulations intended to clarify and strengthen customer due diligence (“CDD”) obligations for banks, securities broker-dealers, mutual funds, and futures commission merchants and introducing brokers in commodities (collectively, “covered financial institutions”).
In drafting the modifications, FinCEN clearly took into consideration comments responding to its February 2012 Advance Notice of Proposed Rulemaking (“ANPRM”), as the current proposal appears narrower and somewhat less burdensome on financial institutions. Comments on the proposed rulemaking are due October 3, 2014.
Overview: Under the NPRM, covered financial institutions would be obligated to collect information on the natural persons behind legal entity customers (beneficial owners) and the proposed rule would make CDD an explicit requirement. If adopted the NPRM would amend FinCEN’s AML program rule (the four pillars) by making CDD a fifth pillar.
On August 19, the U.S. District Court for the Southern District of New York found that Bitcoin is “money” in a memorandum order denying a defendant’s motion to dismiss a federal money laundering charge. Faiella et al. v. United States, No. 14-cr-243 (JSR), 2014 WL 4100897 (S.D.N.Y. Aug. 19, 2014). The defendant is a former Bitcoin exchange owner who was charged in 2013 with unlawfully operating an unlicensed money transmitting business. In his motion before the court, the defendant argued that the charge should be dismissed because Bitcoin is not “money” within the meaning of the statute. The court disagreed, relying upon the dictionary definition of “money” to conclude that Bitcoin “clearly qualifies as ‘money’” as it “can be easily purchased in exchange for ordinary currency, acts as a denominator of value, and is used to conduct financial transactions.” The court additionally relied on Congress’ intent that anti-money laundering statutes keep pace with evolving threats, and also cited an opinion from a similar case in the U.S. District Court for the Eastern District of Texas that concluded Bitcoin can be used as money. SEC v. Shavers, No. 4:13-CV-416, 2013 WL 4028182, at *2 (E.D. Tex. Aug. 6, 2013).
On August 20, FinCEN announced an action against a casino employee who admitted to violating the Bank Secrecy Act by willfully causing the casino to fail to file certain reports. FinCEN asserted based in part on information obtained from an undercover investigation that the employee helped high-end gamblers avoid detection of large cash transactions by agreeing not to file either Currency Transaction Reports or Suspicious Activity Reports as required under the BSA. FinCEN ordered the employee to pay a $5,000 civil money penalty, and immediately and permanently barred him from participating in the conduct of the affairs of any financial institution located in the U.S. or that does business within the U.S.
On August 18, FINRA announced a complaint against a financial services and investment firm, alleging that the firm was responsible for systematic supervisory and AML violations in connection with providing direct market access and sponsored access to broker-dealers and non-registered market participants. Specifically, FINRA claims that from January 2008 through August 2013, the firm failed to “ensure appropriate risk management controls and supervisory systems and procedures,” thereby allowing its market access customers to “self-monitor and self-report” possibly manipulative trades. Moreover, FINRA asserts that during the relevant time period, the firm was made aware of these potential regulatory and compliance risks though numerous industrywide notices, disciplinary decisions taken against other industry participants, and multiple self-regulatory organization inquiries and examinations. The firm may request a hearing before the FINRA disciplinary committee. If FINRA’s charges stand, the firm could face suspension, censure, and/or monetary penalties.
On August 20, the OCC issued Bulletin 2014-41, which announces a new “Merchant Processing” booklet of the Comptroller’s Handbook. This booklet replaces the booklet of the same name issued in December 2001 and provides updated guidance to examiners and bankers on assessing and managing the risks associated with merchant processing activities. Specific updates address: (i) the selection of third-party organizations and due diligence; (ii) technology service providers; (iii) on-site inspections, audits, and attestation engagements, including the “Statement on Standards for Attestation Engagement” (SSAE 16) and the “International Standard on Assurance Engagements” (ISAE 3402); (iv) data security standards in the payment card industry for merchants and processors; (v) the Member Alert to Control High-Risk Merchants (MATCH) list; (vi) BSA/AML compliance programs and appropriate policies, procedures, and processes to monitor and identify unusual activity; and (vii) appropriate capital for merchant processing activities.
On August 19, the New York DFS announced a consent order with a British bank to resolve claims that the bank and its U.S. subsidiary failed to remediate AML compliance deficiencies as required by a prior settlement with the DFS that required the bank to, among other things, implement a transaction monitoring program. The DFS states that the compliance monitor appointed as part of the prior agreement determined that the procedures adopted by the bank to detect high-risk transactions contained errors and other problems that prevented the bank from identifying high-risk transactions for further review. The DFS asserts that the bank failed to detect these problems because of a lack of adequate testing both before and after implementation of the monitoring system. The DFS also claims the bank failed to properly audit its monitoring system. Under the latest consent order, the bank must: (i) suspend its dollar clearing operations for high-risk retail business clients of the bank’s Hong Kong subsidiary; (ii) obtain prior DFS approval to open a U.S. Dollar demand deposit account for any customer who does not already have such an account with the U.S. entity; and (iii) pay a $300 million penalty. The bank also must implement additional compliance enhancements, including enhanced due diligence and know-your customer requirements.
On August 11, FinCEN issued Advisory FIN-2014-A007 to provide guidance regarding BSA/AML compliance programs. Specifically, the guidance recommends that institutions create a “culture of compliance” by ensuring that: (i) leadership actively supports and understands compliance efforts; (ii) efforts to manage and mitigate BSA/AML deficiencies and risks are not compromised by revenue interests; (iii) relevant information from the various departments within the organization is shared with compliance staff to further BSA/AML efforts; (iv) the institution devotes adequate resources to its compliance function; (v) the compliance program is effective by, among other things, ensuring that it is tested by an independent and competent party; and (vi) leadership and staff understand the purpose of the institution’s BSA/AML efforts. The guidance follows numerous public remarks by FinCEN Director Jennifer Shasky Calvery and other financial regulators and enforcement authorities calling for stronger compliance cultures, particularly with regard to BSA/AML compliance. Director Shasky Calvery reinforced that message in an August 12, 2014 speech in which she asserted that, in the enforcement matters she has seen, a culture of compliance “could have made all the difference.” In the same speech, Ms. Shasky Calvery criticized—as Comptroller of the Currency Thomas Curry also did earlier this year—financial institutions which may be “de-risking” by preventing certain categories of businesses from accessing banking services. She stressed that “just because a particular customer may be considered high risk does not mean that it is ‘unbankable’,” and called on banks to develop programs to manage high risk customer relationships.
On August 14, Freddie Mac issued Bulletin 2014-15, which reminds seller/servicers subject to the AML requirements of the BSA that they are expected to maintain an AML compliance program and are required to report to Freddie Mac any instances of AML program noncompliance. Effective October 1, 2014, Freddie Mac is also requiring seller/servicers not subject to the AML provisions of the BSA to develop internal controls and policies and procedures to detect and report Suspicious Activity to Freddie Mac (but without the requirement to file SARs). Additionally, the Bulletin notifies seller/servicers that, effective October 15, 2014, Freddie Mac will require wholly-owned subsidiaries of seller/servicers that are federally-regulated depository institutions to obtain separate Freddie Mac seller/servicer approvals. The Bulletin also: (i) provides that seller/servicers can waive the requirement for flood insurance for non-residential detached structures located on the Mortgaged Premises; (ii) clarifies ULDD data points; (iii) updates Freddie Mac’s certificate of incumbency for sellers and warehouse lenders (effective October 1, 2014); and (iv) updates miscellaneous manufactured home requirements.