On March 25, California Attorney General (AG) Kamala Harris announced that she and four other state AGs—Suthers (CO), Bondi (FL), Cortez Masto (NV), and King (NM)—signed a letter of intent with the President of the National Banking and Securities Commission of Mexico to establish a bi-national working group on money laundering enforcement. The working group will be tasked with (i) establishing the scope of coordination between Mexico and U.S. state AGs on money laundering enforcement issues; (ii) developing a plan for mutual technical assistance and training on combating money laundering; and (iii) sharing best practices on money laundering enforcement techniques and other enforcement issues of mutual concern, including the impact of money laundering on the border region of the U.S. and Mexico.
On April 11, the Treasury Department submitted to the OMB’s Office of Information and Regulatory Affairs (OIRA) FinCEN’s long-awaited proposed rule to establish customer due diligence requirements for financial institutions. Under executive order, each agency is required to submit for regulatory review rules resulting from “significant regulatory actions,” and OIRA has 90 days to complete or waive the review. The public portion of the FinCEN rulemaking has been ongoing since February 2012 when FinCEN released an advance notice of proposed rulemaking to solicit comment on potential requirements for financial institutions to (i) conduct initial due diligence and verify customer identities at the time of account opening; (ii) understand the purpose and intended nature of the account; (iii) identify and verify all customers’ beneficial owners; and (iv) monitor the customer relationship and conduct additional due diligence as needed. FinCEN subsequently held a series of roundtable meetings, summaries of which it later published.
On March 25, FinCEN issued an advisory notice, FIN-2014-A003, in which it provided guidance to financial institutions for reviewing their obligations and risk-based approaches with respect to certain jurisdictions. The Financial Action Task Force (FATF) recently updated its lists of jurisdictions that appear in two documents: (i) jurisdictions that are subject to the FATF’s call for countermeasures or Enhanced Due Diligence as a result of the jurisdictions’ Anti-Money Laundering/Counter-Terrorist Financing (AML/CFT) deficiencies, or (ii) jurisdictions identified by the FATF as having AML/CFT deficiencies. The advisory notice (i) summarizes the changes made by the FATF; (ii) provides specific guidance regarding jurisdictions listed in each category; and (iii) reiterates that if a financial institution knows, suspects, or has reason to suspect that a transaction involves funds derived from illegal activity or that a customer has otherwise engaged in activities indicative of money laundering, terrorist financing, or other violation of federal law or regulation, the financial institution must file a Suspicious Activity Report.
Comptroller Curry Addresses Senior Management’s AML Compliance Responsibilities, Criticizes “De-Risking”
On March 17, Comptroller of the Currency Thomas Curry reaffirmed his agency’s views with regard to BSA/AML compliance and the responsibilities of senior bank managers and boards of directors. Mr. Curry asserted that BSA infractions “can almost always be traced back to decisions and actions of the institution’s Board and senior management” and that the deficiencies underlying those infractions tend to involve failures in four areas: (i) the culture of compliance at the organization; (ii) the resources committed to BSA compliance; (iii) the strength of information technology and monitoring process; and (iv) the quality of risk management. Mr. Curry reported a recent positive trend, particularly at OCC-regulated large banks, which have increased spending and added BSA/AML compliance staff. He stated that such actions are one aspect of banks’ efforts to align “good compliance practices and the bank’s system of compensation and incentives.” The Comptroller criticized a separate trend of “de-risking”, in which banks avoid or end relationships with types of businesses deemed too risky. He warned that any business can be used for illicit purposes and “de-risking” is not a shortcut to circumvent a bank’s obligation to evaluate risk on an individual basis. He encouraged banks not to avoid high-risk businesses, but rather to apply stronger risk management and controls as necessary.
On March 4, SWIFT, the bank member-owned cooperative based in Belgium, announced that it signed a Memorandum of Understanding with six of its major member banks to develop a central utility for the collection and distribution of standard information required by banks as part of their know your customer (KYC) due diligence processes. The KYC registry is intended to help banks manage KYC compliance challenges and reduce associated costs by providing bank users centralized access to details on their counterparties, while allowing participating banks to retain ownership of their own information and maintain control over which other institutions can view their data. SWIFT states that an initial working group will establish processes for providing information to the registry and documentation necessary to fulfill KYC requirements across multiple jurisdictions. The group expects more banks to join in the coming months.
On February 26, Senators Jeff Merkley (D-OR), Elizabeth Warren (D-MA), and other Democratic Senators, together with Representatives Elijah Cummings (D-MD), Maxine Waters (D-CA), and other Democratic House members, sent a letter to Attorney General Eric Holder encouraging the DOJ to “continue a vigorous review of potential payment fraud, anti-money-laundering violations, and other illegal conduct involving payments by banks and third-party payment processors.” The lawmakers highlighted a number of specific issues on which the DOJ should focus: (i) know-your-customer obligations, which they believe should include a review of whether a lender holds all required state licenses and follows state lending laws; (ii) use of lead generators, including those that auction consumer data; (iii) high rates of returned, contested, or otherwise failed debits or the regular use of remotely created checks, which they state may indicate payment fraud; and (iv) lenders’ failure to incorporate or maintain a business presence in the U.S., which they assert can be indicative of fraud and other payment system violations, including money-laundering.
On February 20, in remarks to the Florida International Bankers Association Anti-Money Laundering Conference, FinCEN Director Jennifer Shasky Calvery reviewed FinCEN’s key initiatives over the past year and outlined priorities going forward. She discussed FinCEN’s efforts with regard to virtual currency risks and stated that it is important for financial institutions that deal in virtual currency to put effective AML/CFT controls in place. She noted that it is also important for all stakeholders to keep virtual currency concerns in perspective given the relatively small size of the market. FinCEN is growing increasingly concerned with third party money launderers who layer transactions, create or use shell or shelf corporations, use political influence to facilitate financial activity, or engage in other schemes to infiltrate financial institutions and circumvent AML controls. FinCEN intends to pursue such actors regardless of where they are located. Director Shasky Calvery also reiterated concerns about securities firms that offer services similar to banks, and promised continued focus on threats posed by trade-based money laundering. With regard to its policy initiatives, FinCEN intends to engage stakeholders in a discussion of “balancing the policy motivations behind data privacy and secrecy laws in different jurisdictions with the need for an appropriate level of transparency to combat money laundering and terrorist financing.” The Director noted that this issue is particularly critical in the area of correspondent banking.
On February 20, FinCEN finalized a rule that will require Fannie Mae, Freddie Mac, and the Federal Home Loan Banks (the GSEs) to develop AML programs and to file SARs directly with FinCEN. Under the current system, the GSEs file fraud reports with the FHFA, which then files SARs with FinCEN when warranted under FinCEN’s reporting standards. The new regulations are substantially similar to the version proposed in November 2011, and are intended to streamline the reporting process and provide more timely access to data about potential fraud. The AML provisions of the new regulations implement the BSA’s four minimum requirements: (i) the development of internal policies, procedures, and controls; (ii) the designation of a compliance officer; (iii) an ongoing employee training program; and (iv) an independent audit function to test programs. The SAR regulation requires reporting of suspicious activity in accordance with standards and procedures contained in all of FinCEN’s SAR regulations. In addition, under the streamlined system, the GSEs and their directors, officers, and employees will qualify for the BSA’s “safe harbor” provisions, which are intended to encourage covered institutions to report suspicious activities without fear of liability. The final rule does not require the GSEs to comply with any other BSA reporting or recordkeeping regulations, such as currency transaction reporting. The rule takes effect 60 days after publication in the Federal Register and the GSEs will have 180 days from publication to comply.
On February 14, FinCEN issued guidance to clarify BSA expectations for financial institutions seeking to provide services to marijuana-related businesses in states that have legalized certain marijuana-related activity. The guidance was issued in coordination with the DOJ, which provided updated guidance to all U.S. Attorneys. The FinCEN guidance reiterates the general principle that the decision to open, close, or refuse any particular account or relationship should be made by each financial institution based on its particular business objectives, an evaluation of the risks associated with offering a particular product or service, its ability to conduct thorough customer due diligence, and its capacity to manage those risks effectively. The guidance details the necessary elements of a customer due diligence program, including consideration of whether a marijuana-related business implicates one of the priorities in the DOJ memorandum or violates state law. FinCEN notes that the obligation to file a SAR is unaffected by any state law that legalizes marijuana-related activity and restates the SAR triggers. The guidance identifies the types of SARs applicable to marijuana-related businesses and describes the conditions under which each type should be filed.
On February 5, FINRA announced its largest ever fine for alleged AML-related violations. The self-regulatory agency ordered a securities firm to pay $8 million for allegedly failing to (i) implement an adequate AML program to monitor and detect suspicious penny stock transactions; (ii) sufficiently investigate potentially suspicious penny stock activity brought to the firm’s attention; and (iii) fulfill its SAR filing requirements. Further, the firm allegedly did not have an adequate supervisory system in place to prevent the distribution of unregistered securities. In addition to the monetary penalty against the firm, FINRA suspended the firm’s former Global AML Compliance Officer for one month and fined him $25,000. FINRA explained that penny stock transactions pose heightened risks because low-priced securities may be manipulated by fraudsters. In this case, it believes that, over a four-and-a-half year period, the firm executed transactions or delivered securities involving at least six billion shares of penny stocks, “many on behalf of undisclosed customers of foreign banks in known bank secrecy havens.” The firm allegedly executed these transactions despite the fact that it was unable to obtain information essential to verify that the stocks were free trading and in many instances did so without even basic information such as the identity of the stock’s beneficial owner, the circumstances under which the stock was obtained, and the seller’s relationship to the issuer. During this time, penny stock transactions generated at least $850 million in proceeds for the firm’s customers. The firm did not admit to or deny the allegations.
On January 30, in remarks to SIFMA’s AML and Financial Crimes Conference, FinCEN Director Jennifer Shasky Calvery stressed the importance of establishing a “culture of compliance” at financial institutions to support effective AML safeguards. The Director’s comments reinforce similar remarks made in recent months by both the Deputy U.S. Attorney General and Comptroller Curry. And like Comptroller Curry, Ms. Shasky Calvery highlighted the need for better information sharing not only within institutions but between institutions. FinCEN agrees with industry feedback that the agency needs to improve its own ability to share information. Also part of a broader theme among enforcement authorities, the Director explained that financial institutions should take responsibility when their actions violate the BSA, not only by admitting to the facts alleged by FinCEN but also by acknowledging a violation of the law. She highlighted specific risks in the securities sector including those related to the use of cash, and explained that securities firms that provide bank-like services need to consider the vulnerabilities associated with engaging in such services and must ensure that their compliance programs are commensurate with those risks.
On January 27, during a speech to certified AML compliance specialists, the U.S. Attorney for the Southern District of New York, Preet Bharara, stressed BSA/AML enforcement as a top priority for his office. Mr. Bharara focused on three issues: (i) the importance of holding institutions accountable for misconduct; (ii) the need for law enforcement to stay ahead of rapidly changing markets and technologies; and (iii) organizational changes within his office to bring the needed resources to bear. With regard to enforcement against institutions, the U.S. Attorney rebutted arguments that prosecutors should focus on individuals and described the full spectrum of tools available to hold institutions accountable—ranging from pursuing criminal prosecutions to seeking monetary fines and restitution through civil actions. He stressed the need to employ the full range of tools against institutions, especially in the AML context where many of the anti-money laundering laws and BSA provisions are specifically directed at institutions. The U.S. Attorney also announced that his office’s Criminal Division’s Asset Forfeiture Unit will be renamed the Money Laundering and Asset Forfeiture Unit to reflect his office’s commitment to dedicate more physical and human resources to addressing money laundering crimes and BSA violations.
This week, New York State Department of Financial Services (NY DFS) Superintendent Benjamin Lawsky presided over a two-day hearing regarding emerging virtual currencies and the appropriate role of regulation. The hearing was the next step in an inquiry announced last August, and was held as the NY DFS considers developing a state license specific to virtual currency that would subject operators to state oversight. The panels featured the views of private investors, virtual currency firms, regulatory experts, and law enforcement officials. From our view inside the room, the most prominent, theme to emerge is that regulators will need to strike a balance between protecting the public interest—both from a consumer protection standpoint and with regard to the potential for criminal activity—while allowing emerging virtual currency technologies to develop, evolve, and thrive. Read more…
On January 27, the U.S. Attorney for the Southern District of New York announced the unsealing of criminal charges against an underground Bitcoin exchanger and the CEO of a Bitcoin exchange company registered as a money services business for allegedly engaging in a scheme to sell over $1 million in Bitcoins to users of “Silk Road,” the website that is said to have enabled its users to buy and sell illegal drugs anonymously and beyond the reach of law enforcement. Each defendant is charged with conspiring to commit money laundering and operating an unlicensed money transmitting business. The CEO of the exchange company is also charged with willfully failing to file any suspicious activity report regarding the exchanger’s illegal transactions, in violation of the Bank Secrecy Act. The U.S. Attorney stated that the charges demonstrate his office’s intention and ability to “aggressively pursue those who would coopt new forms of currency for illicit purposes.” The complaint alleges that over a nearly two-year period, the exchanger ran an underground Bitcoin exchange on the Silk Road website, selling Bitcoins to users seeking to buy illegal drugs on the site. Upon receiving orders for Bitcoins from Silk Road users, he allegedly filled the orders through a company based in New York, which was designed to charge customers for exchanging cash for Bitcoins anonymously. The exchanger allegedly obtained Bitcoins with the company’s assistance, and then sold the Bitcoins to Silk Road users at a markup. The exchange company CEO, who was also its Compliance Officer, allegedly was aware that Silk Road was a drug-trafficking website, and also knew that the exchanger was operating a Bitcoin exchange service for Silk Road users. The government alleges that the CEO knowingly facilitated the exchanger’s business, personally processed orders, gave discounts on high-volume transactions, and failed to file a single suspicious activity report.
On January 15, the Basel Committee on Banking Supervision issued final guidance regarding anti-money laundering/counter-terrorism financing (AML/CTF) risk management. The Committee states that the guidelines are consistent with and supplement the 2012 International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation issued by the Financial Action Task Force. The guidelines supersede two previously-issued Basel Committee publications: Customer due diligence for banks (October 2001) and Consolidated KYC management (October 2004). The final guidelines detail the “essential elements” of sound AML/CTF risk management, including those related to (i) assessing and understanding risks; (ii) customer acceptance policies; (iii) customer and beneficial owner identification; (v) ongoing monitoring; (vi) information management and record keeping; and (vii) reporting suspicious transactions and asset freezing. The guidelines also address AML/CTF in the group-wide and cross-border context, and outlines expectations for banking supervisors.