On September 28, OCC Comptroller Thomas J. Curry announced Wednesday during a speech at the Association of Certified Anti-Money Laundering Specialists (ACAMS) conference that the OCC is developing guidance for banks to manage AML/BSA risks in their foreign correspondent banking relationships.
On October 3, FinCEN assessed a $12 million civil money penalty against a Nevada-based casino for willfully violating the anti-money laundering (AML) provisions of the Bank Secrecy Act (BSA). Pursuant to the Statement of Facts, from March 2009 through September 28, 2015, the casino allegedly failed to (i) develop and implement an effective AML program reasonably designed to ensure compliance with the BSA; (ii) exercise due diligence in its monitoring of suspicious activity; and (iii) maintain sufficient AML compliance controls, procedures, training, and audits, which resulted in multiple filing and recordkeeping control violations. As part of the FinCEN’s Assessment and the Non-Prosecution Agreement filed by the U.S. Attorney’s Officers, the casino must (i) perform a series of required Remedial Measures to ensure compliance going forward; and (ii) conduct a look-back review to ensure that suspicious transactions and attempted transactions were appropriately reported for transactions that occurred between 2010 and 2013.
On September 14, the OCC released its bank supervision operating plan for fiscal year 2017. The plan identifies the OCC’s priority objectives, which include: (i) commercial and retail loan underwriting; (ii) business model sustainability and viability; (iii) operational resiliency; (iv) BSA/AML compliance; and (v) processes to address regulatory changes. Moreover, the plan affirms that the OCC will look at each individual bank’s key risks, and will continue the process of stress testing, both for large banks and for midsize and community banks.
On September 7, FinCEN issued advisory bulletin FIN-2016-A004 notifying financial institutions of updates to the Financial Action Task Force’s (FATF) list of jurisdictions containing anti-money laundering/counter-terrorist financing (AML/CFT) deficiencies. The FATF updated two documents categorizing certain jurisdictions: (i) the FATF Public Statement, identifying jurisdictions that are subject to the FATF’s call for countermeasures or are subject to Enhanced Due Diligence (EDD) due to AML/CFT deficiencies; and (ii) the Improving Global AML/CFT Compliance: on-going process, identifying jurisdictions which have developed an action plan with the FATF to address strategic AML/CFT deficiencies. Revisions to the FATF Public Statement include the 12 months suspension of FATF’s call for countermeasures against Iran; in turn, Iran was added to the EDD category based on the continued risk posed by Iran to the international financial system. North Korea remains the sole country subject to countermeasures. Jurisdictions currently on the Improving Global AML/CFT Compliance: on-going process list include Afghanistan, Bosnia and Herzegovina, Guyana, Iraq, Lao PDR, Syria, Uganda, Vanuatu, and Yemen. Myanmar (Burma) and Papua New Guinea were removed from the list. FinCEN reminded financial institutions that they are subject to a broad range of restrictions on dealing with North Korea and Iran, in spite of the 12-month suspension of its call for countermeasures against Iran.
On August 30, the Department of the Treasury, along with the OCC, FDIC, Federal Reserve and NCUA, issued a joint fact sheet on foreign correspondent banking. The fact sheet provides a summary of the agencies’ (i) expectations for BSA/AML and OFAC risk management at U.S. depository institutions; (ii) risk-based approach to the supervisory examination process; and (iii) use of enforcement as an “extension of the supervisory process.” As highlighted in a corresponding blog post, the fact sheet explains that about “95% of BSA/OFAC compliance deficiencies identified by the [Federal Banking Agencies], FinCEN, and OFAC are corrected by the institution’s management without the need for any enforcement action or penalty.” The fact sheet notes that, under existing regulations there is no general requirement for depository institutions to conduct due diligence on an individual customer of a foreign financial institution (FFI). But it also notes that “[i]n determining the appropriate level of due diligence necessary for an FFI relationship, U.S. depository institutions should consider the extent to which information related to the FFI’s markets and types of customers is necessary to assess the risks posed by the relationship, satisfy the institution’s obligations to detect and report suspicious activity, and comply with U.S. economic sanctions. This may require U.S. depository institutions to request additional information concerning the activity underlying the FFI’s transactions in accordance with the suspicious activity reporting rules and sanctions compliance obligations.”