On November 18, at an American Bar Association/American Bankers Association conference on the Bank Secrecy Act/Anti-Money Laundering (BSA/AML), Deputy Attorney General (Deputy AG) James Cole challenged financial institutions’ compliance efforts and outlined the DOJ’s financial crimes enforcement approach. Noting that compliance within financial institutions is of particular concern to the DOJ, based in part on recent cases of “serious criminal conduct by bank employees,” the nation’s second highest ranking law enforcement official detailed DOJ’s approach to investigating and deciding in what manner to pursue potential violations. The Deputy AG included among his examples of serious misconduct recent BSA/AML, RMBS, mortgage False Claims Act, and LIBOR cases. He explained that the DOJ is particularly concerned about incentives that encourage excessive risk taking, and stated that “too many bank employees and supervisors value coming as close to the line as possible, or even crossing the line, as being ‘competitive’ or ‘aggressive.’” Read more…
On December 3, FinCEN and the Federal Reserve Board issued a final rule to amend the definitions of “funds transfer” and “transmittal of funds” under regulations implementing the Bank Secrecy Act. The agencies finalized the rule as proposed. The changes are intended to maintain the scope of the definitions following recent related amendments to the Electronic Fund Transfer Act, so as to avoid certain currently covered transactions being excluded from BSA requirements. The changes take effect January 3, 2014.
On November 17, the Comptroller of the Currency, Thomas Curry, delivered remarks at the American Bar Association/American Bankers Association BSA/AML conference in which he identified common BSA/AML compliance risks and failures, and identified steps industry participants and regulators should take to improve compliance. The Comptroller explained that successful BSA/AML compliance is dependent not only on “the strength of the institution’s technology and monitoring processes, and the effectiveness of its risk management,” but also on strong corporate governance processes and management’s willingness to commit adequate resources. Comptroller Curry called on banks to commit sufficient resources and take a “holistic approach” toward BSA/AML compliance, for example, by dispersing accountability throughout the organization instead of concentrating compliance in a single unit. Noting that this is particularly important in the M&A context, the Comptroller stated that it is vital that due diligence go beyond a target’s credit portfolio to include a review of the target’s BSA/AML program. In addition to lack of compliance resources, the Comptroller identified as risk trends: (i) poor management of international activities—foreign correspondent banking, cross-border funds transfers, bulk cash repatriation, and embassy banking; (ii) third-party relationships and payment processors; and (iii) emerging payment technologies, including virtual currencies. He stressed the importance of information sharing among institutions and between institutions and their regulators, and called for (i) legislation that would encourage the filing of SARs by strengthening the statutory safe harbor from civil liability for filing financial institutions, (ii) broadening the Patriot Act safe harbor for institutions that share information with each other about potential crimes and suspicious transactions, and (iii) exploring ways government can provide more robust and granular information about money laundering schemes and typologies to institutions in a more timely way.
This week, two Senate Committees—Homeland Security and Governmental Affairs and Banking, Housing and Urban Affairs—held hearings to hear from regulators and other stakeholders about how virtual currencies fit within the existing regulatory framework, and to assess whether there is a need to alter that framework in response to potential risks presented by emerging virtual currency technologies. The hearings followed an inquiry initiated by Senate Homeland Security leaders over the summer. Senators who participated in the hearings did not indicate any desire to move quickly to establish new federal regulations to address potential risks presented by innovation in virtual currencies. Rather, the lawmakers generally expressed a desire not to inhibit continued innovation, while supporting market participants who want to play by the rules and protecting the market from those who do not. In both hearings, FinCEN Director Jennifer Shasky Calvery described her agency’s ability to address the BSA/AML and terrorism financing risks presented by virtual currencies by employing FinCEN’s existing statutory authority and regulatory tools. Similarly, during the Senate Banking hearing, the Conference of State Bank Supervisors expressed confidence in the ability of state regulators to address consumer protection and other risks posed by virtual currencies through the existing state regulatory framework and processes. Still, committee members raised broader questions about the how to define or categorize virtual currencies (e.g. as a currency versus as a security) and the impact of such a classification on a range of other issues including monetary policy and tax administration. The breadth of the issues, which may need to be addressed by a range of government actors, formed the basis of Senate Homeland Security Committee Chairman Tom Carper’s (D-DE) call for a “whole government” approach to virtual currency.
On November 5, the DOJ announced that a New York check cashing company and its owner pleaded guilty to violating the Bank Secrecy Act in connection with more than $19 million in check-cashing transactions by willfully failing to maintain an effective anti-money laundering program. The plea agreement requires the company to forfeit over $3 million and the owner to pay nearly $1 million in restitution for related tax violations; neither party has yet been sentenced. The DOJ alleges that over a two-year period the company cashed checks written on accounts of shell corporations. The shell corporations and the corresponding bank accounts on which the checks were written were established in the names of foreign nationals, many of whom were no longer in the United States. The check cashing company and its owner allegedly failed to obtain any identification documents or information from the individuals presenting the checks, filed false currency transaction reports (CTRs) that stated the checks were cashed by the foreign nationals who set up the shell corporations, and in certain CTRs, failed to indicate the full amount of cash provided to the individuals. Related charges remain pending against additional defendants. These cases are being prosecuted by, among others, the DOJ’s Money Laundering and Bank Integrity Unit, which investigates and prosecutes complex, multi-district and international criminal cases involving financial institutions and individuals who violate the money laundering statutes, the Bank Secrecy Act and other related statutes.
On October 31, the Federal Reserve Board released a BSA/AML enforcement action against a Pakistani bank and its New York branch. The Written Agreement addresses examiners’ findings of alleged compliance and risk management deficiencies in the branch’s international remittance services. The agreement requires the bank and branch to, among other things, (i) retain an independent consultant to conduct a compliance review, and (ii) implement enhanced BSA/AML compliance and SAR programs. The agreement also requires interim transaction monitoring procedures and a third-party review of the branch’s international remittance transaction activity over a six-month period.
On October 17, the Federal Reserve Board released a cease and desist order against a foreign bank and its New York branch over alleged BSA/AML compliance failures. After entering into a Written Agreement in June 2012 that required the branch to improve compliance with BSA/AML in connection with the branch’s bulk cash transactions business line, the Federal Reserve Bank of New York conducted an examination to assess the effectiveness of the branch’s BSA/AML compliance program in other business lines. This examination identified an alleged failure of the branch to maintain an adequate risk-based compliance program to mitigate the BSA/AML risks associated with the branch’s foreign correspondent accounts. The order requires the bank and the branch to (i) retain an independent consultant to assess, and prepare a compliance report on, the branch’s compliance with the BSA/AML requirements, (ii) submit an enhanced BSA/AML compliance program, (iii) submit an enhanced customer due diligence program and an enhanced suspicious activity reporting program, and (iv) retain an independent consultant to conduct a suspicious activity review of U.S. dollar transactions cleared over a six month period in 2012. In addition, the bank’s board and the branch management must jointly submit a written management oversight plan.
On September 27, FinCEN issued Advisory FIN-2013-A007, which informs U.S. financial institutions about the potential impacts of 2010 Mexican finance ministry restrictions placed on U.S. currency transactions by Mexican banks on the repatriation of illicit proceeds. The Advisory references a “best practices” guide for Mexican banks prepared by Mexico’s financial institution regulator to guide Mexican banks in establishing or maintaining relationships with U.S. banks. FinCEN also reiterates existing guidance to U.S. institutions to monitor the potential use of alternative methods to move funds linked to the laundering of criminal proceeds and to report that information as required under the Bank Secrecy Act and its implementing regulations.
This week, federal authorities announced the assessment of civil money penalties against two financial institutions for alleged Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance failures. In the first action, FinCEN and the OCC alleged that a national bank failed to file suspicious activity reports (SARs) from April 2008 to September 2009 for activity in accounts belonging to a law firm through which one of the firm’s principals ran a Ponzi scheme. The agencies claim that the bank willfully violated the BSA’s reporting requirements by failing to detect and adequately report suspicious activities in a timely manner, even when the bank’s anti-money laundering surveillance software identified the suspicious activity (the bank subsequently filed five late SARs related to this conduct in 2011). FinCEN and the OCC assessed concurrent $37.5 million penalties. The FinCEN penalty is the first assessed by that agency’s recently created Enforcement Division. In addition, the SEC charged the bank and a former executive with related securities violations and ordered the bank to pay an additional $15 million penalty and to cease and desist from the alleged activity, including providing misleading information to investors as to amounts of money in particular accounts and actions the bank had taken to limit fraudulent activity.
In a second action, coordinated among FinCEN, the OCC, and the U.S. Attorney for the District of New Jersey, federal authorities assessed $8.2 million in total penalties against a now defunct community bank for compliance failures related to Mexican and Dominican Republic money exchange houses. The government alleged that the bank willfully violated the BSA by (i) failing to implement an effective AML program reasonably designed to manage risks of money laundering and other illicit activity, (ii) failing to conduct adequate due diligence on foreign correspondent accounts, and (iii) failing to detect and adequately report suspicious activities in a timely manner. FinCEN and the OCC assessed concurrent $4.1 million penalties, and the DOJ will collect an additional $4.1 million through civil asset forfeiture.
On June 20, New York announced a consent order with the New York branch of a foreign bank to resolve charges that the bank — over a five year period that ended more than five years ago — violated Bank Secrecy Act, Anti-Money Laundering and international sanctions rules by stripping from wire transfer messages information that could have been used to identify government and privately owned entities in Iran, Sudan, and Myanmar, and entities on the Specially Designated Nationals list issued by the OFAC and moving billions of dollars through New York on their behalf. The order requires the bank to pay a $250 million penalty, conduct a compliance review, and revise written compliance and management oversight plans. The compliance review must be conducted by an independent consultant that will be subject to the new DFS code of conduct for bank consultants described in a prior Byte. This is at least the second time in the last year that New York has taken a major action against a domestic branch of a foreign bank related to money laundering and international sanctions violations. In a previous instance, federal authorities followed with substantial civil and criminal penalties related to the same conduct.
On June 18, the Federal Reserve Board announced the execution of a written agreement with a bank and its bank and non-bank subsidiaries to resolve alleged shortcomings in the institutions’ BSA/AML compliance programs. The bank previously announced that its planned merger with another institution was delayed due to the Federal Reserve Board’s concerns. The bank retained a consultant to assist with compliance enhancements, which under the written agreement include, among other things: (i) a revised firm-wide written BSA/AML compliance program, (ii) a revised written customer due diligence program, (iii) a written suspicious activity monitoring and reporting program, and (iv) a six month suspicious activity look-back review.
On June 18, the OCC released its Semiannual Risk Perspective, which assesses risks facing national banks and federal savings associations with regard to: (i) the operating environment, (ii) condition and performance of the banking system, (iii) funding, liquidity, and interest rate risk, and (iv) regulatory actions. Among the many issues reviewed in the report, the OCC noted that cyber threats continue to grow in sophistication and require heightened awareness and appropriate resources to identify and mitigate the associated risks. It also stated that BSA/AML threats are increasing as a result of changing methods of money laundering and an increase in the volume and sophistication of electronic banking fraud, while compliance programs are failing to evolve or incorporate appropriate controls into new products and services.
Federal Reserve Board, Illinois Regulator Issue Joint Enforcement Action Against U.S. Subsidiaries of Foreign Bank, OCC Issues Parallel Action
On May 17, the Federal Reserve Board released an April 29, 2013 written agreement between the Federal Reserve Board, an Illinois state regulator, a foreign bank, and its U.S. bank holding company subsidiary (the Holding Company) regarding certain Bank Secrecy Act/Anti-Money Laundering (BSA/AML) deficiencies at the foreign bank’s Chicago branch (the Branch) and an OCC regulated subsidiary of the Holding Company. The OCC took parallel action on the same date against the Holding Company’s Chicago bank subsidiary. The Federal Reserve Board agreement requires that the Holding Company conduct a comprehensive review of its BSA/AML compliance program within 60 days, and within 90 days submit a report of its findings and recommendations, a written enhanced program, and a written plan to strengthen board oversight. Also within 90 days, the Branch must submit a written plan to improve its BSA/AML compliance, and the foreign bank, the Holding Company, and the Branch must submit an enhanced customer due diligence program. The OCC agreement requires that the Chicago bank’s board establish a compliance committee and within 90 days submit a compliance action plan. Within 30 days, the bank’s board must review its current engagement with an independent consultant, and within 90 days (i) develop a staffing plan for its internal BSA compliance department, (ii) conduct an MIS assessment, (iii) develop customer due diligence controls, and (iv) develop written suspicious activity policies and procedures. Both agreements require quarterly reporting, and neither includes a monetary penalty.
This week, FinCEN published its semiannual SAR Activity Review, which provides information about the preparation, use, and value of Suspicious Activity Reports (SARs) filed by financial institutions. The report identifies SAR trends, reviews law enforcement cases that demonstrate the importance and value of Bank Secrecy Act (BSA) data to the law enforcement community, and highlights issues related to financial exploitation of older Americans. FinCEN also published an annual companion report, “By the Numbers,” which compiles numerical data gathered from SARs filed by financial institutions.
Federal Reserve Board, New York DFS Issue Joint Enforcement Action against U.S. Branch of Foreign Bank
On April 4, the Federal Reserve Board released a March 25, 2013 written agreement between the Federal Reserve Board, the New York Department of Financial Services, and a German bank and its U.S. branch regarding certain BSA/AML deficiencies at the U.S. branch. The agreement requires that the bank and the branch retain within 30 days an independent consultant to conduct a comprehensive review of the branch’s compliance with BSA/AML rules and state regulations, and subsequently prepare a report of the findings. The agreement further requires that within 60 days of the compliance report prepared by the consultant, the bank and the branch (i) submit a written enhanced BSA/AML compliance program for the branch, (ii) submit a written plan to improve and enhance management oversight of the branch’s compliance program, (iii) submit a written program to improve customer due diligence and a written program to ensure timely and accurate SAR reporting, and (iv) engage a different independent testing consultant to develop a risk-based BSA/AML audit program and conduct an independent compliance test. In addition, the agreement requires the bank and the branch to submit within 60 days of the agreement a written plan to enhance compliance with OFAC requirements.