This week, FinCEN published its semiannual SAR Activity Review, which provides information about the preparation, use, and value of Suspicious Activity Reports (SARs) filed by financial institutions. The report identifies SAR trends, reviews law enforcement cases that demonstrate the importance and value of Bank Secrecy Act (BSA) data to the law enforcement community, and highlights issues related to financial exploitation of older Americans. FinCEN also published an annual companion report, “By the Numbers,” which compiles numerical data gathered from SARs filed by financial institutions.
Federal Reserve Board, Illinois Regulator Issue Joint Enforcement Action Against U.S. Subsidiaries of Foreign Bank, OCC Issues Parallel Action
On May 17, the Federal Reserve Board released an April 29, 2013 written agreement between the Federal Reserve Board, an Illinois state regulator, a foreign bank, and its U.S. bank holding company subsidiary (the Holding Company) regarding certain Bank Secrecy Act/Anti-Money Laundering (BSA/AML) deficiencies at the foreign bank’s Chicago branch (the Branch) and an OCC regulated subsidiary of the Holding Company. The OCC took parallel action on the same date against the Holding Company’s Chicago bank subsidiary. The Federal Reserve Board agreement requires that the Holding Company conduct a comprehensive review of its BSA/AML compliance program within 60 days, and within 90 days submit a report of its findings and recommendations, a written enhanced program, and a written plan to strengthen board oversight. Also within 90 days, the Branch must submit a written plan to improve its BSA/AML compliance, and the foreign bank, the Holding Company, and the Branch must submit an enhanced customer due diligence program. The OCC agreement requires that the Chicago bank’s board establish a compliance committee and within 90 days submit a compliance action plan. Within 30 days, the bank’s board must review its current engagement with an independent consultant, and within 90 days (i) develop a staffing plan for its internal BSA compliance department, (ii) conduct an MIS assessment, (iii) develop customer due diligence controls, and (iv) develop written suspicious activity policies and procedures. Both agreements require quarterly reporting, and neither includes a monetary penalty.
Federal Reserve Board, New York DFS Issue Joint Enforcement Action against U.S. Branch of Foreign Bank
On April 4, the Federal Reserve Board released a March 25, 2013 written agreement between the Federal Reserve Board, the New York Department of Financial Services, and a German bank and its U.S. branch regarding certain BSA/AML deficiencies at the U.S. branch. The agreement requires that the bank and the branch retain within 30 days an independent consultant to conduct a comprehensive review of the branch’s compliance with BSA/AML rules and state regulations, and subsequently prepare a report of the findings. The agreement further requires that within 60 days of the compliance report prepared by the consultant, the bank and the branch (i) submit a written enhanced BSA/AML compliance program for the branch, (ii) submit a written plan to improve and enhance management oversight of the branch’s compliance program, (iii) submit a written program to improve customer due diligence and a written program to ensure timely and accurate SAR reporting, and (iv) engage a different independent testing consultant to develop a risk-based BSA/AML audit program and conduct an independent compliance test. In addition, the agreement requires the bank and the branch to submit within 60 days of the agreement a written plan to enhance compliance with OFAC requirements.
On March 26, the Federal Reserve Board released a recent enforcement action against a bank holding company related to deficiencies in certain of its bank subsidiaries’ Bank Secrecy Act and anti-money laundering (BSA/AML) compliance programs, as reflected in 2012 orders from the OCC and the FDIC requiring the subsidiary banks to remedy certain BSA/AML compliance deficiencies. Nearly a year later, the Federal Reserve Board order charges that the holding company lacked effective systems of governance and internal controls to adequately oversee the activities of the banks with respect to legal, compliance, and reputational risk related to the banks’ respective BSA/AML compliance programs. The order requires the holding company to (i) submit a plan to continue to improve the governance, structure, and operations of its BSA/AML and OFAC regulations compliance risk management program; and (ii) complete a review of the effectiveness of its firmwide BSA/AML compliance program and prepare a report. In addition, the company’s board must (i) submit a written plan to continue ongoing enhancements to its oversight of the company’s firmwide BSA/AML compliance risk management program; (ii) review the above-referenced BSA/AML compliance program report and submit a plan with specific actions the company will take to continue to strengthen the management and oversight of its firmwide compliance program; and (iii) submit quarterly progress reports. The Federal Reserve Board order does not include a civil money penalty.
On March 20, 2013, Michael Bresnick, Executive Director of DOJ’s Financial Fraud Enforcement Task Force gave a speech at the Exchequer Club of Washington, DC highlighting recent accomplishments of the Task Force and outlining its priorities for the coming year. He began by discussing a number of areas of known focus for the Task Force, including RMBS fraud, fair lending enforcement, and servicemember protection. He then outlined three additional areas of focus that the Task Force has prioritized, including (i) the “government’s ability to protect its interests and ensure that it does business only with ethical and responsible parties;” (ii) discrimination in indirect auto lending; and (iii) financial institutions’ role in fraud by their customers, which include third party payment processors and payday lenders.
The third priority, which was the focus of Mr. Bresnick’s remarks, involves the Consumer Protection Working Group’s prioritization of “the role of financial institutions in mass marketing fraud schemes — including deceptive payday loans, false offers of debt relief, fraudulent health care discount cards, and phony government grants, among other things — that cause billions of dollars in consumer losses and financially destroy some of our most vulnerable citizens.” He added that the Working Group also is investigating third-party payment processors, the businesses that process payments on behalf of the fraudulent merchant. Mr. Bresnick explained that “financial institutions and payment processors . . . are the so-called bottlenecks, or choke-points, in the fraud committed by so many merchants that victimize consumers and launder their illegal proceeds.” He said that “they provide the scammers with access to the national banking system and facilitate the movement of money from the victim of the fraud to the scam artist.” He further stated that “financial institutions through which these fraudulent proceeds flow . . . are not always blind to the fraud” and that the FFETF has “observed that some financial institutions actually have been complicit in these schemes, ignoring their BSA/AML obligations, and either know about — or are willfully blind to — the fraudulent proceeds flowing through their institutions.” Mr. Bresnick explained that “[i]f we can eliminate the mass-marketing fraudsters’ access to the U.S. financial system — that is, if we can stop the scammers from accessing consumers’ bank accounts — then we can protect the consumers and starve the scammers.” Read more…
On March 18, FinCEN issued guidance to clarify the applicability of Bank Secrecy Act regulations to persons creating, obtaining, distributing, exchanging, accepting, or transmitting virtual currencies. FinCEN clarifies that a person that obtains a virtual currency to purchase goods or service (a “user”) does not fit within the regulatory definition of a money transmission service, and therefore is not subject to the relevant regulations. However, a person engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency (an “exchanger”), and a person engaged as a business in issuing a virtual currency, and who has the authority to redeem such virtual currency (an “administrator”), generally are considered money transmitters under FinCEN’s regulations if they (i) accept and transmit a convertible virtual currency or (ii) buy or sell convertible virtual currency for any reason. The guidance reviews FinCEN’s specific determinations regarding different activities involving virtual currencies and the appropriate regulatory treatment of administrators and exchangers under each of the scenarios. Specifically, the guidance addresses (i) brokers and dealers of e-currencies and e-precious metals; (ii) centralized convertible virtual currencies; and (iii) de-centralized convertible virtual currencies.
On March 7, the Senate Banking Committee held a hearing entitled “Patterns of Abuse: Assessing Bank Secrecy Act Compliance and Enforcement,” which featured testimony from representatives of the Treasury Department, the Comptroller of the Currency; and the Federal Reserve Board. During the hearing, Senators challenged the regulators on what they view as insufficient civil and criminal enforcement of the Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) rules, and pressed them to act more aggressively in bringing criminal actions against banks. Senators also pressed lawmakers on comments made by Attorney General Holder at a hearing the day before where he expressed concern that some of the world’s biggest banks have become “too big to jail” because a potential punishment could negatively impact the broader economy. With regard to possible regulatory and legislative changes, Comptroller of the Currency Thomas Curry stated that the OCC is drafting guidance for banks on BSA/AML compliance, in part, to make it easier for the OCC to remove bank officers who violate federal anti-money laundering laws. Curry said the OCC also would support expanded safe harbors for banks submitting and sharing Suspicious Activity Reports. Comptroller Curry’s comments at the hearing follow remarks he made earlier in the week when he called on banks to devote more resources to BSA/AML compliance. Mr. Curry stressed that controls with regard to international activities – e.g., foreign correspondent banking and remote deposit capture – need to be commensurate with risk. He also directed banks to focus on third-party relationships and payment processors. Finally, the Comptroller cautioned banks to understand risks presented by deployment of new technologies and payment activities, including prepaid access cards, mobile banking, and mobile wallets.
On February 26, FinCEN issued Advisory FIN-2013-A001 to remind financial institutions of their important role in identifying tax refund fraud and provide a list of red flags to aid in such identification. The Advisory also reminds institutions that they may be required to filed a SAR if they know, suspect or have reason to suspect that a transaction conducted or attempted by, at, or through the financial institution (i) involves funds derived from illegal activity or an attempt to disguise funds derived from illegal activity, (ii) is designed to evade regulations promulgated under the Bank Secrecy Act, or (iii) lacks a business or apparent lawful purpose. Institutions completing a tax refund fraud SAR should use the term “tax refund fraud” in the narrative section of the SAR and provide a detailed description of the activity, and are encouraged to notify their local IRS Criminal Investigation Field Office of the filed SAR.
On January 22, the FFIEC proposed guidance on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by federally supervised financial institutions, as well as nonbanks supervised by the CFPB. With regard to compliance and legal risks, the guidance addresses (i) the applicability of existing federal laws and regulations to the use of social media for marketing and originating new deposit and lending products and the use of social media to facilitate consumer use of payment systems; (ii) the need to apply BSA/AML internal controls to customers engaging in electronic banking through the use of social media, and e-banking products and services offered in the context of social media, as well as BSA/AML risks emerging through the growing use of social media; (iii) CRA monitoring of social media sites run by an institution; and (vi) customer privacy issues associated with social media. The guidance also reviews reputational risks related to social media, including risks related to (i) fraud and brand identity; (ii) social media vendor monitoring; (iii) privacy; (iv) consumer complaints; and (v) employee use of social media. Finally, the guidance addresses the vulnerability of social media to malware and the resultant operational risk. The FFIEC is accepting comments for 60 days after publication in the Federal Register. After the comment period, the agencies will issue supervisory guidance and will urge state regulators to follow.
On January 14, the Federal Reserve Board and the OCC issued two consent orders against a large international bank and its trust company over alleged deficiencies in its Bank Secrecy Act and Anti-Money Laundering (BSA/AML) compliance programs. Under the Federal Reserve Board Order, the bank is required to conduct a full review of its compliance program and submit written reports to the Federal Reserve Bank of New York regarding the review’s findings and recommendations. Any proposed improvements are subject to approval by the Federal Reserve Bank of New York. The OCC Order identifies “critical deficiencies” in the bank’s BSA/AML compliance programs with respect to suspicious activity reporting, transaction monitoring, customer due diligence, and internal control implementation and requires specific corrective actions in response. Neither order requires a civil money penalty. On the same day, the Federal Reserve Board and the OCC issued consent orders concerning the bank’s derivatives trading activity. Under those orders, the bank must take corrective action as to its risk-management program, finance and internal audit functions, and Chief Investment Office, but the orders do not include a monetary settlement. The Federal Reserve Board stated that the corrective actions are necessary in light of disclosed, significant losses in a large synthetic credit portfolio managed by the Chief Investment Office. An OCC report found that the bank lacked adequate oversight to protect itself from such material risk, and had other inadequate risk management processes, trade valuation controls, and audit processes.
U.S. Law Enforcement Authorities and Regulators Resolve Significant Money Laundering and Sanctions Investigations
On December 11, a major international bank holding company announced agreements with U.S. law enforcement authorities and federal bank regulators to end investigations into alleged inadequate compliance with anti-money laundering and sanctions laws by the holding company and its U.S. subsidiaries (collectively the banks). Under these agreements, the banks will make payments totaling $1.92 billion, will continue to cooperate fully with regulatory and law enforcement authorities, and will take further action to strengthen its compliance policies and procedures. As part of the resolution, the bank entered into a deferred prosecution agreement (DPA) with the DOJ pursuant to which the banks will forfeit $1.256 billion, $375 million of which satisfies a settlement with the Office of Foreign Assets Control (OFAC). The four-count criminal information filed in conjunction with the DPA charges that the banks violated the Bank Secrecy Act by failing to maintain an effective anti-money laundering program and to conduct appropriate due diligence on its foreign correspondent account holders. The DOJ also alleged that the banks violated the International Emergency Economic Powers Act and the Trading with the Enemy Act by illegally conducting transactions on behalf of customers in certain countries that were subject to sanctions enforced by OFAC. The banks agreed to pay a single $500 million civil penalty to satisfy separate assessments by the OCC and FinCEN related to the same alleged conduct, as well as a $165 million penalty to the Federal Reserve Board. The banks already have undertaken numerous voluntary remedial actions, including to (i) substantially increase AML compliance spending and staffing, (ii) revamp their Know Your Customer program, (iii) exit 109 correspondent relationships for risk reasons, and (iv) claw back bonuses for a number of senior officers. Read more…
This week, FinCEN published summaries of a series of roundtable meetings held to obtain stakeholder feedback on the agency’s proposed rulemaking on customer due diligence. The meetings, held in September and October in Los Angeles, New York, and Chicago, provided a forum to discuss key issues regarding the proposed rulemaking, including (i) the definition of “beneficial ownership,” (ii) practices to obtain and verify beneficial ownership, and (iii) challenges associated with specific products, services, and relationships.
On November 29, FinCEN and the Federal Reserve Board announced that they are seeking comments on a proposed rule to amend the definitions of “funds transfer” and “transmittal of funds” set forth in the regulations implementing the Bank Secrecy Act. The proposed rule explains that the changes are designed to ensure that the current scope of the definitions is not expanded, following recent related amendments to the Electronic Fund Transfer Act. Comments on the proposed rule are due by January 25, 2013.
On November 19, FinCEN and the FDIC announced that a state bank agreed to pay a $15 million civil money penalty to resolve the bank’s “history of noncompliance” with Bank Secrecy Act (BSA) and anti-money laundering (AML) requirements, including recent allegations that the bank failed to implement an effective BSA/AML Compliance Program with reasonable internal controls. Specifically, the federal agencies alleged that the bank failed to adequately oversee third-party payment processor relationships and related products and services. The payment also resolves parallel civil claims by the DOJ that the bank violated the Financial Institutions Reform, Recovery and Enforcement Act (FIRREA) by originating withdrawal transactions on behalf of fraudulent merchants and causing money to be taken from the bank accounts of consumer victims. Concurrent with the federal action, the Delaware Office of State Bank Commissioner terminated the bank’s state charter.
Last week, Treasury Under Secretary for Terrorism and Financial Intelligence, David Cohen, and new FinCEN Director Jennifer Shasky Calvery addressed the American Bankers Association/American Bar Association Money Laundering Enforcement Conference. Ms. Calvery and Mr. Cohen announced the formation of an interagency anti-money laundering (AML) task force comprised of Treasury officials, federal banking regulators, and enforcement agencies charged with conducting a comprehensive review of the AML regulatory and enforcement structure to address any gaps, redundancies or inefficiencies in the framework. Ms. Calvery further explained that the Bank Secrecy Act Advisory Group is exploring ways to reduce the variance between compliance risk and illicit financing risk. Ms. Calvery also stressed the importance of electronic filings, and urged financial institutions to adopt the new FinCEN reports before the April 1, 2013 deadline. Mr. Cohen discussed a proposed customer due diligence regulation, which would extend customer due diligence obligations by requiring institutions to collect information on an account’s beneficial owner. In connection with that rulemaking, FinCEN this week announced the last in a series of roundtable discussions to gather information from stakeholders and discuss key issues relating to the proposed rule. This final roundtable will be held on December 3, 2012, at the Miami Branch of the Federal Reserve Bank of Atlanta.