On September 8, FinCEN announced the assessment of an $8 million civil money penalty against a leading U.S.-based casino for its willful violations of the BSA’s requirements to develop and implement a reasonably designed AML program and to report suspicious activity. Among other things, FinCEN alleged that the casino failed to implement adequate internal controls, conduct adequate independent testing of AML compliance, provide adequate training, and file SARs. Of note were private gaming salons that cater to wealthy patrons and allowed such patrons to gamble anonymously. In addition to the $8 million penalty, which will be allowed as a general unsecured claim in the casino’s bankruptcy proceeding (pending approval of the consent by the bankruptcy court), the casino must also, among other things, hire an independent third party to test its BSA/AML compliance program, annually provide its implementation plan and training program to FinCEN for a period of three years, and conduct a look-back review of all transactions through branch offices in Asia and California for SAR compliance.
On September 28, FinCEN announced its intention to withdraw its February 2011 Notice of Finding and Notice of Proposed Rulemaking identifying a Lebanon-based bank as a “financial institution of primary money laundering concern” under Section 311 of the USA PATRIOT Act. The bank had been linked with Hezbollah and found to be involved in international narcotics and money laundering networks. Accordingly, through the Notice of Finding, FinCEN sought to impose certain “special measures” on the bank which are designed to, among other things, weaken foreign banks suspected of money laundering and financing terrorism, as well as protect American financial institutions. However, given that the bank’s license was revoked in September 2011 by Lebanon’s central bank, the Banque du Liban, and all of its assets were subsequently liquidated, the bank no longer exists as a foreign financial institution and, as such, is no longer subject to the prohibitions set forth in the proposed rule. The withdrawal of FinCEN’s Notice of Finding does not require a comment period and will be effective upon publication in the Federal Register.
On August 25, FinCEN issued a Notice of Proposed Rulemaking (NPRM) seeking to adopt minimum Bank Secrecy Act (BSA) and anti-money laundering (AML) standards that would be applicable to investment advisers. Under the proposal, investment advisers would be required to implement AML programs and report suspicious activity, among other safeguards. The NPRM states that the proposal would cover investment advisers registered or required to register with the SEC. The proposal would also add such investment advisers to the definition of “financial institution.” This would result in investment advisers being required to file currency transaction reports and to comply with recordkeeping and other requirements applicable to financial institutions. With respect to supervisory authority, FinCEN stated that it would delegate its authority to the SEC for purposes of examining investment advisers for compliance with the proposed requirements.
FinCEN Determines That Issuing a Digital Certificate Evidencing Ownership in Precious Metals, and Buying and Selling Precious Metals, Are Subject to The BSA
On August 14, FinCEN issued an Administrative Ruling, FIN-2015-R001, determining that a company who: i) provides Internet-based brokerage services between buyers and sellers of precious metals; ii) buys and sells precious metals on its own account; and iii) holds precious metals in custody, opens a digital wallet, and issues a digital proof of custody certificates evidencing ownership of such metals, is subject to the BSA.
FinCEN determined that, as a broker or dealer in e-currencies and e-precious metals, the company did not fall under the e-currencies or e-precious metals trading exemption from money transmission: “when the Company issues a freely transferable digital certificate of ownership to buyers, it is allowing the unrestricted transfer of value from a customer’s commodity position to the position of another customer of a third-party, and it is no longer limiting itself to the type of transmission of funds that is a fundamental element of the actual transaction necessary to execute the contract for the purchase of sale of the currency or the other commodity.” As such, it is acting as a convertible virtual currency administrator (the freely transferable digital certificates being the commodity-backed virtual currency). Further, the purchases and sales of precious metals made on its own account render the Company a dealer in precious metals (subject to certain monetary thresholds and other considerations), and thus a financial institution for purposes of the BSA.
On July 21, a leading China-based bank agreed to address deficiencies in connection with the BSA/AML risk management and compliance program of its New York branch office. The Agreement, entered into with the Federal Reserve Bank of New York and the New York State Department of Financial Services, requires the bank and its New York branch to (i) enhance the branch’s written BSA/AML compliance program and customer due diligence program; and (ii) develop a written program for the branch that is capable of identifying and reporting suspected violations of law and suspicious transactions to law enforcement and supervisory authorities. In addition, the bank must hire an independent third-party to review the Branch’s U.S. dollar clearing transaction activity “to determine whether suspicious activity involving high-risk customers or transactions at, by, or through the branch was properly identified and reported” to the appropriate federal banking authorities. No civil money penalty was imposed on the bank.
FDIC and California Department of Business Oversight Levy $140 Million Penalty Against California Bank for Ongoing BSA/AML Deficiencies
On July 22, the FDIC, along with the Commissioner of the California Department of Business Oversight (“DBO”), announced the assessment of a $140 million civil money penalty against a California state-chartered bank to resolve allegations that it failed to implement and maintain an adequate BSA/AML Compliance Program over an extended period of time. In 2012, the bank entered a consent order with the FDIC and the DBO (fka California Department of Financial Institutions), requiring that it “address the weaknesses and correct deficiencies” in its BSA and AML programs. According to the DBO, the bank has since failed to implement the corrective actions stipulated in the consent order, which required the bank to, among other things, (i) establish internal controls to “detect and report illicit financial transactions and other suspicious activities”; (ii) hire a qualified BSA officer and sufficient staff; (iii) provide adequate BSA training; and (iv) conduct effective independent testing. Additionally, since the 2012 consent order, the DBO and FDIC have discovered “new, substantial violations of the BSA and anti-money laundering mandates over an extended period of time.” Under terms of the joint order, the bank will pay $40 million to the DBO and $100 million to the Department of the Treasury to satisfy the full $140 million penalty.
OCC Releases Semiannual Report Highlighting Key Risks Facing National Banks and Federal Savings Associations
Today, the OCC announced the release of its semiannual report, Semiannual Risk Perspective for Spring 2015, highlighting key risk areas affecting national banks and federal savings associations. Based on 2014 year-end data, the report identifies issues that pose a potential threat to the safety and soundness of banks and thrifts. It also sets forth the OCC’s supervisory priorities for the next 12 months, including, among others, (i) cybersecurity awareness and preventative controls, (ii) Bank Secrecy Act/Anti-Money Laundering compliance, (iii) fair access to credit, and (iv) underwriting practices, particularly with respect to leveraged loans, indirect auto lending, HELOCs, and credit related to the oil and gas sector. The report also notes declining revenues and profitability overall in OCC-supervised institutions.
Today, FinCEN announced the assessment of a civil money penalty against a Los Angeles-based Money Services Business (MSB) and its owner for alleged violations of the Bank Secrecy Act (BSA). During a 2011 examination of the MSB, FinCEN determined that, from October 1, 2010 through the present, the MSB knowingly violated the BSA by failing to (i) establish and ensure ongoing compliance with an adequate AML program; (ii) provide adequate training; and (iii) conduct independent testing of its compliance program. In addition, the MSB violated the BSA’s reporting requirements by failing to “file required currency transaction reports (“CTRs”) on all of its reportable transactions during the examination scope period,” and continued to file untimely CTRs even after the examination scope period ended on March 31, 2011. Finally, FinCEN expressed concern over the MSB owner’s failure to disclose that the MSB “frequently exchanged check for cash with another MSB, an arrangement known as ‘wholesaling’ or ‘bulk check cashing.’” According to the assessment document, the MSB’s owner, who was also the designated AML compliance officer, participated in the BSA violations by failing to accept his responsibility to “ensure that [an] AML program was in place, was effective, and was followed.” To resolve FinCEN’s allegations, the MSB and its owner admitted to violating the BSA program and its reporting requirements and will pay a civil money penalty of $60,000.
On June 15, FinCEN announced a $4.5 million civil money penalty against a West Virginia-based bank for alleged violations of the BSA from 2008 through 2013. According to the Assessment of Civil Money Penalty, the bank failed to monitor, detect, and report suspicious activity as a result of an inadequate AML and customer due diligence program, ultimately allowing over $9.2 million in structured and otherwise suspicious cash transactions to pass though the financial institution unreported. FinCEN found that the bank failed to establish and maintain an AML program that provided, at a minimum: (i) a system of internal controls to ensure ongoing compliance; (ii) a designated individual or individuals responsible for coordinating and monitoring day-to-day compliance; (iii) independent testing for compliance to be conducted by either an outside party or bank personnel; and (iv) training for appropriate personnel. FinCEN’s enforcement action and $4.5 million civil money penalty against the bank is concurrent with a $3.5 million penalty imposed by the FDIC, of which $2.2 million is concurrent with a forfeiture pursuant to a deferred prosecution agreement with the U.S. Attorney’s Office for the Southern District of West Virginia.
On June 3, FinCEN announced a $75 million civil money penalty against an international casino for alleged “willful and egregious” violations of the BSA. As detailed in the Assessment, the casino (i) failed to develop and implement an AML program; (ii) failed to designate an official BSA officer to oversee compliance requirements of the BSA; and (iii) failed to train employees in adequate recordkeeping, or in identifying, monitoring or reporting suspicious activity – all considered to be critical components of an adequate BSA/AML program. Moreover, FinCen alleges that casino employees “provided detailed instructions” to undercover agents on how to conduct transactions without being properly reported to U.S. authorities. FinCen’s latest action follows a March announcement, when the agency imposed a $10 million civil money penalty against a New Jersey-based casino.
On June 1, a Boston-based international financial services holding company and its banking subsidiary agreed to address deficiencies in how they manage compliance risks with respect to their BSA/AML compliance program. The Agreement, entered into with the Federal Reserve Bank of Boston and the Massachusetts Division of Banks, requires both entities to submit a written plan outlining their efforts to improve their compliance with OFAC and internal controls, customer due-diligence procedures, and suspicious activity monitoring and reporting, among other things. In addition, the banking subsidiary must hire an independent third-party to review account and transaction activity during a specified period to ensure suspicious activity was properly identified and reported.
In a separate enforcement action, the Federal Reserve Bank of Chicago entered into an agreement on May 26 with an Illinois-based financial services company, requiring the parent company and its banking subsidiary to, among other things, submit written plans to (i) strengthen its BSA/AML compliance risk management program; and (ii) “ensure the identification and timely, accurate, and complete reporting” of suspicious transactions to the appropriate law enforcement and supervisory [banking] authorities.” No civil money penalties were imposed in either enforcement action.
FinCEN Fines Michigan MSB For BSA/AML Violations, Bans Owner From Serving at Any U.S. Financial Institution
On May 29, a Michigan-based money service business (MSB), along with its owner, admitted to repeated violations of the BSA and have agreed to pay FinCEN a civil money penalty in the amount of $12,000. The company violated the BSA in numerous ways, including but not limited to: (i) failing to maintain a sufficient anti-money laundering program; (ii) engaging in high-risk transactions, including wire transfers to Yemen, totaling millions of dollars, without keeping proper records of the transfers or performing due diligence; and (iii) conducting suspicious transactions “with no apparent business or lawful purpose.” According to FinCEN, the MSB failed to monitor the suspicious transactions, had no review process in place, and neglected to file a Suspicious Activity Report or a Currency Transaction Report while operating as a business entity. Furthermore, in addition to the aforementioned MSB, the owner opened an additional MSB in October 2010, containing similar BSA deficiencies. The owner has “agreed to immediately and permanently cease serving as an employee, officer, director, or agent of any financial institution located in the United States or that conducts business within the United States.”
BuckleySandler FinCrimes Webinar Series Recap: Best Practices in Customer Due Diligence and Know-Your-Customer
BuckleySandler hosted a webinar, Best Practices in Customer Due Diligence and Know-Your-Customer, on May 21, 2015 as part of their ongoing FinCrimes Webinar Series. Panelists included Eric Arciniega, Senior Manager, BSA/AML Due Diligence Operations at First Republic Bank; Janice Mandac, Global Head of KYC at Goldman Sachs; and Nagib Touma, Director Global AML/KYC at Citi. The following is a summary of the guided conversation moderated by Jamie Parkinson, partner at BuckleySandler LLP, and key take-aways you can implement in your company.
Best Practice Tips and Take-Aways:
- Establishing company-wide/global standards for your company’s customer due diligence and KYC program will help to ensure consistency throughout the organization. But, for global institutions, you must also be able to accommodate jurisdictions with requirements that are more stringent than the global standards.
- Be aware of data privacy standards in the countries where you operate. These standards pose a particular challenge to operating a centralized customer due diligence and KYC program.
- Regulators’ recent focus on model risk management extends to your customer risk rating model. Ensure that your model is being tested and tuned rigorously.
FinCEN Recognizes Law Enforcement Agencies For Use of BSA Data, Holds First-Ever Law Enforcement Awards Ceremony
On May 12, FinCEN held its first-ever Law Enforcement Awards, recognizing law enforcement agencies that made effective use of BSA data in criminal investigations which lead to a successful prosecution. The awards were presented in six different categories: (i) SAR Review/Task Force; (ii) Third Party Money Launderers; (iii) Transnational Organized Crime; (iv) Cyber Threats; (v) Significant Fraud; and (vi) Transnational Security Threats. In prepared remarks, FinCEN Director Jennifer Shasky Calvery noted the importance of BSA data to the financial industry, stating that the data is used to confront serious threats to the U.S. financial system including massive fraud schemes, cyberthreats, foreign corruption, drug trafficking, and terrorist organizations.
On May 5, a virtual currency company and its subsidiary agreed to pay a $700,000 civil money penalty for violating multiple provisions of the Bank Secrecy Act (BSA), in which both companies acted as a money service business and seller of virtual currency without properly registering with FinCEN, as well as, failed to implement and maintain an adequate anti-money laundering (AML) program. Furthermore, according to a Statement of Facts and Violations, FinCEN also charged the subsidiary for not filing or untimely filing suspicious activity reports related to several financial transactions. In addition to the civil money penalty, terms of the agreement require both companies to, among other things, (i) engage in remedial steps to ensure future compliance with AML statutory obligations; and (ii) enhance their current internal measures for compliance with the BSA. In a separate DOJ announcement, both companies entered into a settlement agreement to resolve potential criminal charges with the U.S. Attorney’s Office in the Northern District of California. Under terms of the DOJ settlement, both companies agreed to forfeit a total of $450,000, which will be credited to satisfy FinCEN’s $700,000 penalty, in exchange for the government not criminally prosecuting the companies for the aforementioned conduct.