On November 2, New York Superintendent Lawsky delivered remarks at the Money 20/20 Conference on the state’s virtual currency and Bitcoin regulation. In October, Lawsky publicly stated that, as a result of the comments received on New York’s proposed BitLicense framework, there would be important changes made to the July 17 proposal. This week, on behalf of the NYDFS, Lawsky announced that additional changes are being considered to address “concern about the compliance costs of regulation on new or fledging virtual currency enterprises.” Specifically, Lawsky introduced the concept of a Transitional BitLicense, which would allow certain small, money transmitting startups to begin operating without huge compliance costs. Lawsky noted four main factors the NYDFS would consider when deciding whether or not to grant a Transitional BitLicense: (i) the nature and scope of the business and the associated risks for consumers; (ii) projected transactional and business volume; (iii) registration status as a Money Services Business with FinCEN; and (iv) previously established mitigating risk controls.
On November 10, FinCEN released a statement to reiterate that banking organizations can serve Money Services Businesses (MSB) while meeting obligations under the Bank Secrecy Act. FinCEN noted that there is concern that banks may be terminating the accounts of MSBs on a wholesale basis because of potential regulatory scrutiny and that as a result MSBs are losing access to banking services. FinCEN stated that they do “not support the wholesale termination of MSB accounts without regard to the risks presented or the bank’s ability to manage the risk.” Rather, the risks presented by a given MSB can vary and, therefore, financial institutions should assess the risks on a case-by-case basis. FinCEN expects that banking organizations will manage the risks associated with MSB accounts and are committed to addressing the “wholesale de-banking of an important part of the financial system.”
On October 27, FinCEN issued two administrative rulings to companies seeking guidance on whether they must register as MSBs and be subject to the required reporting, recordkeeping, and monitoring obligations. In its first letter, a company queried whether its plans to set up a virtual currency trading and booking platform, similar to a traditional securities or commodities exchange, would make it subject to FinCEN regulations. FinCEN responded that the proposed virtual trading platform would be classified as an MSB. As a result, the company would have to register as an MSB as defined under the BSA. In its second ruling, a company asked whether a bitcoin payment system would be subject to the agency’s regulations. The payment system would accept customers’ credit card payments and transfer the payments to merchants in the form of bitcoin. FinCEN ruled that if the company sets up the payment system, the company would be classified as a money transmitter, and subject to BSA regulations, because “it engages as a business in accepting and converting the customers’ real currency into virtual currency for transmission to the merchant.”
BuckleySandler hosted a webinar entitled “FinCEN’s Proposed Rule Amending Customer Due Diligence Obligations,” on September 18, 2014, as part of the ongoing FinCrimes Webinar Series. Panelists included James Cummans, Vice President of BSA/AML Operations at TCF Bank; Jacqueline Seeman, Managing Director and Global Head of KYC at Citigroup, Inc.; Sarah K. Runge, Director, Office of Strategic Policy at the U.S. Department of Treasury; and, Amy Davine Kim, Counsel at BuckleySandler LLP. The following is a summary of the guided conversation moderated by Jamie Parkinson, partner at BuckleySandler, and key take-aways to prepare for comments to the proposed rule and implementation of the new rule, once final, at your financial institution.
Key Tips and Take-Aways:
- Assess and prepare your organization’s financial and personnel resources to make sure that the appropriate resources are in place to comply with the proposed rule once it is finalized. Certain technical aspects of implementation may be complicated depending on the financial institutions’ existing processes.
- Boards of Directors should participate in and be informed of the process.
- Institutions that are exempt from the rule, including money services businesses (“MSBs”), should also consider how this rule would affect their operations. FinCEN has announced that this is an incremental rule making, meaning the rule could extend to additional entities in the future.
- Covered financial institutions should consider the implications and compliance issues associated with the proposed rule and actively engage in the comment period. It is clear that FinCEN took certain industry concerns into account from the earlier Advance Notice of Proposed Rulemaking (“ANPRM”), so any potential issues should again be raised.
On September 11, in FIN-2014-A008, FinCEN advised financial institutions on how to detect and report suspicious financial activity that may be related to human smuggling and/or trafficking. The advisory describes the differences between human smuggling and trafficking, and describes how each is conducted. FinCEN suggests that financial institutions consider evaluating indicators of potential human smuggling or trafficking activity in combination with other red flags and factors, such as expected transaction activity, before making determinations of suspiciousness. Additionally, FinCEN states that in making a determination of suspiciousness, financial institutions are encouraged to use previous FinCEN advisories and guidance as a reference when evaluating potential suspicious activity, including a May 2014 advisory on the use and structure of funnel accounts. The advisory also attached two appendices that provide examples of human smuggling and trafficking red flags. FinCEN advises institutions that in evaluating whether certain transactions are suspicious and/or related to human smuggling or trafficking, they should share information with one another as appropriate, under Section 314(b) of the USA PATRIOT Act. If a financial institution knows, suspects, or has reason to suspect that a transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the financial institution knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction, the financial institution should file a SAR with the terms “Advisory Human Smuggling” and/or Advisory Human Trafficking” in the narrative and the Suspicious Activity Information. The narrative should also include an explanation of why the institution knows, suspects, or has reason to suspect that the activity is suspicious. The advisory further notes that a potential victim of human smuggling or trafficking should not be reported as the subject of the SAR, but rather to provide all available information on the victim in the narrative portion of the SAR.
On August 4, 2014, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) published a Notice of Proposed Rulemaking (“NPRM”) that would amend existing Bank Secrecy Act (“BSA”) regulations intended to clarify and strengthen customer due diligence (“CDD”) obligations for banks, securities broker-dealers, mutual funds, and futures commission merchants and introducing brokers in commodities (collectively, “covered financial institutions”).
In drafting the modifications, FinCEN clearly took into consideration comments responding to its February 2012 Advance Notice of Proposed Rulemaking (“ANPRM”), as the current proposal appears narrower and somewhat less burdensome on financial institutions. Comments on the proposed rulemaking are due October 3, 2014.
Overview: Under the NPRM, covered financial institutions would be obligated to collect information on the natural persons behind legal entity customers (beneficial owners) and the proposed rule would make CDD an explicit requirement. If adopted the NPRM would amend FinCEN’s AML program rule (the four pillars) by making CDD a fifth pillar.
FinCEN Rules Regulations on Money Services Businesses Do Not Apply to ISOs and Exempt Payment Processors
On August 27, FinCEN issued FIN-2014-R009, an administrative ruling clarifying that Independent Sales Organizations (“ISOs”) and exempt payment processors are not money transmitters subject to Bank Secrecy Act (“BSA”) regulations applicable to Money Services Businesses (“MSBs”). Under BSA MSB regulations, the term “money transmitter” applies to any person that provides money transmission services or otherwise engages in the transfer of funds. The term “money transmission services” includes the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means. Applying these standards, FinCEN determined that BSA MSB regulations do not apply to an ISO, so long as it: (i) merely solicits merchants to offer them the credit and debit card processing services of two counterparties; and (ii) does not take possession or control of merchant funds at any point. However, FinCEN concluded that BSA MSB regulations will apply to a payment processor unless the payment processor qualifies for the payment processor exemption established by 31 CFR § 1010.100(ff)(5)(ii)(B) and clarified by FIN-2013-R002. Under this exemption, BSA MSB regulations do not apply to a payment processor, so long as it: (i) facilitates the purchase of goods or services, or the payment of bills for goods or services (other than money transmission itself); (ii) operates through clearance and settlement systems that admit only BSA-regulated financial institutions; (iii) provides its services pursuant to a formal agreement; and (iv) the agreement itself is at a minimum with the seller or creditor that provides the goods or services and receives the funds. For a copy of the ruling, please see: Application of Money Services Business Regulations to a Company Acting as an Independent Sales Organization and Payment Processor.
On August 20, FinCEN announced an action against a casino employee who admitted to violating the Bank Secrecy Act by willfully causing the casino to fail to file certain reports. FinCEN asserted based in part on information obtained from an undercover investigation that the employee helped high-end gamblers avoid detection of large cash transactions by agreeing not to file either Currency Transaction Reports or Suspicious Activity Reports as required under the BSA. FinCEN ordered the employee to pay a $5,000 civil money penalty, and immediately and permanently barred him from participating in the conduct of the affairs of any financial institution located in the U.S. or that does business within the U.S.
On August 1, the U.S. Senate passed by unanimous consent H.R. 4386, which will permit FinCEN, in fulfilling its responsibility to supervise registered money services businesses (MSBs), to rely on state agency examinations of MSBs. The bill also covers other non-bank financial institutions such as gaming establishments and jewel merchants. The bill passed the House by voice vote in May. The President, who sought this authority for FinCEN in budget requests, is expected to sign the bill.
On August 5, FinCEN issued an advisory, FIN-2014-A006, which provides guidance to financial institutions for reviewing their obligations and risk-based approaches with respect to certain jurisdictions. The Financial Action Task Force (FATF) recently updated its lists of jurisdictions that appear in two documents: (i) jurisdictions that are subject to the FATF’s call for countermeasures or Enhanced Due Diligence as a result of the jurisdictions’ Anti-Money Laundering/Counter-Terrorist Financing (AML/CFT) deficiencies; and (ii) jurisdictions identified by the FATF as having AML/CFT deficiencies. The advisory notice (i) summarizes the changes made by the FATF; (ii) provides specific guidance regarding jurisdictions listed in each category including when Enhanced Due Diligence is required; and (iii) reiterates that if a financial institution knows, suspects, or has reason to suspect that a transaction involves funds derived from illegal activity or that a customer has otherwise engaged in activities indicative of money laundering, terrorist financing, or other violation of federal law or regulation, the financial institution must file a Suspicious Activity Report.
On August 1, FinCEN and its Mexican counterpart announced a series of reporting initiatives designed to improve the transparency of cross-border cash movements. To address U.S. and Mexican law enforcement’s concerns about potential misuse of exemptions and incomplete or inaccurate reports filed by armored car services (ACS) and other common carriers of currency, FinCEN issued a Geographic Targeting Order (GTO) that requires enhanced cash reporting by these businesses at the San Ysidro and Otay Mesa Ports of Entry in California. FinCEN also issued updated guidance concerning detailed and proper filing of Currency and Monetary Instruments Reports (CMIRs), which are filed when $10,000 or more in currency is moved across the U.S. border.
On July 30, FinCEN released a proposed rule that would amend BSA regulations to clarify and add customer due diligence (CDD) obligations for banks and other financial institutions, including brokers or dealers in securities, mutual funds, futures commission merchants, and introducing brokers in commodities. The rule would not cover other entities subject to FinCEN regulations that are not already required to have a customer identification program (CIP)—e.g money services businesses—but FinCEN may extend CDD requirements in the future to these, and potentially other types of financial institutions. The proposed rule states that as part of the existing regulatory requirement to have a CIP, covered institutions are already obligated to identify and verify the identity of their customers. The proposed rule would add to that base CDD requirement, new requirements to: (i) understand the nature and purpose of customer relationships; and (ii) conduct ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions. The proposed rule also would add a so-called beneficial ownership requirement, which would require institutions to know and verify the identities of any individual who owns at least 25% of a legal entity, or who controls the legal entity.
FinCEN emphasizes that nothing in the proposal is intended to limit the due diligence expectations of the federal functional regulators or in any way limit their existing regulatory discretion. To that end, the rule would incorporate the CDD elements on nature and purpose and ongoing monitoring into FinCEN’s existing AML program requirements, which generally provide that an AML program is adequate if, among other things, the program complies with the regulation of its federal functional regulator governing such programs. FinCEN does not believe that the new CDD requirements will require covered institutions to perform any additional activities or operations, but acknowledges the rule may necessitate revisions to written policies and procedures. FinCEN also recognizes that financial institutions will be required to modify existing customer onboarding processes to incorporate the beneficial ownership requirement. As such, FinCEN proposes an effective date of one year from the date the final rule is issued. Comments on the proposal are due 60 days from publication of the proposal in the Federal Register.
On July 18, FinCEN published SAR Stats—formerly called By the Numbers—an annual compilation of numerical data gathered from the Suspicious Activity Reports (SARs) filed by financial institutions using FinCEN’s new unified SAR form and e-filing process. Among other things, the new form and process were designed to allow FinCEN to collect more detailed information on types of suspicious activity. As such, FinCEN describes the data presented in this first SAR Stats issue as “a new baseline for financial sector reporting on suspicious activity.” The primary purpose of the report is to provide a statistical overview of suspicious activity developments, including by presenting SAR data arranged by filing industry type for the more than 1.3 million unique SARs filed between March 1, 2012 and December 31, 2013. In addition, the redesigned annual publication includes a new SAR Narrative Spotlight, which focuses on “perceived key emerging activity trends derived from analysis of SAR narratives.” The inaugural Spotlight examines the emerging trend of Bitcoin related activities within SAR narrative data. It states that FinCEN is observing a rise in the number of SARs flagging virtual currencies as a component of suspicious activity, and provides for potential SAR filers an explanation of virtual currencies and the importance of SAR data in assessing virtual currency transactions.
On July 14, the OMB’s Office of Information and Regulatory Affairs (OIRA) concluded its review of a long-awaited FinCEN proposal to establish customer due diligence requirements for financial institutions, sending the rule back to FinCEN. In its spring 2014 rulemaking agenda, Treasury updated the timeline for the rule to indicate it could be proposed in July with a 60 day comment period. OIRA’s public records do not provide information about what, if any, changes OIRA sought or required prior to FinCEN finalizing the proposal. The public portion of the FinCEN rulemaking has been ongoing since February 2012 when FinCEN released an advance notice of proposed rulemaking to solicit comment on potential requirements for financial institutions to (i) conduct initial due diligence and verify customer identities at the time of account opening; (ii) understand the purpose and intended nature of the account; (iii) identify and verify all customers’ beneficial owners; and (iv) monitor the customer relationship and conduct additional due diligence as needed. FinCEN subsequently held a series of roundtable meetings, summaries of which it later published.
On July 17, FinCEN named FBME Bank Ltd., formerly known as the Federal Bank of the Middle East, as a foreign financial institution of primary money laundering concern pursuant to Section 311 of the USA PATRIOT Act. As detailed in a notice of finding, FinCEN asserts that the bank attracts illicit finance businesses by soliciting high-risk customers and promoting its weak AML controls. FinCEN explains that the bank changed its country of incorporation numerous times, partly due to its inability to adhere to regulatory requirements, and has established itself with a nominal headquarters in Tanzania. However, according to FinCEN, it transacts over 90 percent of its global banking business through branches in Cyprus and has taken active steps to evade oversight by the Cypriot regulatory authorities in the recent past. FinCEN is proposing a rule that, once final, will prohibit covered U.S. financial institutions from opening or maintaining correspondent or payable-through accounts for FBME, and for other foreign banks being used to process transactions involving FBME. The proposal also would require covered financial institutions to apply special due diligence to their correspondent accounts maintained on behalf of foreign banks to guard against processing any transactions involving FBME. Comments on the proposed rule are due 60 days after publication in the Federal Register.