This week, Treasury Under Secretary David Cohen and FinCEN Director Jennifer Shasky Calvery outlined the Treasury Department’s approach to regulation of virtual currency. Mr. Cohen acknowledged that large scale adoption of virtual currency is possible, but asserted that the long term viability of virtual currency is dependent on establishing consumer and investor protections, and addressing the risk that virtual currency can be used to facilitate illicit finance. Although Treasury does not currently see widespread use of virtual currencies in terrorism financing or sanctions evasion, Mr. Cohen highlighted those risks in addition to money laundering risk posed by the anonymous nature of virtual currencies. Treasury’s basic policy approach is to seek a balance between allowing new technologies to flourish while ensuring systems are sufficiently transparent to protect the U.S. economy. Mr. Cohen made clear that Treasury will err on the side of transparency when necessary. Currently, Treasury and FinCEN are focused on “the moment ‘real’ money is exchanged into virtual currency, and when virtual currency is exchanged back into ‘real’ money.” Mr. Cohen believes that such an approach is sufficient given current adoption levels, but added that Treasury will need to consider whether to apply “cash-like” reporting requirements to virtual currency when it appears that “daily financial life can be conducted for long stretches fully ‘within’ a virtual currency universe.” Treasury is advancing its objectives and approach internationally through the Financial Action Task Force, which Treasury anticipates will publish an updated paper on virtual currency definitions and risks later this year. Finally, both officials announced that, for the first time, Treasury will include a member of the virtual currency community as part of the Bank Secrecy Act Advisory Group, which advises Treasury on anti-money laundering and counter-terrorist financing policy.
On March 25, FinCEN issued an advisory notice, FIN-2014-A003, in which it provided guidance to financial institutions for reviewing their obligations and risk-based approaches with respect to certain jurisdictions. The Financial Action Task Force (FATF) recently updated its lists of jurisdictions that appear in two documents: (i) jurisdictions that are subject to the FATF’s call for countermeasures or Enhanced Due Diligence as a result of the jurisdictions’ Anti-Money Laundering/Counter-Terrorist Financing (AML/CFT) deficiencies, or (ii) jurisdictions identified by the FATF as having AML/CFT deficiencies. The advisory notice (i) summarizes the changes made by the FATF; (ii) provides specific guidance regarding jurisdictions listed in each category; and (iii) reiterates that if a financial institution knows, suspects, or has reason to suspect that a transaction involves funds derived from illegal activity or that a customer has otherwise engaged in activities indicative of money laundering, terrorist financing, or other violation of federal law or regulation, the financial institution must file a Suspicious Activity Report.
On March 5, a group of 16 Democratic U.S. House members sent letters to the leaders of the Federal Reserve Board, the OCC, the FDIC, and the NCUA requesting that the agencies issue guidance that would provide legitimate marijuana businesses access to the federal banking system. Last November, those agencies declined to provide such guidance, stating that the DOJ and FinCEN first needed to agree on a framework to apply BSA/AML provisions to banks seeking to serve marijuana businesses. With FinCEN and DOJ having recently issued such guidance, the lawmakers renewed their push for legitimate marijuana businesses—now operating in 20 states and the District of Columbia—to have “equal access to banking services as other licensed businesses.”
On February 20, in remarks to the Florida International Bankers Association Anti-Money Laundering Conference, FinCEN Director Jennifer Shasky Calvery reviewed FinCEN’s key initiatives over the past year and outlined priorities going forward. She discussed FinCEN’s efforts with regard to virtual currency risks and stated that it is important for financial institutions that deal in virtual currency to put effective AML/CFT controls in place. She noted that it is also important for all stakeholders to keep virtual currency concerns in perspective given the relatively small size of the market. FinCEN is growing increasingly concerned with third party money launderers who layer transactions, create or use shell or shelf corporations, use political influence to facilitate financial activity, or engage in other schemes to infiltrate financial institutions and circumvent AML controls. FinCEN intends to pursue such actors regardless of where they are located. Director Shasky Calvery also reiterated concerns about securities firms that offer services similar to banks, and promised continued focus on threats posed by trade-based money laundering. With regard to its policy initiatives, FinCEN intends to engage stakeholders in a discussion of “balancing the policy motivations behind data privacy and secrecy laws in different jurisdictions with the need for an appropriate level of transparency to combat money laundering and terrorist financing.” The Director noted that this issue is particularly critical in the area of correspondent banking.
On February 20, FinCEN finalized a rule that will require Fannie Mae, Freddie Mac, and the Federal Home Loan Banks (the GSEs) to develop AML programs and to file SARs directly with FinCEN. Under the current system, the GSEs file fraud reports with the FHFA, which then files SARs with FinCEN when warranted under FinCEN’s reporting standards. The new regulations are substantially similar to the version proposed in November 2011, and are intended to streamline the reporting process and provide more timely access to data about potential fraud. The AML provisions of the new regulations implement the BSA’s four minimum requirements: (i) the development of internal policies, procedures, and controls; (ii) the designation of a compliance officer; (iii) an ongoing employee training program; and (iv) an independent audit function to test programs. The SAR regulation requires reporting of suspicious activity in accordance with standards and procedures contained in all of FinCEN’s SAR regulations. In addition, under the streamlined system, the GSEs and their directors, officers, and employees will qualify for the BSA’s “safe harbor” provisions, which are intended to encourage covered institutions to report suspicious activities without fear of liability. The final rule does not require the GSEs to comply with any other BSA reporting or recordkeeping regulations, such as currency transaction reporting. The rule takes effect 60 days after publication in the Federal Register and the GSEs will have 180 days from publication to comply.
On February 14, FinCEN issued guidance to clarify BSA expectations for financial institutions seeking to provide services to marijuana-related businesses in states that have legalized certain marijuana-related activity. The guidance was issued in coordination with the DOJ, which provided updated guidance to all U.S. Attorneys. The FinCEN guidance reiterates the general principle that the decision to open, close, or refuse any particular account or relationship should be made by each financial institution based on its particular business objectives, an evaluation of the risks associated with offering a particular product or service, its ability to conduct thorough customer due diligence, and its capacity to manage those risks effectively. The guidance details the necessary elements of a customer due diligence program, including consideration of whether a marijuana-related business implicates one of the priorities in the DOJ memorandum or violates state law. FinCEN notes that the obligation to file a SAR is unaffected by any state law that legalizes marijuana-related activity and restates the SAR triggers. The guidance identifies the types of SARs applicable to marijuana-related businesses and describes the conditions under which each type should be filed.
On January 30, in remarks to SIFMA’s AML and Financial Crimes Conference, FinCEN Director Jennifer Shasky Calvery stressed the importance of establishing a “culture of compliance” at financial institutions to support effective AML safeguards. The Director’s comments reinforce similar remarks made in recent months by both the Deputy U.S. Attorney General and Comptroller Curry. And like Comptroller Curry, Ms. Shasky Calvery highlighted the need for better information sharing not only within institutions but between institutions. FinCEN agrees with industry feedback that the agency needs to improve its own ability to share information. Also part of a broader theme among enforcement authorities, the Director explained that financial institutions should take responsibility when their actions violate the BSA, not only by admitting to the facts alleged by FinCEN but also by acknowledging a violation of the law. She highlighted specific risks in the securities sector including those related to the use of cash, and explained that securities firms that provide bank-like services need to consider the vulnerabilities associated with engaging in such services and must ensure that their compliance programs are commensurate with those risks.
FinCEN Releases Additional Guidance Related To Virtual Currency Mining, Software, And Investment Activity
On January 30, FinCEN issued two rulings related to virtual currency mining and virtual currency software development and investment activity. The guidance clarifies FinCEN’s previous convertible virtual currency guidance. In FIN-2014-R001, FinCEN explains that miners of Bitcoins, whether individuals or corporations, who are engaging in mining solely for the miner’s own personal purpose are “users” of virtual currency and not MSBs under FinCEN’s previous guidance. FinCEN found this to be the case even if the miner from time to time must convert the mined Bitcoins into real currency or another convertible virtual currency so long as the conversion is solely for the miner’s own purposes and not as a business service performed for the benefit of another. In FIN-2014-R002, FinCEN states that a company that develops its own software to purchase virtual currency for its own account and to resell the virtual currency at the company’s own discretion and based on the company’s own investment decisions also is not an MSB under FinCEN’s prior guidance.
On January 7, the U.S. Attorney for the Southern District of New York, the OCC, and FinCEN announced the resolution of criminal and civil BSA/AML violations by a major financial institution in connection with the bank’s relationship with Bernard L. Madoff Investment Securities and Madoff Securities’ Ponzi scheme. The bank entered into a deferred prosecution agreement (DPA) to resolve two felony violations of the Bank Secrecy Act: (i) that the bank failed to enact adequate policies, procedures, and controls to ensure that information about the bank’s clients obtained through other lines of business – or outside the United States – was shared with compliance and AML personnel; and (ii) that the bank violated the BSA by failing to file a Suspicious Activity Report on Madoff Securities in October 2008. According to the U.S. Attorney, pursuant to the DPA the bank (i) agreed to waive indictment and to the filing of a Criminal Information; (ii) acknowledged responsibility for its conduct by, among other things, stipulating to the accuracy of a detailed Statement of Facts; (iii) agreed to pay a $1.7 billion non-tax deductible penalty in the form of a civil forfeiture (the largest ever financial penalty imposed by the DOJ for BSA violations); and (iv) agreed to various cooperation obligations and to continue reforming its BSA/AML compliance programs and procedures. In a separate action, the OCC levied a $350 million civil money penalty to resolve parallel BSA/AML allegations included in a January 2013 cease and desist order. Finally, the bank consented to a FinCEN assessment pursuant to which it must pay an additional $461 million.
On December 3, FinCEN and the Federal Reserve Board issued a final rule to amend the definitions of “funds transfer” and “transmittal of funds” under regulations implementing the Bank Secrecy Act. The agencies finalized the rule as proposed. The changes are intended to maintain the scope of the definitions following recent related amendments to the Electronic Fund Transfer Act, so as to avoid certain currently covered transactions being excluded from BSA requirements. The changes take effect January 3, 2014.
This week, two Senate Committees—Homeland Security and Governmental Affairs and Banking, Housing and Urban Affairs—held hearings to hear from regulators and other stakeholders about how virtual currencies fit within the existing regulatory framework, and to assess whether there is a need to alter that framework in response to potential risks presented by emerging virtual currency technologies. The hearings followed an inquiry initiated by Senate Homeland Security leaders over the summer. Senators who participated in the hearings did not indicate any desire to move quickly to establish new federal regulations to address potential risks presented by innovation in virtual currencies. Rather, the lawmakers generally expressed a desire not to inhibit continued innovation, while supporting market participants who want to play by the rules and protecting the market from those who do not. In both hearings, FinCEN Director Jennifer Shasky Calvery described her agency’s ability to address the BSA/AML and terrorism financing risks presented by virtual currencies by employing FinCEN’s existing statutory authority and regulatory tools. Similarly, during the Senate Banking hearing, the Conference of State Bank Supervisors expressed confidence in the ability of state regulators to address consumer protection and other risks posed by virtual currencies through the existing state regulatory framework and processes. Still, committee members raised broader questions about the how to define or categorize virtual currencies (e.g. as a currency versus as a security) and the impact of such a classification on a range of other issues including monetary policy and tax administration. The breadth of the issues, which may need to be addressed by a range of government actors, formed the basis of Senate Homeland Security Committee Chairman Tom Carper’s (D-DE) call for a “whole government” approach to virtual currency.
On October 31, FinCEN issued a fact sheet to highlight Section 314(b) of the USA PATRIOT Act, which provides financial institutions with the ability to share information with one another under a safe harbor that offers protections from liability. The provision is intended to help institutions better identify and report potential money laundering or terrorist activities. Though the program is voluntary, the fact sheet states the FinCEN strongly encourages information sharing through Section 314(b). The fact sheet reviews the institutions eligible to participate and the process for doing so, and details the information that can be shared and anticipated benefits to participating institutions.
On September 27, FinCEN issued Advisory FIN-2013-A007, which informs U.S. financial institutions about the potential impacts of 2010 Mexican finance ministry restrictions placed on U.S. currency transactions by Mexican banks on the repatriation of illicit proceeds. The Advisory references a “best practices” guide for Mexican banks prepared by Mexico’s financial institution regulator to guide Mexican banks in establishing or maintaining relationships with U.S. banks. FinCEN also reiterates existing guidance to U.S. institutions to monitor the potential use of alternative methods to move funds linked to the laundering of criminal proceeds and to report that information as required under the Bank Secrecy Act and its implementing regulations.
This week, federal authorities announced the assessment of civil money penalties against two financial institutions for alleged Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance failures. In the first action, FinCEN and the OCC alleged that a national bank failed to file suspicious activity reports (SARs) from April 2008 to September 2009 for activity in accounts belonging to a law firm through which one of the firm’s principals ran a Ponzi scheme. The agencies claim that the bank willfully violated the BSA’s reporting requirements by failing to detect and adequately report suspicious activities in a timely manner, even when the bank’s anti-money laundering surveillance software identified the suspicious activity (the bank subsequently filed five late SARs related to this conduct in 2011). FinCEN and the OCC assessed concurrent $37.5 million penalties. The FinCEN penalty is the first assessed by that agency’s recently created Enforcement Division. In addition, the SEC charged the bank and a former executive with related securities violations and ordered the bank to pay an additional $15 million penalty and to cease and desist from the alleged activity, including providing misleading information to investors as to amounts of money in particular accounts and actions the bank had taken to limit fraudulent activity.
In a second action, coordinated among FinCEN, the OCC, and the U.S. Attorney for the District of New Jersey, federal authorities assessed $8.2 million in total penalties against a now defunct community bank for compliance failures related to Mexican and Dominican Republic money exchange houses. The government alleged that the bank willfully violated the BSA by (i) failing to implement an effective AML program reasonably designed to manage risks of money laundering and other illicit activity, (ii) failing to conduct adequate due diligence on foreign correspondent accounts, and (iii) failing to detect and adequately report suspicious activities in a timely manner. FinCEN and the OCC assessed concurrent $4.1 million penalties, and the DOJ will collect an additional $4.1 million through civil asset forfeiture.
On September 17, FinCEN issued Advisory FIN-2013-A006, which provides considerations for financial institutions when reviewing their obligations and risk-based approaches with respect to certain jurisdictions. The Financial Action Task Force (FATF) recently updated its lists of jurisdictions that appear in two documents: (i) jurisdictions that are subject to the FATF’s call for countermeasures or are subject to Enhanced Due Diligence due to their Anti-Money Laundering/Counter-Terrorist Financing (AML/CFT) deficiencies and (ii) jurisdictions identified by the FATF to have AML/CFT deficiencies. The Advisory summarizes the changes made by the FATF, provides specific guidance regarding jurisdictions listed in each category, and reiterates general guidance that if a financial institution knows, suspects, or has reason to suspect that a transaction involves funds derived from illegal activity or that a customer has otherwise engaged in activities indicative of money laundering, terrorist financing, or other violation of federal law or regulation, the financial institution must file a Suspicious Activity Report.