On January 19, FinCEN issued an advisory, FIN-2016-A001, to provide financial institutions with guidance on reviewing their obligations and risk-based approaches with respect to certain jurisdictions. According to the advisory, on October 23, the Financial Action Task Force (FATF) updated two documents identifying the following: (i) jurisdictions that are either subject to the FATF’s call to apply countermeasures, or to Enhanced Due Diligence (EDD) due to their AML/CFT deficiencies; and (ii) jurisdictions with AML/CFT deficiencies. FinCEN’s recently issued advisory summarizes the changes made to the respective lists and reiterates that a financial institution must file a Suspicious Activity Report if it “knows, suspects, or has reason to suspect that a transaction involves funds derived from illegal activity or that a customer has otherwise engaged in activities indicative of money laundering, terrorist financing, or other violation of federal law or regulation.”
On April 5, FinCEN assessed a civil money penalty against a Nevada-based casino for willfully violating the anti-money laundering provisions of the BSA. From 2010 through November 2013, the casino allegedly failed to (i) establish and implement an effective, written anti-money laundering program; (ii) establish and maintain appropriate internal controls in compliance with the BSA’s reporting requirements; (iii) conduct independent testing of its AML program; (iv) implement automated data processing systems that ensured compliance with the BSA and the casino’s AML program; (v) report suspicious activity; and (vi) secure and retain certain required records. According to FinCEN, the casino generally “lacked a culture of compliance” and had a “blatant disregard for AML compliance permeat[ing] at all levels.” The casino agreed to a $1 million civil money penalty and admitted to willfully violating the BSA’s program, reporting, and recordkeeping requirements.
On December 9, FinCEN Director Calvery highlighted at a joint FBIIC-FSSCC meeting the role of FinCEN in gathering and analyzing financial intelligence and the value of Suspicious Activity Reports (SARs) in curtailing malicious cyber activity. Calvery noted the importance of attribution information, such as IP addresses, timestamps, e-mail addresses, and the nature of the suspicious activity, when included in SAR filings, in helping FinCEN and law enforcement agencies deflect cyber-attacks, detect the source of such attacks, and identify members of money laundering networks. “For example, SARs filed by several different financial institutions played a vital role in furthering an investigation where a regional Florida bank had nearly $7 million fraudulently wired out of one of its accounts,” Calvery explained. Calvery emphasized the importance of including cyber-derived information (such as IP addresses and bitcoin wallet addresses) in SAR filings, noting that while less than two percent of filed SARs contain IP addresses, the information is “incredibly important to FinCEN analysts and law enforcement investigators working to combat cyber-crimes.”
On June 18, FinCEN’s Associate Director for Enforcement, Stephanie Brooker, delivered remarks at the Bank Secrecy Act Conference, focusing on three main areas: (i) BSA filing trends, the value of BSA data, and compliance development in the casino industry over the past year; (ii) FinCEN’s enforcement approach and recent enforcement developments; and (iii) the significance of establishing and maintaining a culture of compliance throughout the business and compliance sides of casinos and card clubs. In addition, Brooker noted certain principles at the core of FinCEN’s enforcement program: (i) transparency in the agency’s rationale behind its enforcement actions; (ii) accountability, ensuring that financial institutions, and any individual related to the financial institution, take responsibility for violations of the BSA; and (iii) giving credit where credit is due by considering an institution’s “documented improvements in AML compliance over time.” Finally, Brooker stressed that in order for a financial institution to successfully maintain a culture of compliance, its business side and business leaders must take AML controls and BSA compliance seriously, meaning that “every casino employee, from the top down, views AML compliance as part of his or her responsibility.”
On February 27, FinCEN announced a $1.5 million civil money penalty against a Pennsylvania-based community bank for violating the BSA. Of that amount, $500,000 will go to the OCC, the bank’s primary regulator, for BSA violations. According to FinCEN, the bank admitted failing to file suspicious activity reports on transactions involving a former state judge who received over $2.6 million in personal payments in connection with a judicial scheme involving the construction, operation, and expansion of juvenile detention centers.