On April 5, FinCEN assessed a civil money penalty against a Nevada-based casino for willfully violating the anti-money laundering provisions of the BSA. From 2010 through November 2013, the casino allegedly failed to (i) establish and implement an effective, written anti-money laundering program; (ii) establish and maintain appropriate internal controls in compliance with the BSA’s reporting requirements; (iii) conduct independent testing of its AML program; (iv) implement automated data processing systems that ensured compliance with the BSA and the casino’s AML program; (v) report suspicious activity; and (vi) secure and retain certain required records. According to FinCEN, the casino generally “lacked a culture of compliance” and had a “blatant disregard for AML compliance permeat[ing] at all levels.” The casino agreed to a $1 million civil money penalty and admitted to willfully violating the BSA’s program, reporting, and recordkeeping requirements.
On June 1, the SEC announced that a Wall Street-based brokerage firm agreed to pay a $300,000 penalty to settle charges that it failed to sufficiently evaluate or monitor customers’ trading for suspicious activity and to file suspicious activity reports (SARs) in an alleged willful violation of Section 17(a) of the Exchange Act and Rule 17a-8. The broker-dealer was required to have written AML policies and procedures, which outlined specific examples of suspicious activities that, according to the SEC, “should have triggered internal reviews and, in a number of instances, [(SAR)] filings.” According to the SEC, the broker-dealer failed to file SARs on the following activity: (i) accounts that traded an aberrational percentage of a given stock in a particular day; (ii) accounts of entities that had executives charged with criminal securities fraud; (iii) customer trading that was the subject of grand jury subpoenas and regulatory inquiries; (iv) liquidation of securities followed immediately by large cash transfers; (v) transactions in securities that were subsequently subject to SEC trading suspensions; and (vi) rejections by other broker-dealers of attempts by the firm to transfer customers’ securities. Despite these red flags, the brokerage firm failed to file SARs for more than five years. The case represents the SEC’s first against a firm for solely failing to file SARs.
On January 19, FinCEN issued an advisory, FIN-2016-A001, to provide financial institutions with guidance on reviewing their obligations and risk-based approaches with respect to certain jurisdictions. According to the advisory, on October 23, the Financial Action Task Force (FATF) updated two documents identifying the following: (i) jurisdictions that are either subject to the FATF’s call to apply countermeasures, or to Enhanced Due Diligence (EDD) due to their AML/CFT deficiencies; and (ii) jurisdictions with AML/CFT deficiencies. FinCEN’s recently issued advisory summarizes the changes made to the respective lists and reiterates that a financial institution must file a Suspicious Activity Report if it “knows, suspects, or has reason to suspect that a transaction involves funds derived from illegal activity or that a customer has otherwise engaged in activities indicative of money laundering, terrorist financing, or other violation of federal law or regulation.”
On December 9, FinCEN Director Calvery highlighted at a joint FBIIC-FSSCC meeting the role of FinCEN in gathering and analyzing financial intelligence and the value of Suspicious Activity Reports (SARs) in curtailing malicious cyber activity. Calvery noted the importance of attribution information, such as IP addresses, timestamps, e-mail addresses, and the nature of the suspicious activity, when included in SAR filings, in helping FinCEN and law enforcement agencies deflect cyber-attacks, detect the source of such attacks, and identify members of money laundering networks. “For example, SARs filed by several different financial institutions played a vital role in furthering an investigation where a regional Florida bank had nearly $7 million fraudulently wired out of one of its accounts,” Calvery explained. Calvery emphasized the importance of including cyber-derived information (such as IP addresses and bitcoin wallet addresses) in SAR filings, noting that while less than two percent of filed SARs contain IP addresses, the information is “incredibly important to FinCEN analysts and law enforcement investigators working to combat cyber-crimes.”
On June 18, FinCEN’s Associate Director for Enforcement, Stephanie Brooker, delivered remarks at the Bank Secrecy Act Conference, focusing on three main areas: (i) BSA filing trends, the value of BSA data, and compliance development in the casino industry over the past year; (ii) FinCEN’s enforcement approach and recent enforcement developments; and (iii) the significance of establishing and maintaining a culture of compliance throughout the business and compliance sides of casinos and card clubs. In addition, Brooker noted certain principles at the core of FinCEN’s enforcement program: (i) transparency in the agency’s rationale behind its enforcement actions; (ii) accountability, ensuring that financial institutions, and any individual related to the financial institution, take responsibility for violations of the BSA; and (iii) giving credit where credit is due by considering an institution’s “documented improvements in AML compliance over time.” Finally, Brooker stressed that in order for a financial institution to successfully maintain a culture of compliance, its business side and business leaders must take AML controls and BSA compliance seriously, meaning that “every casino employee, from the top down, views AML compliance as part of his or her responsibility.”