On December 9, FinCEN Director Calvery highlighted at a joint FBIIC-FSSCC meeting the role of FinCEN in gathering and analyzing financial intelligence and the value of Suspicious Activity Reports (SARs) in curtailing malicious cyber activity. Calvery noted the importance of attribution information, such as IP addresses, timestamps, e-mail addresses, and the nature of the suspicious activity, when included in SAR filings, in helping FinCEN and law enforcement agencies deflect cyber-attacks, detect the source of such attacks, and identify members of money laundering networks. “For example, SARs filed by several different financial institutions played a vital role in furthering an investigation where a regional Florida bank had nearly $7 million fraudulently wired out of one of its accounts,” Calvery explained. Calvery emphasized the importance of including cyber-derived information (such as IP addresses and bitcoin wallet addresses) in SAR filings, noting that while less than two percent of filed SARs contain IP addresses, the information is “incredibly important to FinCEN analysts and law enforcement investigators working to combat cyber-crimes.”
On January 19, FinCEN issued an advisory, FIN-2016-A001, to provide financial institutions with guidance on reviewing their obligations and risk-based approaches with respect to certain jurisdictions. According to the advisory, on October 23, the Financial Action Task Force (FATF) updated two documents identifying the following: (i) jurisdictions that are either subject to the FATF’s call to apply countermeasures, or to Enhanced Due Diligence (EDD) due to their AML/CFT deficiencies; and (ii) jurisdictions with AML/CFT deficiencies. FinCEN’s recently issued advisory summarizes the changes made to the respective lists and reiterates that a financial institution must file a Suspicious Activity Report if it “knows, suspects, or has reason to suspect that a transaction involves funds derived from illegal activity or that a customer has otherwise engaged in activities indicative of money laundering, terrorist financing, or other violation of federal law or regulation.”
On June 18, FinCEN’s Associate Director for Enforcement, Stephanie Brooker, delivered remarks at the Bank Secrecy Act Conference, focusing on three main areas: (i) BSA filing trends, the value of BSA data, and compliance development in the casino industry over the past year; (ii) FinCEN’s enforcement approach and recent enforcement developments; and (iii) the significance of establishing and maintaining a culture of compliance throughout the business and compliance sides of casinos and card clubs. In addition, Brooker noted certain principles at the core of FinCEN’s enforcement program: (i) transparency in the agency’s rationale behind its enforcement actions; (ii) accountability, ensuring that financial institutions, and any individual related to the financial institution, take responsibility for violations of the BSA; and (iii) giving credit where credit is due by considering an institution’s “documented improvements in AML compliance over time.” Finally, Brooker stressed that in order for a financial institution to successfully maintain a culture of compliance, its business side and business leaders must take AML controls and BSA compliance seriously, meaning that “every casino employee, from the top down, views AML compliance as part of his or her responsibility.”
On February 27, FinCEN announced a $1.5 million civil money penalty against a Pennsylvania-based community bank for violating the BSA. Of that amount, $500,000 will go to the OCC, the bank’s primary regulator, for BSA violations. According to FinCEN, the bank admitted failing to file suspicious activity reports on transactions involving a former state judge who received over $2.6 million in personal payments in connection with a judicial scheme involving the construction, operation, and expansion of juvenile detention centers.
On September 22, 2014, following a two-month trial, a federal jury in the Eastern District of New York ruled in favor of a group of 297 individual plaintiffs in a civil suit accusing Arab Bank PLC, headquartered in Amman, Jordan, of supporting terrorism. Linde vs. Arab Bank PLC, No. 1:04-CV-2799 (E.D.N.Y. filed July 2, 2004).
In summary, the plaintiffs alleged that Arab Bank was liable under the U.S. Anti-Terrorism Act, 18 U.S.C. § 2331, et seq. (the “ATA”), for the deaths and/or severe injuries resulting from acts in international terrorism that occurred between 2001 and 2004, because the bank had processed and facilitated payments for Hamas and other terrorist or terrorist-related organizations, their members, the families of suicide bombers, or Hamas front organizations.
What this means for financial institutions, particularly foreign banks that increasingly face the potential reach of U.S. laws and plaintiffs, remains to be seen. But there are three take-aways worthy of immediate consideration.
On September 11, in FIN-2014-A008, FinCEN advised financial institutions on how to detect and report suspicious financial activity that may be related to human smuggling and/or trafficking. The advisory describes the differences between human smuggling and trafficking, and describes how each is conducted. FinCEN suggests that financial institutions consider evaluating indicators of potential human smuggling or trafficking activity in combination with other red flags and factors, such as expected transaction activity, before making determinations of suspiciousness. Additionally, FinCEN states that in making a determination of suspiciousness, financial institutions are encouraged to use previous FinCEN advisories and guidance as a reference when evaluating potential suspicious activity, including a May 2014 advisory on the use and structure of funnel accounts. The advisory also attached two appendices that provide examples of human smuggling and trafficking red flags. FinCEN advises institutions that in evaluating whether certain transactions are suspicious and/or related to human smuggling or trafficking, they should share information with one another as appropriate, under Section 314(b) of the USA PATRIOT Act. If a financial institution knows, suspects, or has reason to suspect that a transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the financial institution knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction, the financial institution should file a SAR with the terms “Advisory Human Smuggling” and/or Advisory Human Trafficking” in the narrative and the Suspicious Activity Information. The narrative should also include an explanation of why the institution knows, suspects, or has reason to suspect that the activity is suspicious. The advisory further notes that a potential victim of human smuggling or trafficking should not be reported as the subject of the SAR, but rather to provide all available information on the victim in the narrative portion of the SAR.
On August 20, FinCEN announced an action against a casino employee who admitted to violating the Bank Secrecy Act by willfully causing the casino to fail to file certain reports. FinCEN asserted based in part on information obtained from an undercover investigation that the employee helped high-end gamblers avoid detection of large cash transactions by agreeing not to file either Currency Transaction Reports or Suspicious Activity Reports as required under the BSA. FinCEN ordered the employee to pay a $5,000 civil money penalty, and immediately and permanently barred him from participating in the conduct of the affairs of any financial institution located in the U.S. or that does business within the U.S.
On August 5, FinCEN issued an advisory, FIN-2014-A006, which provides guidance to financial institutions for reviewing their obligations and risk-based approaches with respect to certain jurisdictions. The Financial Action Task Force (FATF) recently updated its lists of jurisdictions that appear in two documents: (i) jurisdictions that are subject to the FATF’s call for countermeasures or Enhanced Due Diligence as a result of the jurisdictions’ Anti-Money Laundering/Counter-Terrorist Financing (AML/CFT) deficiencies; and (ii) jurisdictions identified by the FATF as having AML/CFT deficiencies. The advisory notice (i) summarizes the changes made by the FATF; (ii) provides specific guidance regarding jurisdictions listed in each category including when Enhanced Due Diligence is required; and (iii) reiterates that if a financial institution knows, suspects, or has reason to suspect that a transaction involves funds derived from illegal activity or that a customer has otherwise engaged in activities indicative of money laundering, terrorist financing, or other violation of federal law or regulation, the financial institution must file a Suspicious Activity Report.
On July 18, FinCEN published SAR Stats—formerly called By the Numbers—an annual compilation of numerical data gathered from the Suspicious Activity Reports (SARs) filed by financial institutions using FinCEN’s new unified SAR form and e-filing process. Among other things, the new form and process were designed to allow FinCEN to collect more detailed information on types of suspicious activity. As such, FinCEN describes the data presented in this first SAR Stats issue as “a new baseline for financial sector reporting on suspicious activity.” The primary purpose of the report is to provide a statistical overview of suspicious activity developments, including by presenting SAR data arranged by filing industry type for the more than 1.3 million unique SARs filed between March 1, 2012 and December 31, 2013. In addition, the redesigned annual publication includes a new SAR Narrative Spotlight, which focuses on “perceived key emerging activity trends derived from analysis of SAR narratives.” The inaugural Spotlight examines the emerging trend of Bitcoin related activities within SAR narrative data. It states that FinCEN is observing a rise in the number of SARs flagging virtual currencies as a component of suspicious activity, and provides for potential SAR filers an explanation of virtual currencies and the importance of SAR data in assessing virtual currency transactions.
On May 20, FinCEN issued Advisory FIN-2014-A004, warning financial institutions about the risk of illicit financial activity conducted by individuals with passports from St. Kitts and Nevis (SKN), which allows individuals to obtain passports through a citizenship-through-investment program. The program offers citizenship to any non-citizen who either invests in designated real estate with a value of at least $400,000, or contributes $250,000 to the SKN Sugar Industry Diversification Foundation. FinCEN believes that illicit actors are using the program to obtain SKN citizenship in order to mask their identity and geographic background for the purpose of evading U.S. or international sanctions or engaging in other financial crime. FinCEN advises financial institutions to conduct risk-based customer due diligence to mitigate the risk that a customer is disguising his or her identity for such an illicit purchase. FinCEN further reminds institutions of SAR filing obligations related to known or suspected illegal activity and potential OFAC obligations.
On February 20, FinCEN finalized a rule that will require Fannie Mae, Freddie Mac, and the Federal Home Loan Banks (the GSEs) to develop AML programs and to file SARs directly with FinCEN. Under the current system, the GSEs file fraud reports with the FHFA, which then files SARs with FinCEN when warranted under FinCEN’s reporting standards. The new regulations are substantially similar to the version proposed in November 2011, and are intended to streamline the reporting process and provide more timely access to data about potential fraud. The AML provisions of the new regulations implement the BSA’s four minimum requirements: (i) the development of internal policies, procedures, and controls; (ii) the designation of a compliance officer; (iii) an ongoing employee training program; and (iv) an independent audit function to test programs. The SAR regulation requires reporting of suspicious activity in accordance with standards and procedures contained in all of FinCEN’s SAR regulations. In addition, under the streamlined system, the GSEs and their directors, officers, and employees will qualify for the BSA’s “safe harbor” provisions, which are intended to encourage covered institutions to report suspicious activities without fear of liability. The final rule does not require the GSEs to comply with any other BSA reporting or recordkeeping regulations, such as currency transaction reporting. The rule takes effect 60 days after publication in the Federal Register and the GSEs will have 180 days from publication to comply.
On February 14, FinCEN issued guidance to clarify BSA expectations for financial institutions seeking to provide services to marijuana-related businesses in states that have legalized certain marijuana-related activity. The guidance was issued in coordination with the DOJ, which provided updated guidance to all U.S. Attorneys. The FinCEN guidance reiterates the general principle that the decision to open, close, or refuse any particular account or relationship should be made by each financial institution based on its particular business objectives, an evaluation of the risks associated with offering a particular product or service, its ability to conduct thorough customer due diligence, and its capacity to manage those risks effectively. The guidance details the necessary elements of a customer due diligence program, including consideration of whether a marijuana-related business implicates one of the priorities in the DOJ memorandum or violates state law. FinCEN notes that the obligation to file a SAR is unaffected by any state law that legalizes marijuana-related activity and restates the SAR triggers. The guidance identifies the types of SARs applicable to marijuana-related businesses and describes the conditions under which each type should be filed.
This week, FinCEN published its semiannual SAR Activity Review, which provides information about the preparation, use, and value of Suspicious Activity Reports (SARs) filed by financial institutions. The report identifies SAR trends, reviews law enforcement cases that demonstrate the importance and value of Bank Secrecy Act (BSA) data to the law enforcement community, and highlights issues related to financial exploitation of older Americans. FinCEN also published an annual companion report, “By the Numbers,” which compiles numerical data gathered from SARs filed by financial institutions.
On April 15, FinCEN issued Advisory FIN-2013-A002, which advises financial institutions to review regulations that require U.S. financial institutions to perform money laundering or other suspicious activity due diligence or enhanced due diligence for correspondent accounts and private banking accounts established, maintained, administered, or managed in the U.S. for foreign financial institutions or non-U.S. persons. The advisory states that as part of those requirements, covered institutions should be vigilant against transactions involving persons specifically designated for sanctions relating to Syria, as well as proxies acting on behalf of such persons. FinCEN advises institutions to (i) take reasonable risk-based steps with respect to the potential movement of assets that may be related to the current unrest in Syria, (ii) consider whether they have any financial contact with persons or entities (foreign or otherwise) that may be acting directly or indirectly for or on behalf of any senior foreign political figures of the Government of Syria, and (iii) file Suspicious Activity Reports when appropriate.
On March 7, FinCEN issued a notice reminding institutions that they must use FinCEN’s new electronic reports to file most Bank Secrecy Act Reports, including Suspicious Activity Reports, Currency Transaction Reports, Registration of Money Services Business, and Designation of Exempt Person Reports. In February 2012, FinCEN issued a final notice requiring electronic filing of most reports by July 1, 2012. Shortly thereafter, FinCEN made available new formats for those reports, which all institutions must begin using by April 1, 2013. The new forms will support the agency’s enforcement efforts. For example, FinCEN Director Jennifer Shasky Calvery explained recently that in 2012 more than 23 percent of SAR filers selected “other” as the type of suspicious activity. The new form expands the number of options for type of activity being reported from 21 to 70 and adds a text field, allowing filers to described activities more accurately. FinCEN warned that companies that fail to comply with the electronic filing mandate may be subject to civil money penalties.