May 11, 2018 Implementation Deadline Looms

Last year, we posted FinCEN’s Beneficial Ownership Rule: A Practical Guide to Being Prepared for Implementation regarding the Customer Due Diligence Requirements for Financial Institutions Rule (the “Beneficial Ownership Rule” or “Rule”) issued by the Financial Crime Enforcement Center (“FinCEN”). With the Rule’s May 11 implementation date only a few weeks away, and with FinCEN recently having published its new and long-awaited FAQs regarding the Rule (FAQs), we thought that the time was right for more practical tips and answers to questions surrounding the Rule. Continue Reading FinCEN’s Beneficial Ownership Rule: More Practical Tips and Answers to Frequently Asked Questions

Australia announced on April 11 that all digital currency exchanges operating in the country will be regulated by the Transaction Reports and Analysis Centre (“AUSTRAC”), the country’s financial intelligence agency.  A byproduct of the government’s Anti-Money Laundering (“AML”) and Counter Terrorism Financing (“CTF”) Act (on which we previously have blogged, both here and here), the new laws require all “digital currency exchange providers” with operations in Australia to register with AUSTRAC and, additionally, meet compliance and reporting obligations by May 14.

AUSTRAC’s new policing mandate represents a meaningful step in strengthening the country’s efforts under the AML/CTF Act, first enacted in 2006.  In brief, that law—now applicable to all digital currency exchanges operating in Australia—requires all regulated entities such as banks and money transfer operators to collect information to establish a customer’s identity, monitor transactions, and report activity that is suspicious or involves cash over $10,000 Australian dollars.  As summarized by AUSTRAC on its website, the AML/CTF Act:

. . . . places a number of obligations on reporting entities when they provide designated services, including:

Reporting entities determine how they meet their obligations based on their assessment of the risk of whether providing a designated service to a customer may facilitate money laundering or terrorism financing.  These requirements echo similar AML regulatory requirements in the United States that require digital currency exchangers and administrators to register with FinCEN as money services businesses, and with the various States as money transmitter businesses.  AUSTRAC also has issued a guide for digital currency exchange service businesses to prepare and implement their AML/CTF programs.  The guide sets forth a check list of tasks necessary to developing and maintaining an adequate AML/CTF program, including the completion of a risk assessment of the business, designing a training program, and creating procedures for responding to AUSTRAC feedback. Continue Reading Australia’s Financial Intelligence Agency Implements AML Regulation of Digital Currencies

Two Have Settled, but One AML CO Will Contest the Case

A recent anti-money laundering (“AML”) enforcement action reminds us of the increasing risk of individual liability for alleged violations of the Bank Secrecy Act (“BSA”), a key issue about which we have blogged.

Specifically, the Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”) announced last week that Aegis Capital Corporation (“Aegis”), a New York-based brokerage firm, admitted that it failed to file Suspicious Activity Reports (“SARs”) on numerous transactions. Although most of the attention regarding this enforcement action has focused on Aegis, the more interesting development here is the role of individuals — particularly a contested action filed against a former AML compliance officer who has declined to settle and who apparently is proceeding to trial on these allegations before a SEC Administrative Law Judge (“ALJ”).  This should be a litigation to watch. Continue Reading Continued Individual Liability Under the Bank Secrecy Act: The SEC Targets Two AML Compliance Officers and One CEO for Alleged AML/BSA Violations

Last week, President Donald Trump issued an Executive Order banning “all transactions” and “dealings” by any individual or entity in the United States that involve “any digital currency, digital coin, or digital token” issued by Venezuela.  This Executive Order was instituted just under a month after President Nicholas Maduro launched the pre-sale of “petro,” a cryptocurrency backed by the Venezuelan government’s crude oil reserves.  Since its inception, the petro has been met with deep skepticism by both the market and the Venezuelan legislature, but President Maduro—through petro’s official website—claims it has raised over $735 million in its pre-sale.  The opposition in the Venezuelan legislature has denounced petro as an illegal issuance of debt.

We previously have blogged about alleged money-laundering violations by Venezuelan oilmen and OFAC’s designation of the Vice President of Venezuela as a Specially Designated Narcotics Trafficker.  This is only the most recent in a long line of sanctions targeting the Venezuelan government and its state-controlled oil industry.

On the back of this new Executive Order, the Office of Foreign Assets Control (“OFAC”) has issued new FAQs relating to virtual currency, both to regulate the petro and assert its power in the virtual currency space.  As one might suspect, OFAC has decided to treat virtual currency in the same way it treats fiat currency and other property: if the individual is on Specially Designated Nationals (“SDN”) list, transactions are barred no matter what form of currency is used.  If a United States citizen or entity is involved, or is otherwise subject to United States jurisdiction, they “are responsible for ensuring that they do not engage in unauthorized transactions prohibited by OFAC sanctions.”  The OFAC FAQs specifically request “technology companies; administrators, exchangers, and users of digital currencies; and other payment processors” to develop compliance plans.  Obviously, these compliance plans would have to take into account blockchain and virtual currency technology that is constantly evolving. Continue Reading U.S. Bans Venezuela’s Oil-Backed Virtual Currency, “Petro,” and Announces Plans to Publish SDNs’ Virtual Currency Addresses

And a Tale of Four Countries: Singapore Fines a U.K. Bank, and the U.S. Imposes a Consent Order on a Chinese Bank

Less than a week apart, two major financial institutions (“FIs”) have been hit with penalties for failing to implement adequate anti-money laundering (“AML”) protections. But the penalties imposed by the involved regulators are different.  In this post, we report on the enforcement actions recently lodged against Standard Chartered PLC and the Industrial & Commercial Bank of China Ltd. by the Monetary Authority of Singapore and the United States Federal Reserve, respectively.  We also consider the approaches of these two regulators to the banks and the differing outcomes of the enforcement actions.

Continue Reading A Tale of Two Enforcement Actions

Second Part in a Two-Part Series

The Tale of an AML BSA Exam Gone Wrong

As we have blogged, the Ninth Circuit Court of Appeals recently upheld the decision of the Board of Directors of the Federal Deposit Insurance Corporation (“FDIC”) to issue a cease and desist order against California Pacific Bank (the “Bank”) for the Bank’s alleged failure to comply with Bank Secrecy Act (“BSA”) regulations or have a sufficient plan and program in place to do so.

In our first post, we described how the Ninth Circuit rejected the Bank’s constitutional challenge to the relevant regulation, and accorded broad deference to the FDIC in its interpretations of its own regulations, expressed in the form of the Federal Financial Institutions Examination Council Manual (“FFIEC Manual”).  This post discusses the Court’s review of the Bank’s challenge under the Administrative Procedures Act to the FDIC’s factual findings of AML program failings.

The California Pacific opinion provides a significant piece of guidance for banks questioning the adequacy of its BSA compliance program: consult and abide the FFIEC Manual.  Furthermore, it demonstrates that no shortcuts are permitted when it comes to establishing and maintaining a BSA compliance program.  The BSA and the FDIC’s regulations contain firm guidelines and the FFIEC Manual puts banks of all sizes on notice of what compliance is expected of them.  The independence of both the AML compliance officer and of testing; adequate risk assessments of customer accounts; and the correction of prior regulator findings of AML deficiencies are key. Continue Reading Ninth Circuit Court of Appeals Outlines BSA Compliance Obligations and How One Small Bank Failed to Meet Them

Court Defers Heavily to the FDIC and the FFIEC Manual

First Part in a Two-Part Series

The Ninth Circuit Court of Appeals recently upheld the decision of the Board of Directors of the Federal Deposit Insurance Corporation (“FDIC”) to issue a cease and desist order against California Pacific Bank (the “Bank”) for the Bank’s alleged failure to comply with Bank Secrecy Act (“BSA”) regulations or have a sufficient plan and program in place to do so.

This decision, California Pacific Bank v. FDIC, provides a nearly step-by-step analysis of what is required of banks under the BSA and a vivid illustration of an Anti-Money Laundering (“AML”) program that did not pass muster in the eyes of a regulator.  It highlights the general rules that banks of all sizes, but particularly smaller community banks, must keep in mind concerning their compliance programs – size does not matter and you are on notice of what compliance entails.

Importantly, and before upholding the FDIC’s factual findings regarding the Bank’s violations, the Ninth Circuit first rejected the Bank’s claim that the regulation at issue (which required the Bank to implement an AML compliance program which complied with the “four pillars” of such a program) was unconstitutionally vague. Moreover, the Ninth Circuit found that the FDIC has broad discretion when interpreting this regulation, described by the Court as “ambiguous.”

This post will summarize the case and the key role played by the Federal Financial Institutions Examination Council Manual (“FFIEC Manual”) in both the Court’s rejection of the constitutional challenge and the broad deference which the Court accorded to the FDIC and its interpretation of its own regulations.  The second post will turn to the Bank’s alleged AML program failings and the Bank’s challenges to the FDIC’s many factual findings. Continue Reading Ninth Circuit Court of Appeals Rejects Constitutional Challenge to AML Compliance Program Regulation

But Bank Customer’s Foreign Tax Evasion Scheme Still May Merit a SAR FilingThe Financial Crimes Enforcement Network (“FinCEN”) recently advised that a financial institution is not required to file a Suspicious Activity Report (“SAR”) based solely upon a customer’s inquiry into or participation in a foreign tax regularization program.  FinCEN issued this statement on February 21, 2018 in response to Florida International Banker’s Association’s request for guidance (“FIBA Request”) in 2016, which initiated the request because a number of its members expressed an interest in tax regularization programs and sought clarification on the AML implications of such programs.

This issue, perhaps seemingly esoteric, involves a basic question of increasing practical importance, particularly in light of the Panama Papers related international scandals, and global criticism of the U.S. as a potential haven for foreign tax cheats and money launderers: does the possibility of foreign tax evasion by a bank client necessarily trigger the need to file a SAR? Foreign tax evasion can represent potential violations of U.S. law, such as the federal mail or wire fraud statutes, which in turn may support a prosecution theory that related financial transactions involving foreign tax evasion and the U.S. financial system represent potential U.S. money laundering violations (for a detailed article on this issue, please see here). Continue Reading FINCEN Advises That Participation in a Foreign Tax Regularization Program By Itself Does Not Trigger SAR Filing Obligation

As we previously have blogged, the Financial Crimes Enforcement Network (“FinCEN”) became one of the first regulators to wade into the regulation of cryptocurrency when it released interpretive guidance in March 2013 stating that an administrator or exchanger of virtual currency is a Money Services Business (“MSB”). As a MSB, and according to FinCEN, an administrator or exchanger of virtual currency therefore is a “financial institution” subject to the Bank Secrecy Act (“BSA”) and its various AML-related requirements, unless a limitation or exemption applies.  Accordingly, the Department of Justice has prosecuted operators of cryptocurrency exchanges for a failure to register with FinCEN as a MSB, and FinCEN has brought civil enforcement proceedings against such exchanges for alleged failures to maintain adequate AML programs and file required Suspicious Activity Reports (“SARS”), among other alleged BSA violations.

Recently, regulators of all stripes across the globe have been moving swiftly to regulate cryptocurrency in various ways (see herehere, here, here, here, here, here, here, and here). Indeed, the Securities and Exchange Commission (“SEC”) has been very vocal and aggressive in claiming that many if not all Initial Coin Offerings (“ICOs”) involving cryptocurrency represent securities subject to the jurisdiction and supervision of the SEC, and already has filed several enforcement proceedings involving ICOs. Moreover the SEC just yesterday issued a statement that it considers exchanges for cryptocurrency to also be subject to its jurisdiction. Likewise, the U.S. Commodity Futures Trading Commission (“CFTC”) has asserted that cryptocurrencies are commodities subject to its jurisdiction; this week, a federal court agreed with this assertion in a CFTC enforcement action.  The CFTC claims that its jurisdiction reaches beyond cryptocurrency derivative products to fraud and manipulation in the underlying cryptocurrency spot markets.

But there is a potential problem with all of these regulators simultaneously rushing in to assert their respective power over cryptocurrency businesses, and it is a tension that does not seem to have attracted much public attention to date. Specifically, BSA regulations pertaining to the definition of a MSB, at 31 C.F.R. § 1010.100(ff)(8)(ii), flatly state that a MSB does not include the following:

A person registered with, and functionally regulated or examined by, the SEC or the CFTC, or a foreign financial agency that engages in financial activities that, if conducted in the United States, would require the foreign financial agency to be registered with the SEC or CFTC[.]

How can certain cryptocurrency businesses be subject to the claimed jurisdictions of FinCEN as well as the recent regulatory newcomers to this area, the SEC and the CFTC? Continue Reading FinCEN Letter to U.S. Senate Committee on Finance Purports to Thread Needle of Potentially Competing Jurisdictions by Regulators over Cryptocurrencies