Bank Secrecy Act (BSA)

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.  Our podcast discusses the conduct for which financial institutions have been faulted in recent Anti-Money Laundering (“AML”) enforcement actions, flags other AML-related missteps that can trigger regulatory scrutiny, and offers practical tips for avoiding regulatory criticism and reducing enforcement risk. This podcast follows up on two related blog posts, in which we provided some practical tips for financial institutions to increase the chances that their AML programs will withstand regulators’ scrutiny, and then discussed the consequences of potentially failing to heed these practical tips in a specific case: the New York Department of Financial Services’ (DFS) recent enforcement action against Mashreqbank.

We hope that you enjoy the podcast, moderated by our partner Alan Kaplinksy, and find it useful.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.  To visit Ballard Spahr’s award-winning Consumer Financial Monitor blog, please click here.

Regulators Spar Over BSA Reporting Thresholds and Regulatory Review for FinCEN

First Post in a Two-Part Series

Late last week, the U.S. Senate Committee on Banking, Housing, and Urban Affairs (the “Banking Committee”) met in open session to conduct a hearing on “Combating Money Laundering and Other Forms of Illicit Finance: Regulator and Law Enforcement Perspectives on Reform.” The Banking Committee heard the testimony of, and questioned, representatives from FinCEN, the OCC, and the FBI. This was the fourth hearing held in 2018 by the Banking Committee on the state of the Bank Secrecy Act (“BSA”) framework and its effective implementation by regulators and law enforcement. The partial backdrop for this hearing is that Congress is considering a draft bill, the Counter Terrorism and Illicit Finance Act (“CTIFA”), which proposes the most substantial overhaul to the BSA since the PATRIOT Act, and which contains provisions regarding many of the same issues discussed during the hearing.

In this hearing, we heard from three individuals:

  • Kenneth A. Blanco, Director of FinCEN (written remarks here);
  • Steven D’Antuono, Section Chief of the FBI’s Financial Crimes Section (written remarks here); and
  • Grovetta Gardineer, Senior Deputy Comptroller for Compliance and Community Affairs of the OCC (written remarks here).

In this post, we will discuss the issues which appeared to generate the most sparks between the OCC—which emphasized attempting to ease BSA regulatory burdens, particularly for small- to medium-sized community banks—and FinCEN and the FBI, which stressed the value of BSA filings to law enforcement. In our next post, we will discuss some of the less contentious (although still critical) issues addressed at the hearing, which broadly canvassed many of the most pressing BSA/AML issues currently facing financial institutions and the government.  These issues are: (i) the exploration by financial institutions of technological innovation, including artificial intelligence, in order to comply more efficiently with their BSA/AML obligations; (ii) the identification of the beneficial owners of legal entities; and (iii) the role of real estate in money laundering schemes.

The tension during the hearing between FinCEN and OCC at times was palpable, and the divides in partisan thinking on the direction of certain aspects of AML reform were apparent. Although there seemed to be consensus on the importance of the beneficial ownership rules and other issues, senators and regulators alike disagreed about increasing the $5,000 and $10,000 respective reporting threshold for the filing of Suspicious Activity Reports (“SARs”) and Currency Transaction Reports (“CTRs”).

Continue Reading FinCEN, OCC and FBI Offer Diverging Views on AML Reform in U.S. Senate Testimony

Ballard Spahr is very pleased to host on December 17, 2018 at noon in our Philadelphia office a CLE program for the gaming industry and associated counsel to participate in a panel discussion with speakers from the Internal Revenue Service (IRS) on the latest industry trends in BSA/AML compliance and examination.

Please join us in person to hear directly from the government about related gaming enforcement actions and lessons learned, and to discuss the ongoing importance of Suspicious Activity Reports, Currency Transaction Reports, and “Know Your Customer” due diligence.  I will have the pleasure of moderating a select panel from IRS Criminal Investigation and the IRS Bank Secrecy Act group, including:

  • Mark Young, Supervisory Special Agent, IRS – Criminal Investigation
  • Marita Gehan, Special Agent, IRS – Criminal Investigation
  • Angelo Horiates, III, Special Agent, IRS – Criminal Investigation
  • David Witiak, Revenue Agent, IRS – Small Business/Self-Employed Division

We greatly appreciate the IRS taking the time to participate in this program.  Direct communication between the government and representatives of the regulated industry always proves to be useful and important. We often have blogged on the many BSA/AML issues facing the gaming industry, including here, here and here.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.

First Post in a Two-Part Series

How do financial institutions get in trouble with their regulators? Recent AML enforcement actions suggest that the following two failures are at the heart of most of these actions: (1) inadequately identifying, monitoring and/or reporting suspicious activity; and (2) failing to implement adequate internal controls. And these same issues crop up year after year.

In this post, we’ll discuss these failures and their root causes and provide practical tips for ensuring that your AML program will withstand the scrutiny of regulators. In our next post, we will discuss how these practical tips apply in a specific AML enforcement action: the recent consent order between the New York Department of Financial Services and Mashreqbank.  Further, we look forward to discussing all of these issues in an upcoming podcast in Ballard Spahr’s Consumer Financial Monitor Podcast series.  So please stay tuned.

The U.S. financial institutions that recently found themselves in the government’s crosshairs allegedly engaged in the following behavior:

  • Failing to investigate alerts on high-risk accounts where those accounts had been investigated previously, even when the new suspicious activity to which the bank had been alerted differed from the activity that it previously had investigated.
  • Having a policy of not investigating or filing SARs on cash withdrawals from branches near the Mexican border if the customer said they were withdrawing cash in the U.S., rather than carrying cash into the U.S. from Mexico, in order to avoid having to file a Report of International Transportation of Currency or Monetary Instruments (CMIR).
  • Capping the number of alerts from its transaction monitoring systems based on the number of staff available to review the alerts rather than on the risks posed by the transactions (and lying to regulators about it).
  • Failing to report the suspicious activities of a longtime customer despite having been warned that the customer was laundering the proceeds of an illegal and fraudulent scheme through accounts at the bank.
  • Failing to conduct necessary due diligence on foreign correspondent accounts.
  • A brokerage company failing to file SARs on transactions that showed signs of market manipulation.
  • A MSB’s failing to implement proper controls and discipline crooked agents because those agents were so profitable for the MSB, thereby enabling illegal schemes such as money laundering.

Although the behavior of these financial institutions may differ, the root causes of their failures do not. They include the following:

  • An inadequate, ineffective or non-existent risk assessment.
  • Elevating the business line over the compliance function.
  • Offering products or using new technologies without adequate controls in place.
  • Compliance programs that are not commensurate with the risks, often due to under investment in AML technology or other resources and/or lack of awareness of AML risks or controls.
  • Corporate silos, both human and technological, that prevent or hinder information sharing.
  • Insufficient screening of parties and relationships and lack of effective processes and controls around EDD.

So how can you ensure that your AML program is adequate? Here are some practical tips. Continue Reading Practical Tips for Ensuring Your AML Program Withstands the Scrutiny of Regulators

The Treasury Inspector General for Tax Administration, or TIGTA, issued last month a Report, entitled The Internal Revenue Service’s Bank Secrecy Act Program Has Minimal Impact on Compliance, which sets forth a decidedly dim view of the utility and effectiveness of the current Bank Secrecy Act (“BSA”) compliance efforts by the Internal Revenue Service (“IRS”).  The primary conclusions of the detailed Report are that (i) referrals by the IRS to the Financial Crimes Enforcement Network (“FinCEN”) for potential Title 31 penalty cases suffer lengthy delays and have little impact on BSA compliance; (ii) the IRS BSA Program spent approximately $97 million to assess approximately $39 million in penalties for Fiscal Years (FYs) 2014 to 2016; and (iii) although referrals regarding BSA violations were made to IRS Criminal Investigation (“IRS CI”), most investigations were declined and very few ultimately were accepted by the Department of Justice for prosecution.

Arguably, the most striking claim by the Report is that “Title 31 compliance reviews [by the IRS] have minimal impact on Bank Secrecy Act compliance because negligent violation penalties are not assessed.”

A primary take-away from the Report is that an examination program lacking actual enforcement power is, unsurprisingly, not very effective.  The Report also highlights some potential problems which beset the IRS BSA Program, which include lack of staffing, lack of planning and coordination, and delay. Although the Report’s findings clearly suggest that what the IRS BSA Program really needs are resources and enhanced enforcement power, the repeated allusions in the Report to a certain purposelessness of the current BSA examination regime nonetheless might help fuel the current debate regarding possible AML/BSA reform, with an eye towards curbing regulatory burden.

The Report made five specific recommendations to the IRS for remedial steps. We will focus on four of those recommendations, and the findings upon which they rest:

  • Coordinate with FINCEN on the authority to assert Title 31 penalties, or reprioritize BSA Program resources to more productive work;
  • Leverage the BSA Program’s Title 31 authority and annual examination planning in the development of the IRS’s virtual currency strategy;
  • Evaluate the effectiveness of the newly implemented review procedures for FinCEN referrals; and
  • Improve the process for referrals to IRS CI.

Continue Reading U.S. Treasury Report: IRS BSA Program “Has Minimal Impact on Compliance”

Five U.S. regulatory agencies—the Board of Governors of the Federal Reserve System (“FRB”), the Federal Deposit Insurance Corporation (“FDIC”), the National Credit Union Administration (“NCUA”), the Office of the Comptroller of the Currency (“OCC”), and the U.S. Department of Treasury’s Financial Crimes Enforcement Network (“FinCEN”)—released on October 3, 2018 an Interagency Statement on Sharing Bank Secrecy Act Resources (the “Statement”). This guidance addresses instances in which certain banks and credit unions can enter into “collaborative arrangements” to share resources to manage their Bank Secrecy Act (“BSA”) and anti-money laundering (“AML”) obligations more efficiently and more effectively.

The Statement contemplates banks sharing resources such as internal controls, independent testing, and AML/BSA training (it does not apply to collaborative arrangements formed for information sharing among financial institutions under Section 314(b) of the U.S. Patriot Act). Such resource sharing contemplates reducing costs and increasing efficiencies in the ways banks manage their BSA and AML obligations. The Statement clearly is addressed primarily to community banks, for which the costs of AML/BSA compliance can be significant, and which presumably engage in “less complex operations [and have] lower risk profiles for money laundering or terrorist financing.” The Statement potentially represents another step in an ongoing AML reform process, which increasingly acknowledges the costs of AML compliance to industry. Continue Reading Federal Banking Agencies Encourage BSA Resource Sharing

The Federal Banking Agencies (“FBAs”) — collectively the Office of the Comptroller of the Currency (“OCC”); the Board of Governors of the Federal Reserve System (“Federal Reserve”); the Federal Deposit Insurance Corporation (“FDIC”); and the National Credit Union Administration (“NCUA”) — just issued with the concurrence of FinCEN an Order granting an exemption from the requirements of the customer identification program (“CIP”) rules imposed by the Bank Secrecy Act (“BSA”) under 31 U.S.C. § 5318(l) for certain premium finance loans. The Order applies to “banks” — as defined at 31 C.F.R. § 1010.100(d) — and their subsidiaries which are subject to the jurisdiction of the OCC, Federal Reserve, FDIC, or NCUA.

The Order generally describes the CIP rules of the BSA, which at a very high level require covered financial institutions to implement a CIP “that includes risk-based verification procedures that enable the [financial institution] to form a reasonable belief that it knows the true identify of its customers.” This process involves gathering identifying information and procedures for verifying the customer’s identity. Further observing that, under 31 C.F.R. § 1020.220(b), a FBA with the concurrence of the Secretary of the Treasury may exempt any bank or type of account from these CIP requirements, the Order proceeds to exempt loans extended by banks and their subsidiaries from the CIP requirements when issued to commercial customers (i.e., corporations, partnerships, sole proprietorships, and trusts) to facilitate the purchases of property and casualty insurance policies, otherwise known as premium finance loans or premium finance lending.

The key to the exemption — similar to other narrow exemptions previously issued by FinCEN in regards to the related beneficial ownership rule (as we have blogged, see here and here) — is that these transactions are perceived as presenting a “low risk of money laundering.” This finding is repeated throughout the Order, and is rooted in arguments made in letters submitted to FinCEN and the FBAs by a “consortium of banks.”

More specifically, the Order explains that premium finance loans present a low risk of money laundering, and therefore are exempt from the CIP rules, because of the following considerations and “structural characteristics,” raised either by the consortium of banks and/or the government itself:

  • The process for executing a premium finance loan is highly automated, because “most . . . loan volume is quoted and recorded electronically.”
  • These loans typically are submitted, approved and funded within the same business day and are conducted through insurance agents or brokers with no interaction between the bank and borrower — which means that this process renders it difficult for banks to gather CIP-related information efficiently.  These practical problems are exacerbated by the frequent reluctance of insurance brokers and agents — driven by data privacy concerns — to collect personal information.
  • Property and casualty insurance policies have no investment value.
  • Borrowers cannot use these accounts to purchase merchandise, deposit or withdraw cash, write checks or transfer funds.
  • FinCEN previously exempted financial institutions that finance insurance premiums from the general requirement to identify the beneficial owners of legal entity customers.
  • FinCEN previously exempted financial institutions that finance insurance premiums that allow for cash refunds from the beneficial ownership requirements.
  • FinCEN previously exempted commercial property and casualty insurance policies from the general BSA compliance program rule for insurance companies.
  • The exemption “is consistent with safe and sound banking.”

Although this exemption is narrow and somewhat technical, it represents yet another step in an apparent trend by FinCEN and the FBAs to ease the regulatory demands, albeit in a very targeted fashion, imposed under the BSA.  Clearly, the key argument to be made by other financial institutions seeking similar relief is that the particular kind of financial transaction at issue presents a “low risk of money laundering.”

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please also check out Ballard Spahr’s Consumer Finance Monitor blog, which comprehensively covers financial regulation and litigation involving the CFPB, Federal Agencies, State Agencies, and Attorneys General. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.

Critics Bemoan Removal of Potential Weapon Against Shell Companies

Last week, and on the eve of a scheduled markup of the original bill in the House Financial Services Committee, a new draft of the Counter Terrorism and Illicit Finance Act (“CTIFA”) was sent to Congress.  That bill, among other things, removes a key passage of what promised to be the most substantial overhaul to the Bank Secrecy Act (“BSA”) since the PATRIOT Act.

As we blogged in a January 2018 two-part series (see here and here), the original legislation would have required – subject to civil and criminal penalty provisions – non-exempt companies formed in the U.S. to disclose their real beneficial owners to the Financial Crimes Enforcement Network (FinCEN).  The new bill eliminates the beneficial ownership provision entirely; in its place, the bill merely requires the Comptroller General of the United States “to submit a report evaluating the effectiveness of the collection of beneficial ownership information under the Customer Due Diligence (“CDD”) regulation” (see here), “as well as the regulatory burden and costs imposed on financial institutions subject to it.”

Acknowledging the bill’s removal from mark-up, Ranking Member Maxine Waters (D-Calif.) said she hoped the new bill will be strengthened to address the issue of beneficial ownership, as well as “the problem of anonymous shell companies.”  The Fraternal Order of Police went further, describing the removal of the beneficial ownership provisions as “almost criminal.”

To be sure, the lack of transparency concerning beneficial ownership is widely viewed as a weakness in the U.S.’s efforts to combat money laundering. As noted in our February post concerning various Senate subcommittee hearings related to the topic, Acting Deputy Assistant Attorney General M. Kendall Day of the Department of Justice, Criminal Division, recently testified that “[t]he pervasive use of front companies, shell companies, nominees, or other means to conceal the true beneficial owners of assets is one of the greatest loopholes in this country’s AML regime.”  Indeed, the Financial Action Task Force (“FATF”) recently scored the U.S. as non-compliant – the lowest possible score – in connection with its ability to determine beneficial owners.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.

 

But Noncustomer Plaintiffs May Face Uphill Battle Proving Digital Currency Exchange’s Actual Liability

Earlier this week, the Eleventh Circuit affirmed, in an unpublished opinion, that Coinbase Inc., an online platform used for buying, selling, transferring, and storing digital currency, could not compel arbitration on a former customer of Cryptsy, a now-defunct cryptocurrency exchange, in his proposed class action suit alleging that Coinbase helped to launder $8 million of Cryptsy customers’ assets. Leidel v. Coinbase, Inc., Dkt. 17-12728.

In so holding, the Court found that the plaintiff’s allegations emanated not from the User Agreement between Coinbase and Cryptsy’s CEO, Paul Vernon, but from extra-contractual duties “allegedly” found in federal statutes and regulations, specifically the Bank Secrecy Act (“BSA”).  As we previously have blogged, courts have held that financial institutions generally do not owe a duty of care to a noncustomer and that no special duty of care arises from the duties and obligations set forth in the BSA absent a special relationship or contractual relationship. Moreover, there is no private right of action stemming from the BSA. Nor does the BSA define a financial institution’s standard of care for the purposes of a negligence claim.

Coinbase is registered as a Money Services Business with FinCEN, and is otherwise required to comply with the BSA. However, if courts treat Coinbase as it would any other financial institution (which we have no reason to believe that they would not), Plaintiff, having avoided the contractual arbitration provision, has an uphill battle to show that Coinbase had a duty of care to noncustomers to prevent AML failures. Continue Reading Coinbase Cannot Force Noncustomers to Arbitrate Suit Alleging Violations of BSA/AML Duties

Second Part in a Two-Part Series

The Tale of an AML BSA Exam Gone Wrong

As we have blogged, the Ninth Circuit Court of Appeals recently upheld the decision of the Board of Directors of the Federal Deposit Insurance Corporation (“FDIC”) to issue a cease and desist order against California Pacific Bank (the “Bank”) for the Bank’s alleged failure to comply with Bank Secrecy Act (“BSA”) regulations or have a sufficient plan and program in place to do so.

In our first post, we described how the Ninth Circuit rejected the Bank’s constitutional challenge to the relevant regulation, and accorded broad deference to the FDIC in its interpretations of its own regulations, expressed in the form of the Federal Financial Institutions Examination Council Manual (“FFIEC Manual”).  This post discusses the Court’s review of the Bank’s challenge under the Administrative Procedures Act to the FDIC’s factual findings of AML program failings.

The California Pacific opinion provides a significant piece of guidance for banks questioning the adequacy of its BSA compliance program: consult and abide the FFIEC Manual.  Furthermore, it demonstrates that no shortcuts are permitted when it comes to establishing and maintaining a BSA compliance program.  The BSA and the FDIC’s regulations contain firm guidelines and the FFIEC Manual puts banks of all sizes on notice of what compliance is expected of them.  The independence of both the AML compliance officer and of testing; adequate risk assessments of customer accounts; and the correction of prior regulator findings of AML deficiencies are key. Continue Reading Ninth Circuit Court of Appeals Outlines BSA Compliance Obligations and How One Small Bank Failed to Meet Them