Bank Secrecy Act (BSA)

Critics Bemoan Removal of Potential Weapon Against Shell Companies

Last week, and on the eve of a scheduled markup of the original bill in the House Financial Services Committee, a new draft of the Counter Terrorism and Illicit Finance Act (“CTIFA”) was sent to Congress.  That bill, among other things, removes a key passage of what promised to be the most substantial overhaul to the Bank Secrecy Act (“BSA”) since the PATRIOT Act.

As we blogged in a January 2018 two-part series (see here and here), the original legislation would have required – subject to civil and criminal penalty provisions – non-exempt companies formed in the U.S. to disclose their real beneficial owners to the Financial Crimes Enforcement Network (FinCEN).  The new bill eliminates the beneficial ownership provision entirely; in its place, the bill merely requires the Comptroller General of the United States “to submit a report evaluating the effectiveness of the collection of beneficial ownership information under the Customer Due Diligence (“CDD”) regulation” (see here), “as well as the regulatory burden and costs imposed on financial institutions subject to it.”

Acknowledging the bill’s removal from mark-up, Ranking Member Maxine Waters (D-Calif.) said she hoped the new bill will be strengthened to address the issue of beneficial ownership, as well as “the problem of anonymous shell companies.”  The Fraternal Order of Police went further, describing the removal of the beneficial ownership provisions as “almost criminal.”

To be sure, the lack of transparency concerning beneficial ownership is widely viewed as a weakness in the U.S.’s efforts to combat money laundering. As noted in our February post concerning various Senate subcommittee hearings related to the topic, Acting Deputy Assistant Attorney General M. Kendall Day of the Department of Justice, Criminal Division, recently testified that “[t]he pervasive use of front companies, shell companies, nominees, or other means to conceal the true beneficial owners of assets is one of the greatest loopholes in this country’s AML regime.”  Indeed, the Financial Action Task Force (“FATF”) recently scored the U.S. as non-compliant – the lowest possible score – in connection with its ability to determine beneficial owners.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.

 

But Noncustomer Plaintiffs May Face Uphill Battle Proving Digital Currency Exchange’s Actual Liability

Earlier this week, the Eleventh Circuit affirmed, in an unpublished opinion, that Coinbase Inc., an online platform used for buying, selling, transferring, and storing digital currency, could not compel arbitration on a former customer of Cryptsy, a now-defunct cryptocurrency exchange, in his proposed class action suit alleging that Coinbase helped to launder $8 million of Cryptsy customers’ assets. Leidel v. Coinbase, Inc., Dkt. 17-12728.

In so holding, the Court found that the plaintiff’s allegations emanated not from the User Agreement between Coinbase and Cryptsy’s CEO, Paul Vernon, but from extra-contractual duties “allegedly” found in federal statutes and regulations, specifically the Bank Secrecy Act (“BSA”).  As we previously have blogged, courts have held that financial institutions generally do not owe a duty of care to a noncustomer and that no special duty of care arises from the duties and obligations set forth in the BSA absent a special relationship or contractual relationship. Moreover, there is no private right of action stemming from the BSA. Nor does the BSA define a financial institution’s standard of care for the purposes of a negligence claim.

Coinbase is registered as a Money Services Business with FinCEN, and is otherwise required to comply with the BSA. However, if courts treat Coinbase as it would any other financial institution (which we have no reason to believe that they would not), Plaintiff, having avoided the contractual arbitration provision, has an uphill battle to show that Coinbase had a duty of care to noncustomers to prevent AML failures. Continue Reading Coinbase Cannot Force Noncustomers to Arbitrate Suit Alleging Violations of BSA/AML Duties

Second Part in a Two-Part Series

The Tale of an AML BSA Exam Gone Wrong

As we have blogged, the Ninth Circuit Court of Appeals recently upheld the decision of the Board of Directors of the Federal Deposit Insurance Corporation (“FDIC”) to issue a cease and desist order against California Pacific Bank (the “Bank”) for the Bank’s alleged failure to comply with Bank Secrecy Act (“BSA”) regulations or have a sufficient plan and program in place to do so.

In our first post, we described how the Ninth Circuit rejected the Bank’s constitutional challenge to the relevant regulation, and accorded broad deference to the FDIC in its interpretations of its own regulations, expressed in the form of the Federal Financial Institutions Examination Council Manual (“FFIEC Manual”).  This post discusses the Court’s review of the Bank’s challenge under the Administrative Procedures Act to the FDIC’s factual findings of AML program failings.

The California Pacific opinion provides a significant piece of guidance for banks questioning the adequacy of its BSA compliance program: consult and abide the FFIEC Manual.  Furthermore, it demonstrates that no shortcuts are permitted when it comes to establishing and maintaining a BSA compliance program.  The BSA and the FDIC’s regulations contain firm guidelines and the FFIEC Manual puts banks of all sizes on notice of what compliance is expected of them.  The independence of both the AML compliance officer and of testing; adequate risk assessments of customer accounts; and the correction of prior regulator findings of AML deficiencies are key. Continue Reading Ninth Circuit Court of Appeals Outlines BSA Compliance Obligations and How One Small Bank Failed to Meet Them

Court Defers Heavily to the FDIC and the FFIEC Manual

First Part in a Two-Part Series

The Ninth Circuit Court of Appeals recently upheld the decision of the Board of Directors of the Federal Deposit Insurance Corporation (“FDIC”) to issue a cease and desist order against California Pacific Bank (the “Bank”) for the Bank’s alleged failure to comply with Bank Secrecy Act (“BSA”) regulations or have a sufficient plan and program in place to do so.

This decision, California Pacific Bank v. FDIC, provides a nearly step-by-step analysis of what is required of banks under the BSA and a vivid illustration of an Anti-Money Laundering (“AML”) program that did not pass muster in the eyes of a regulator.  It highlights the general rules that banks of all sizes, but particularly smaller community banks, must keep in mind concerning their compliance programs – size does not matter and you are on notice of what compliance entails.

Importantly, and before upholding the FDIC’s factual findings regarding the Bank’s violations, the Ninth Circuit first rejected the Bank’s claim that the regulation at issue (which required the Bank to implement an AML compliance program which complied with the “four pillars” of such a program) was unconstitutionally vague. Moreover, the Ninth Circuit found that the FDIC has broad discretion when interpreting this regulation, described by the Court as “ambiguous.”

This post will summarize the case and the key role played by the Federal Financial Institutions Examination Council Manual (“FFIEC Manual”) in both the Court’s rejection of the constitutional challenge and the broad deference which the Court accorded to the FDIC and its interpretation of its own regulations.  The second post will turn to the Bank’s alleged AML program failings and the Bank’s challenges to the FDIC’s many factual findings. Continue Reading Ninth Circuit Court of Appeals Rejects Constitutional Challenge to AML Compliance Program Regulation

As we previously have blogged, the Financial Crimes Enforcement Network (“FinCEN”) became one of the first regulators to wade into the regulation of cryptocurrency when it released interpretive guidance in March 2013 stating that an administrator or exchanger of virtual currency is a Money Services Business (“MSB”). As a MSB, and according to FinCEN, an administrator or exchanger of virtual currency therefore is a “financial institution” subject to the Bank Secrecy Act (“BSA”) and its various AML-related requirements, unless a limitation or exemption applies.  Accordingly, the Department of Justice has prosecuted operators of cryptocurrency exchanges for a failure to register with FinCEN as a MSB, and FinCEN has brought civil enforcement proceedings against such exchanges for alleged failures to maintain adequate AML programs and file required Suspicious Activity Reports (“SARS”), among other alleged BSA violations.

Recently, regulators of all stripes across the globe have been moving swiftly to regulate cryptocurrency in various ways (see herehere, here, here, here, here, here, here, and here). Indeed, the Securities and Exchange Commission (“SEC”) has been very vocal and aggressive in claiming that many if not all Initial Coin Offerings (“ICOs”) involving cryptocurrency represent securities subject to the jurisdiction and supervision of the SEC, and already has filed several enforcement proceedings involving ICOs. Moreover the SEC just yesterday issued a statement that it considers exchanges for cryptocurrency to also be subject to its jurisdiction. Likewise, the U.S. Commodity Futures Trading Commission (“CFTC”) has asserted that cryptocurrencies are commodities subject to its jurisdiction; this week, a federal court agreed with this assertion in a CFTC enforcement action.  The CFTC claims that its jurisdiction reaches beyond cryptocurrency derivative products to fraud and manipulation in the underlying cryptocurrency spot markets.

But there is a potential problem with all of these regulators simultaneously rushing in to assert their respective power over cryptocurrency businesses, and it is a tension that does not seem to have attracted much public attention to date. Specifically, BSA regulations pertaining to the definition of a MSB, at 31 C.F.R. § 1010.100(ff)(8)(ii), flatly state that a MSB does not include the following:

A person registered with, and functionally regulated or examined by, the SEC or the CFTC, or a foreign financial agency that engages in financial activities that, if conducted in the United States, would require the foreign financial agency to be registered with the SEC or CFTC[.]

How can certain cryptocurrency businesses be subject to the claimed jurisdictions of FinCEN as well as the recent regulatory newcomers to this area, the SEC and the CFTC? Continue Reading FinCEN Letter to U.S. Senate Committee on Finance Purports to Thread Needle of Potentially Competing Jurisdictions by Regulators over Cryptocurrencies

Second Post in a Two-Part Series

As we blogged earlier this week, Congress is considering a new draft bill, the Counter Terrorism and Illicit Finance Act (“CTIFA”), in committee in the Senate.  The CTIFA proposes the most substantial overhaul to the Bank Secrecy Act (“BSA”) since the PATRIOT Act.

We previously discussed CTIFA’s proposed requirement for legal entities to submit to FinCEN a list their beneficial owners (“BOs”) and the creation of a central directory of these BOs. Today, we discuss CTIFA’s many other major proposed revisions to the BSA. These include:

  • Raising the minimum monetary thresholds for filing Currency Transaction Reports (“CTRs”) and Suspicious Activity Reports (“SARs”), and requiring a review of how those filing requirements could be streamlined;
  • Expanding the prohibition against disclosing SAR-related information to third parties, including in private litigation;
  • Codifying absolute civil immunity for SAR filing;
  • Expanding the scope of voluntary information sharing among financial institutions;
  • Allowing FinCEN to issue no-action letters; and
  • A grab-bag of other proposals, including a safe harbor for AML-related technological innovation; requiring a review of whether FinCEN should assume a greater role in AML/BSA examinations of financial institutions; requiring a review of the costs to the private sector for AML/BSA compliance; and requiring an annual report to the Secretary of the Treasury (“the Secretary”) regarding the usefulness of BSA reporting to law enforcement.

Continue Reading Congress Contemplates Broad AML/BSA Reform

Congress is considering a new draft bill, the Counter Terrorism and Illicit Finance Act (“CTIFA”), currently in committee in the Senate.  The CTIFA proposes the most substantial overhaul to the Bank Secrecy Act (“BSA”) since the PATRIOT Act.

This post is the first entry in a two-post series discussing the CTIFA. Here, we summarize recent Senate hearings on the bill and AML reform, which suggest that the CTIFA enjoys political momentum. We also discuss what is arguably the most dramatic change proposed by the CTIFA: requiring legal entities to submit to FinCEN of a list their beneficial owners (“BOs”) – a requirement backed up by civil and criminal penalties for non-compliance — and the creation of a directory of these BOs, which would be accessible to local and international law enforcement and financial institutions. This proposal in part seeks to ease the burdens faced by financial institutions in complying with FinCEN’s Customer Due Diligence (“CDD”) regulation, which takes effect on May 11, 2018 and requires financial institutions to determine BO for legal entities.

In our next post, we will discuss CTIFA’s many other proposed revisions to the BSA. These include: expanding the scope of voluntary information sharing among financial institutions; raising the minimum monetary thresholds for filing Currency Transaction Reports (“CTRs”) and Suspicious Activity Reports (“SARs”); expanding the prohibition against disclosing SAR-related information to third parties, including in private litigation; codifying absolute immunity for SAR filing; allowing FinCEN to issue no-action letters; creating a safe harbor for AML-related technological innovation; requiring a review of whether FinCEN should assume a greater role in AML/BSA exams of financial institutions; and requiring an annual report regarding the usefulness of BSA reporting to law enforcement. Continue Reading Congress Proposes National Directory of Beneficial Owners of Legal Entities

Last week, the Office of the Comptroller of the Currency (“OCC”) released its semiannual risk report (“Report”) highlighting credit, operational, and compliance risks to the federal banking system.  The Report focuses on issues that pose threats to those financial institutions regulated by the OCC and is intended to be used as a resource to by those financial institutions to address the key concerns identified by the OCC.  Specifically, the OCC places cybersecurity and Anti-Money Laundering (“AML”) among the top concerns highlighted in the Report.  The Report further observes that the total number of enforcement actions by the OCC against banks — instituted for any kind of alleged violations — have declined steadily after peaking in 2009. Continue Reading OCC Report: Cybersecurity and Money Laundering Threats are the Key Risks Facing Banks

FinCEN recentlty announced entry of a $2 million assessment against Lone Star National Bank, a private bank operating out of Texas, for the bank’s allegedly willful violations of the Bank Secrecy Act (“BSA”) and inadequate Anti-Money Laundering (“AML”) monitoring programs.  The primary violations relate to Lone Star’s alleged failure to comply with due diligence requirements imposed by Section 312 of the USA PATRIOT Act in establishing and conducting its correspondent banking relationship with a Mexican bank.  As a result of Lone Star’s insufficient due diligence and AML program, the Mexican bank was “allowed to move hundreds of millions of U.S. dollars in suspicious cash shipments through the U.S. financial system in less than two years.”  The FinCEN’s announcement warns that this “action underscores the dangers that institutions face when taking on international correspondence activities without properly equipping themselves” to manage the enhanced obligations that arise with such relationships.

This new FinCEN assessment underscores the continued regulatory interest in the AML risks presented by correspondent banking relationships. We therefore first will provide a brief overview of correspondent banking relationships and the enhanced regulatory attention often paid to them. Armed with this context, we then will analyze the findings and lessons learned from the Lone Star assessment, including the value touted by FinCEN of Lone Star’s efforts to cooperate with its own investigation. Further, this new assessment suggests that the U.S. government does not always present a consistent voice regarding correspondent banking relationships: although the U.S. Treasury has tried to encourage financial institutions in general to not “de-risk” and thereby terminate correspondent banking relationships, we see that enforcement agencies continue to penalize institutions in individual cases for not mitigating sufficiently the risks of correspondent banking. Continue Reading FinCEN Fines Texas Bank $2M for Alleged Failure to Vet and Monitor Mexican Correspondent Banking Relationship – But Touts Bank’s Cooperation