Customer Due Diligence

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.  Our podcast discusses the conduct for which financial institutions have been faulted in recent Anti-Money Laundering (“AML”) enforcement actions, flags other AML-related missteps that can trigger regulatory scrutiny, and offers practical tips for avoiding regulatory criticism and reducing enforcement risk. This podcast follows up on two related blog posts, in which we provided some practical tips for financial institutions to increase the chances that their AML programs will withstand regulators’ scrutiny, and then discussed the consequences of potentially failing to heed these practical tips in a specific case: the New York Department of Financial Services’ (DFS) recent enforcement action against Mashreqbank.

We hope that you enjoy the podcast, moderated by our partner Alan Kaplinksy, and find it useful.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.  To visit Ballard Spahr’s award-winning Consumer Financial Monitor blog, please click here.

Second Post in a Two-Part Series

NYDFS Action Highlights the Need for Good Monitoring – and Good Consultants

In part one of this two-part post, we provided some practical tips for financial institutions to increase the chances that their Anti-Money Laundering (“AML”) programs will withstand regulators’ scrutiny, including: (1) promoting a culture of AML/Bank Secrecy Act (“BSA”) compliance; (2) focusing on transaction monitoring; (3) improving information sharing; (4) identifying and handling high-risk accounts appropriately; and (5) knowing your risks and continually improving your AML program to control those risks.

In this post we’ll discuss the consequences of potentially failing to heed these practical tips in a specific case: the New York Department of Financial Services’ (DFS) recent enforcement action against Mashreqbank. Further, we look forward to discussing all of these issues in an upcoming podcast in Ballard Spahr’s Consumer Financial Monitor Podcast series. So please continue to stay tuned.

Mashreqbank is the oldest and largest private bank in the United Arab Emirates. Its New York branch is Mashreqbank’s only location in the United States. It offers correspondent banking and trade finance services and provides U.S. dollar clearing services to clients located in Southeast Asia, the Middle East and Northern Africa. In 2016, the branch cleared more than 1.2 million USD transactions with an aggregate value of over $367 billion. In 2017, the branch cleared more than one million USD transactions with an aggregate value of over $350 billion.

The DFS enforcement action asserted that Mashreqbank’s AML/BSA program was deficient in a number of respects and that the New York branch had failed to remediate identified compliance issues. The enforcement action began with a DFS safety and soundness examine in 2016. In 2017, DFS and the Federal Reserve Bank of New York (FRBNY) conducted a joint safety and soundness examination. DFS provided a report of its findings to which Mashreqbank submitted a response.

In a consent order signed on October 10, 2018, Mashreqbank admitted violations of New York laws and accepted a significant monetary penalty and increased oversight for deficiencies in its AML/BSA and Office of Foreign Assets Control (OFAC) programs. Regulators pursued the enforcement action despite the New York branch’s strong cooperation and demonstrated commitment to building an effective and sustainable compliance program. Among other things, Mashreqbank agreed to pay a $40 million fine; to hire a third-party compliance consultant to oversee and address deficiencies in the branch’s compliance function including compliance with AML/BSA requirements; and to develop written revised AML/BSA and OFAC compliance programs acceptable to DFS.

The DFS and FRBNY examination findings demonstrate Mashreqbank’s failure to follow the practical tips identified in part one of this post. Specifically, the regulators found that Mashreqbank failed to: (1) have appropriate transition monitoring; (2) identify and handle high-risk accounts appropriately; and (3) know its risk and improve its AML program to control those risks.

Further, and as our discussion will reflect, the Mashreqbank enforcement action is also notable in two other respects. First, the alleged AML failures pertain entirely to process and the general adequacy of the bank’s AML program – whereas the vast majority of other AML/BSA enforcement actions likewise discuss system failures, they usually also point to specific substantive violations, such as the failure to file Suspicious Activity Reports (“SARs”) regarding a particular customer or set of transactions. Second, although the use of external consultants usually represents a mitigating factor or even a potential reliance defense to financial institution defendants, the DFS turned what is typically a defense shield into a government sword and instead criticized Mashreqbank for using outside consultants who, according to DFS, were just not very rigorous. This alleged use of consultants performing superficial analysis became part of the allegations of affirmative violations against the bank, thereby underscoring how financial institutions must ensure that their AML/BSA auditors or other consultants are experienced, competent, and performing meaningful testing, particularly when addressing issues previously identified by regulators. Continue Reading Practical Tips in Action: The Mashreqbank AML Enforcement Action

First Post in a Two-Part Series

How do financial institutions get in trouble with their regulators? Recent AML enforcement actions suggest that the following two failures are at the heart of most of these actions: (1) inadequately identifying, monitoring and/or reporting suspicious activity; and (2) failing to implement adequate internal controls. And these same issues crop up year after year.

In this post, we’ll discuss these failures and their root causes and provide practical tips for ensuring that your AML program will withstand the scrutiny of regulators. In our next post, we will discuss how these practical tips apply in a specific AML enforcement action: the recent consent order between the New York Department of Financial Services and Mashreqbank.  Further, we look forward to discussing all of these issues in an upcoming podcast in Ballard Spahr’s Consumer Financial Monitor Podcast series.  So please stay tuned.

The U.S. financial institutions that recently found themselves in the government’s crosshairs allegedly engaged in the following behavior:

  • Failing to investigate alerts on high-risk accounts where those accounts had been investigated previously, even when the new suspicious activity to which the bank had been alerted differed from the activity that it previously had investigated.
  • Having a policy of not investigating or filing SARs on cash withdrawals from branches near the Mexican border if the customer said they were withdrawing cash in the U.S., rather than carrying cash into the U.S. from Mexico, in order to avoid having to file a Report of International Transportation of Currency or Monetary Instruments (CMIR).
  • Capping the number of alerts from its transaction monitoring systems based on the number of staff available to review the alerts rather than on the risks posed by the transactions (and lying to regulators about it).
  • Failing to report the suspicious activities of a longtime customer despite having been warned that the customer was laundering the proceeds of an illegal and fraudulent scheme through accounts at the bank.
  • Failing to conduct necessary due diligence on foreign correspondent accounts.
  • A brokerage company failing to file SARs on transactions that showed signs of market manipulation.
  • A MSB’s failing to implement proper controls and discipline crooked agents because those agents were so profitable for the MSB, thereby enabling illegal schemes such as money laundering.

Although the behavior of these financial institutions may differ, the root causes of their failures do not. They include the following:

  • An inadequate, ineffective or non-existent risk assessment.
  • Elevating the business line over the compliance function.
  • Offering products or using new technologies without adequate controls in place.
  • Compliance programs that are not commensurate with the risks, often due to under investment in AML technology or other resources and/or lack of awareness of AML risks or controls.
  • Corporate silos, both human and technological, that prevent or hinder information sharing.
  • Insufficient screening of parties and relationships and lack of effective processes and controls around EDD.

So how can you ensure that your AML program is adequate? Here are some practical tips. Continue Reading Practical Tips for Ensuring Your AML Program Withstands the Scrutiny of Regulators

The Federal Banking Agencies (“FBAs”) — collectively the Office of the Comptroller of the Currency (“OCC”); the Board of Governors of the Federal Reserve System (“Federal Reserve”); the Federal Deposit Insurance Corporation (“FDIC”); and the National Credit Union Administration (“NCUA”) — just issued with the concurrence of FinCEN an Order granting an exemption from the requirements of the customer identification program (“CIP”) rules imposed by the Bank Secrecy Act (“BSA”) under 31 U.S.C. § 5318(l) for certain premium finance loans. The Order applies to “banks” — as defined at 31 C.F.R. § 1010.100(d) — and their subsidiaries which are subject to the jurisdiction of the OCC, Federal Reserve, FDIC, or NCUA.

The Order generally describes the CIP rules of the BSA, which at a very high level require covered financial institutions to implement a CIP “that includes risk-based verification procedures that enable the [financial institution] to form a reasonable belief that it knows the true identify of its customers.” This process involves gathering identifying information and procedures for verifying the customer’s identity. Further observing that, under 31 C.F.R. § 1020.220(b), a FBA with the concurrence of the Secretary of the Treasury may exempt any bank or type of account from these CIP requirements, the Order proceeds to exempt loans extended by banks and their subsidiaries from the CIP requirements when issued to commercial customers (i.e., corporations, partnerships, sole proprietorships, and trusts) to facilitate the purchases of property and casualty insurance policies, otherwise known as premium finance loans or premium finance lending.

The key to the exemption — similar to other narrow exemptions previously issued by FinCEN in regards to the related beneficial ownership rule (as we have blogged, see here and here) — is that these transactions are perceived as presenting a “low risk of money laundering.” This finding is repeated throughout the Order, and is rooted in arguments made in letters submitted to FinCEN and the FBAs by a “consortium of banks.”

More specifically, the Order explains that premium finance loans present a low risk of money laundering, and therefore are exempt from the CIP rules, because of the following considerations and “structural characteristics,” raised either by the consortium of banks and/or the government itself:

  • The process for executing a premium finance loan is highly automated, because “most . . . loan volume is quoted and recorded electronically.”
  • These loans typically are submitted, approved and funded within the same business day and are conducted through insurance agents or brokers with no interaction between the bank and borrower — which means that this process renders it difficult for banks to gather CIP-related information efficiently.  These practical problems are exacerbated by the frequent reluctance of insurance brokers and agents — driven by data privacy concerns — to collect personal information.
  • Property and casualty insurance policies have no investment value.
  • Borrowers cannot use these accounts to purchase merchandise, deposit or withdraw cash, write checks or transfer funds.
  • FinCEN previously exempted financial institutions that finance insurance premiums from the general requirement to identify the beneficial owners of legal entity customers.
  • FinCEN previously exempted financial institutions that finance insurance premiums that allow for cash refunds from the beneficial ownership requirements.
  • FinCEN previously exempted commercial property and casualty insurance policies from the general BSA compliance program rule for insurance companies.
  • The exemption “is consistent with safe and sound banking.”

Although this exemption is narrow and somewhat technical, it represents yet another step in an apparent trend by FinCEN and the FBAs to ease the regulatory demands, albeit in a very targeted fashion, imposed under the BSA.  Clearly, the key argument to be made by other financial institutions seeking similar relief is that the particular kind of financial transaction at issue presents a “low risk of money laundering.”

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please also check out Ballard Spahr’s Consumer Finance Monitor blog, which comprehensively covers financial regulation and litigation involving the CFPB, Federal Agencies, State Agencies, and Attorneys General. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.

 

FinCEN Cites Low Risk of Money Laundering and High Regulatory Burden of Rule

On September 7, 2018, the Financial Crimes Enforcement Network (“FinCEN”) issued permanent exceptive relief (“Relief”) to the Beneficial Ownership rule (“BO Rule”) that further underscores the agency’s continued flexibility and risk-based approach to the BO Rule.

Very generally, the BO Rule — effective as of May 11, 2018, and about which we repeatedly have blogged (see here, here and here) — requires covered financial institutions to identify and verify the identities of the beneficial owners of legal entity customers at account opening. FinCEN previously stated in April 3, 2018 FAQs regarding the BO Rule that a “new account” is established – thereby triggering the BO Rule – “each time a loan is renewed or a certificate of deposit is rolled over.” As a result, even if covered financial institutions already have identified and verified beneficial ownership information for a customer at the initial account opening, the institutions still must identify and verify that beneficial ownership information again – and for the same customer – if the customer’s account has been renewed, modified, or extended.

However, the Relief now excepts application of the BO Rule when legal entity customers open “new accounts” through: (1) a rollover of a certificate of deposit (CD); (2) a renewal, modification, or extension of a loan, commercial line of credit, or credit card account that does not require underwriting review and approval; or (3) a renewal of a safe deposit box rental. The Relief does not apply to the initial opening of any of these accounts.

The Relief echoes the exceptive relief from the BO Rule granted by FinCEN on May 11, 2018 to premium finance lenders whose payments are remitted directly to the insurance provider or broker, even if the lending involves the potential for a cash refund. Once again, although the Relief is narrow, FinCEN’s explanation for why the excepted accounts present a low risk for money laundering is potentially instructive in other contexts. Continue Reading FinCEN Issues Exceptive Relief from Beneficial Ownership Rule to Certain Account Renewals

In the wake of this week’s revelations of years-long and significant alleged money laundering failures involving ING Bank and Danske Bank, European regulators have circulated a confidential “reflection paper” warning national governments and the European Parliament about shortcomings in the European Union’s (“EU”) anti-money laundering (“AML”) efforts and providing recommendations to strengthen these efforts.  The reflection paper recommends centralizing the enforcement of AML rules through a powerful new EU authority to ensure that banks implement background checks and other AML measures, and setting a deadline for the European Central Bank to reach agreement with national authorities to allow for the sharing of sensitive data.

Continue Reading Recent Nordic Scandals Involving ING Bank and Danske Bank Underscore the European Union’s Vulnerabilities to Money Laundering

Critics Bemoan Removal of Potential Weapon Against Shell Companies

Last week, and on the eve of a scheduled markup of the original bill in the House Financial Services Committee, a new draft of the Counter Terrorism and Illicit Finance Act (“CTIFA”) was sent to Congress.  That bill, among other things, removes a key passage of what promised to be the most substantial overhaul to the Bank Secrecy Act (“BSA”) since the PATRIOT Act.

As we blogged in a January 2018 two-part series (see here and here), the original legislation would have required – subject to civil and criminal penalty provisions – non-exempt companies formed in the U.S. to disclose their real beneficial owners to the Financial Crimes Enforcement Network (FinCEN).  The new bill eliminates the beneficial ownership provision entirely; in its place, the bill merely requires the Comptroller General of the United States “to submit a report evaluating the effectiveness of the collection of beneficial ownership information under the Customer Due Diligence (“CDD”) regulation” (see here), “as well as the regulatory burden and costs imposed on financial institutions subject to it.”

Acknowledging the bill’s removal from mark-up, Ranking Member Maxine Waters (D-Calif.) said she hoped the new bill will be strengthened to address the issue of beneficial ownership, as well as “the problem of anonymous shell companies.”  The Fraternal Order of Police went further, describing the removal of the beneficial ownership provisions as “almost criminal.”

To be sure, the lack of transparency concerning beneficial ownership is widely viewed as a weakness in the U.S.’s efforts to combat money laundering. As noted in our February post concerning various Senate subcommittee hearings related to the topic, Acting Deputy Assistant Attorney General M. Kendall Day of the Department of Justice, Criminal Division, recently testified that “[t]he pervasive use of front companies, shell companies, nominees, or other means to conceal the true beneficial owners of assets is one of the greatest loopholes in this country’s AML regime.”  Indeed, the Financial Action Task Force (“FATF”) recently scored the U.S. as non-compliant – the lowest possible score – in connection with its ability to determine beneficial owners.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.

 

Bank’s Alleged “Tick Box” Approach Failed to Attain Substantive AML Compliance

Late last week, the Financial Conduct Authority (“FCA”), the United Kingdom’s financial services regulator, imposed a $1.2 million (896,100 pound) fine on the UK division of India’s Canara Bank, an Indian state-owned bank, and ordered a moratorium on new deposits for nearly five months.  The cause—according to Reuters—was Canara’s systemic anti-money laundering (“AML”) failures.

A 44-page final notice published by the FCA explains the multi-year regulatory process that led to a finding of systemic failures and the imposition of penalties.  The FCA’s investigation began in late 2012 and early 2013 with assessments of Canara’s AML systems.  Upon inspection, the FCA “notified Canara of a number of serious weaknesses in its AML systems and controls.”  After promises of remedial action by Canara, an April 2015 visit revealed that the AML systems had not been fixed.  The investigation ended with a final report from a “skilled person,” an expert brought in by the FCA to assess Canara’s AML policies and procedures, completed in January 2016.  Settlement followed, resulting in sanctions and the FCA’s published final notice.

These three visits from the FCA generated a laundry list of Canara’s AML shortcomings.  This enforcement action reflects three main take-aways: (i) the potential risks faced by banks operating in foreign countries in which they have limited AML experience; (ii) the need for swift remedial action after the first examination finding AML deficiencies; and (iii) the need for a substantive AML policy implemented in a substantive way, rather than through a rote reliance on AML-related checklists. Continue Reading Canara Bank of India Fined $1.2 Million by UK Regulators for Systemic AML Failures

Incorporation Solidifies Customer Due Diligence as “Fifth Pillar” to BSA/AML Compliance Program

May 11, 2018 was the much anticipated effective date for the Customer Due Diligence (“CDD”) Requirements for Financial Institutions Rule (the “Beneficial Ownership Rule”) issued by the Department of Treasury’s Financial Crimes Enforcement Network (“FinCEN”). On the same day, the Federal Financial Institutions Examination Council (“FFIEC”) released two updates to the Bank Secretary Act/Anti-Money Laundering (“BSA/AML”) examination manual that incorporate and clarify the CDD Requirements and Beneficial Ownership Rule.  The FFIEC is an interagency body that is “empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions.”  The FFIEC examination manual drives the principles and obligations of covered financial instructions in creating BSA/AML compliance programs.  The new updates further clarify the FinCEN rules and solidify CDD as the fifth pillar of the BSA/AML compliance regime.

As we previously blogged here, when FinCEN announced its final rule on CDD requirements it established two important requirements for covered financial institutions.  First, the covered financial institutions were required to establish procedures to identify and verify the beneficial owners of all legal entity customers. Second, the rule required covered financial institutions to adopt ongoing risk-based CDD procedures as part of their AML compliance programs – including developing and updating customer risk profiles and conducting ongoing AML monitoring.  We previously provided practical guidance to aid covered financial institutions in preparing for implementation of these two requirements.  Now we will highlight the key considerations of FFIEC examination manual addressing these topics.  Of particular interest, the new FFIEC examination manual provisions state in part that regulatory examiners are not supposed to engage in second-guessing specific decisions; rather, during an examination “the bank should not be criticized for individual customer decisions unless it impacts the effectiveness of the overall CDD program, or is accompanied to evidence of bad faith or other aggravating factors.” Continue Reading FFIEC Manual Incorporates Beneficial Ownership Rule and CDD Requirements

Relief is Narrow, but FinCEN’s Explanation of Low Money Laundering Risk Posed by Lending Products is Instructive

On May 11, the Financial Crimes Enforcement Network (“FinCEN”) issued a ruling to provide exceptive relief from the application of the new Beneficial Ownership rule (the “BO Rule,” about which we repeatedly have blogged: see here, here and here) to premium finance lending products that allow for cash refunds.

Very generally, the BO Rule — effective as of May 11, 2018 — requires covered financial institutions to identify and verify the identity of the beneficial owner of legal entity customers at account opening. One exemption provided by the BO Rule from its requirements is when a legal entity customer opens a new account for the purpose of financing insurance premiums and the payments are remitted directly by the financial institution to the insurance provider or broker.  However, this exemption does not apply when there is a possibility of cash refunds.

In its May 11th ruling, FinCEN granted exceptive relief from the BO Rule to premium finance lenders whose payments are remitted directly to the insurance provider or broker, even if the lending involves the potential for a cash refund.  Although this exception is narrow when compared to the many other financial institutions covered by the broad BO Rule, FinCEN’s explanation for why the excepted entities present a low risk for money laundering is potentially instructive in other contexts, such as risk assessments undertaken by financial institutions for the purposes of their anti-money laundering (“AML”) compliance programs. Continue Reading FinCEN Provides Exceptive Relief from New Beneficial Ownership Rule