First Post in a Two-Part Series

How do financial institutions get in trouble with their regulators? Recent AML enforcement actions suggest that the following two failures are at the heart of most of these actions: (1) inadequately identifying, monitoring and/or reporting suspicious activity; and (2) failing to implement adequate internal controls. And these same issues crop up year after year.

In this post, we’ll discuss these failures and their root causes and provide practical tips for ensuring that your AML program will withstand the scrutiny of regulators. In our next post, we will discuss how these practical tips apply in a specific AML enforcement action: the recent consent order between the New York Department of Financial Services and Mashreqbank.  Further, we look forward to discussing all of these issues in an upcoming podcast in Ballard Spahr’s Consumer Financial Monitor Podcast series.  So please stay tuned.

The U.S. financial institutions that recently found themselves in the government’s crosshairs allegedly engaged in the following behavior:

  • Failing to investigate alerts on high-risk accounts where those accounts had been investigated previously, even when the new suspicious activity to which the bank had been alerted differed from the activity that it previously had investigated.
  • Having a policy of not investigating or filing SARs on cash withdrawals from branches near the Mexican border if the customer said they were withdrawing cash in the U.S., rather than carrying cash into the U.S. from Mexico, in order to avoid having to file a Report of International Transportation of Currency or Monetary Instruments (CMIR).
  • Capping the number of alerts from its transaction monitoring systems based on the number of staff available to review the alerts rather than on the risks posed by the transactions (and lying to regulators about it).
  • Failing to report the suspicious activities of a longtime customer despite having been warned that the customer was laundering the proceeds of an illegal and fraudulent scheme through accounts at the bank.
  • Failing to conduct necessary due diligence on foreign correspondent accounts.
  • A brokerage company failing to file SARs on transactions that showed signs of market manipulation.
  • A MSB’s failing to implement proper controls and discipline crooked agents because those agents were so profitable for the MSB, thereby enabling illegal schemes such as money laundering.

Although the behavior of these financial institutions may differ, the root causes of their failures do not. They include the following:

  • An inadequate, ineffective or non-existent risk assessment.
  • Elevating the business line over the compliance function.
  • Offering products or using new technologies without adequate controls in place.
  • Compliance programs that are not commensurate with the risks, often due to under investment in AML technology or other resources and/or lack of awareness of AML risks or controls.
  • Corporate silos, both human and technological, that prevent or hinder information sharing.
  • Insufficient screening of parties and relationships and lack of effective processes and controls around EDD.

So how can you ensure that your AML program is adequate? Here are some practical tips. Continue Reading Practical Tips for Ensuring Your AML Program Withstands the Scrutiny of Regulators

The Conference of State Bank Supervisors (CSBS) announced last week that seven states have agreed to a multi-state compact that, according to the CSBS, “standardizes key elements of the licensing process for money services businesses (MSB).”

The seven states consist of Georgia, Illinois, Kansas, Massachusetts, Tennessee, Texas and Washington.  The CSBS expects other states to join the compact.  Under the compact, if one participating state has reviewed key elements of a company’s operations in connection with the company’s application for money transmitter license (IT, cybersecurity, business plan, background check, and compliance with the federal Bank Secrecy Act), the other participating states will accept that state’s findings.

The CSBS describes the compact as “the first step among state regulators in moving towards an integrated, 50-state system of licensing and supervision for fintechs.”  It is expected to significantly streamline the MSB licensing process.

As we have blogged, 18 U.S.C. § 1960 makes it a crime to operate a money transmitter business without an appropriate license in a State, and/or without having registered with FinCEN as a MSB under 31 U.S.C. § 5330.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.

As the value of bitcoin continues to soar (USD:BTC this past weekend exceeded $19,000.00:1), we thought that now would be a good time to emphasize the need to ensure regulatory compliance with the many federal and state AML rules and regulations, in addition to those segmented across various countries. A caveat: This post is far from exhaustive, and before undertaking any investment in cryptocurrency, it would be wise to consult with an attorney familiar with the rules applicable to the cryptocurrency sector.  Due to the nascency of the sector, the practical application of previously existing laws and regulations is rapidly evolving.

To begin, the notion that bitcoin and other digital tokens represent a currency only for criminals has been dispelled. Indeed, there is no question that investment in cryptocurrencies is inherently lawful and increasingly commonplace.  In 2017 alone, investment in initial coin offerings, or token sales, has exceeded $1.5 billion; in a similar vein, the value of certain cryptocurrencies now exceeds a number of Fortune 50 companies.  Most recently, CBOE and CME, the world’s largest futures exchange, launched bitcoin futures contracts.

With this in mind, and as we have written on this blog before (see herehere, here, here, here, here, here, here, and here), it is clear that regulators are moving aggressively to bring the cryptocurrency sector into the fold of existing rules and regulations. To be sure, applying these rules to the burgeoning sector has been like fitting a square peg in a round hole; a bedrock of the initial cryptocurrency boom was the promise of anonymity for its users. Conversely, identity verification is a bedrock of AML compliance. Continue Reading Beyond Best Practices: Regulatory Compliance Now a Necessity in the Cryptocurrency Sector

It is a potential crime to conduct a business that exchanges virtual currency and fail to register with the Financial Crimes Enforcement Network (“FinCEN“), even if the State in which one operates does not impose a similar licensing requirement. A federal district court in Louisiana has reaffirmed this principle in United States v. Lord, in which the defendants unsuccessfully sought to withdraw their pleas of guilty to offenses based on a failure to register with FinCEN.

Law and Justice

The defendants are father and son. According to the court opinion, in 2013, they began to operate a bitcoin business through a website called localbitcoins.com, which advertised the services of other bitcoin exchangers. The defendants’ clients provided cash, credit card payments and wire transfers to the defendants to purchase bitcoins from a third-party online bitcoin broker on their client’s behalf, in exchange for commissions charged by the defendants. In the Spring of 2014, the third-party bitcoin broker warned the defendants that they were required to register with FinCEN because they were acting as virtual currency exchangers. Although the defendants allegedly misrepresented to the third-party online broker that they already had registered with FinCEN, the defendants did not actually register until November 2014. By that time, however, they already had exchanged more than $2.5 million worth of virtual currency. This registration delay was the basis of the charges relating to the defendants’ virtual currency business. Continue Reading Failure to Register with FINCEN Sustains Guilty Pleas by Virtual Currency Exchangers