The Small Business Administration (“SBA”) recently issued a procedural notice (the “Notice”) to “All SBA Employees and Paycheck Protection Program Lenders” setting forth “Revised SBA Paycheck Protection Platform Procedures for Addressing Hold Codes on First Draw PPP Loans and Compliance Check Error Messages on First Draw PPP Loans and Second Draw PPP Loans.”  The Notice sets forth procedures Paycheck Protection Program (“PPP”) lenders must follow in approving First or Second Draw PPP loans under the 2021 Economic Aid Act.

PPP Experience To Date

As we discussed in a recent blog post, with the third round of PPP funding currently underway, the government, through SBA and the Financial Crimes Enforcement Network (“FinCEN”), has begun taking steps to clarify lender compliance obligations in implementing the PPP.  The onus of implementing the PPP has been on the private lenders participating in the program.  The SBA reiterates this responsibility in the Notice, emphasizing, “[u]nder the CARES Act, PPP Lenders are deemed to have delegated authority to make and approve PPP loans without prior SBA review.”

While lenders have been acting with this “delegated authority” since Spring 2020, they are only now beginning to operate with answers to how it can meet their compliance obligations under the Bank Secrecy Act (“BSA”) while quickly administering the PPP according to the parameters set forth in the CARES Act and subsequent SBA guidance.  And, with a new funding round opening nearly a year after the initial rounds, the government and private sector are both grappling with sifting through and processing relevant data accumulated through the first two funding rounds.

Under the CARES Act, PPP borrowers were originally limited to obtaining a single loan.  The Economic Aid Act changed that.  In addition to opening a new round of PPP lending to new borrowers – “First Draw” borrowers – the Economic Aid Act permitted prior borrowers to pursue a loan – “second Draw” PPP borrowers.  This expansion of the PPP program introduces lenders to a new category of borrowers: those that previously applied for and either did or did not (for whatever reason) receive a PPP loan.   What does this mean for lenders from a Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) perspective?  Information. Continue Reading New PPP Procedural Requirements Reflect Lenders’ Emerging AML Duties

The Occupational Health and Safety Administration (“OSHA”) now will investigate workers’ complaints of retaliation for reporting alleged money laundering and antitrust-related violations under new whistleblower statutes.  On February 19, 2021, the Department of Labor announced that OSHA would oversee whistleblower claims alleging retaliation under two laws – the Anti-Money Laundering Act of 2020 (“AMLA”) and the Criminal Antitrust Anti-Retaliation Act.

Under the AMLA, OSHA will investigate individual whistleblowers’ retaliation complaints for reporting money laundering-related violations to their superiors or the federal government; or for showing cause, testifying or participating in, or otherwise assisting an investigation or proceeding related to a violation of anti-money laundering (“AML”) laws.  As we have blogged, the AMLA’s amendment to the Bank Secrecy Act has expanded greatly the options for whistleblowers alleging AML violations, and potentially may create a wave of litigation and government actions, similar to what has occurred in the wake of the creation of the Dodd-Frank whistleblower program.  As we also have noted, the AMLA allows for whistleblowers to file a complaint with the U.S. Department of Labor (“DOL”) for any retaliatory action taken and, if they do not receive a decision within 180 days, bring the complaint to federal district court and seek a jury trial.  A successful whistleblower may be reinstated and potentially receive compensatory damages, double back pay, and reasonable attorneys’ fees.

Under the Criminal Antitrust Anti-Retaliation Act, OSHA will investigate individual whistleblowers’ complaints of retaliation for reporting criminal antitrust violations to their superiors or the federal government; or for showing cause, testifying or participating in, or otherwise assisting an investigation or proceeding related to antitrust law violations.

Whistleblower protection is typically not limited to just those who report actual violations. Rather, DOL and court precedent extends protection to whistleblowers’ reasonable but mistaken beliefs that the conduct reported violated relevant law. To take advantage of such protection, complainants must show that their beliefs that the conduct they reported violated a law were “objectively reasonable.”

Until OSHA issues interim final rules governing the new investigations, it will process whistleblower complaints related to these statutes using procedures under the Wendell H. Ford Aviation Investment and Reform Act for the 21st Century.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.  To learn more about Ballard Spahr’s Labor and Employment Group, please click here – and to check out HR Law Watch, the Labor and Employment Group’s blog, please click here.

Reunification of Korean Peninsula Memorial at the Entrance to Pyongyang

Related Money Laundering Case Relying on ATM Cash-Outs and BEC Schemes Also Unsealed

On February 17, the Department of Justice unsealed a sprawling indictment against three members of North Korea’s military intelligence agency – known as the Reconnaissance General Bureau – for their role in a series of brazen cyberattacks, bank thefts and cryptocurrency thefts around the world.  Notably, the indictment builds on charges filed in 2018 against one of the defendants for his alleged role, among others, in the cyberattack against Sony Pictures Entertainment, in apparent retaliation for the production and release of “The Interview,” a movie that depicted a fictional assassination of Kim Jong-un.  The indictment is a stark reminder of the fact that cyber-enabled financial crime and money laundering is an increasingly threat to financial institutions, other industries and the public at large.

The indictment alleges a variety of criminal schemes, including attempts to steal more than $1.2 billion from banks in such countries as Bangladesh, Taiwan and Vietnam, through the use of fraudulent SWIFT messages (one of these intrusions, into the Bank of Bangladesh, netted $81 million); the theft of tens of millions of dollars’ worth of cryptocurrency through the use of malware (the FBI, the Treasury Department and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency published a technical report about those applications, also on February 17); and an attempt to raise funds through an initial coin offering of the Ethereum-based “Marine Chain Token,” allegedly intended to assist North Korea in evading U.S. sanctions.

ATM Cash-Outs and BEC Schemes

A separate but related case, also unsealed on February 17 in the Central District of California, concerns Ghaleb Alaumary, a Canadian-American citizen who pleaded guilty for his role in a money laundering scheme involving, among other things, ATM “cash-out” operations for the benefit of North Korea.  ATM cash-outs involve the misuse of a bank’s computer systems that, simply put, allows a bad actor to dispense cash from that bank’s ATMs (last year, the FBI and Treasury Department  issued a joint advisory warning of such North Korean state-sponsored cash-out schemes).  In one instance involving Alaumary, an Indian bank was targeted, causing it to fraudulently dispense more than $16 million.  After obtaining funds through an ATM cash-out, co-conspirators were directed to launder the funds, among other means, through a series of wire transfers to separate bank accounts or the exchange of funds for cryptocurrency.

Alaumary’s money laundering efforts further relied on business email compromise (“BEC”) schemes, which involve targeting accounts of either financial institutions, or of entity customers of those institutions, and sending emails to induce transfer of either funds, or of data which can be used to access funds. An email account may be compromised either through a direct intrusion or an impersonation (“spoof”) of an account. The compromised account is then used to instruct other individuals within the company or at a financial institution to initiate a transfer of funds or data.  FinCEN issued a 2019 report, Manufacturing and Construction Top Targets for Business Email Compromise, focusing on the growing threat of BEC schemes.

According to the government, Alaumary attempted to locate bank accounts into which fraudulent funds could be deposited. If Alaumary himself did not have access to a bank account that could be used at the time to launder funds, he would ask one or more coconspirators for an account that could be used. If a bank account with a specific business name was required, the coconspirators would coordinate to open bank accounts that could receive fraudulently obtained funds. These coconspirators would attempt to make the business name look similar to the name of the company with which a victim company was corresponding about a business transaction, which made it more likely that the victim company would be tricked into fraudulently transferring the funds.

Alaumary also allegedly conspired with an individual named Ramon Olorunwa Abbas and others to “launder funds from a North Korean-perpetrated cyber-enabled heist from a Maltese bank in February 2019.”  In June 2020, the DOJ charged Abbas, a Nigerian national expelled from the United Arab Emirates to the United States, in a separate case alleging that he conspired to launder hundreds of millions of dollars from BEC frauds and other scams schemes targeting a U.S. law firm, a foreign bank and an English Premier League soccer club. Alaumary’s plea agreement reflects that he has been attempting to cooperate with the U.S. government in the investigation.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

With the third round of lending through the Paycheck Protection Program (“PPP”) in full swing, the Small Business Administration (“SBA”) – administrator of the PPP – has developed new guidance in consultation with the United States Department of the Treasury (“Treasury”).  The February 1, 2021 FAQs specifically address how lenders can meet some of their Bank Secrecy Act (“BSA”) obligations when issuing PPP loans.

As we previously blogged, the PPP, with its combination of size, scope and the limited time-frame for lenders to process and disburse loans pursuant to it, has created numerous compliance challenges for PPP lenders and presented significant enforcement risks, including future false claims act liability, compliance enforcement, state attorneys’ general investigations and private litigation.  At the root of those challenges and concerns is the question of how lenders can meet their anti-money laundering (“AML”) obligations under the BSA while administering a program designed to get money to as many recipients as possible as quickly as possible. Continue Reading FinCEN Issues PPP Lender Guidance

Bottom Line: Biden Administration May Revive FinCEN’s Proposed Rule For Investment Advisers

Unlike broker-dealers, investment advisers are not currently required to maintain anti-money laundering (“AML”)/counter-terrorist financing (“CTF”) compliance programs under the Bank Secrecy Act (“BSA”), or file Suspicious Activity Reports (“SARs”).  In 2015, during President Obama’s second term, the Financial Crimes Enforcement Network (“FinCEN”) proposed exactly such a rule for certain investment advisers.  Although FinCEN then never moved forward, the stars may be aligning for the implementation of a similar rule in the new Biden Administration.

Industry watchdog groups will push for this.  For example, after Biden’s victory in the 2020 election, the independent Financial Accountability & Corporate Transparency Coalition wrote a memorandum, asking him to “[f]inalize the proposed Obama-era rule requiring investment advisers to establish AML programs.”  Action on this front also would be generally consistent with the 2020 Examination Priorities issued by the SEC’s Office of Compliance Inspections and Examinations (OCIE), which stated that the OCIE will prioritize examining broker-dealers “for compliance with their AML obligations in order to assess, among other things, whether firms have established appropriate customer identification programs and whether they are satisfying their SAR filing obligations, conducting due diligence on customers, complying with beneficial ownership requirements, and conducting robust and timely independent tests of their AML programs.”  Moreover, the FBI’s concern over money laundering through private equity and hedge funds may increase the likelihood of the administration reviving some version of the 2015 proposed rule.  A leaked FBI Intelligence Bulletin from May 2020 stated that “threat actors[, or money launderers,] likely use the private placement of funds, including investments offered by hedge funds and private equity firms, to launder money, circumventing traditional” AML protections in place at other financial institutions already subject to such regulations.  According to its Intelligence Bulletin, the FBI made this assessment in “high confidence.” Continue Reading Investment Advisers May Be Subject to AML Regulations Under Revival of Proposed Rule

Revisions to BSA Will Inform Regulatory Examinations for Years to Come

Third Post in an Extended Series on Legislative Changes to BSA/AML Regulatory Regime

As we have blogged, the Anti-Money Laundering Act of 2020 (“AMLA”), contains major changes to the Bank Secrecy Act (“BSA”), coupled with other changes relating to money laundering, anti-money laundering (“AML”), counter-terrorism financing (“CTF”) and protecting the U.S. financial system against illicit foreign actors.  In this post, we focus on some fundamental changes set forth in the AMLA’s very first provision, entitled “Establishment of national exam and supervision priorities.”

This new provision sets forth broad language affecting basic principles underlying the BSA and AML/CTF compliance. Specifically, it revises and expands the stated purpose of the BSA; enumerates specific factors for regulators to consider when examining financial institutions’ AML program compliance; requires the Secretary of the Treasury to establish public priorities for AML/CTF policy; and expands the duties and powers (and responsibilities) of the Financial Crime Enforcement Network (“FinCEN”).  We discuss each of these changes in turn.

As always, future regulations will determine how these abstract statements of principle will be applied in practice.  Ultimately, however, these AMLA amendments acknowledge the reality that AML/CTF compliance has become much more complex and nuanced since the early days of the BSA, and is a critical component of the soundness of the global financial system. Continue Reading First Principles: AMLA Expands Stated Purpose of BSA and Exam Priorities

Case Highlights Confidentiality of BSA Reporting and Continued Focus on Real Estate as Money Laundering Tool

The Northern District of California granted summary judgment to the Financial Crimes Enforcement Network (“FinCEN”) in a Freedom of Information Act (“FOIA”) case pertaining to an attempt by a group of investigative journalists to obtain information reported to FinCEN on the beneficial owners of high-end real estate.  This case clearly indicates that the Bank Secrecy Act (“BSA”) will continue to prevent efforts by journalists to seek, via FOIA, sensitive and protected information reported to FinCEN.  Of course, and as the world has witnessed, journalists still can turn to leaks and data hacks to obtain and distribute such information.  This case also reminds us that the use of real estate as a potential vehicle for money laundering remains a hot topic not only for regulators and enforcement personnel, but also for journalists and watchdog groups.

In The Center for Investigative Reporting, et al. v. United States Department of the Treasury, the Court held that FinCEN was not required to produce documents indicating the “real human owners” of residential real estate purchased with cash that had been requested by The Center for Investigative Reporting (“CIR”).  The Court’s ruling – affirming the confidentiality protections that are critical to the effectiveness of financial institution reporting under BSA – comes at pivotal moment, as journalistic agencies such as the International Consortium of Investigative Journalists (“ICIJ”) and BuzzFeed News reported less than six months ago on leaked documents referred to as the “FinCEN Files,” describing alleged transactions valued at over $2 trillion U.S. dollars and reported by financial institutions to FinCEN through Suspicious Activity Reports (“SARs”). Under the BSA, it is illegal to reveal the decision to file or not file a SAR to the subject of the SAR.  The ICIJ also played a key role in the release of the notorious Panama Papers, which detailed an alleged web of international money laundering and tax evasion obtained through a massive data leak. Continue Reading Investigative Journalists Lose FOIA Bid to Obtain GTO Info Reported to FinCEN

SARs Do Not Need to Be Filed At the First Sign of Potential Problems

Honoring “Keep Open” Letters from Law Enforcement Should Not Lead to Criticism

On January 19, 2021, the Financial Crimes Enforcement Network (FinCEN), along with the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, and the National Credit Union Administration jointly published Answers to Frequently Asked Questions Regarding Suspicious Activity Reporting and Other Anti-Money Laundering Considerations.  The agencies provided answers to certain frequently asked questions (FAQs) in an effort to (1) clarify for financial institutions the regulatory requirements related to Suspicious Activity Reports (SARs) that they must comply with; and (2) help financial institutions focus their resources on Bank Secrecy Act (BSA) reporting activities that provide the most value to law enforcement.

The banking agencies developed these FAQs in response to recommendations made by the Bank Secrecy Act Advisory Group, which are detailed in FinCEN’s Advance Notice of Proposed Rulemaking on Anti-Money Laundering Program Effectiveness published in September 2020.  Notably, the FAQs do not change existing legal obligations or create new regulatory requirements.  Instead, they address several questions that have emerged among anti-money laundering compliance personnel.  Generally, they are helpful and make clear that a decision to file a SAR in a particular case is driven by specific circumstances and good judgment, rather than a rigid “check the box” mentality. Continue Reading FinCEN and Other Federal Banking Agencies Provide Much-Needed Guidance on Suspicious Activity Reports

The AMLA Creates a Significant New Source of Risk for Financial Institutions

Second Blog Post in an Extended Series on Legislative Changes to the BSA/AML Regulatory Regime

As we have blogged, the Anti-Money Laundering Act of 2020 (the “Act”) (part of the National Defense Authorization Act (“NDAA”), passed on January 2, 2021), represents a historic overhaul of the Bank Secrecy Act (“BSA”).  One of the most important changes – and certainly one that has attracted great attention by the media and commentators – is Section 6314 of the NDAA, entitled “Updating whistleblower incentives and protections.” The Act’s expanded whistleblower provision is modeled after the Dodd-Frank Act’s whistleblower provisions, and seeks to follow in Dodd-Frank’s footsteps.  But, there are some key differences between the Act and Dodd-Frank.  The Act also creates a more limited whistleblower program specifically pertaining to foreign corruption.

Aside from expanding the potential monetary rewards, the most significant aspect of the Act is that it explicitly invites internal compliance officers of financial institutions to use the information obtained through their compliance functions in order to pursue a whistleblower reward. This provision highlights the tension between individuals and institutions, and increases the pressure on financial institutions to comply with the law, take whistleblowers seriously, and be ready to deal with employees who purport to be whistleblowers but may be pursuing their own agenda. It also is a prudent time for financial institutions to review their internal complaint procedures and assess whether any changes are warranted given this new development. Continue Reading AMLA Adds Robust New Whistleblower Provisions for Anti-Money Laundering Violations

The Comptroller of the Currency (the “OCC”) has been busy, and focused on technology.  We discuss two recent developments: proposed regulations that would allow the OCC to grant exemptions relating to Suspicious Acivity Reports (“SARs”), and the OCC’s announcement that national banks and federal savings associations may employ both independent node verification networks (“INVNs”) and stablecoins to perform banking functions.

SAR Filing Exemptions

In late December, the OCC proposed new regulations to amend the “Suspicious Activity Report regulations to allow the OCC to issue exemptions . . . for national banks or federal savings associations that develop innovative solutions intended to meet Bank Secrecy Act requirements more efficiently and effectively.” While the Financial Crimes Enforcement Network (“FinCEN”) has long held the power to grant exemptions, the OCC does not possess equivalent authority. “As financial technology and innovation” rapidly evolve in monitoring and reporting financial crime, the OCC has determined it must create a flexible regulatory mechanism to keep pace. Continue Reading The OCC Embraces Technology, Proposes Exemption to SAR Requirements and Announces Acceptance of Distributed Ledgers and Stablecoins