Fourth Post in an Extended Series on Legislative Changes to BSA/AML Regulatory Regime
As we have blogged, the Anti-Money Laundering Act of 2020 (“AMLA”), contains major changes to the Bank Secrecy Act (“BSA”), coupled with other changes relating to money laundering, anti-money laundering (“AML”), counter-terrorism financing (“CTF”) and protecting the U.S. financial system against illicit foreign actors. In this post, we explore the AMLA’s significant expansion of the U.S. government’s authority to subpoena information from foreign financial institutions that maintain correspondent banking relationships with U.S. banks.
Correspondent banking is the primary way foreign financial institutions (or “respondent banks”) gain access to the U.S. financial system. By establishing a correspondent bank account, the U.S. bank may receive deposits from, or make payments or other disbursements on behalf of the respondent bank, or to handle other financial transactions related to the respondent bank. Correspondent bank accounts allow respondent banks to conduct business in the U.S. without expanding their physical footprint, and are crucial to international finance and trade.
Correspondent banking, however, has been scrutinized for its susceptibility to money laundering risks. The BSA/AML Examination Manual of the Federal Financial Institutions Examination Council (“FFIEC”) has noted that these accounts may present risk in part due to the large dollar amounts flowing through them. This coupled with the opacity of the respondent bank’s customers leads to concerns regarding transaction “layering” and ultimately the concealment of illicit funds. Nor can U.S. banks rely totally on the respondent bank to conduct due diligence on their own customers and maintain a robust AML/CFT program. Indeed, some respondent banks are located in jurisdictions that are not subject to the same or similar AML regulatory guidelines as the U.S.
U.S. banks subject correspondent bank accounts to special AML compliance practices, including assessing and applying risk assessments to each correspondent account and ensuring that enhance due diligence (“EDD”) was performed according to the risk assessment of the account. And as the Financial Action Task Force (“FATF”) reminds us, “simplified CDD measures are never appropriate in the cross-border correspondent banking context . . . .” In practice, this means banks should assess the respondent bank’s AML/CFT controls and systems. Ongoing due diligence should be conducted on the banking relationship in order to detect any changes to the respondent institution’s transaction pattern, changes in authorized users or activity that may indicate suspicious or unusual activity. U.S. banks must also determine whether or not the respondent bank maintains other correspondent accounts for other foreign banks using the institution’s correspondent account. U.S. banks also have certain recordkeeping requirements – currently, they must maintain records in the U.S. identifying the owners of each foreign bank. U.S. banks are encouraged to use a “certification process” developed by Treasury to comply with these recordkeeping obligations. The one requirement U.S. banks need not perform is due diligence on the respondent bank’s actual customers. FinCEN recently has requested comment specifically on the regulatory burden these obligations. This request for comment suggests that future, more expansive regulations are possible.
Subpoenas and Limitations
The Patriot Act of 2001, through 31 U.S.C. § 5318(k)(3), allowed DOJ and the Department of Treasury to issue subpoenas to non-U.S. banks with correspondent accounts in the U.S. This power was limited to records related to the correspondent account, itself, but included those records maintained outside the U.S. Under this regime, respondent banks were spared discovery of their other bank accounts. The AMLA significantly expanded the U.S. government’s subpoena power. In addition to gathering records related to the correspondent account, the AMLA now allows the DOJ and Treasury to subpoena records of “any account at the foreign bank.” DOJ and Treasury is “limited” only insofar as they can show that the records are the subject of an investigation into violations of the BSA or any U.S. criminal law, a civil forfeiture action, or an investigation pursuant to 31 U.S.C. § 5318A (which pertains to jurisdictions, financial institutions, accounts, and transactions “of primary money laundering concern”). To facilitate the investigatory process, the AMLA requires any covered U.S. financial institution that maintains a correspondent account in the U.S. for a foreign bank to maintain records reflecting the beneficial owners of the foreign bank, and the name and address of a person in the U.S. who is authorized to accept service of legal process for requested records.
Respondent banks are prohibited from notifying the non-U.S. bank’s customers or any person named in the subpoena of its existence or contents. Doing so, along with the failure to comply with the same, carries heavy penalties and fines. Failure to comply with a subpoena is also subject to civil contempt and a civil penalty of up to $50,000 per day that the foreign bank fails to comply.
The AMLA contemplates a process for respondent banks to seek to quash or modify the subpoena. The respondent bank may seek reprieve through a federal district court in the district where the investigation is pending, but cannot rely on jurisdictional privacy laws as the “sole basis” to resist the production of records. With this process, the AMLA has thrust the question of subpoena enforcement into the arms of the judiciary. And we expect to see courts grappling with foreign privacy laws and what other bases in addition to privacy laws may suffice to justify quashing the subpoena.
Moreover, the heightened scrutiny on these accounts may result in significant de-risking by U.S. banks of their foreign financial institutions relationships. And this is so despite the fact that, as we previously have blogged, the AMLA amended 31 U.S.C. § 5318(h), entitled “Anti-Money Laundering Programs,” to include several factors for regulators to consider when supervising and examining compliance with AML program requirements – including the goal of extending “financial services to the underbanked and the facilitation of financial transactions, including remittances, coming from the United States and abroad in ways that simultaneously prevent criminal persons from abusing formal or informal financial services networks.” This factor clearly grapples with the issue of de-risking and comes down on the side of urging banks not to do so; but if the DOJ and Treasury make swift and aggressive use of their new powers, U.S. banks may be hard pressed not to begin re-evaluating some of their respondent bank relationships.