daversaa@ballardspahr.com | 215.864.8113 | view full bio

Andrew focuses his practice on white collar defense. He has experience in matters involving the criminal money laundering statutes and the application of federal and state AML regulations, including as to virtual currency and related products. Andrew maintains an active pro bono practice working with the Pennsylvania Innocence Project.

The Comptroller of the Currency (the “OCC”) has been busy, and focused on technology.  We discuss two recent developments: proposed regulations that would allow the OCC to grant exemptions relating to Suspicious Acivity Reports (“SARs”), and the OCC’s announcement that national banks and federal savings associations may employ both independent node verification networks (“INVNs”) and stablecoins to perform banking functions.

SAR Filing Exemptions

In late December, the OCC proposed new regulations to amend the “Suspicious Activity Report regulations to allow the OCC to issue exemptions . . . for national banks or federal savings associations that develop innovative solutions intended to meet Bank Secrecy Act requirements more efficiently and effectively.” While the Financial Crimes Enforcement Network (“FinCEN”) has long held the power to grant exemptions, the OCC does not possess equivalent authority. “As financial technology and innovation” rapidly evolve in monitoring and reporting financial crime, the OCC has determined it must create a flexible regulatory mechanism to keep pace.
Continue Reading  The OCC Embraces Technology, Proposes Exemption to SAR Requirements and Announces Acceptance of Distributed Ledgers and Stablecoins

Farewell to 2020.  Although it was an extremely difficult year, let’s still look back — because 2020 was yet another busy year in the world of money laundering and BSA/AML compliance.

We are highlighting 12 of our most-read blog posts from 2020, which address many of the key issues we’ve examined during the past year

On November 5, 2020, the Council of the European Union approved a new action plan to strengthen anti-money laundering and combatting terrorism financing across the EU. The Action Plan, “an Action Plan for a comprehensive Union policy on preventing money laundering and terrorist financing,” appears to be motivated by the perceived failures in preventing the Danske Bank scandal (which we’ve blogged about here, and more generally, here, here, here, here, here, and here). In light of “[m]ajor divergences” and “serious weaknesses” in enforcement, it appears the Council believes the EU’s “anti-money laundering and countering the financing of terrorism” framework (“AML/CFT framework”) “needs to be significantly improved.” As we have blogged, the EU historically has issued numerous reports identifying systemic vulnerabilities to money laundering and suggesting process-based recommendations for how to address such threats. These recommendations typically have not addressed a basic issue: the actual prosecution of bad actors.

This new Action Plan contains some teeth. If its legislative proposals are enacted and implemented, it would allow the EU to close cross-border loopholes, update its rulebook, and strengthen the implementation and enforcement of the AML/CFT framework through EU-level supervision. Even if the more ambitious proposals do not pass legislative scrutiny, the Action Plan shows the EU is keenly focused on combatting the threat of cross-border money laundering and that it has many tools available at its disposal, some of which it is already using. Unified and coordinated implementation of the AML/CFT framework coupled with increased information sharing between members and between public and private partners should aid detection and enforcement efforts across the EU.
Continue Reading  Council of the European Union Unveils Ambitious New AML Action Plan

October is National Cybersecurity Awareness Month, and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and Office of Foreign Assets Control (“OFAC”) kicked off the month by issuing two advisories that aim to increase cybersecurity awareness, assist financial institutions in detecting and reporting ransomware activity, and highlight potential sanctions risks for facilitating ransomware payments.

The FinCEN and OFAC advisories signal the seriousness with which the Department of Treasury treats the threat of cybercriminals and ransomware attacks. Both FinCEN and OFAC have now squarely placed an obligation on financial institutions and other payment intermediaries to put procedures in place to detect ransomware payments and to restrict payments to blocked individuals. It appears FinCEN and OFAC want to make sure cybercrime does not pay by cutting off cybercriminals’ access into the financial system.

While both FinCEN and OFAC have offered guidance to financial institutions formulating policies and procedures for deciding whether to process or report payment requests that may be connected to ransomware attacks, OFAC has also offered a warning: facilitating ransomware payments may lead to an enforcement action and civil penalties. Given the growing national security concerns associated with ransomware attacks, the advisories rightly encourage financial institutions and other payment intermediaries that facilitate ransomware payments to share information via Suspicious Activity Reports (“SARs”) and to fully cooperate with law enforcement during and after ransomware attacks.
Continue Reading  FinCEN and OFAC Advisories Aim to Increase Cybersecurity Awareness and Thwart Ransomware Attacks in the Financial Sector

New York State Encourages Banking for State-Licensed Medical Marijuana Businesses – Whereas a Maine Company Runs Into Trouble, Despite State Law Legalizing Medical Marijuana

To state the obvious, growing and dispensing marijuana is still illegal under federal law.  As a result, being involved in even a state-licensed marijuana business can be risky. Moreover, obtaining financial services for such a business is sometimes impossible, primarily due to the federal anti-money laundering (“AML”) obligations imposed upon financial institutions by the Bank Secrecy Act (as we have blogged).

This post discusses two recent developments related to state-licensed medical marijuana operations, which serve as contrasting bookends to the spectrum of potential risks and opportunities presented by such businesses.  On the risk-end of the spectrum, we discuss the recent difficulties encountered by a Maine business, and how dubious the seeming safe harbor of state legalization of marijuana can be in some cases. On the opportunity-end of the spectrum, we discuss recent guidance issued by the New York Department of Financial Services, which has declared its support and encouragement of state-chartered banks and credit unions to offer banking services to medical marijuana related businesses licensed by New York State.
Continue Reading  The Medical Marijuana Industry and AML: Opportunities and Risks

The U.S. Department of Justice (“DOJ”) announced last week that it was disbanding the Financial Fraud Enforcement Task Force, established under the Obama Administration. In its place, pursuant to an Executive Order, the DOJ plans to establish the Task Force on Market Integrity and Consumer Fraud (“Task Force”). The purpose—according to a DOJ press

Bank’s Alleged “Tick Box” Approach Failed to Attain Substantive AML Compliance

Late last week, the Financial Conduct Authority (“FCA”), the United Kingdom’s financial services regulator, imposed a $1.2 million (896,100 pound) fine on the UK division of India’s Canara Bank, an Indian state-owned bank, and ordered a moratorium on new deposits for nearly five months.  The cause—according to Reuters—was Canara’s systemic anti-money laundering (“AML”) failures.

A 44-page final notice published by the FCA explains the multi-year regulatory process that led to a finding of systemic failures and the imposition of penalties.  The FCA’s investigation began in late 2012 and early 2013 with assessments of Canara’s AML systems.  Upon inspection, the FCA “notified Canara of a number of serious weaknesses in its AML systems and controls.”  After promises of remedial action by Canara, an April 2015 visit revealed that the AML systems had not been fixed.  The investigation ended with a final report from a “skilled person,” an expert brought in by the FCA to assess Canara’s AML policies and procedures, completed in January 2016.  Settlement followed, resulting in sanctions and the FCA’s published final notice.

These three visits from the FCA generated a laundry list of Canara’s AML shortcomings.  This enforcement action reflects three main take-aways: (i) the potential risks faced by banks operating in foreign countries in which they have limited AML experience; (ii) the need for swift remedial action after the first examination finding AML deficiencies; and (iii) the need for a substantive AML policy implemented in a substantive way, rather than through a rote reliance on AML-related checklists.
Continue Reading  Canara Bank of India Fined $1.2 Million by UK Regulators for Systemic AML Failures

Last week, President Donald Trump issued an Executive Order banning “all transactions” and “dealings” by any individual or entity in the United States that involve “any digital currency, digital coin, or digital token” issued by Venezuela.  This Executive Order was instituted just under a month after President Nicholas Maduro launched the pre-sale of “petro,” a cryptocurrency backed by the Venezuelan government’s crude oil reserves.  Since its inception, the petro has been met with deep skepticism by both the market and the Venezuelan legislature, but President Maduro—through petro’s official website—claims it has raised over $735 million in its pre-sale.  The opposition in the Venezuelan legislature has denounced petro as an illegal issuance of debt.

We previously have blogged about alleged money-laundering violations by Venezuelan oilmen and OFAC’s designation of the Vice President of Venezuela as a Specially Designated Narcotics Trafficker.  This is only the most recent in a long line of sanctions targeting the Venezuelan government and its state-controlled oil industry.

On the back of this new Executive Order, the Office of Foreign Assets Control (“OFAC”) has issued new FAQs relating to virtual currency, both to regulate the petro and assert its power in the virtual currency space.  As one might suspect, OFAC has decided to treat virtual currency in the same way it treats fiat currency and other property: if the individual is on Specially Designated Nationals (“SDN”) list, transactions are barred no matter what form of currency is used.  If a United States citizen or entity is involved, or is otherwise subject to United States jurisdiction, they “are responsible for ensuring that they do not engage in unauthorized transactions prohibited by OFAC sanctions.”  The OFAC FAQs specifically request “technology companies; administrators, exchangers, and users of digital currencies; and other payment processors” to develop compliance plans.  Obviously, these compliance plans would have to take into account blockchain and virtual currency technology that is constantly evolving.
Continue Reading  U.S. Bans Venezuela’s Oil-Backed Virtual Currency, “Petro,” and Announces Plans to Publish SDNs’ Virtual Currency Addresses

As we previously have blogged, the Financial Crimes Enforcement Network (“FinCEN”) became one of the first regulators to wade into the regulation of cryptocurrency when it released interpretive guidance in March 2013 stating that an administrator or exchanger of virtual currency is a Money Services Business (“MSB”). As a MSB, and according to FinCEN, an administrator or exchanger of virtual currency therefore is a “financial institution” subject to the Bank Secrecy Act (“BSA”) and its various AML-related requirements, unless a limitation or exemption applies.  Accordingly, the Department of Justice has prosecuted operators of cryptocurrency exchanges for a failure to register with FinCEN as a MSB, and FinCEN has brought civil enforcement proceedings against such exchanges for alleged failures to maintain adequate AML programs and file required Suspicious Activity Reports (“SARS”), among other alleged BSA violations.

Recently, regulators of all stripes across the globe have been moving swiftly to regulate cryptocurrency in various ways (see herehere, here, here, here, here, here, here, and here). Indeed, the Securities and Exchange Commission (“SEC”) has been very vocal and aggressive in claiming that many if not all Initial Coin Offerings (“ICOs”) involving cryptocurrency represent securities subject to the jurisdiction and supervision of the SEC, and already has filed several enforcement proceedings involving ICOs. Moreover the SEC just yesterday issued a statement that it considers exchanges for cryptocurrency to also be subject to its jurisdiction. Likewise, the U.S. Commodity Futures Trading Commission (“CFTC”) has asserted that cryptocurrencies are commodities subject to its jurisdiction; this week, a federal court agreed with this assertion in a CFTC enforcement action.  The CFTC claims that its jurisdiction reaches beyond cryptocurrency derivative products to fraud and manipulation in the underlying cryptocurrency spot markets.

But there is a potential problem with all of these regulators simultaneously rushing in to assert their respective power over cryptocurrency businesses, and it is a tension that does not seem to have attracted much public attention to date. Specifically, BSA regulations pertaining to the definition of a MSB, at 31 C.F.R. § 1010.100(ff)(8)(ii), flatly state that a MSB does not include the following:

A person registered with, and functionally regulated or examined by, the SEC or the CFTC, or a foreign financial agency that engages in financial activities that, if conducted in the United States, would require the foreign financial agency to be registered with the SEC or CFTC[.]

How can certain cryptocurrency businesses be subject to the claimed jurisdictions of FinCEN as well as the recent regulatory newcomers to this area, the SEC and the CFTC?
Continue Reading  FinCEN Letter to U.S. Senate Committee on Finance Purports to Thread Needle of Potentially Competing Jurisdictions by Regulators over Cryptocurrencies

Second Post in a Two-Part Series

As we blogged earlier this week, Congress is considering a new draft bill, the Counter Terrorism and Illicit Finance Act (“CTIFA”), in committee in the Senate.  The CTIFA proposes the most substantial overhaul to the Bank Secrecy Act (“BSA”) since the PATRIOT Act.

We previously discussed CTIFA’s proposed requirement for legal entities to submit to FinCEN a list their beneficial owners (“BOs”) and the creation of a central directory of these BOs. Today, we discuss CTIFA’s many other major proposed revisions to the BSA. These include:

  • Raising the minimum monetary thresholds for filing Currency Transaction Reports (“CTRs”) and Suspicious Activity Reports (“SARs”), and requiring a review of how those filing requirements could be streamlined;
  • Expanding the prohibition against disclosing SAR-related information to third parties, including in private litigation;
  • Codifying absolute civil immunity for SAR filing;
  • Expanding the scope of voluntary information sharing among financial institutions;
  • Allowing FinCEN to issue no-action letters; and
  • A grab-bag of other proposals, including a safe harbor for AML-related technological innovation; requiring a review of whether FinCEN should assume a greater role in AML/BSA examinations of financial institutions; requiring a review of the costs to the private sector for AML/BSA compliance; and requiring an annual report to the Secretary of the Treasury (“the Secretary”) regarding the usefulness of BSA reporting to law enforcement.


Continue Reading  Congress Contemplates Broad AML/BSA Reform