As we previously blogged, a Florida law (Fla. Stat. § 655.0323, entitled “Unsafe and unsound practices”) which became effective July 1, 2024 prohibits federal and state depository institutions conducting business in the state from denying services based on religion or political beliefs and activities. Every year, financial institutions must attest to their compliance with the Florida law. When he signed the bill into law, Governor Ron DeSantis said, “We are not going to allow big banks to discriminate based on someone’s political or religious beliefs, and we will continue to fight back against indoctrination in education and the workplace.”

As we will discuss, the Florida law also prohibits a financial institution acting on the basis of “any factor if it is not a quantitative, impartial, and risk-based standard, including any such factor related to the person’s business sector[.]” This prohibition in particular creates a clear challenge for implementing an anti-money laundering/countering the financing of terrorism (“AML/CFT”) compliance program, which inherently involves subjective judgments and an assessment of the risk presented by a customer based on its line of business. The problematic implications of the Florida law did not go unnoticed by the U.S. Congress or the U.S. Department of the Treasury (“Treasury”).

Continue Reading  Three Members of Congress and U.S. Treasury Express Concerns that Florida Law Prohibiting Banks from Considering Customers’ Business Sectors or Political or Religious Beliefs Conflicts with Federal AML/CFT Requirements

Opinion Can Invite New Challenges to Long-Standing BSA/AML Regulations

On July 1, 2024, the Supreme Court issued its opinion in Corner Post, Inc. v Board of Governors of the Federal Reserve System in which the Court determined when a Section 702 claim under the Administrative Procedure Act (APA) to challenge a final agency action first accrues. In a 6-3 Opinion, the Supreme Court sided with Corner Post in holding that a right of action first accrues when the plaintiff has the right to assert it in court—and in the case of the APA, that is when the plaintiff is injured by final agency action.

This ruling could open the litigation floodgates for industry newcomers to challenge longstanding agency rules. These APA challenges will be further aided by the Supreme Court’s recent overruling of Chevron deference, giving the courts the power to interpret statutes without deferring to the agency’s interpretation.

This development is relevant to potential challenges to anti-money laundering (“AML”) regulations promulgated under the Bank Secrecy Act (“BSA”) or other statutory schemes by the Financial Crimes Enforcement Network, the federal functional regulators, the Securities Exchange Commission, and FINRA. Many BSA/AML regulations were promulgated many years ago. Historically, litigation challenges to BSA/AML regulations have been rare. Given the combined effect of recent rulings by the Supreme Court, that could change.

Continue Reading  Supreme Court Opens Door to More APA Challenges by Ruling that Right of Action Accrues When Regulation First Causes Injury

The Financial Crimes Enforcement Network (“FinCEN”) recently issued a Financial Trend Analysis (“Analysis”) focusing on patterns and trends identified in Bank Secrecy Act (“BSA”) data linked to Elder Financial Exploitation (“EFE”) involving scams or theft perpetrated against older adults.

The Analysis is a follow up to FinCEN’s June 2022 EFE Advisory (“2022 Advisory”). The Analysis reviews BSA reports filed between June 15, 2022 and June 15, 2023 that either used the key term referenced in the 2022 Advisory (“EFE FIN-2022-A002”) or checked “Elder Financial Exploitation” as a suspicious activity type.  In its 2022 Advisory, FinCEN warned financial institutions (“FIs”) about the rising trend of EFE, which FinCEN defines as “the illegal or improper use of an older adult’s funds, property, or assets, and is often perpetrated either through theft or scams.” The 2022 Advisory identified 12 “behavioral” and 12 “financial” red flags to help FIs detect, prevent, and report suspicious activity connected to EFE. Additionally, FinCEN recommended EFE victims file incident reports to the FBI’s Internet Crime Complaint Center (IC3) and the Federal Trade Commission. Consistent with a risk-based approach to BSA compliance, FinCEN encouraged FIs to perform additional due diligence where appropriate.

Continue Reading  FinCEN Issues Analysis of Increasing Elder Financial Exploitation

In February 2024, the Federal Deposit Insurance Corporation (FDIC) entered into consent orders (here and here) with two banks who partner with fintechs to offer “banking as a service” (BaaS) related to safety and soundness concerns relating to compliance with the Bank Secrecy Act (BSA), compliance with applicable laws, and third-party oversight. 

BaaS refers to arrangements in which banks integrate their banking products and services into the services of non-bank third-party distributors and the distributors deliver the integrated banking services directly to the customer.  A common example of BaaS is banks’ delivery of lending services through fintech partners’ digital platforms.  BaaS has gained popularity in recent years as the bank partner can generally roll out banking services to customers at a much faster pace and for lower costs than traditional banking products and services.

These two consent orders do not arise in a vacuum.  In June 2023, the FDIC, Federal Reserve Board, and Office of the Comptroller of the Currency released final interagency guidance for their respective supervised banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.  The guidance explained that supervisory reviews will evaluate risks and the effectiveness of risk management to determine whether activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations.  At that time, we noted that we expected increased regulatory attention to bank/fintech partnership programs like the BaaS relationships addressed here.  Although these FDIC consent orders did not specifically cite to the interagency guidance, the guidance presumably was used to support the third-party oversight criticisms in the supervisory examinations of the two banks.

Continue Reading  Recent FDIC Consent Orders Reflect Ongoing Scrutiny of Bank Relationships with Fintechs

The CFPB has issued a proposed rule to supervise nonbank companies that qualify as larger participants in a market for “general-use digital consumer payment applications.”  Comments on the proposal are due by January 8, 2024 or by the date that is 30 days after the proposal’s publication in the Federal Register, whichever is later.

The proposal is based on the CFPB’s authority to supervise nonbank entities considered to be “a larger participant of a market for other consumer financial products or services.”  It would cover providers of consumer financial products and services that are commonly referred to as “digital wallets,” “payment apps,” “funds transfer apps,” and “person-to-person or P2P payment apps.”

Continue Reading  CFPB Issues Proposal to Supervise Nonbank Providers of Digital Wallets and Payment Apps

A group of five Democratic Senators have sent a letter to the Federal Reserve, OCC, FDIC, and NCUA asking them to take several steps to protect consumers from scams when using Zelle to transfer money.

The Senators ask the four agencies “to closely review and examine the customer reimbursement and anti-money laundering (AML) practices of depository institutions that participate in the Zelle network.” They also ask the Federal Reserve and OCC “to examine Early Warning Services, Inc. (EWS), which operates the Zelle network, on an ongoing basis and for the four agencies “to coordinate their supervisory approach with the Consumer Financial Protection Bureau.”  The Senators note that the agencies have authority to supervise the banks that own and operate Zelle and the participating depository institutions for compliance “with key consumer protection and AML laws, including the Electronic Fund Transfer Act (EFTA) and the Bank Secrecy Act (BSA).”

Continue Reading  Democratic Senators Send Letter to Federal Banking Agencies Raising Concerns About Fraudulent Transactions