Kaley Schafer |schaferk@ballardspahr.com | 202 777.6990 | view full bio

Kaley has a background in regulatory compliance and counsels on BSA/AML requirements, as well as other federal consumer financial regulations.  Prior to her role at Ballard Spahr, Kaley served as Director of Regulatory Compliance at the National Association of Federally-Insured Credit Unions, where she led the regulatory compliance team in developing new compliance materials and tools for NAFCU members, including as to BSA/AML issues.

The Financial Crimes Enforcement Network (“FinCEN”) has published a Small Entity Compliance Guide (the “Guide”) for beneficial ownership information (“BOI”) reporting under the Corporate Transparency Act (“CTA”), as well as updated FAQs regarding CTA compliance.

The Guide contains six chapters and an appendix. It is 56 pages long. It appears to be useful to its apparent target audience, which is small businesses confronting relatively simple issues under the CTA. The Guide is relatively clear, simply-worded and contains helpful infographics. However, what neither the Guide nor the updated FAQs does is provide any real insights into how to interpret the BOI reporting regulations. Rather, they reiterate the existing BOI regulatory requirements. Thus, anyone looking for insights into nuanced CTA issues will be disappointed.

The CTA takes effect on January 1, 2024. On that date, FinCEN needs to have implemented a working data base to accept millions of reports by newly-formed companies required to report BOI under the CTA, as well as reports by the even greater population of existing reporting companies, which must report their BOI by January 1, 2025. This is a logistically daunting task, because FinCEN estimates that over 30 million entities will need to register by the 2025 date. Perhaps one of the most interesting things about the Guidance is that it clearly asserts that the January 1, 2024 date is good, and that the CTA BOI database will be functioning by then.

That claim is debatable. FinCEN still needs to issue important and basic regulations implementing the CTA, including final rules regarding access to the data base, and proposed rules regarding how the existing Customer Due Diligence (“CDD”) Rule applicable to banks and other financial institutions might be amended – and presumably, expanded – to align with the different and often broader requirements of the CTA. Further, FinCEN’s notice and request for comment regarding FinCEN’s proposed form to collect and report BOI to FinCEN was criticized roundly. Given the backlash, FinCEN now is revising the proposed reporting form.

Similarly, on June 7, 2023 four members of the U.S. House of Representatives (the Chairpersons of the House Committee on Financial Services; the House Committee on Small Business; the House Subcommittee on  National Security, Illicit Finance, and International Financial Institutions; and the House Subcommittee on Financial Services and General Government) sent a letter directed to Janet Yellen, Secretary of the Treasury, and Himamauli Das, Former Acting Director of FinCEN, regarding the status of the implementation of the CTA. The letter, fairly or not, stresses the need for transparency by FinCEN, and implies that January 1, 2024 may not be a viable date.

The fact that FinCEN devoted its limited resources to producing a 56-page publication which repeats but does not explicate current regulatory requirements for BOI reporting is unusual, given FinCEN’s many other pressing demands – such as finishing the rest of the regulations under the CTA. However, it is possible that the Guide is a reaction to demands placed upon FinCEN by certain members of Congress, who are pushing for clarity for affected businesses.

Continue Reading  FinCEN Issues Small Entity Compliance Guide for Corporate Transparency Act

On September 8, 2023, the Financial Crimes Enforcement Network (“FinCEN”) released an alert regarding a notorious virtual currency scam called “pig butchering,” because, unfortunately, it resembles the “fattening a hog before slaughter.” These scams are primarily perpetrated by criminal organizations in Southeast Asia where these scams are also called “Sha Zhu Pan.”

The unwitting victims are the so-called “pigs,” who, according to various U.S. law enforcement sources, have lost billions of dollars to this scam. Unfortunately, some victims have liquidated tax-advantaged accounts or taken out home equity lines of credit or second mortgages to purchase virtual currency, as part of falling victim to these scams. The alert highlights that pig butchering is linked to fraud and cybercrime, two of FinCEN’s stated national priorities.

As we discuss, FinCEN’s alert provides 15 “red flags” for financial institutions (“FIs”) to consider when attempting to detect, prevent and report potential suspicious activity relating to such scams.  These “red flags” may serve not only to put FIs on guard for potential Suspicious Activity Report (“SAR”) filings under the Bank Secrecy Act (“BSA”), but they also may serve as considerations for FIs to try to detect and stop such activity, in order to cut off potential related civil suits by victim customers who may blame a FI for purportedly “allowing” the scam to occur.

Continue Reading  “Pig Butchering”: FinCEN Issues Alert on Virtual Currency Scam

Without much fanfare, the Financial Crimes Enforcement Network (FinCEN) published in June its Spring 2023 Rulemaking Agenda, which provides proposed timelines for upcoming key rulemakings projected throughout the rest of 2023.  FinCEN continues to focus on issuing rulemakings required by the Anti-Money Laundering Act of 2020 (the “AML Act”) and the Corporate Transparency Act (“CTA”).  FinCEN has been criticized for being slow in issuing regulations under the AML Act and the CTA, but Congress has imposed many obligations upon FinCEN, which still is a relatively small organization with a limited budget.

Continue Reading  FinCEN Provides Key Updates on Rulemaking Agenda Timeline

On March 30, 3023, the Financial Crimes Enforcement Network (FinCEN) issued a Financial Trend Analysis focusing on business email compromise (BEC) trends and patterns in the real estate sector (referred to as “RE BEC”). The report is required under Section 6206 of the Anti-Money Laundering Act of 2020 (AMLA). This section of AMLA requires FinCEN

On January 25, the Financial Crimes Enforcement Network (“FinCEN”) issued an “Alert on Potential U.S. Commercial Real Estate Investments by Sanctioned Russian Elites, Oligarchs, and Their Proxies” (the “Alert”).  The Alert defines “commercial real estate,” which the Alert refers to as “CRE,” as “property that is used for investment or income-generating purposes rather than as a residence by the owner.”  The Alert “specifically highlights sanctions evasion-related vulnerabilities in the CRE sector and is based on a review of Bank Secrecy Act (BSA) reporting indicating that sanctioned Russian elites and their proxies may exploit them to evade sanctions.”

The Alert seeks to assist financial institutions with identifying potential sanctions evasion activity in the CRE sector by providing potential red flags and typologies related to this activity.  As we discuss, the Alert also may represent a step towards BSA regulations for the CRE sector.

Continue Reading  Russia Sanctions Evasion and Commercial Real Estate: An Alert

Factual Statement Is a Tale of Whistleblowing, High-Risk Customers, and Misleading U.S. Banks

Earlier this month, Danske Bank was sentenced in the Southern District of New York to three years of probation and forfeiture of $2.059 billion.  The sentencing capped a tumultuous and global scandal that became public several years ago, as the enormous scope of the bank’s anti-money laundering (“AML”) compliance problems emerge:  several hundred billion in suspicious transactions allegedly were processed over time at the bank’s former Estonian branch.  As a result of the sentencing, Danske Bank was ordered to make an actual payment of $1,209,062,646; the bank received credit for the rest of the forfeiture amount on the basis of a $178.6 million payment to the Securities and Exchange Commission and a $672.3 million payment to Denmark authorities.

Danske Bank was charged not with violating the Bank Secrecy Act (“BSA”), but rather with bank fraud.  According to the press release issued in December 2022  by the Department of Justice (“DOJ”) at the time of the bank’s plea, the bank had “defrauded U.S. banks regarding Danske Bank Estonia’s customers and [AML] controls to facilitate access to the U.S. financial system for Danske Bank Estonia’s high-risk customers, who resided outside of Estonia – including in Russia.”  The DOJ’s choice to charge bank fraud presumably was predicated upon issues relating to U.S. jurisdiction and the actual applicability of the BSA to Danske Bank and activities in Estonia – but the heart of the criminal case is that Danske Bank allegedly hid its own AML failures from three U.S. banks, thereby thwarting the U.S. banks’ own AML programs and compliance with the BSA.

The plea agreement contains a lengthy statement of facts full of eye-catching allegations.  As we describe, it sets forth a tale of intentional and sometimes brazen misconduct by Estonian branch employees, coupled with lax oversight and implicit approval, or at least tolerance, of such conduct by some people in upper management.  Further, it involves another example of a financial institution, in the eyes of law enforcement and regulators, over-valuing profit and under-valuing compliance systems.  The case also highlights, again, the potential risks associated with correspondent bank accounts held by non-U.S. banks, the importance of having fully integrated and coordinated monitoring systems, and the potential role of whistleblowers.

Finally, this saga is not necessarily over entirely.  Danske Bank is subject to three years of probation.  The plea agreement requires numerous compliance commitments by the bank, including signed certificates of compliance and self-reporting of potential AML failures.  Danske Bank’s troubles also have involved lawsuits brought by investors claiming to have been defrauded, although the bank has had success in fending off these actions (see here, here and here).

Continue Reading  SDNY Sentences Danske Bank in Massive AML Scandal

Farewell to 2022, and welcome 2023.  As we do every year, let’s look back.

We highlight 12 of our most-read blog posts from 2022, which address many of the key issues we’ve examined during the past year: the Corporate Transparency Act (“CTA”) and beneficial ownership reporting; sanctions — particularly sanctions involving Russia; cryptocurrency and digital

On July 6, the Financial Crimes Enforcement Network (“FinCEN”), The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively, “the Agencies”) issued a Joint Statement to “remind” banks that they, of course, should apply a risk-based approach to assessing customer relationships and conducting customer due diligence (“CDD”).

The Joint Statement appears to echo FinCEN’s June 22 Statement on Bank Secrecy Act Due Diligence for Independent ATM Owners or Operators (“ATM Statement”), in which FinCEN also “reminded” banks that “that not all independent ATM owner or operator customers pose the same level of money laundering, terrorist financing (ML/TF), or other illicit financial activity risk, and not all independent ATM owner or operator customers are automatically higher risk.”

Combined – and although generally worded – these publications appear to urge financial institutions (“FIs”) to not pursue broadly-applied “de-risking” strategies.  De-risking is the term for a FI’s decision to terminate a business relationship, or refuse to do business, with a type of customer because that type is associated with a perceived heightened risk of involvement in money laundering or terrorist financing.  Indeed, both new publications caution FIs against turning away potential customers, or closing the accounts of existing customers, on the basis of general customer types.  However, regulators themselves have been criticized for encouraging de-risking by driving highly risk-adverse decisions by FIs, who are unwilling to take the chance and assume the compliance costs of doing business with specific customers who may in fact be “legitimate,” but whose risk profile is deemed to be high due to their group affiliation.  Some front-line regulatory BSA/AML examiners arguably may review a FI’s compliance in a narrow and check-the-box manner versus a more holistic approach, and will not truly value broader societal and equity issues such as the need for equal access to the global financial system, particularly by certain industries and persons living in less-developed countries.  Accordingly, although these new publications are welcome, it might have been better if they had been more explicit – particularly because it is arguably ironic for regulators to be chiding FIs for conforming to de-risking behavior that regulators themselves have encouraged.

Continue Reading  FinCEN and Federal Functional Regulators Issue Coded Warnings Against De-Risking