Kaley Schafer |schaferk@ballardspahr.com | 202 777.6990 | view full bio

Kaley has a background in regulatory compliance and counsels on BSA/AML requirements, as well as other federal consumer financial regulations.  Prior to her role at Ballard Spahr, Kaley served as Director of Regulatory Compliance at the National Association of Federally-Insured Credit Unions, where she led the regulatory compliance team in developing new compliance materials and tools for NAFCU members, including as to BSA/AML issues.

On May 13th, the Financial Crimes Enforcement Network (FinCEN) and the Securities Exchange Commission (SEC) issued a joint notice of proposed rulemaking (NPRM) that would require SEC-registered investment advisers (RIAs) and exempt reporting advisers (ERAs) to establish a customer identification program (CIP). This joint NPRM is the second recent rulemaking effort aimed at investment advisers. In February, FinCEN issued a separate NPRM amending the definition in the Code of Federal Regulations of “financial institution” under the Bank Secrecy Act (BSA) to include investment advisers, which would require implementation of an anti-money laundering/countering terrorist financing (AML/CFT) compliance program. In this earlier NPRM, FinCEN alluded to a future joint rulemaking regarding CIP requirements for investment advisers.

The NPRM highlights that CIPs are long-standing, foundational components of an AML program. The NPRM requires a CIP similar to existing CIP requirements for other financial institutions, as FinCEN and the SEC want to ensure “effectiveness and efficiency” for investment advisers that are affiliated with other financial institutions, including banks, broker-dealers, or open-end investment companies that are already subject to CIP requirements.  

Background

Investment advisers have not been previously subject to CIP requirements, unless they were also a registered broker-dealer, a bank, or an operating subsidiary of a bank, and therefore already covered separately by the BSA. In many cases, investment advisers already voluntarily comply with CIP requirements, or their functional equivalent.

This joint NPRM implements section 326 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (the “USA PATRIOT Act”). Section 326 requires the Secretary of the Treasury to promulgate regulations setting forth the minimum standards for “financial institutions” regarding the identity of their customers in connection with the opening of an account at a financial institution. More specifically, and as the NPRM notes, the BSA defines “financial institution” to include, in a catch-all provision, “any business or agency which engages in any activity which the Secretary of the Treasury determines, by regulation, to be an activity which is similar to, related to, or a substitute for any activity in which any business described in this paragraph is authorized to engage[.]”  That is the statutory authority upon which this NPRM and the earlier NPRM rest.  If FinCEN’s proposed amendment to the regulatory definition of “financial institution” is finalized and survives any legal challenges, investment advisers will be required to implement and maintain a CIP, as well as AML programs.

Continue Reading  FinCEN and SEC Propose Rulemaking Requiring CIP for Investment Advisers

On April 18, the Financial Crimes Enforcement Network (“FinCEN”) released updated FAQs related to the Corporate Transparency Act (“CTA”) and Beneficial Ownership Information (“BOI”) Rule. The last round of updates occurred in January 2024. As we previously have reported, the FAQs do not create any new requirements and are intended to clarify the regulation. In total, there are 16 new FAQs and 2 updated FAQs. We have included brief summaries below.

One of the main take-aways is that FinCEN does not expect to provide access to CTA BOI to financial institutions (“FIs”) until 2025.  In the interim, FinCEN will issue the long-awaited proposed regulations seeking to align the CTA with the Customer Due Diligence (“CDD”) Rule already applicable to certain FIs, including banks, which requires FIs to obtain BOI from covered entity customers opening accounts.  This delay is likely very frustrating for FIs seeking to comply with the CTA and adjust their existing systems for complying with the CDD Rule.

Continue Reading  FinCEN Releases Updated BOI FAQs

In February 2024, the Federal Deposit Insurance Corporation (FDIC) entered into consent orders (here and here) with two banks who partner with fintechs to offer “banking as a service” (BaaS) related to safety and soundness concerns relating to compliance with the Bank Secrecy Act (BSA), compliance with applicable laws, and third-party oversight. 

BaaS refers to arrangements in which banks integrate their banking products and services into the services of non-bank third-party distributors and the distributors deliver the integrated banking services directly to the customer.  A common example of BaaS is banks’ delivery of lending services through fintech partners’ digital platforms.  BaaS has gained popularity in recent years as the bank partner can generally roll out banking services to customers at a much faster pace and for lower costs than traditional banking products and services.

These two consent orders do not arise in a vacuum.  In June 2023, the FDIC, Federal Reserve Board, and Office of the Comptroller of the Currency released final interagency guidance for their respective supervised banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.  The guidance explained that supervisory reviews will evaluate risks and the effectiveness of risk management to determine whether activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations.  At that time, we noted that we expected increased regulatory attention to bank/fintech partnership programs like the BaaS relationships addressed here.  Although these FDIC consent orders did not specifically cite to the interagency guidance, the guidance presumably was used to support the third-party oversight criticisms in the supervisory examinations of the two banks.

Continue Reading  Recent FDIC Consent Orders Reflect Ongoing Scrutiny of Bank Relationships with Fintechs

The Financial Action Task Force (“FATF”) has re-rated the U.S. as “largely compliant” with FATF’s Recommendation 24, which pertains to transparency related to beneficial ownership of legal persons.  Specifically, FATF released its seventh Enhanced Follow-Up Report (the “Report”) indicating that the improved re-rating was due, in part, to the implementation of the Corporate Transparency Act (“CTA”) as well as the Customer Due Diligence (“CDD”) Rule, which requires covered financial institutions to obtain beneficial ownership information (“BOI”) from designated entity customers opening up accounts.

FATF is an independent, inter-governmental body that develops global policies related to anti-money laundering, terrorist financing, and related crimes. As a member of FATF, the U.S. is subject to evaluations of its technical compliance with the various FATF recommendations. FATF’s lengthy Mutual Evaluation Report for the U.S. (“MER”), issued in December 2016, had identified the U.S. as “deficient” and subject to enhanced follow-up in regards to Recommendation 24.

In a press release, Treasury Secretary Janet Yellen remarked that the re-rating was a result of the past decade of work by the Treasury Department and its interagency partners, and indicated Treasury’s commitment to “strengthening the implementation of the FATF’s global standards.”  As we have blogged, the U.S. has been subject to global criticism for years because it has been perceived as a haven for money laundering and tax evasion.

Continue Reading  FATF Re-Rates United States as “Largely Compliant” with Beneficial Ownership Recommendation

We are very pleased to be presenting on both Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance and the Corporate Transparency Act (CTA), in partnership with the Practicing Law Institute

First, on April 8 at 1 p.m., Siana Danch will discuss issues involving the CTA during a live one-hour briefing with Sara C. Lenet of Hogan

On February 16, the Financial Crimes Enforcement Center (“FinCEN”) published a Notice of Proposed Rulemaking (“NPRM”) regarding residential real estate.  The final version of the NPRM published in the Federal Register is 47 pages long.  We have created a separate document which more clearly sets forth the proposed regulations themselves, at 31 C.F.R. § 1031.320, here.

FinCEN also has published a Fact Sheet regarding the NPRM, here.  The Fact Sheet, slightly over four pages long, is helpful and walks through the basics of many of the proposed requirements.

The NPRM proposes to impose a nation-wide reporting requirement for the details of residential real estate transactions, subject to some exceptions, in which the buyer is a covered entity or trust.  Title agencies, escrow companies, settlement agents, and lawyers need to pay particular attention to the NPRM because, based on FinCEN’s “cascade” approach to who should be responsible for complying with the reporting requirements, these parties are the most likely to be responsible.

Although the NPRM pertains only to residential transactions, FinCEN has indicated that it intends to publish a separate proposed rulemaking in 2024 regarding commercial real estate transactions.

Continue Reading  FinCEN Proposes BSA Reporting Requirements for Residential Real Estate

The South Dakota Division of Banking (the “Division”) issued a Memorandum notifying all licensed South Dakota money lenders and non-residential mortgage lenders that the Division has taken the position that they are subject to the Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) obligations imposed by a 2020 Final Rule published by the Financial Crimes Enforcement Network (“FinCEN”) regarding banks lacking a federal functional regulator (“Final Rule”). The Final Rule became effective in 2020, and the Memorandum requires licensees to comply by March 31, 2024.  No other state has taken this same position, and the Final Rule itself stated that it applied to approximately 567 banks. 

Accordingly, all money lender and non-residential mortgage lender licensees covered by the Memorandum must develop a BSA/AML compliance program that aligns with the Memorandum’s requirements, which are equivalent to that of a “bank” under FinCEN’s regulations. The compliance program must include a risk assessment, ongoing transaction monitoring, and filing of Suspicious Activity Reports (“SARs”) and Currency Transaction Reports (“CTRs”), among other requirements. In addition, licensees must register with FinCEN for BSA e-filing.

Continue Reading  South Dakota Regulator Requires BSA/AML Compliance for Money Lender Licensees and Non-Residential Mortgage Lenders

Recently, the Industrial and Commercial Bank of China Ltd. (“ICBC”) entered into two consent orders. The first consent order is with the New York State Department of Financial Services (the “NYDFS”) for alleged deficiencies in the bank’s Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) and Office of Foreign Assets Control (“OFAC”) compliance screening programs over the past several examination cycles, as well as alleged violations of sharing confidential supervisory information. As we will discuss, the NYDFS consent order finds that ICBC violated New York banking law by backdating internal certifications – not themselves required by statute or regulation – and then not immediately disclosing these “false entries” to the NYDFS.

ICBC also entered into an Order to Cease and Desist (“C&D Order”) with the Board of Governors of the Federal Reserve (the “Federal Reserve”) for the alleged improper disclosure of confidential supervisory information, or CSI.  Generally, CSI is information relating to a regulatory examination or investigation, which cannot be disclosed without the agreement of the financial institution’s examining regulator – which here, of course, is the Federal Reserve.  As noted above, the NYDFS consent order also contains allegations of improper disclosure of CSI, which is also protected as confidential under New York banking law.  Ironically, the alleged disclosure of CSI was to the bank’s foreign regulator.

This is not the first time ICBC has had issues involving alleged BSA/AML deficiencies. In 2018, ICBC entered into a consent Cease and Desist Order with the Federal Reserve for similar BSA/AML deficiencies at its New York branch, about which we blogged here. Despite ICBC’s noted efforts in enhancing BSA/AML and OFAC compliance programs and promptly reporting the unauthorized disclosure of confidential supervisory information to the regulators, the bank was subjected to a $30 million civil money penalty from the NYDFS and another $2.4 million civil money penalty from the Federal Reserve.

Continue Reading  ICBC Agrees to Two Consent Orders for Alleged BSA/AML Deficiencies and Disclosure of Confidential Supervisory Information

Farewell to 2023, and welcome 2024.  As we do every year, let’s look back.

We highlight 10 of our most-read blog posts from 2023, which address many of the key issues we’ve examined during the past year: criminal money laundering enforcement; compliance risks with third-party fintech relationships; the scope of authority of bank regulators; sanctions

This morning, the Financial Crimes Enforcement Network (“FinCEN”) issued the much-anticipated final rule (“Final Rule”) under the Corporate Transparency Act (“CTA”) regarding access to beneficial ownership information (“BOI”) reported to FinCEN.  These regulations could hardly have arrived any later than they did – the CTA becomes effective on January 1, 2024, although FinCEN recently extended the reporting deadline for companies created in 2024 to a period of 90 days from the date of creation

The access regulations initially proposed in December 2022 (see our blog post here) were complex; the Final Rule is as well, or more so.  Indeed, it is over 247 pages long, prior to its final publication version in the Federal Register.  Given the Final Rule’s length, we will analyze it in more detail in a future blog post. 

Today, we will describe the YouTube video contemporaneously released by FinCEN, which describes the Final Rule at a high level, and notes certain differences between it and the initially proposed regulations.  The headline here is that FinCEN has attempted to address certain criticisms raised by financial institutions regarding the initially proposed regulations and their access to BOI.  In the video, FinCEN Director Andrea Gacki observed that FinCEN still needs to propose regulations aligning the CTA with the existing Customer Due Diligence (“CDD”) Rule for banks and other financial institutions (“FIs”), which requires covered FIs to obtain BOI from designated entity customers.

This blog post is high-level and focuses only on the statements made during the video.  The details of the Final Rule still need to be parsed.  Also, FinCEN continued the information onslaught today by issuing an accompanying news release, fact sheet, statement for banks, and statement for non-bank financial institutions.

Continue Reading  FinCEN Issues Final CTA BOI Access Rules, Heralded by YouTube Video