On October 22, 2024, the U.S. Court of Appeals for the Second Circuit ruled that Türkiye Halk Bankası A.Ş. (“Halkbank”), owned by the Republic of Turkey, can be prosecuted for allegedly helping Iran evade U.S. sanctions and committing related money laundering and bank fraud.

The court rejected Halkbank’s claim of immunity, stating that foreign state-owned companies are not protected from prosecution for commercial, non-governmental activities under U.S. common law. This decision allows U.S. prosecutors to pursue charges against Halkbank for allegedly laundering $20 billion of restricted funds through the use of money services businesses and front companies, coupled with the making of false statements to the U.S. Department of the Treasury regarding transactions with Iran to conceal the scheme.

The Second Circuit’s ruling underscores a pivotal point: foreign state-owned corporations cannot claim blanket immunity from prosecution in the U.S. for commercial activities under either the common law or the Foreign Sovereign Immunities Act (“FSIA”).  This will be particularly true in cases involving charges of money laundering, which necessarily involve financial transactions.  Further, the alleged involvement of foreign government officials in the charged schemes will not bestow, standing alone, immunity from prosecution.

Continue Reading  Halkbank Faces Prosecution: U.S. Court of Appeals Denies Sovereign Immunity

The Bank Policy Institute (“BPI”) has issued its comment on the Federal Functional Regulators’ (the OCC, the Board of Governors of the Federal Reserve System, the FDIC, and the National Credit Union Administration) notice of proposed rulemaking (“NPRM”) to modernize financial institutions’ anti-money laundering and countering terrorist financing (“AML/CFT”) programs (“Comment”). The agencies’ NPRM, on which we blogged here, is consistent with FinCEN’s similar and earlier AML/CFT modernization proposal (“FinCEN’s NPRM”), on which we blogged here (please also see our podcast on these regulatory proposals here). 

The Comment, which generally tracks BPI’s earlier comment on FinCEN’s NPRM, is detailed and 23-pages long.  We only summarize it here.  The Comment is not a positive proponent of the NPRM and suggests significant changes.

Broadly, the Comment initially asserts that “[t]he proposed rule will neither implement the intent of Congress in enacting the AML Act nor facilitate a risk-based approach to identifying and disrupting financial crime.”  Likewise, the Comment asserts that “[i]n practice, [bank] examiners are exactingly focused on technical compliance . . . rather than effectiveness.  This approach is utterly divorced from a focus on management of true risk.”  According to BPI, “the status quo examination oversight of [the AML/CFT] regime does not expressly instruct institutions to dedicate efforts to detecting suspected crime or engaging in innovation to this end—efforts that are surely foundational to the integrity of the banking and financial system.” 

The Comment also fires a shot across the bow by suggesting the possibility of future litigation by stating – albeit in a footnote – that “BPI has significant concerns that the proposed rule does not align with the letter and spirit of the AML Act and provides for arbitrary procedural requirements that could render the rule vulnerable to challenge [under the Administrative Procedures Act].”

The Comment then dives into the details. 

Continue Reading  Bank Policy Institute Critiques Notice of Proposed Rulemaking to Modernize AML/CFT Programs

On June 16, 2023, Michael J. Hsu, Acting Comptroller of the Currency made remarks to the American Bankers Association (“ABA”) Risk and Compliance Conference in San Antonio, Texas. In his remarks, Hsu discussed both the benefits and risks of artificial intelligence (“AI”) and tokenization. The core of Hsu’s remarks is that, given the rapid innovation of AI and tokenization in banking, banks should closely work with regulators to manage technological risks.

Hsu’s remarks came at the right time. Five days later, and as we discuss below, Google Cloud announced the launch of an AI anti-money laundering program. Early results seem promising, but only time will tell whether Hsu’s remarks concerning AI’s risks prove prophetic.

Continue Reading  Building the Engine Alongside the Brakes: Acting Comptroller Hsu’s Remarks Discuss Impact of Artificial Intelligence and Tokenization in Banking

The Federal Reserve, FDIC, and OCC have released final interagency guidance for their respective supervised banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.  The guidance is intended to provide principles for effective third-party risk management for all  types of third-party relationships, regardless of how they may be structured.  At the same time, the agencies state that banking organizations have flexibility in their approach to assessing the risks posed by each third- party relationship and deciding the relevance of the considerations discussed in the final guidance

The final guidance rescinds and replaces each agency’s previously-issued guidance on risk management practices for third-party relationships.  In their July 2021 proposal, the agencies had included as an appendix FAQs issued by the OCC to supplement the OCC’s existing 2013 third-party risk management guidance.  The proposed guidance included the revised FAQs as an exhibit and the agencies sought comment on the extent to which the concepts discussed in the FAQs should be incorporated into the final guidance.  In their discussion of the final guidance, the agencies identify which concepts from the FAQs have been incorporated into the final guidance.

Continue Reading  Federal Banking Agencies Issue Final Interagency Guidance on Risk Management in Third-Party Relationships

On February 14, 2023, both the American Bankers Association (“ABA”) and the Bank Policy Institute (“BPI”) submitted comments to the Financial Crimes Enforcement Network (“FinCEN”) on FinCEN’s notice of proposed rulemaking (“NPRM”) relating to access to beneficial ownership information (“BOI”) reported to FinCEN under the Corporate Transparency Act (“CTA”). While both organizations had similar comments, mainly being that the proposed limits on FIs’ ability to use BOI retrieved from the database contradicts the CTA’s objective, the ABA recommended that FinCEN entirely withdraw the NPRM. Below, we break down each organization’s comments and strong critiques regarding the NPRM.

Continue Reading  Bank Industry Groups Heavily Criticize FinCEN’s Proposed Rule on Access to Beneficial Ownership Information

The Office of the Comptroller of the Currency (“OCC”) entered into a Consent Order (available here) with Anchorage Digital Bank (“Anchorage”), which requires Anchorage to create a compliance committee and take steps to remediate alleged shortcomings with respect to the implementation and effectiveness of Anchorage’s Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) program.  Notably, Anchorage will pay no civil penalty.

Anchorage is not any regular entity overseen by the OCC:  it is a cryptocurrency custodian.  As we will discuss, the timing of the Consent Order indicates that even when regulators permit crypto activities by financial institutions, they remain cautious, particularly as to BSA/AML compliance.  The OCC’s actions send a clear message that regulated entities offering emerging technology financial services must adhere to the same BSA/AML monitoring and reporting requirements as more traditionally regulated entities.
Continue Reading  OCC Targets BSA/AML Compliance by Anchorage Digital Bank – Only 15 Months After Granting National Trust Bank Charter to the Crypto Custodian

As we recently blogged (here and here), the Financial Crimes Enforcement Network (“FinCEN”) recently issued a Notice of Proposed Rulemaking (“NPRM”) regarding the beneficial ownership reporting requirements of the Corporate Transparency Act (“CTA”).  The NPRM is the first in a series of three rulemakings that FinCEN will issue to implement the CTA.  It sets forth FinCEN’s proposed reporting requirements, i.e., who must file a report on beneficial ownership information (“BOI”), what information must be reported, and when reports will be due.

In response, FinCEN received over 230 comments (see FinCEN’s press release here).   We focus here on comments from two key players: the American Bankers Association (“ABA”) and the Bank Policy Institute (“BPI”), which highlight the industry perspective of banking institutions (These groups also commented previously  on FinCEN’s Advance NPRM regarding the CTA’s implementation, which we blogged about here and here).

The CTA, passed as part of the Anti-Money Laundering Act of 2020 (“AML Act”), requires certain legal entities to report their beneficial owners (“BOs”) to a database accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions seeking to comply with their own Anti-Money Laundering (“AML”) compliance obligations, particularly FinCEN’s existing Customer Due Diligence Rule (“CDD Rule”) for legal entity customers implemented in 2018.

Under the existing CDD Rule, covered financial institutions must collect and verify BOI from certain entity customers and maintain records of such information.  But until now, entities did not have to report directly such information to the government.  The CTA makes companies (like LLCs and corporations) subject to BOI reporting requirements.  The CTA also requires FinCEN to revise the existing CDD Rule to try to make it consistent with the CTA and remove any unnecessary or duplicative burdens.

The ABA (which represents large banks) and the BPI (which represents universal, regional, and major foreign banks) each submitted lengthy comment letters, showcasing their strong interest in how these reporting requirements shake out.  As the ABA observes, it will be difficult to determine how these reporting requirements will fit in with bank responsibilities until FinCEN issues its other rulemakings.  Still, both groups recommend making several modifications to the proposed reporting requirements now—mainly aligning the NPRM with the existing CDD Rule—to minimize future burdens on banks and their customers.  Both groups propose similar modifications, but there are some differences.  We summarize the most salient points in this post.

Overall, these comments make clear that the ABA and the BPI continue to support creation of the FinCEN registry as a way to drive down the cost of regulatory compliance for banks.  Both groups suggest, however, that such a benefit could be outweighed if the final reporting requirements stray too far from the existing CDD Rule.  As both groups observe, any significant change from the current CDD Rule will require banks to divert significant resources to comply with the new requirements, at the expense of other AML efforts.
Continue Reading  American Bankers Association and the Bank Policy Institute Weigh in on FinCEN’s Proposed Rules for Corporate Transparency Act

Consent Order Stresses that Only Three AML Analysts Struggled to Review 100 “Alerts” Per Day, Each – and Notes in Passing that “Outside Examiners” Blessed the Bank’s AML Program for the Same Five Years that the Bank Allegedly Maintained a Willfully Deficient Program

On December 16, 2021, the Financial Crimes Enforcement Network (“FinCEN”) entered into a Consent Order with CommunityBank of Texas, N.A. (“CBOT”), in which CBOT admitted to major shortcomings with respect to the implementation and effectiveness of its anti-money laundering (“AML”) program. The monetary penalties imposed on CBOT are substantial: FinCEN assessed an $8 million penalty, although CBOT will receive credit for a separate $1 million penalty to be paid to the Office of the Comptroller of the Currency (“OCC”).

The Consent Order, available here, offers valuable insight into FinCEN’s reasoning for its enforcement actions.  According to the Consent Order, CBOT has a regional footprint and operates several branches in Texas.  It serves small and medium-sized businesses and professionals.  And, in the “back of the house,” CBOT established a typical AML system designed to detect and escalate alerts for suspicious activity for investigation and potential filing of Suspicious Activity Reports (“SARs”). However, FinCEN alleged that over a period of at least four years, CBOT “willfully” failed to effectively implement its AML, program, leading to a failure to file SARs and otherwise detect specific suspicious activity.  As detailed below, many of the alleged shortcomings of CBOT’s AML program flowed from a lack of compliance resources and personnel between 2015 and 2019: too few analysts were assigned to review and investigate potentially suspicious transactions, and as a result, downstream investigations and due diligence suffered, including an alleged failure to file at least 17 specific SARs.

Because the detailed Consent Order offers a somewhat rare opportunity to glean FinCEN’s reasoning behind its enforcement actions generally, we explore the alleged failures in some detail below.  Then, we summarize key details of the Consent Order, offer key takeaways, and note several questions that the Consent Order still leaves unresolved.
Continue Reading  FinCEN Assesses Civil Penalty Against CommunityBank of Texas for AML Program Weaknesses

The Second U.S. Circuit Court of Appeals, in a recent 27-page decision, held that Halkbank, the state-owned Turkish lender, cannot claim sovereign immunity under the Foreign Sovereign Immunities Act (“FSIA”) in a money laundering and sanctions-related prosecution.  Upholding a decision by U.S. District Judge Richard M. Berman, the court ruled that even if the FSIA could shield the bank in a criminal case, the charges against Halkbank fall under the “commercial activity” exception to FSIA immunity.  This interpretation of the commercial activity exception significantly limits the immunity bestowed under the FSIA in criminal cases and furthers American deterrence against foreign financial institutions that allegedly facilitate evasion of U.S. sanctions or launder funds through the U.S. financial system.  Halkbank now faces potential trial for an alleged $20 billion money laundering scheme, bank fraud, and conspiracy charges.
Continue Reading  Second Circuit Says Turkish Halkbank Must Face Criminal Charges In Money Laundering and Iran Sanctions Case

The OCC, FDIC, and Federal Reserve Board have issued a guide that is intended to assist community banks in conducting due diligence when considering relationships with financial technology (fintech) companies (Guide).

The issuance of the Guide follows the agencies’ July 2021 release of proposed interagency guidance for banking organizations on managing risks associated with third-party