Compliance Program

Subscribe to Compliance Program

On April 12, 2021, the Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Board”), the Federal Deposit Insurance Corporation (“FDIC”), the National Credit Union Administration (“NCUA”) and the Financial Crimes Enforcement Network (“FinCEN”) issued a Request for Information (“RFI”) requesting comment on the extent to which the agencies’ previous guidance on model risk management supports banks’ compliance with Bank Secrecy Act (“BSA) and Anti-Money Laundering (“AML”) regulations and Office of Foreign Asset Control (“OFAC”) requirements.

The RFI asks for comments from interested parties on suggested changes to guidance or regulations, and whether aspects of the agencies’ approaches to BSA/AML and OFAC compliance are either working well, or could be improved.  The agencies explained that the reason for the RFI is to further understand current bank practices, and determine whether additional explanation or clarification of their guidance may be helpful.  Although the genesis of the RFI is not entirely clear, it appears that it was issued in response to certain financial institution inquiries or comments regarding how the maintenance of their BSA/AML compliance programs should incorporate principles set forth in earlier, more general regulatory guidance on model risk management for banks, which we describe below.  Further, the RFI has not occurred in a vacuum, but rather has appeared in the midst of a major, ongoing overhaul of the BSA/AML legislative, regulatory and enforcement regime.  Comments to the RFI must be received by June 11, 2021.
Continue Reading Risk Management: Agencies Issue Request for Information on Intersection of Model Risk Management Guidance and BSA/AML Compliance

On February 25, 2021, the Federal Financial Institutions Examination Council (“FFIEC”) released updates to the Bank Secretary Act/Anti-Money Laundering (“BSA/AML”) Examination Manual (the “Manual”), which provides guidance to examiners for evaluating a financial institution’s BSA/AML compliance program and its compliance with related regulatory requirements.

First, the Manual adds a new introductory section, Assessing Compliance with [BSA] Regulatory Requirements.  Second, the Manual updates the sections pertaining to Customer Identification Program (“CIP”), Currency Transaction Reporting (“CTR”), and Transactions of Exempt Persons. The Manual explains that, consistent with prior updates, that the “updates should not be interpreted as new instructions or as a new or increased focus on certain areas,” but are intended to “offer further transparency into the examination process and support risk-focused examination work.”

The 2021 updates are not quite as substantial as the 2020 updates to the Manual, which pertained to scoping and planning of examinations; the review of a financial institution’s BSA/AML risk assessment; the assessment of an institution’s BSA/AML compliance program; and guidance for examiners on developing conclusions and finalizing the examination.  Nonetheless, the updates provide useful insight into what examiners regard as important for BSA/AML compliance.
Continue Reading The FFIEC Updates the BSA/AML Examination Manual

The Financial Crimes Enforcement Network has been busy lately, and has issued a flurry of proposed rulemakings and requests for comment. Although “reform” is often in the eye of the beholder, all of these proposals will have a practical impact.

As part of Ballard Spahr’s webcast series, Consumer Financial Services in Turbulent Times, we

On November 3rd, voters in Arizona, New Jersey, South Dakota, Montana, and Mississippi passed ballot measures to bring legal cannabis to each of their states. It’s not every year that we see states from opposite ends of the political spectrum agree on something with such vigor. In fact, loosening the laws surrounding cannabis—be it medical use, recreational use, or farming of hemp products—has consistently been one of the only areas receiving bipartisan support in a country divided on almost everything else.

The passage of these ballot measures means that the cannabis industry will generate even more revenue. Despite the massive dollar amounts currently associated with the cannabis industry, reliable banking services remain elusive, due to federal drug and money laundering laws and the Bank Secrecy Act (“BSA”). This post will summarize the recent cannabis legislation, and recap the main roadblocks facing the industry (and financial institutions) from a financial compliance perspective.
Continue Reading The State of Cannabis Affairs: New Legislation and a Regulatory Recap

Second Post in a Three-Post Series Regarding Recent Regulatory Action by FinCEN

On September 16, 2020, the Financial Crimes Enforcement Network (“FinCEN”) issued an Advance Notice of Proposed Rulemaking (“ANPRM”) soliciting public comment on what it describes as “a wide range of questions pertaining to potential regulatory amendments under the Bank Secrecy Act (“BSA”).” As stated, the job which FinCEN created for itself that resulted in the ANPRM was not a small one: “to re-examine the BSA regulatory framework and the broader AML regime.”

The ANPRM seeks to help modernize the current BSA/AML regime – modernization being a frequent theme of public comments by FinCEN Director Ken Blanco, as we have blogged. Indeed, the U.S. Department of Treasury’s 2020 National Strategy for Combating Terrorist and Other Illicit Financing calls for AML modernization, in order to “[l]everag[e] new technologies and other responsible innovative compliance approaches to more effectively and efficiently detect illicit activity.” Meanwhile, and as we have blogged, Congress has been contemplating various proposals for BSA/AML reform for some time (see here, here, here, here and here).

Despite its broad language, however, the ANPRM essentially boils down to a potential amendment requiring those financial institutions already required under the BSA to have an AML compliance program to formally include a risk assessment as part of their program – and for the risk assessment to take into account the government’s AML priorities, which the government will announce approximately every two years. On the one hand, this proposal does not add much that is new, because the vast majority of financial institutions required to maintain AML programs already perform risk assessments in order to conduct KYC and file Suspicious Activity Reports (“SARs”). On the other hand, the ANPRM takes a standard industry practice and turns it into a new regulatory requirement, thereby increasing liability risk. The ANPRM also touches on the tension between the government creating objective requirements – which can be helpful because they add clarity – in a compliance and enforcement regime that is supposed to be flexible and “risk based.” Under any scenario, the ANPRM is important and certainly will be the focus of industry attention.

This is the second post in a series of three blogs regarding a recent flurry of regulatory activity by FinCEN. In our first post, we discussed a final rule by FinCEN extending BSA/AML regulatory requirements to banks lacking a Federal functional regulator. In our third and final post, we will discuss the publication by FinCEN of a request for comment on existing regulations regarding enhanced due diligence for correspondent bank accounts.
Continue Reading Regulatory Round Up: FinCEN Issues ANPRM on Modernizing the BSA/AML Regulatory Regime

The Southern District of New York (“SDNY”) recently rejected a retaliation claim brought by a former bank employee under the Bank Secrecy Act (“BSA”), granting summary judgment in favor of the employer bank because the former employee failed to demonstrate that his firing was caused by his act of reporting a potential violation of law to the government. Although the reasoning underlying the Court’s Order is straight-forward, the case provides another reminder of the often difficult employment issues that both financial institutions and potential whistleblowers can face.

Whistleblowing as to alleged anti-money laundering (AML) violations is a growing phenomenon, perhaps best exemplified by the fact that a whistleblower precipitated the colossal Dankse Bank money laundering scandal. Previously, we blogged about a bank whistleblower case producing the opposite result as the SDNY Order here. In this post, we discuss both the BSA whistleblower statute and the SDNY Order, and, more generally, we note steps that financial institutions might take to protect themselves from liability and legitimate whistleblowers from retaliation.
Continue Reading Would-Be Whistleblower Fails to Show Causation Under the Bank Secrecy Act for Termination

Examiners Should Focus on Risk, Not Technical Perfection

On April 15, 2020, the Federal Financial Institutions Examination Council (“FFIEC”) released updates to the Bank Secretary Act/Anti-Money Laundering (“BSA/AML”) examination manual (the “Manual”). As the FFIEC Interagency press release described, the Manual provides “instructions to examiners when assessing the adequacy of a bank’s BSA/AML compliance program.” The “release of the updated sections provides further transparency into the BSA/AML examination process and does not establish new requirements.” The press release further stated the revisions were made to, among other objectives, emphasize examiners should be “tailoring BSA/AML examination to a bank’s risk profile,” to “ensure language clearly distinguishes between mandatory regulatory requirements and supervisory expectations” for examiners, and to “incorporate regulatory changes since the last update of the Manual in 2014.”

The Federal Deposit Insurance Corporation (“FDIC”) also issued a press release regarding the updates. Its statement recognized “financial institutions are faced with uncertainty during this unprecedented time,” therefore the FDIC cautioned the update, “which supports tailored examination work, has been in process for an extended period and should not be interpreted as new instructions or as an augmented focus.”

The updates focus on four steps in the examination process:

  • Scoping and Planning
  • BSA/AML Risk Assessment
  • Assessing the BSA Compliance Program
  • Developing Conclusions and Finalizing the Examination

The updates emphasize examiners should take a “risk-focused” approach to tailor the review of a regulated institution’s BSA/AML compliance program, meaning the examination should be tailored to the risk profile of that specific institution.  The Manual updates incorporate guidance on more recent developments such as Customer Due Diligence (“CDD”) and Beneficial Ownership requirements and a recognition of innovations in collaborations among smaller institutions.  Importantly, the Manual reminds examiners that banks have flexibility in the design of their BSA/AML compliance programs, and that minor weaknesses, deficiencies, and technical violations alone do not indicate an inadequate program.
Continue Reading FFIEC BSA/AML Examination Manual Updates Reveal Exam Process and Expectations

Regulatory Examination and Related Enforcement Also Highlights Perceived Risks of Banking Crypto Clients

The Department of the Treasury’s Office of the Comptroller of the Currency (“OCC”) recently issued a Consent Order against M.Y. Safra Bank arising from the bank’s decision to accept a variety of high-risk, Digital Asset Customers (“DACs”), allegedly without implementing the necessary Bank Secrecy Act (“BSA”) and Anti-Money Laundering (“AML”) controls. Although the OCC did not impose a monetary penalty against the bank, it demanded that the bank implement and maintain a remarkably broad array of potentially costly and extremely detailed measures to strengthen its AML program. And, notably, the OCC specifically tasked the bank’s Board of Directors with implementing, overseeing, and reporting on these measures.

We describe here the OCC’s examination into and requirements imposed on M.Y. Safra Bank. The Consent Order is a reminder to the boards and management of all financial institutions that if they pursue novel and higher-risk customers – certainly, a potentially defensible business plan in our increasingly competitive business environment – then they absolutely have to adjust accordingly their AML compliance program and accompanying transaction monitoring to compensate for such increased risk. This is particularly true when those new customers employ novel technologies or business products which require a particularized ability to understand and address from an AML perspective. New, creative business lines are not necessarily bad – so long as the implementation of the AML compliance program is adjusted appropriately to identify and manage the new risk.

The Consent Order also is a reminder that, as the BSA/AML Examination Manual of the Federal Financial Institutions Examination Council states, “[t]he board of directors, acting through senior management, is ultimately responsible for ensuring that the bank maintains an effective BSA/AML internal control structure,” and otherwise must create a culture of compliance.

This Consent Order and related OCC AML exam and enforcement issues – including the liability of not just institutions, but also the potential individual liability of AML in-house professionals – will be the topic of a forthcoming installment in Ballard Spahr’s Consumer Finance Monitor Podcast by the firm’s AML Team. Please stay tuned our podcast, and read on here.
Continue Reading OCC Action Highlights Increased Accountability Facing Boards of Directors

Last Wednesday, FinCEN Deputy Director Jamal El-Hindi appeared at the annual conference of the Money Transmitter Regulators Association and delivered prepared remarks. The topics of his address covered three issues of continuing interest: (i) innovation and reform with respect to implementation of the Bank Secrecy Act (BSA); (ii) FinCEN supervision of non-banking financial institutions; and (iii) maintaining a strong culture of compliance.
Continue Reading FinCEN Deputy Director Stresses Technological Innovation, Virtual Currency Enforcement and the U.S. Culture of Compliance

As we have blogged, courts have held that financial institutions generally do not owe a duty of care to a noncustomer and that no special duty of care arises from the duties and obligations set forth in the Bank Secrecy Act (“BSA”), absent a special relationship or contractual relationship. Moreover, there is no private right of action stemming from the BSA. Nor does the BSA define a financial institution’s standard of care for the purposes of a negligence claim.  A majority panel of the Eighth Circuit (“the Court”) very recently confirmed these principles in a detailed opinion which affirmed summary judgment in favor of a bank which had provided services to the alleged perpetrators of a $193 million Ponzi scheme, thereby rejecting claims brought by a Receiver on behalf of defrauded investors that the bank had aided and abetted fraud, breach of fiduciary duty, and other claims.

After dissecting the record in detail, the Court determined in Zayed v. Associated Bank, N.A. — over a vigorous dissent — that the Receiver failed to present direct or circumstantial evidence that the bank actually knew about the Ponzi scheme being perpetrated by its former customers, much less that it substantially assisted the scheme. The Court emphasized the fact that evidence of possible “sloppy banking” and the existence of potential red flags fell short of the high bar required to sustain a claim for aiding and abetting a fraud against the third party non-customers.

Although the Zayed opinion is one of many cases rejecting AML-inspired tort claims by defrauded investors against a financial institution which had done business with a fraudster, it is notable for its methodical treatment of the facts — many of which appear in one form or another in other cases — regarding the various red flags which the Receiver claimed that the bank had missed, or the alleged misconduct which the Receiver claimed that bank personnel had perpetrated.  The list of alleged compliance failures discussed and found insufficient to establish potential liability in Zayed demonstrates that, however rigorous AML/BSA obligations and programs may be for financial institutions, their alleged violations often fail to pave a path to recovery for civil plaintiffs.
Continue Reading Alleged BSA Violations Do Not Support Civil Negligence/Fraud Claims – Again