An increasing number of states have either enacted or are considering enacting legislation requiring financial institutions to provide persons (both existing customers and prospective customers) who are not ordinarily protected by the federal anti-discrimination statutes with “fair access” to financial services.
For example, and as we
The Financial Crimes Enforcement Network (“FinCEN”) has entered into a Consent Order with the Sahara Dunes Casino, doing business as the Lake Elsinore Hotel and Casino (“Lake Elsinore”). The Consent Order describes Lake Elsinore, located in California, as a “medium-sized card club” with 22 tables offering card games such as poker.
In the Consent Order, Lake Elsinore has admitted to willful violations of the Bank Secrecy Act (“BSA”), including failing to implement and maintain an effective Anti-Money Laundering (“AML”) compliance program, failing to file Currency Transaction Reports (“CTRs”) and Suspicious Activity Reports (“SARs”), and recordkeeping failures involving a negotiable instruments log, which is supposed to list each transaction between a casino or card club and its customers involving certain monetary instruments with a face value of $3,000 or more. Lake Elsinore has agreed to pay a $900,000 penalty and be subject to an AML program review.
The conduct at issue in the Consent Order is old: it occurred from about September 2014 through February 2019. The enforcement action arose from a 2017 examination of Lake Elsinore by the California Bureau of Gambling Control (“CABGC”). The Consent Order illustrates how a federal enforcement action can flow from a state regulatory agency working with FinCEN – as well as just how long that process can take. The Consent Order further illustrates that some BSA-covered institutions will operate with little to no day-to-day AML compliance until an exam occurs.
The Bank Policy Institute (“BPI”) has issued its comment on the Federal Functional Regulators’ (the OCC, the Board of Governors of the Federal Reserve System, the FDIC, and the National Credit Union Administration) notice of proposed rulemaking (“NPRM”) to modernize financial institutions’ anti-money laundering and countering terrorist financing (“AML/CFT”) programs (“Comment”). The agencies’ NPRM, on which we blogged here, is consistent with FinCEN’s similar and earlier AML/CFT modernization proposal (“FinCEN’s NPRM”), on which we blogged here (please also see our podcast on these regulatory proposals here).
The Comment, which generally tracks BPI’s earlier comment on FinCEN’s NPRM, is detailed and 23-pages long. We only summarize it here. The Comment is not a positive proponent of the NPRM and suggests significant changes.
Broadly, the Comment initially asserts that “[t]he proposed rule will neither implement the intent of Congress in enacting the AML Act nor facilitate a risk-based approach to identifying and disrupting financial crime.” Likewise, the Comment asserts that “[i]n practice, [bank] examiners are exactingly focused on technical compliance . . . rather than effectiveness. This approach is utterly divorced from a focus on management of true risk.” According to BPI, “the status quo examination oversight of [the AML/CFT] regime does not expressly instruct institutions to dedicate efforts to detecting suspected crime or engaging in innovation to this end—efforts that are surely foundational to the integrity of the banking and financial system.”
The Comment also fires a shot across the bow by suggesting the possibility of future litigation by stating – albeit in a footnote – that “BPI has significant concerns that the proposed rule does not align with the letter and spirit of the AML Act and provides for arbitrary procedural requirements that could render the rule vulnerable to challenge [under the Administrative Procedures Act].”
The Comment then dives into the details.
Following up on its Notice of Proposed Rulemaking (“NPR”), which we discussed back in March, the Financial Crimes Enforcement Network (FinCEN) released on August 28th a final rule extending Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) requirements to certain investment advisers (Final Rule).
The Final Rule adds “investment adviser” to the definition of “financial institution” at 31 C.F.R. 1010.100(t). The Final Rule applies to registered investment advisers (RIAs), and investment advisers (IAs) that report information to the Securities Exchange Commission (SEC) as exempt reporting advisers (ERAs), subject to certain exceptions. IAs generally must register with the SEC if they have over $110 million in assets under management (AUM). ERAs are investment advisers that (1) advise only private funds and have less than $150 million in AUM in the United States or (2) advise only venture capital funds.
The Final Rule requires certain IAs to: (1) develop and maintain an AML/CFT compliance program; (2) file Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs); (3) comply with the Recordkeeping and Travel Rules; (4) respond to Section 314(a) requests; and (5) implement special due diligence measures for correspondent and private banking accounts.
FinCEN released a Fact Sheet in conjunction with the Final Rule, which becomes effective January 1, 2026.
Continue Reading FinCEN Finalizes Rule Subjecting Investment Advisers to AML/CFT Regulations
On August 27, 2024, the New York State Department of Financial Services (“NYDFS”) announced a consent order involving a $35 million settlement with Nordea Bank Abp (“Nordea”) for alleged significant failures related to anti-money laundering (“AML”) compliance. Nordea, headquartered in Helsinki, Finland, operates globally, including through a licensed branch in New York, which has its own AML and transaction monitoring requirements.
The enforcement action, which followed revelations from the Panama Papers leak, found that Nordea allegedly failed to conduct proper due diligence on high-risk correspondent banking relationships and maintained inadequate AML controls. According to the NYDFS, the Panama Papers implicated Nordea in aiding clients in establishing offshore shell companies in order to facilitate illicit activities.
The consent order alleges that Nordea violated New York law by allowing compliance failures in its AML program and procedures to persist. Meanwhile, Danish officials recently charged Nordea with repeatedly violating Denmark’s anti-money laundering act between 2012 and 2015, thereby exposing Nordea, potentially, to extremely significant fines. As we will discuss, although the consent order implicates many different issues, the NYDFS enforcement action represents, in part, the latest chapter in the continued fall-out from the massive AML scandal involving Dankse Bank. The consent order also highlights, once again, the particular risks posed by correspondent banking relationships, on which we repeatedly have blogged (for example, here, here, and here).
We are very fortunate to have Nick St. John, Director of Federal Compliance at America’s Credit Unions, as our guest speaker in this podcast on the Notice of Proposed Rulemaking issued by the Financial Crimes Enforcement Network and federal banking regulators regarding the enhancement and modernization of anti-money
The Federal Reserve Bank of Philadelphia (the “Philly Fed”) recently executed an agreement (the “Agreement”) with Pennsylvania-based Customers Bank (and its Customers Bancorp, Inc. holding entity) (collectively, “Customers”). According to the Agreement, “the most recent examinations and inspections” of Customers by the Philly Fed identified “significant deficiencies” related to the bank’s risk management practices, Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) compliance, and regulations issued by the Office of Foreign Assets Control (“OFAC”).
The source of these alleged deficiencies is alluded to by the Agreement, which immediately highlights two “digital assets-friendly” elements of Customers’ business model:
The Agreement calls for Customers to submit a number of plans to the Philly Fed by October 5, 2024, several of which explicitly require the Philly Fed’s approval.
Continue Reading Bank’s Digital Assets Business Strategy Draws Federal Reserve Scrutiny
As we previously blogged, a Florida law (Fla. Stat. § 655.0323, entitled “Unsafe and unsound practices”) which became effective July 1, 2024 prohibits federal and state depository institutions conducting business in the state from denying services based on religion or political beliefs and activities. Every year, financial institutions must attest to their compliance with the Florida law. When he signed the bill into law, Governor Ron DeSantis said, “We are not going to allow big banks to discriminate based on someone’s political or religious beliefs, and we will continue to fight back against indoctrination in education and the workplace.”
As we will discuss, the Florida law also prohibits a financial institution acting on the basis of “any factor if it is not a quantitative, impartial, and risk-based standard, including any such factor related to the person’s business sector[.]” This prohibition in particular creates a clear challenge for implementing an anti-money laundering/countering the financing of terrorism (“AML/CFT”) compliance program, which inherently involves subjective judgments and an assessment of the risk presented by a customer based on its line of business. The problematic implications of the Florida law did not go unnoticed by the U.S. Congress or the U.S. Department of the Treasury (“Treasury”).
The federal banking agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively the “Agencies”), issued a notice of proposed rulemaking (“Agencies’ NPRM”) to modernize financial institutions’ anti-money laundering and countering terrorist financing (“AML/CFT”) programs. The Agencies’ NPRM is consistent with FinCEN’s recent AML/CFT modernization proposal (“FinCEN’s NPRM”), on which we blogged here.
The Agencies’ NPRM does not substantively depart from FinCEN’s NPRM and requires the same program requirements. Although the Anti-Money Laundering Act (“AML Act”) did not require the Agencies to amend their regulations, the Agencies’ goal is to maintain consistent program requirements. The NPRM states that financial institutions will not be subject to any additional burdens in complying with differing standards between FinCEN and the Agencies.
On July 3, the Financial Crimes Enforcement Network (FinCEN) published a notice of proposed rulemaking (NPRM) as part of a broader initiative to “strengthen, modernize, and improve” financial institutions’ anti-money laundering and countering the financing of terrorism (AML/CFT) programs. In addition, the NPRM seeks to promote effectiveness, efficiency, innovation, and flexibility with respect to AML/CFT programs; support the establishment, implementation, and maintenance of risk-based AML/CFT programs; and strengthen the cooperation between financial institutions (“FIs”) and the government.
This NPRM implements Section 6101 of the Anti-Money Laundering Act of 2020 (the “AML Act”). It also follows up on FinCEN’s September 2020 advanced notice of proposed rulemaking soliciting public comment on what it described then as “a wide range of questions pertaining to potential regulatory amendments under the Bank Secrecy Act (‘BSA’) . . . . to re-examine the BSA regulatory framework and the broader AML regime[,]” to which FinCEN received 111 comments.
As we will discuss, the NPRM focuses on the need for all FIs to implement a risk assessment as part of an effective, risk-based, and reasonably designed AML/CFT program. The NPRM also focuses on how consideration of FinCEN’s AML/CFT Priorities must be a part of any risk assessment. However, in regards to addressing certain important issues, such providing comfort to FIs to pursue technological innovation, reducing the “de-risking” of certain FI customers and meaningful government feedback on BSA reporting, the NPRM provides nothing concrete.
FinCEN has published a five-page FAQ sheet which summarizes the NPRM. We have created a 35-page PDF, here, which sets forth the proposed regulations themselves for all covered FIs.
The NPRM has a 60-day comment period, closing on September 3, 2024. Particularly in light of the Supreme Court’s recent overruling of Chevron deference, giving the courts the power to interpret statutes without deferring to the agency’s interpretation, this rulemaking, once finalized, presumably will be the target of litigation challenging FinCEN’s interpretation of the AML Act.