Enforcement Trends, Gaming, Crypto — and More

I am very pleased to co-chair again the Practicing Law Institute’s 2024 Anti-Money Laundering Conference on May 23, 2024, starting at 9 a.m. in New York City (the event also will be virtual). 

I am also really fortunate to be working with my fabulous co-chair Elizabeth (Liz) Boison

On May 3, 2024, the Board of Governors of the Federal Reserve System (the “Federal Reserve”), the Federal Deposit Insurance Corporation (“FDIC”), and the Office of the Comptroller of the Currency (“OCC”) jointly released the “Third-Party Risk Management: A Guide for Community Banks” (the “Guide”), presenting it as a resource for community banks to bolster their third-party risk management programs, policies, and practices.

The Guide serves as a companion to the Interagency Guidance on Third-Party Relationship: Risk Management issued in June 2023 (on which we blogged, here).  It also relates to the OCC’s Fall 2023 Semiannual Risk Perspective, which emphasizes the need for banks to maintain prudent risk management practices – including practices tailored to address Bank Secrecy Act (“BSA”)/Anti-Money Laundering (“AML”) compliance risks with respect to fintech relationships.

The Guide acknowledges the widespread collaborations between community banks and third-party entities, and recognizes the strategic importance for such partnerships to improve competitiveness and adaptability. These collaborations provide community banks with access to a diverse array of resources, such as new technologies, risk management tools, skilled personnel, delivery channels, products, services, and market opportunities.

However, the Guide underscores that reliance on third parties entails a loss of direct operational control, thereby exposing community banks to a spectrum of risks.  Banks are still accountable for executing all activities in compliance with applicable laws and regulations.  “These laws and regulations include . . . those designed to protect consumers (such as fair lending laws and prohibitions against unfair, deceptive, or abusive acts or practices) and those addressing financial crimes (such as fraud and money laundering).”  Accordingly, the Guide emphasizes that the engagement of third parties does not absolve a bank of its responsibility to operate in a safe and sound manner and to comply with regulatory requirements, “just as if the bank were to perform the service or activity itself.”  The Guide sets forth this concept in bold, on the first page. 

The Guide’s emphasis on governance practices highlights the critical role of oversight, accountability, and documentation in ensuring regulatory compliance and safeguarding the interests of both banks and their customers.   Although the Guide styles itself as offering a framework tailored to the specific needs and challenges faced by community banks, it also offers direction to all financial institutions in regards to effective third-party risk management. 

Continue Reading  Federal Banking Agencies Issue Guide to Third-Party Risk Management Practices for Community Banks

In February 2024, the Federal Deposit Insurance Corporation (FDIC) entered into consent orders (here and here) with two banks who partner with fintechs to offer “banking as a service” (BaaS) related to safety and soundness concerns relating to compliance with the Bank Secrecy Act (BSA), compliance with applicable laws, and third-party oversight. 

BaaS refers to arrangements in which banks integrate their banking products and services into the services of non-bank third-party distributors and the distributors deliver the integrated banking services directly to the customer.  A common example of BaaS is banks’ delivery of lending services through fintech partners’ digital platforms.  BaaS has gained popularity in recent years as the bank partner can generally roll out banking services to customers at a much faster pace and for lower costs than traditional banking products and services.

These two consent orders do not arise in a vacuum.  In June 2023, the FDIC, Federal Reserve Board, and Office of the Comptroller of the Currency released final interagency guidance for their respective supervised banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.  The guidance explained that supervisory reviews will evaluate risks and the effectiveness of risk management to determine whether activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations.  At that time, we noted that we expected increased regulatory attention to bank/fintech partnership programs like the BaaS relationships addressed here.  Although these FDIC consent orders did not specifically cite to the interagency guidance, the guidance presumably was used to support the third-party oversight criticisms in the supervisory examinations of the two banks.

Continue Reading  Recent FDIC Consent Orders Reflect Ongoing Scrutiny of Bank Relationships with Fintechs

We are very pleased to be presenting on both Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance and the Corporate Transparency Act (CTA), in partnership with the Practicing Law Institute

First, on April 8 at 1 p.m., Siana Danch will discuss issues involving the CTA during a live one-hour briefing with Sara C. Lenet of Hogan

Second of Three Posts in a Related Series on Recent AML and Money Laundering Prosecutions

The Department of Justice (“DOJ”) has been very active in the Bank Secrecy Act (“BSA”) / Anti-Money Laundering (“AML”) space, as reflected by a recent series of individual prosecutions and corporate non-prosecution agreements (“NPAs”).  

In the first blog post in this series, we discussed a significant prosecution of an individual, and two related corporate NPAs, involving the gaming industry.  In our final post, we will discuss the prosecution and sentencing of a lawyer who allegedly became part of the fraud and money laundering scheme perpetrated by his crypto client.

In this second post, we will discuss two unusual prosecutions involving, respectively, an individual executive of a bank and an alleged AML specialist working with small financial institutions.  

As we previously noted, all of these cases, although all unique, are also united in certain ways – particularly in regards to the need for institutions and professionals to perform sufficient due diligence regarding the conduct and source of funds of high-risk clients and customers.

Continue Reading  Criminal Case Round-Up: Recent Prosecutions Involving Financial Institution Officers

First of Three Posts in a Related Series on Recent AML and Money Laundering Prosecutions

The Department of Justice (“DOJ”) has been very active in the Bank Secrecy Act (“BSA”) / Anti-Money Laundering (“AML”) space, as reflected by a recent series of individual prosecutions and corporate non-prosecution agreements (“NPAs”). 

In this first blog post, we will discuss a significant prosecution of an individual, and two related corporate NPAs, involving the gaming industry

In the next related post, we will discuss two unusual prosecutions involving, respectively, an individual executive of a bank and an alleged AML specialist working with small financial institutions.  

In our final post, we will discuss the prosecution and sentencing of a lawyer who allegedly became part of the fraud and money laundering scheme perpetrated by his crypto client.

Although these cases are all unique and interesting in their own way, they are also all united in certain ways – particularly in regards to the need for institutions to perform sufficient due diligence regarding the conduct and source of funds of high- or higher-risk customers, and the related need for institutions to ensure that their own employees are not undermining the institutions’ AML compliance programs.

Continue Reading  Criminal Case Round-Up: Recent Prosecutions Involving Casinos

A Huge Monetary Penalty for Sprawling Allegations – But Will Zhao Receive a Prison Sentence?

As the world now knows, Binance Holdings Limited, doing business as Binance.com (“Binance” or the “Company”), has entered into a plea agreement with the U.S. Department of Justice (“DOJ”).  

Binance is registered in the Cayman Islands and regarded as the world’s largest virtual currency exchange. It agreed to plead guilty to conspiring to willfully violating the Bank Secrecy Act (“BSA”) by failing to implement and maintain an effective anti-money laundering (“AML”) program; knowingly failing to register as a money services business (“MSB”); and willfully causing violations of U.S. economic sanctions issued pursuant to the International Emergency Economic Powers Act (“IEEPA”). Despite the plea agreement, Binance will continue to operate.

Changpeng Zhao, also known as “CZ,” also pleaded guilty to violating the BSA by failing to implement and maintain an effective AML program. Zhao is Binance’s primary founder, majority owner, and – until now – CEO. As part of his plea agreement, Zhao has stepped down as the CEO, although he apparently will keep his shares in Binance.

As part of its plea agreement, Binance has agreed to forfeit $2,510,650,588 and to pay a criminal fine of $1,805,475,575 for a total criminal penalty of $4,316,126,163. Binance also entered into related civil consent orders with the Financial Crimes Enforcement Network (“FinCEN”), the Commodity Futures Trading Commission (“CFTC”), and the Office of Foreign Assets Controls (“OFAC”). Zhao also entered into a consent order with the CFTC.

The allegations are vast and detailed, and much digital ink already has been spilled regarding this matter. Our discussion therefore will be relatively high-level. Distilled, the government alleges that Binance – under the direction of Zhao – tried to hide the fact that it operated in the U.S., purposefully avoided any meaningful AML compliance, and consequently laundered many millions of dollars’ worth of cryptocurrency involving extremely serious criminal conduct, including terrorism, child pornography, and U.S. sanctions evasion.

As for Zhao, and as we will discuss, whether he will go to prison – and if so, for how long – is an open and very interesting question. His sentencing currently is scheduled for February 23, 2024.

Continue Reading  Binance Settles Criminal and Civil AML and Sanctions Enforcement Actions for Multiple Billions – While its Founder, Owner and Former CEO Zhao Pleads Guilty to Single AML Crime

On September 29, the Financial Crimes Enforcement Network (“FinCEN”) entered into a consent order with Shinhan Bank America (“SHBA”), which imposed a $15 million dollar civil penalty against SHBA for allegedly willfully failing to implement and maintain an AML program that meets the minimum requirements of the Bank Secrecy Act (“BSA”), and for allegedly willfully failing to accurately and timely report suspicious transactions to FinCEN.

In its press release, FinCEN noted that, as a result of SHBA’s inactions, “tens of millions of dollars in suspicious transactions were not reported to FinCEN in a timely manner, including transactions connected to tax evasion, public corruption, money laundering, and other financial crimes.”

Working in collaboration with FinCEN, the FDIC also separately issued a civil penalty against SHBA in the amount of $5 million dollars – which FinCEN will credit toward its own fine, leaving an amount owed of $10 million dollars – and the NYDFS also issued a stand-alone civil penalty in the amount of $10 million dollars.

As we will discuss, this enforcement action involves several typical allegations by the government, including an alleged failure to file required SARs, prior regulatory problems, and insufficient AML compliance staffing and funding.

Continue Reading  FinCEN Issues $15 Million Dollar Civil Penalty Against Shinhan Bank America for Alleged Failure to Implement and Maintain Effective AML Compliance Program

On July 31, 2023, the United States Securities and Exchange Commission (“SEC”) published an alert outlining deficiencies the Division of Examinations has observed in broker-dealers’ (“BD”) compliance with anti-money laundering (“AML”) and countering terrorism financing (“CTF”) requirements.  While the alert addresses overarching compliance requirements for BDs, it focuses on deficiencies the Division of Examinations has observed with regard to independent testing of BDs’ AML programs, personnel training and identification and verification of customers and their beneficial owners.

The alert makes two over-arching observations.  First, BDs “did not appear to devote sufficient resources, including staffing, to AML compliance given the volume and risks of their business.”  Second, the “effectiveness of policies, procedures, and internal controls was reduced when firms did not implement those measures consistently.”  Emphasizing the key elements of an adequate AML program BDs must implement, the Alert then shifts its focus to independent testing and training and customer identification and customer due diligence.

Continue Reading  SEC Issues Alert Outlining Deficiencies in Broker-Dealers’ AML Compliance

Notice Also Stresses New BSA Whistleblower Provisions

On July 26, the Department of Commerce, the Department of the Treasury, and the Department of Justice released a joint compliance notice (the “Compliance Notice”) updating and summarizing each agency’s position regarding the voluntary self-disclosure by businesses of potential violations of sanctions, export controls, and other national security laws.

Asserting that voluntary self-disclosure can provide many benefits to a reporting business – potentially providing for a non-prosecution agreement or a 50 percent decrease in “base penalties” – the Compliance Notice provides each entity’s current position as to voluntary self-disclosure.  The Compliance Notice also references the still-evolving whistleblower program under the Bank Secrecy Act (“BSA”), which now pertains to not only potential BSA violations, but also potential violations of sanctions law.

Continue Reading  “Tri-Seal” Compliance Notice: U.S. Authorities Release Joint Guidance on Voluntary Self-Disclosure of Potential Sanctions and Export Control Violations