Countering the Financing of Terrorism

The federal banking agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively the “Agencies”), issued a notice of proposed rulemaking (“Agencies’ NPRM”) to modernize financial institutions’ anti-money laundering and countering terrorist financing (“AML/CFT”) programs. The Agencies’ NPRM is consistent with FinCEN’s recent AML/CFT modernization proposal (“FinCEN’s NPRM”), on which we blogged here.

The Agencies’ NPRM does not substantively depart from FinCEN’s NPRM and requires the same program requirements. Although the Anti-Money Laundering Act (“AML Act”) did not require the Agencies to amend their regulations, the Agencies’ goal is to maintain consistent program requirements. The NPRM states that financial institutions will not be subject to any additional burdens in complying with differing standards between FinCEN and the Agencies.   

Continue Reading  Federal Banking Agencies Issue NPRM Consistent with FinCEN’s AML/CFT Modernization Proposal

On July 3, the Financial Crimes Enforcement Network (FinCEN) published a notice of proposed rulemaking (NPRM) as part of a broader initiative to “strengthen, modernize, and improve” financial institutions’ anti-money laundering and countering the financing of terrorism (AML/CFT) programs. In addition, the NPRM seeks to promote effectiveness, efficiency, innovation, and flexibility with respect to AML/CFT programs; support the establishment, implementation, and maintenance of risk-based AML/CFT programs; and strengthen the cooperation between financial institutions (“FIs”) and the government.

This NPRM implements Section 6101 of the Anti-Money Laundering Act of 2020 (the “AML Act”).  It also follows up on FinCEN’s September 2020 advanced notice of proposed rulemaking soliciting public comment on what it described then as “a wide range of questions pertaining to potential regulatory amendments under the Bank Secrecy Act (‘BSA’) . . . . to re-examine the BSA regulatory framework and the broader AML regime[,]” to which FinCEN received 111 comments.

As we will discuss, the NPRM focuses on the need for all FIs to implement a risk assessment as part of an effective, risk-based, and reasonably designed AML/CFT program.  The NPRM also focuses on how consideration of FinCEN’s AML/CFT Priorities must be a part of any risk assessment.  However, in regards to addressing certain important issues, such providing comfort to FIs to pursue technological innovation, reducing the “de-risking” of certain FI customers and meaningful government feedback on BSA reporting, the NPRM provides nothing concrete.

FinCEN has published a five-page FAQ sheet which summarizes the NPRM.  We have created a 35-page PDF, here, which sets forth the proposed regulations themselves for all covered FIs.

The NPRM has a 60-day comment period, closing on September 3, 2024.  Particularly in light of the Supreme Court’s recent overruling of Chevron deference, giving the courts the power to interpret statutes without deferring to the agency’s interpretation, this rulemaking, once finalized, presumably will be the target of litigation challenging FinCEN’s interpretation of the AML Act. 

Continue Reading  FinCEN Issues Proposed Rulemaking Aimed at Strengthening and Modernizing AML Programs Across Multiple Industries

Advisory is Accompanied by Related OFAC and DOJ Actions

On June 20, 2024, the Financial Crimes Enforcement Network (“FinCEN”) issued a supplemental advisory to alert U.S. financial institutions about emerging trends in the illicit fentanyl supply chain. The supplemental advisory emphasized the increasing involvement of Mexico-based transnational criminal organizations (“TCOs”) in the procurement of fentanyl precursor chemicals and manufacturing equipment from suppliers in the People’s Republic of China (“PRC”).

The detailed supplemental advisory builds upon FinCEN’s 2019 advisory (see our blog post here) by introducing new typologies and red flags for financial institutions to try to identify and report suspicious transactions.  As we discuss, the supplemental advisory was accompanied by related actions by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) and the U.S. Department of Justice (“DOJ”) as part of an apparently coordinated effort by the federal government to combat this pernicious illicit industry.

Continue Reading  FinCEN Issues Supplemental Advisory on Fentanyl Distribution and Growing Role of Transnational Criminal Organizations

In February 2024, the Federal Deposit Insurance Corporation (FDIC) entered into consent orders (here and here) with two banks who partner with fintechs to offer “banking as a service” (BaaS) related to safety and soundness concerns relating to compliance with the Bank Secrecy Act (BSA), compliance with applicable laws, and third-party oversight. 

BaaS refers to arrangements in which banks integrate their banking products and services into the services of non-bank third-party distributors and the distributors deliver the integrated banking services directly to the customer.  A common example of BaaS is banks’ delivery of lending services through fintech partners’ digital platforms.  BaaS has gained popularity in recent years as the bank partner can generally roll out banking services to customers at a much faster pace and for lower costs than traditional banking products and services.

These two consent orders do not arise in a vacuum.  In June 2023, the FDIC, Federal Reserve Board, and Office of the Comptroller of the Currency released final interagency guidance for their respective supervised banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.  The guidance explained that supervisory reviews will evaluate risks and the effectiveness of risk management to determine whether activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations.  At that time, we noted that we expected increased regulatory attention to bank/fintech partnership programs like the BaaS relationships addressed here.  Although these FDIC consent orders did not specifically cite to the interagency guidance, the guidance presumably was used to support the third-party oversight criticisms in the supervisory examinations of the two banks.

Continue Reading  Recent FDIC Consent Orders Reflect Ongoing Scrutiny of Bank Relationships with Fintechs