Customer Due Diligence

Subscribe to Customer Due Diligence

Consent Order Stresses that Only Three AML Analysts Struggled to Review 100 “Alerts” Per Day, Each – and Notes in Passing that “Outside Examiners” Blessed the Bank’s AML Program for the Same Five Years that the Bank Allegedly Maintained a Willfully Deficient Program

On December 16, 2021, the Financial Crimes Enforcement Network (“FinCEN”) entered into a Consent Order with CommunityBank of Texas, N.A. (“CBOT”), in which CBOT admitted to major shortcomings with respect to the implementation and effectiveness of its anti-money laundering (“AML”) program. The monetary penalties imposed on CBOT are substantial: FinCEN assessed an $8 million penalty, although CBOT will receive credit for a separate $1 million penalty to be paid to the Office of the Comptroller of the Currency (“OCC”).

The Consent Order, available here, offers valuable insight into FinCEN’s reasoning for its enforcement actions.  According to the Consent Order, CBOT has a regional footprint and operates several branches in Texas.  It serves small and medium-sized businesses and professionals.  And, in the “back of the house,” CBOT established a typical AML system designed to detect and escalate alerts for suspicious activity for investigation and potential filing of Suspicious Activity Reports (“SARs”). However, FinCEN alleged that over a period of at least four years, CBOT “willfully” failed to effectively implement its AML, program, leading to a failure to file SARs and otherwise detect specific suspicious activity.  As detailed below, many of the alleged shortcomings of CBOT’s AML program flowed from a lack of compliance resources and personnel between 2015 and 2019: too few analysts were assigned to review and investigate potentially suspicious transactions, and as a result, downstream investigations and due diligence suffered, including an alleged failure to file at least 17 specific SARs.

Because the detailed Consent Order offers a somewhat rare opportunity to glean FinCEN’s reasoning behind its enforcement actions generally, we explore the alleged failures in some detail below.  Then, we summarize key details of the Consent Order, offer key takeaways, and note several questions that the Consent Order still leaves unresolved.
Continue Reading  FinCEN Assesses Civil Penalty Against CommunityBank of Texas for AML Program Weaknesses

Proposed Reporting Rules Will Require Careful Parsing for Businesses and Revision of CDD Rule for Banks

As we initially blogged, the Financial Crimes Enforcement Network (“FinCEN”) issued on December 7 a Notice of Proposed Rulemaking (“NPRM”) regarding the beneficial ownership (“BO”) reporting requirements of the Corporate Transparency Act (“CTA”).  FinCEN’s press release is here; the NPRM is here; and a summary “fact sheet” regarding the NPRM is here.

The CTA requires defined entities – including most domestic corporations and foreign entities registered to do business in the U.S. – to report beneficial owner information (“BOI”) and company applicant information to a database created and run by FinCEN upon the entities’ creation or registration within the U.S.  This database will be accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions seeking to comply with their own Anti-Money Laundering (“AML”) and Customer Due Diligence (“CDD”) compliance obligations.

Congress passed the CTA because the ability to operate through legal entities without requiring the identification of BOI is a key AML risk for the U.S. financial system.  The CTA seeks to mitigate this risk by reducing an individual’s ability to use corporate structures to conceal illicit activity such as money laundering, financing of terrorism, and other offenses.  We often have blogged on the CTA and these impending regulations (see herehereherehere and here).

The NPRM describes who must file a BOI report, what information must be reported, and when a report is due.  Although this blog post is lengthy, it still only summarizes the NPRM, which is 55 pages long in the Federal Register.  The NPRM envisions broad and often complicated reporting requirements under the CTA, including an ongoing duty to update any changes in information.

Further, this NPRM addresses “only” BOI reporting.  FinCEN will engage in two additional rulemakings under the CTA to (1) establish rules for who may access BOI, for what purposes, and what safeguards will be required to protect such information; and (2) revise and conform FinCEN’s existing CDD rule for financial institutions.  As we will discuss, the NPRM undermines hopes that the CTA regulations would simplify the compliance obligations of financial institutions already covered by the CDD rule, which requires covered financial institutions to obtain BOI from certain entity customers.  To the contrary, the NPRM indicates that FinCEN will complicate and expand the definitions of the two groups of individuals qualifying as BOs – those exercising “substantial control” and those with a 25% “ownership interest” – and amend the existing CDD rule accordingly, so that the CTA regulations and the CDD rule supposedly align.

The potential application of these regulations is sweeping.  FinCEN estimates at least 25 million existing U.S. companies will have to make a report under the CTA when the proposed regulations become effective.  And approximately three million new entities created each year in the U.S. potentially will be subject to the regulations going forward.  The NPRM does not address the additional amount of foreign entities registered to do business in the U.S. covered by the CTA.
Continue Reading  Proposed Beneficial Ownership Reporting Regulations Under the CTA:  Broad and Complex

On December 1, 2021, the Federal Financial Institutions Examination Council (“FFIEC”) released updates to its Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual (the “Manual”), which provides guidance to examiners for evaluating a financial institution’s BSA/AML compliance program and its compliance with related regulatory requirements.  This update is the third of 2021: the FFIEC also released updates to the Manual on February 25, 2021 and June 21, 2021.

This most recent update to the Manual adds a new introductory section, Introduction – Customers.  The updated Manual also includes changes to sections pertaining to Charities and Nonprofit Organizations, Independent Automated Teller Machine Owners or Operators, and Politically Exposed Persons (“PEP”).  The breadth of this most recent Manual update is consistent with the previous 2021 updates.  In February, FFIEC released an introductory section and updates to three sections pertaining to Customer Identification Programs (“CIP”), Currency Transaction Reporting (“CTR”), and Transactions of Exempt Persons.  In June, the FFIEC released updates to four sections pertaining to International Transportation of Currency or Monetary Instruments Reporting, Purchase and Sale of Monetary Instruments Recordkeeping, Reports of Foreign Financial, and Special Measures.

Consistent with prior FFIEC Interagency press releases associated with Manual updates, the FFIEC explained that “[t]he updates should not be interpreted as new requirements or as a new or increased focus on certain areas,” but rather “provide information and considerations related to certain customers that may indicate the need for bank policies, procedures, and processes to address potential money laundering, terrorist financing, and other illicit financial activity risks.”  Despite this disclaimer, the updates provide helpful insight into what examiners prioritize with regard to BSA/AML compliance.
Continue Reading  The FFIEC’S Third 2021 Update to the BSA/AML Examination Manual

The Financial Crimes Enforcement Network (“FinCEN”) has been busy during the last few weeks – and presumably will remain busy for the rest of 2021, as it attempts to satisfy numerous mandates imposed by the Anti-Money Laundering Act of 2020.  In October, in addition to issuing an analysis of Suspicious Activity Reports and ransomware, FinCEN extended its Geographic Targeting Order for real estate transactions; issued exceptive relief providing that a casino may use suitable non-documentary methods to verify the identity of online customers; and reminded U.S. financial institutions to account for the fact that the Financial Action Task Force added and removed countries from its list of jurisdictions with anti-money laundering (“AML”) deficiencies.  We discuss each of these developments in turn.
Continue Reading  FinCEN Round-Up:  Real Estate GTOs, Exceptive Relief for On-Line Gaming for Non-Documentary Customer Verification, and the FATF Grey and Black Lists

Government Alleges Systemic and Deliberate AML Failures

Filings Describe Tools for CVC Exchanges to Use for Customer Due Diligence and Transaction Monitoring

The Financial Crimes Enforcement Network (“FinCEN”) and the Commodity Futures Trading Commission (“CFTC”) announced on August 10 (here and here) settlements with the operators of the BitMEX cryptocurrency trading platform for alleged anti-money laundering (“AML”) violations under the Bank Secrecy Act (“BSA”), and for allegedly failing to register with the CFTC.  More specifically, FinCEN’s assessment of a civil monetary penalty and the CFTC’s consent order both involved the five companies operating the BitMEX platform: HDR Global Trading Limited, 100x Holding Limited, ABS Global Trading Limited, Shine Effort Inc Limited, and HDR Global Services (Bermuda) Limited (collectively, “BitMEX”).

BitMEX will pay regulators up to a combined $100 million civil monetary penalty; perform a “lookback” regarding the potential need to file additional Suspicious Activity Reports (“SARs”); and hire an independent consultant to conduct two reviews of BitMEX’s operations, policies, procedures, and controls, in order to confirm that BitMEX is not operating in the U.S., and that no U.S. customers are able to trade with the BitMEX platform.

According to the government filings, BitMEX is one of the oldest cryptocurrency derivative exchanges, with 1.3 million user accounts and a collection of annual fees in excess of $1 billion.  Combined, the government filings allege that for a period of six years between November 2014 and October 1, 2020, BitMEX offered trading of cryptocurrency derivatives to retail and institutional customers in the U.S. and worldwide through BitMEX’s website. Customers in the U.S. placed orders to buy or sell contracts directly through the website and BitMEX was aware that U.S. customers could access the BitMEX platform via virtual private network (“VPN”).

The civil penalty will be split between FinCEN and the CFTC.  However, the settlement involves an interesting “carrot” offered by the regulators:  $20 million of the penalty is suspended pending the successful completion of the SAR lookback and the two independent consultant reviews.

According to the government’s allegations, BitMEX deliberately ignored for years the most basic AML requirements, resulting in multitudinous violations and inviting – and even encouraging – its customers to launder illicit funds.  As we will describe, the government has alleged that BitMEX operated on the announced pretext that it was not subject to the BSA or U.S. commodities laws because it had no U.S. customers or operations, when senior management knew otherwise.
Continue Reading  FinCEN and CFTC Reach Groundbreaking $100 Million AML Settlement with BitMEX

A Guest Blog by Angelena Bradfield

Today we are very pleased to welcome guest blogger Angelena Bradfield, who is the Senior Vice President of AML/BSA, Sanctions & Privacy for the Bank Policy Institute. BPI is a nonpartisan public policy, research and advocacy group, representing the nation’s leading banks. Its members include universal banks, regional banks and the major foreign banks doing business in the United States.  BPI has been engaged in efforts to modernize the U.S. anti-money laundering/ countering the financing of terrorism (AML/CFT) regime for almost half a decade and worked closely with Senate and House leadership throughout the introduction and final passage of the Anti-Money Laundering Act of 2020 (AML Act). Angelena previously was a Vice President at The Clearing House Association, where she supported its regulatory affairs department in similar policy areas. Before that, she supported comprehensive immigration reform efforts at ImmigrationWorks USA and worked on various domestic policy issues at the White House where she served as a staff assistant in both the Domestic Policy Council and Presidential Correspondence offices.

We reached out to Angelena regarding BPI’s recent letter to the Financial Crimes Enforcement Network (FinCEN) commenting on its implementation of the Corporate Transparency Act (CTA).  Congress passed the CTA on January 1, 2021, as part of the AML Act.  The CTA requires certain legal entities to report their beneficial owners to a directory accessible by U.S. and foreign law enforcement and regulators.  This directory also will be accessible to U.S. financial institutions seeking to comply with their own AML obligations, particularly the beneficial ownership regulation, otherwise known as the Customer Due Diligence Rule (CDD Rule), already applicable to banks and other financial institutions. The CTA’s beneficial ownership directory is one of the most important and long-awaited changes to the BSA/AML regulatory regime, but it presents many challenges, both legal and logistical.  On April 5, 2021, FinCEN issued an advance notice of proposed rulemaking to solicit public comment on the CTA’s implementation.  In response, FinCEN received over 200 letters from industry stakeholders – including the letter from BPI.

This blog post again takes the form of a Q&A session, in which Angelena responds to questions posed by Money Laundering Watch about the CTA and how it should be implemented.  We hope you enjoy this discussion on this important topic. – Peter Hardy and Shauna Pierson
Continue Reading  Implementing the Corporate Transparency Act:  A Guest Blog

As we recently blogged, the Financial Crimes Enforcement Network (“FinCEN”) issued an advance notice of proposed rulemaking (“ANPRM”) on April 5, 2021 to solicit public comment on the implementation of the Corporate Transparency Act (“CTA”). In response, FinCEN received over 200 letters from industry stakeholders. This post will focus on one such letter, from the American Bankers Association (“ABA”), which highlights the industry perspective of large financial institutions.

The CTA, passed as part of the Anti-Money Laundering Act of 2020 (“AMLA”), requires certain legal entities to report their beneficial owners to a database accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions seeking to comply with their own Anti-Money Laundering (“AML”) compliance obligations, particularly FinCEN’s existing BO regulation which is part of the Customer Due Diligence Rule (“CDD Rule”) implemented in 2018. The beneficial ownership database is one of the most important and long-awaited changes to the AML legal framework in the United States.

To understand the paradigm shift, it is useful to recall the CDD rule currently in existence. Under FinCEN’s existing regulations, covered financial institutions have the requirement to collect and verify beneficial ownership information from their customers, and maintain records of such information. But until now their customers, which may include individuals and companies of all sizes, did not have to report such information to the government. The CTA makes companies (like LLCs and corporations) subject to such beneficial ownership reporting requirements. The CTA also requires FinCEN to revise the CDD Rule to try to make it consistent with the CTA and remove any unnecessary or duplicative burdens on financial institutions and legal entity customers.

In anticipation of these significant changes, industry groups have submitted comments to FinCEN on topics ranging from who will be covered to the logistics of implementation. The ABA, representing large banks, submitted a lengthy comment letter showcasing a strong interest in how these regulations shake out. The ABA first makes clear its support for Congress and FinCEN in ramping up efforts to combat money laundering and terrorism financing. It then lays out its recommendations for filling in gaps left by the CTA, largely tracking the questions that FinCEN solicited in its ANPRM. We summarize the most salient points below.
Continue Reading  American Bankers Association Weighs in on the Corporate Transparency Act

Seventh Post in an Extended Series on Legislative Changes to BSA/AML Regulatory Regime

On April 5, 2021, the Financial Crimes Enforcement Network (“FinCEN”) issued an advance notice of proposed rulemaking (“ANPRM”) to solicit public comment on questions pertaining to the implementation of the Corporate Transparency Act (“CTA”), passed as part of the Anti-Money Laundering Act of 2020 (“AMLA”).  The CTA requires certain legal entities to report their beneficial owners at the time of their creation to a database accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions seeking to comply with their own Anti-Money Laundering (“AML”) and Customer Due Diligence (“CDD”) compliance obligations.

According to the ANPRM, the ability to operate through legal entities without requiring the identification of beneficial owners is a key risk for the U.S. financial system.  The CTA seeks to mitigate the risk by reducing an individual’s ability to use corporate structures to conceal illicit activity such as money laundering, financing of terrorism, proliferation financing, serious tax fraud and human and drug trafficking.  The CTA seeks to set a clear federal standard for incorporation practices, protect vital U.S. national security interests, protect interstate and foreign commerce, better enable various law enforcement agencies to counter illicit activities and bring the U.S. into compliance with international standards.  With the goals of the CTA in mind, the ANPRM seeks public input on procedures and standards for reporting companies to submit information to FinCEN about their beneficial owners, and input on the implementation and maintenance of a database safeguarding disclosed information subject to appropriate protocols.

Written comments on the ANPRM are due soon – by May 5, 2021.  The CTA is a critical development in AML regulation, and FinCEN can expect a considerable response to this important ANPRM, both from the businesses that are covered and the financial institutions that would have access to the beneficial ownership database.  Although the ANPRM is detailed and poses many questions, the ultimate, real-world implementation of the CTA will involve even more questions.
Continue Reading  FinCEN Seeks Comments on Corporate Transparency Act Implementation

On February 25, 2021, the Federal Financial Institutions Examination Council (“FFIEC”) released updates to the Bank Secretary Act/Anti-Money Laundering (“BSA/AML”) Examination Manual (the “Manual”), which provides guidance to examiners for evaluating a financial institution’s BSA/AML compliance program and its compliance with related regulatory requirements.

First, the Manual adds a new introductory section, Assessing Compliance with [BSA] Regulatory Requirements.  Second, the Manual updates the sections pertaining to Customer Identification Program (“CIP”), Currency Transaction Reporting (“CTR”), and Transactions of Exempt Persons. The Manual explains that, consistent with prior updates, that the “updates should not be interpreted as new instructions or as a new or increased focus on certain areas,” but are intended to “offer further transparency into the examination process and support risk-focused examination work.”

The 2021 updates are not quite as substantial as the 2020 updates to the Manual, which pertained to scoping and planning of examinations; the review of a financial institution’s BSA/AML risk assessment; the assessment of an institution’s BSA/AML compliance program; and guidance for examiners on developing conclusions and finalizing the examination.  Nonetheless, the updates provide useful insight into what examiners regard as important for BSA/AML compliance.
Continue Reading  The FFIEC Updates the BSA/AML Examination Manual

The Small Business Administration (“SBA”) recently issued a procedural notice (the “Notice”) to “All SBA Employees and Paycheck Protection Program Lenders” setting forth “Revised SBA Paycheck Protection Platform Procedures for Addressing Hold Codes on First Draw PPP Loans and Compliance Check Error Messages on First Draw PPP Loans and Second Draw PPP Loans.”  The Notice sets forth procedures Paycheck Protection Program (“PPP”) lenders must follow in approving First or Second Draw PPP loans under the 2021 Economic Aid Act.

PPP Experience To Date

As we discussed in a recent blog post, with the third round of PPP funding currently underway, the government, through SBA and the Financial Crimes Enforcement Network (“FinCEN”), has begun taking steps to clarify lender compliance obligations in implementing the PPP.  The onus of implementing the PPP has been on the private lenders participating in the program.  The SBA reiterates this responsibility in the Notice, emphasizing, “[u]nder the CARES Act, PPP Lenders are deemed to have delegated authority to make and approve PPP loans without prior SBA review.”

While lenders have been acting with this “delegated authority” since Spring 2020, they are only now beginning to operate with answers to how it can meet their compliance obligations under the Bank Secrecy Act (“BSA”) while quickly administering the PPP according to the parameters set forth in the CARES Act and subsequent SBA guidance.  And, with a new funding round opening nearly a year after the initial rounds, the government and private sector are both grappling with sifting through and processing relevant data accumulated through the first two funding rounds.

Under the CARES Act, PPP borrowers were originally limited to obtaining a single loan.  The Economic Aid Act changed that.  In addition to opening a new round of PPP lending to new borrowers – “First Draw” borrowers – the Economic Aid Act permitted prior borrowers to pursue a loan – “second Draw” PPP borrowers.  This expansion of the PPP program introduces lenders to a new category of borrowers: those that previously applied for and either did or did not (for whatever reason) receive a PPP loan.   What does this mean for lenders from a Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) perspective?  Information.
Continue Reading  New PPP Procedural Requirements Reflect Lenders’ Emerging AML Duties