Customer Due Diligence

Subscribe to Customer Due Diligence

On February 25, 2021, the Federal Financial Institutions Examination Council (“FFIEC”) released updates to the Bank Secretary Act/Anti-Money Laundering (“BSA/AML”) Examination Manual (the “Manual”), which provides guidance to examiners for evaluating a financial institution’s BSA/AML compliance program and its compliance with related regulatory requirements.

First, the Manual adds a new introductory section, Assessing Compliance with [BSA] Regulatory Requirements.  Second, the Manual updates the sections pertaining to Customer Identification Program (“CIP”), Currency Transaction Reporting (“CTR”), and Transactions of Exempt Persons. The Manual explains that, consistent with prior updates, that the “updates should not be interpreted as new instructions or as a new or increased focus on certain areas,” but are intended to “offer further transparency into the examination process and support risk-focused examination work.”

The 2021 updates are not quite as substantial as the 2020 updates to the Manual, which pertained to scoping and planning of examinations; the review of a financial institution’s BSA/AML risk assessment; the assessment of an institution’s BSA/AML compliance program; and guidance for examiners on developing conclusions and finalizing the examination.  Nonetheless, the updates provide useful insight into what examiners regard as important for BSA/AML compliance.
Continue Reading  The FFIEC Updates the BSA/AML Examination Manual

The Small Business Administration (“SBA”) recently issued a procedural notice (the “Notice”) to “All SBA Employees and Paycheck Protection Program Lenders” setting forth “Revised SBA Paycheck Protection Platform Procedures for Addressing Hold Codes on First Draw PPP Loans and Compliance Check Error Messages on First Draw PPP Loans and Second Draw PPP Loans.”  The Notice sets forth procedures Paycheck Protection Program (“PPP”) lenders must follow in approving First or Second Draw PPP loans under the 2021 Economic Aid Act.

PPP Experience To Date

As we discussed in a recent blog post, with the third round of PPP funding currently underway, the government, through SBA and the Financial Crimes Enforcement Network (“FinCEN”), has begun taking steps to clarify lender compliance obligations in implementing the PPP.  The onus of implementing the PPP has been on the private lenders participating in the program.  The SBA reiterates this responsibility in the Notice, emphasizing, “[u]nder the CARES Act, PPP Lenders are deemed to have delegated authority to make and approve PPP loans without prior SBA review.”

While lenders have been acting with this “delegated authority” since Spring 2020, they are only now beginning to operate with answers to how it can meet their compliance obligations under the Bank Secrecy Act (“BSA”) while quickly administering the PPP according to the parameters set forth in the CARES Act and subsequent SBA guidance.  And, with a new funding round opening nearly a year after the initial rounds, the government and private sector are both grappling with sifting through and processing relevant data accumulated through the first two funding rounds.

Under the CARES Act, PPP borrowers were originally limited to obtaining a single loan.  The Economic Aid Act changed that.  In addition to opening a new round of PPP lending to new borrowers – “First Draw” borrowers – the Economic Aid Act permitted prior borrowers to pursue a loan – “second Draw” PPP borrowers.  This expansion of the PPP program introduces lenders to a new category of borrowers: those that previously applied for and either did or did not (for whatever reason) receive a PPP loan.   What does this mean for lenders from a Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) perspective?  Information.
Continue Reading  New PPP Procedural Requirements Reflect Lenders’ Emerging AML Duties

With the third round of lending through the Paycheck Protection Program (“PPP”) in full swing, the Small Business Administration (“SBA”) – administrator of the PPP – has developed new guidance in consultation with the United States Department of the Treasury (“Treasury”).  The February 1, 2021 FAQs specifically address how lenders can meet some of their Bank Secrecy Act (“BSA”) obligations when issuing PPP loans.

As we previously blogged, the PPP, with its combination of size, scope and the limited time-frame for lenders to process and disburse loans pursuant to it, has created numerous compliance challenges for PPP lenders and presented significant enforcement risks, including future false claims act liability, compliance enforcement, state attorneys’ general investigations and private litigation.  At the root of those challenges and concerns is the question of how lenders can meet their anti-money laundering (“AML”) obligations under the BSA while administering a program designed to get money to as many recipients as possible as quickly as possible.
Continue Reading  FinCEN Issues PPP Lender Guidance

Covered Companies Must Report Beneficial Ownership to National Database Upon Incorporation

First Blog Post in an Extended Series on Legislative Changes to BSA/AML Regulatory Regime

Change is upon us.  The U.S. House and Senate have passed – over a Presidential veto – the National Defense Authorization Act (“NDAA”), a massive annual defense spending bill.  As we have blogged, this bill, now law, contains historic changes to the Bank Secrecy Act (“BSA”), coupled with other changes relating to money laundering, anti-money laundering (“AML”), counter-terrorism financing (“CTF”) and protecting the U.S. financial system against illicit foreign actors. This sweeping legislation will affect financial institutions, their clients, and law enforcement and regulators for many years.  This will be the first post of many on these important legislative changes, which should produce related regulatory pronouncements throughout 2021.

Today, we will focus on the enactment that has received the most attention:  the NDAA’s adoption of the Corporate Transparency Act (“CTA”) and its requirements for covered legal entities to report their beneficial owners at the time of their creation to a database accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions seeking to comply with their own AML compliance obligations.  The issue of beneficial ownership and the misuse of shell corporations has been at the heart of global AML regulation and enforcement for many years.  This legislation will be held out as a partial but important response to the continuing critiques by the international community of the United States as a haven for money laundering and tax evasion, often due to the perception that U.S. and state laws on beneficial ownership reporting are lax.

Beyond “just” the CTA, the breadth of the BSA/AML legislation is substantial. We have discussed BSA/AML reform for years, and many of the reforms (acknowledging that the word “reform” often involves a value judgment, and whether a particular change represents “reform” is typically in the eye of the beholder) that have been repeatedly bandied about by Congress, industry, think tanks and law enforcement are incorporated into this legislation, or at least referenced as topics for further study and follow-up.  We therefore will be blogging repeatedly on the many and various components of this legislation, which implicates a broad array of key issues: BSA/AML examination priorities; attempting to modernize the BSA regulatory regime, including by improving feedback by the government on the usefulness of SAR reporting; potential “no action” letters by FinCEN; requiring process-related studies tied to the effectiveness and costs of certain BSA requirements, including current SAR and CTR reporting; increased penalties under the BSA for repeat offenders; greater information sharing among industry and the government; enhancing the ability of the government to investigate the use of correspondent bank accounts; cyber security issues; focusing on trade-based money laundering; adding a whistleblower provision to the BSA; and including dealers in antiquities to the definition of “financial institutions” covered by the BSA.
Continue Reading  U.S. Passes Historic BSA/AML Legislative Change

The Financial Crimes Enforcement Network has been busy lately, and has issued a flurry of proposed rulemakings and requests for comment. Although “reform” is often in the eye of the beholder, all of these proposals will have a practical impact.

As part of Ballard Spahr’s webcast series, Consumer Financial Services in Turbulent Times, we

In the wake of the ongoing pandemic, various charities have been created with mission statements specific to COVID-19. What seems like an opportunity for giving back may present yet another vehicle for fraud to money launderers and other fraudsters.

To try to help weed out the legitimate from the not so innocent, on November 19, 2020, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a press release announcing a joint fact sheet (Fact Sheet), prepared in coordination with Federal Banking Agencies (defined below), “to provide clarity to banks on how to apply a risk-based approach to charities and other non-profit organizations (NPOs).” The press release and Fact Sheet seek to strike a balance between recognizing “the important role played by the charitable sector, especially during the COVID-19 pandemic” while reminding financial institutions to utilize the risk-based approach when conducting due diligence and developing risk profiles for charities and other NPOs.

This not the first time that the Treasury Department has raised concerns about charities, albeit in a different context: according to the Treasury Department’s reports on the 2020 National Strategy for Combatting Terrorist and other Illicit Financing and the 2018 National Terrorist Financing Risk Assessment, some charities and non-profit organizations (NPOs) “have been misused to facilitate terrorist financing.” And it is certainly not the first time that FinCEN has raised concerns about specific types of fraud fueled by the global pandemic (see here, here and here).
Continue Reading  COVID-19 & Philanthropic Fraud

On November 3rd, voters in Arizona, New Jersey, South Dakota, Montana, and Mississippi passed ballot measures to bring legal cannabis to each of their states. It’s not every year that we see states from opposite ends of the political spectrum agree on something with such vigor. In fact, loosening the laws surrounding cannabis—be it medical use, recreational use, or farming of hemp products—has consistently been one of the only areas receiving bipartisan support in a country divided on almost everything else.

The passage of these ballot measures means that the cannabis industry will generate even more revenue. Despite the massive dollar amounts currently associated with the cannabis industry, reliable banking services remain elusive, due to federal drug and money laundering laws and the Bank Secrecy Act (“BSA”). This post will summarize the recent cannabis legislation, and recap the main roadblocks facing the industry (and financial institutions) from a financial compliance perspective.
Continue Reading  The State of Cannabis Affairs: New Legislation and a Regulatory Recap

Final Post in a Three-Post Series Regarding Recent Regulatory Action by FinCEN

On September 29, 2020, the Financial Crimes Enforcement Network (“FinCEN”) published a request for comment on existing regulations regarding enhanced due diligence (“EDD”) for correspondent bank accounts. The notice seeks to give the public an opportunity to comment on the existing regulatory requirements and burden estimates. Written comments must be received on or before November 30, 2020.

Currently, Bank Secrecy Act (“BSA”) regulations for due diligence and EDD for correspondent bank accounts require certain covered entities (banks, brokers or dealers in securities, futures, commission merchants, introducing brokers in commodities, and mutual funds) to establish due diligence programs that include risk-based, and, where necessary, enhanced policies, procedures, and controls reasonably designed to detect and report money laundering conducted through or involving any correspondent accounts established or maintained for foreign financial institutions. The regulations also require that these same financial institutions establish anti-money laundering (“AML”) programs “designed to detect and report money laundering conducted through or involving any private banking accounts established by the financial institutions.”

In issuing the request, FinCEN has not proposed any changes to the current regulations for correspondent or private banking. Instead, the request is intended to cover “a future expansion of the scope of the annual hourly burden and cost estimate associated with these regulations.”

This is the third and final post in a series of blogs regarding a recent flurry of regulatory activity by FinCEN. In our prior posts, we discussed a final rule by FinCEN extending BSA/AML regulatory requirements to banks lacking a Federal functional regulator, and FinCEN’s advanced notice of proposed rulemaking as to potential regulatory amendments regarding “effective and reasonably designed” anti-money laundering (“AML”) programs. Unlike the first two regulatory actions discussed in our series, FinCEN’s request for comments on the burdens of correspondent bank account due diligence and EDD seems purely procedural: it simply asks covered institutions to report how much time and resources are spent on compliance. Nonetheless, it’s hard not to conclude that this request for comment is a prelude to some future, more substantive action regarding correspondent bank account regulation. The U.S. Department of Treasury identified correspondent banking as a “key vulnerability” for exploitation by illicit actors in its 2020 National Strategy for Combating Terrorist and Other Illicit Financing. Further, and as we will discuss, correspondent banking has long had a troubled status: such accounts are simultaneously necessary to the world economy but also regarded as higher risk from an AML perspective. As a real-world example, an alleged lack of diligence regarding the risks posed by correspondent bank accounts played a prominent role in the major alleged AML failures suffered by Westpac, Australia’s second-largest retail bank, which contributed to the bank recently agreeing to a whopping $1.3 billion penalty for violating Australia’s AML/CTF Act.

Continue Reading  Regulatory Round Up: FinCEN Solicits Comments on Due Diligence for Correspondent and Private Bank Accounts

First Post in a Three-Post Series Regarding Recent Regulatory Action by FinCEN

The Financial Crimes Enforcement Network (“FINCEN”) has been busy. In the last two weeks, FinCEN has posted three documents in the Federal Register. Any one of these publications, standing alone, would be significant, particularly given the infrequency of such postings. Collectively they reflect an unusual flurry of regulatory activity by FinCEN, perhaps spurred by the impending election and potential management turn-over at FinCEN. These publications are:

  • A final rule (“Final Rule”) extending BSA/AML regulatory requirements to banks lacking a Federal functional regulator;
  • An advanced notice of proposed rulemaking regarding potential regulatory amendments regarding “effective and reasonably designed” anti-money laundering (“AML”) programs; and
  • A request for comment on existing regulations regarding enhanced due diligence for correspondent bank accounts.

Today, we discuss the Final Rule, published on September 14, 2020, extending BSA/AML regulatory requirements to banks lacking a Federal functional regulator. In our next posts, we will discuss the advanced notice and request for comment.

The Final Rule provides that banks lacking a Federal functional regulator now will be required to (i) develop and implement an AML program, (ii) establish a written Customer Identification Program (“CIP”) appropriate for the bank’s size and type of business, and (iii) verify the identity of the beneficial owners of their customers. While stressing the perceived importance of closing this prior gap in regulatory coverage, FinCEN also attempted to minimize concern that the Final Rule would impose a serious burden on the covered financial institutions. The Final Rule will become effective on November 16, 2020, with a compliance deadline of March 15, 2021.
Continue Reading  Regulatory Round Up:  FinCEN Extends BSA/AML Requirements to Banks Lacking a Federal Functional Regulator

The Financial Action Task Force (FATF) recently published a report titled Virtual Assets: Red Flag Indicators of Money Laundering and Terrorist Financing. The report discusses a number of red flag indicators of suspicious virtual asset (VA) activities identified “through more than one hundred case studies collected since 2017 from across the FATF Global Network, literature reviews, and open source research.” The purpose of the report is to help financial institutions (FIs), designated non-financial businesses and professions (DNFBPs), and virtual asset service providers (VASPs) to create a “risk-based approach to their Customer Due Diligence (CDD) requirements.”

The report focuses on the following six categories of red flag indicators: those (1) related to transactions, (2) related to transaction patterns, (3) related to anonymity, (4) about senders or recipients, (5) in the source of funds or wealth, and (6) related to geographical risks.

When discussing red flags relating to transactions, FATF suggests that the size and frequency of transactions can be a good indicator of suspicious activity. For example, making multiple high-value transactions in short succession (i.e. within a 24-hour period) or in a staggered and regular pattern, with no further transactions during a long period afterwards. With regard to transaction patterns, FATF notes that large initial deposits with new users or transactions involving multiple accounts should also raise suspicion.
Continue Reading  FATF Identifies Red Flags for Virtual Assets and Money Laundering