Customer Due Diligence

Subscribe to Customer Due Diligence

The Office of Foreign Assets Control (“OFAC”) announced (here and here) yesterday that virtual currency exchange Payward, Inc. – better known as Kraken – has agreed to pay $362,158.70 in order to settle its potential civil liability for apparent violations of the sanctions against Iran. Kraken also has agreed to invest an additional $100,000 in certain sanctions compliance controls.  According to OFAC, “[d]ue to Kraken’s failure to timely implement appropriate geolocation tools, including an automated internet protocol (IP) address blocking system, Kraken exported services to users who appeared to be in Iran when they engaged in virtual currency transactions on Kraken’s platform.” 

Compared to OFAC’s recent settlement with Bittrex, which agreed to pay a total of $29,280,829.20 to OFAC and the Financial Crimes Enforcement Network (“FinCEN”) in order to resolve allegations of sanctions and Bank Secrecy Act violations, the settlement amount is relatively low – and, as OFAC noted in its announcement, Kraken faced an astronomical statutory maximum civil monetary penalty of $272,228,964.  OFAC has stated that “[t]he settlement amount reflects OFAC’s determination that Kraken’s apparent violations were non-egregious and voluntarily self-disclosed.”

Continue Reading  Kraken Settlement Demonstrates Importance of Sanctions Monitoring for Transactions — Not Just When Onboarding Customers

With Guest Speaker Matthew Haslinger of M&T Bank

We are extremely pleased to offer a podcast (here) on the legal and logistical issues facing financial institutions as they implement the regulations issued by the Financial Crimes Enforcement Network (FinCEN) pursuant to the Anti-Money Laundering Act of 2020 (AMLA) and the Corporate Transparency Act

First Post in a Two-Post Series on the CTA Implementing Regulations

On September 30, 2022, the Financial Crimes Enforcement Network (“FinCEN”) issued its final rule, Beneficial Ownership Information Reporting Requirements (“Final Rule”), implementing the beneficial ownership reporting requirements of the Corporate Transparency Act (“CTA”). 

FinCEN’s September 29, 2022 press release is here; the Final Rule is here; and a summary “fact sheet” regarding the rule is here.  The Final Rule largely tracks the December 8, 2021 Notice of Proposed Rulemaking (the “Proposed Rule”), on which we blogged here and here

The Final Rule requires many corporations, limited liability companies, and other entities created in or registered to do business in the United States to report information (“BOI”) about their beneficial owners the persons who ultimately own and control the company — to FinCEN.  This information will be housed within the forthcoming Beneficial Ownership Secure System (“BOSS”), a non-public database under development by FinCEN. 

The Final Rule takes effect on January 1, 2024.  In a nutshell, (1) companies subject to the BOI reporting rules (“reporting companies”) created or registered before the effective date will have one year, until January 1, 2025, to file their initial reports of BOI and (2) reporting companies created or registered after the effective date will have 30 days after creation or registration to file their initial reports.  In addition to the initial filing obligation, reporting companies will have to file updates within 30 days of a relevant change in their BOI.  And, as we discuss, covered companies also will have to report their “company applicants,” which could include lawyers, accountants or other third-party professionals.

The Final Rule will have broad effect.  FinCEN estimates that over 32 million initial BOI reports will be filed in the first year of the Final Rule taking effect, and that approximately 5 million initial BOI reports and over 14 million updated reports will be filed in each subsequent year.  We summarize here the key provisions of the Final Rule.  In our next blog post, we will discuss the Final Rule’s broad definition of the “control” prong regarding who represents a “beneficial owner,” which will result in an expansion of the definition of “beneficial owner” under the existing Customer Due Diligence (“CDD”) rule applicable to banks and other financial institutions (“FIs”).

Continue Reading  FinCEN Issues Final Rule on Beneficial Ownership Reporting Requirements

As we have repeatedly blogged, concerns about perceived anti-money laundering (“AML”) risks in the real estate industry are rising globally.  Consistent with this concern, the Financial Action Task Force (“FATF”) has updated its AML guidance for the real estate sector in a document entitled “Guidance for a Risk-Based Approach: Real Estate Sector,” (“FATF Guidance” or “the Updated Guidance”).  The FATF Guidance urges a variety of players in the real estate industry to adopt a risk-based approach (“RBA”) to mitigate AML risks and sets forth some high-level recommendations.  The Updated Guidance notably coincides with FinCEN’s advanced notice of proposed rulemaking to impose reporting and perhaps other requirements under the Bank Secrecy Act (“BSA”) for persons involved in real estate transactions to collect, report, and retain information, and the  recent extension of Geographic Targeting Orders for U.S. title insurance companies.

The FATF Guidance appears to be driven, at least in part, by FATF assessments showing that the real estate sector has high AML risks, which industry players often fail to appreciate and/or mitigate.  The Updated Guidance explains how various industry players can use an RBA to mitigate those risks.  It identifies sector-specific risks, sets forth strategies for assessing and managing those risks, and describes challenges the industry faces in doing so.  The FATF also offers specific guidance for “private sector players” and “supervisors” (e.g., countries and self-regulatory boards) for going forward.  The Updated Guidance includes tools, case studies, and examples of both private sector and supervisory practices to show real estate supervisors and practitioners how to implement FATF standards in an adequate, risk-based and effective manner.

The FATF is an inter-governmental policymaking body dedicated to creating AML standards and promoting effective measures to combat money laundering (“ML”) and terrorist financing (“TF”).  The FATF issued the Updated Guidance with input from the private sector, including from a public consultation with thirteen private-sector representatives (including from sector specific professional associations, the legal profession, FinTech providers, and non-profit organizations) in March and April 2022.  This consultation urged FinCEN, among other things, to provide greater clarity in the Updated Guidance regarding its applicability to the real estate sector and related professions (such as lawyers, notaries, and financial institutions) and extend FATF recommendations to broader real estate activities (such as property development and leasing).

Continue Reading  FATF Updates Risk-Based Approach Guidance for the Real Estate Sector

On July 6, the Financial Crimes Enforcement Network (“FinCEN”), The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively, “the Agencies”) issued a Joint Statement to “remind” banks that they, of course, should apply a risk-based approach to assessing customer relationships and conducting customer due diligence (“CDD”).

The Joint Statement appears to echo FinCEN’s June 22 Statement on Bank Secrecy Act Due Diligence for Independent ATM Owners or Operators (“ATM Statement”), in which FinCEN also “reminded” banks that “that not all independent ATM owner or operator customers pose the same level of money laundering, terrorist financing (ML/TF), or other illicit financial activity risk, and not all independent ATM owner or operator customers are automatically higher risk.”

Combined – and although generally worded – these publications appear to urge financial institutions (“FIs”) to not pursue broadly-applied “de-risking” strategies.  De-risking is the term for a FI’s decision to terminate a business relationship, or refuse to do business, with a type of customer because that type is associated with a perceived heightened risk of involvement in money laundering or terrorist financing.  Indeed, both new publications caution FIs against turning away potential customers, or closing the accounts of existing customers, on the basis of general customer types.  However, regulators themselves have been criticized for encouraging de-risking by driving highly risk-adverse decisions by FIs, who are unwilling to take the chance and assume the compliance costs of doing business with specific customers who may in fact be “legitimate,” but whose risk profile is deemed to be high due to their group affiliation.  Some front-line regulatory BSA/AML examiners arguably may review a FI’s compliance in a narrow and check-the-box manner versus a more holistic approach, and will not truly value broader societal and equity issues such as the need for equal access to the global financial system, particularly by certain industries and persons living in less-developed countries.  Accordingly, although these new publications are welcome, it might have been better if they had been more explicit – particularly because it is arguably ironic for regulators to be chiding FIs for conforming to de-risking behavior that regulators themselves have encouraged.

Continue Reading  FinCEN and Federal Functional Regulators Issue Coded Warnings Against De-Risking

Sanctions involving Russia is a front-burner issue for all businesses, but particularly for financial institutions. As we previously blogged, the Financial Crimes Enforcement Network (“FinCEN”) issued on March 7 an alert calling for increased vigilance in the face of potential evasion of Russian sanctions. On March 16, FinCEN issued its second alert on the topic (the “Alert”), reiterating the need for increased vigilance and assisting financial institutions in detecting suspicious transactions involving high-value assets to evade sanctions.

We discuss here the Alert, which provides guidance to financial institutions on how to identify suspicious transactions relating to the use of certain high-value assets by Russian elites, their family members and their “proxies.” The Alert reminds financial institutions of the importance of quickly identifying suspicious activity related to the disposition of sanctioned Russian assets. The Alert also highlights the international and domestic task forces that were formed to effectuate the sanctions laws we describe below, emphasizing the need for cross-agency collaboration and information sharing to achieve the common goal of sanctioning Russia’s power players.  However, and as we discuss, the Alert unfortunately offers no guidance on how “proxies” should be identified or defined.
Continue Reading  Russian Sanctions Redux: FinCEN Issues Guidance on Suspicious Transactions and Evasion Using High-Value Assets

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.

In this episode, we discuss the historic changes

Consent Order Stresses that Only Three AML Analysts Struggled to Review 100 “Alerts” Per Day, Each – and Notes in Passing that “Outside Examiners” Blessed the Bank’s AML Program for the Same Five Years that the Bank Allegedly Maintained a Willfully Deficient Program

On December 16, 2021, the Financial Crimes Enforcement Network (“FinCEN”) entered into a Consent Order with CommunityBank of Texas, N.A. (“CBOT”), in which CBOT admitted to major shortcomings with respect to the implementation and effectiveness of its anti-money laundering (“AML”) program. The monetary penalties imposed on CBOT are substantial: FinCEN assessed an $8 million penalty, although CBOT will receive credit for a separate $1 million penalty to be paid to the Office of the Comptroller of the Currency (“OCC”).

The Consent Order, available here, offers valuable insight into FinCEN’s reasoning for its enforcement actions.  According to the Consent Order, CBOT has a regional footprint and operates several branches in Texas.  It serves small and medium-sized businesses and professionals.  And, in the “back of the house,” CBOT established a typical AML system designed to detect and escalate alerts for suspicious activity for investigation and potential filing of Suspicious Activity Reports (“SARs”). However, FinCEN alleged that over a period of at least four years, CBOT “willfully” failed to effectively implement its AML, program, leading to a failure to file SARs and otherwise detect specific suspicious activity.  As detailed below, many of the alleged shortcomings of CBOT’s AML program flowed from a lack of compliance resources and personnel between 2015 and 2019: too few analysts were assigned to review and investigate potentially suspicious transactions, and as a result, downstream investigations and due diligence suffered, including an alleged failure to file at least 17 specific SARs.

Because the detailed Consent Order offers a somewhat rare opportunity to glean FinCEN’s reasoning behind its enforcement actions generally, we explore the alleged failures in some detail below.  Then, we summarize key details of the Consent Order, offer key takeaways, and note several questions that the Consent Order still leaves unresolved.
Continue Reading  FinCEN Assesses Civil Penalty Against CommunityBank of Texas for AML Program Weaknesses

Proposed Reporting Rules Will Require Careful Parsing for Businesses and Revision of CDD Rule for Banks

As we initially blogged, the Financial Crimes Enforcement Network (“FinCEN”) issued on December 7 a Notice of Proposed Rulemaking (“NPRM”) regarding the beneficial ownership (“BO”) reporting requirements of the Corporate Transparency Act (“CTA”).  FinCEN’s press release is here; the NPRM is here; and a summary “fact sheet” regarding the NPRM is here.

The CTA requires defined entities – including most domestic corporations and foreign entities registered to do business in the U.S. – to report beneficial owner information (“BOI”) and company applicant information to a database created and run by FinCEN upon the entities’ creation or registration within the U.S.  This database will be accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions seeking to comply with their own Anti-Money Laundering (“AML”) and Customer Due Diligence (“CDD”) compliance obligations.

Congress passed the CTA because the ability to operate through legal entities without requiring the identification of BOI is a key AML risk for the U.S. financial system.  The CTA seeks to mitigate this risk by reducing an individual’s ability to use corporate structures to conceal illicit activity such as money laundering, financing of terrorism, and other offenses.  We often have blogged on the CTA and these impending regulations (see herehereherehere and here).

The NPRM describes who must file a BOI report, what information must be reported, and when a report is due.  Although this blog post is lengthy, it still only summarizes the NPRM, which is 55 pages long in the Federal Register.  The NPRM envisions broad and often complicated reporting requirements under the CTA, including an ongoing duty to update any changes in information.

Further, this NPRM addresses “only” BOI reporting.  FinCEN will engage in two additional rulemakings under the CTA to (1) establish rules for who may access BOI, for what purposes, and what safeguards will be required to protect such information; and (2) revise and conform FinCEN’s existing CDD rule for financial institutions.  As we will discuss, the NPRM undermines hopes that the CTA regulations would simplify the compliance obligations of financial institutions already covered by the CDD rule, which requires covered financial institutions to obtain BOI from certain entity customers.  To the contrary, the NPRM indicates that FinCEN will complicate and expand the definitions of the two groups of individuals qualifying as BOs – those exercising “substantial control” and those with a 25% “ownership interest” – and amend the existing CDD rule accordingly, so that the CTA regulations and the CDD rule supposedly align.

The potential application of these regulations is sweeping.  FinCEN estimates at least 25 million existing U.S. companies will have to make a report under the CTA when the proposed regulations become effective.  And approximately three million new entities created each year in the U.S. potentially will be subject to the regulations going forward.  The NPRM does not address the additional amount of foreign entities registered to do business in the U.S. covered by the CTA.
Continue Reading  Proposed Beneficial Ownership Reporting Regulations Under the CTA:  Broad and Complex

On December 1, 2021, the Federal Financial Institutions Examination Council (“FFIEC”) released updates to its Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual (the “Manual”), which provides guidance to examiners for evaluating a financial institution’s BSA/AML compliance program and its compliance with related regulatory requirements.  This update is the third of 2021: the FFIEC also released updates to the Manual on February 25, 2021 and June 21, 2021.

This most recent update to the Manual adds a new introductory section, Introduction – Customers.  The updated Manual also includes changes to sections pertaining to Charities and Nonprofit Organizations, Independent Automated Teller Machine Owners or Operators, and Politically Exposed Persons (“PEP”).  The breadth of this most recent Manual update is consistent with the previous 2021 updates.  In February, FFIEC released an introductory section and updates to three sections pertaining to Customer Identification Programs (“CIP”), Currency Transaction Reporting (“CTR”), and Transactions of Exempt Persons.  In June, the FFIEC released updates to four sections pertaining to International Transportation of Currency or Monetary Instruments Reporting, Purchase and Sale of Monetary Instruments Recordkeeping, Reports of Foreign Financial, and Special Measures.

Consistent with prior FFIEC Interagency press releases associated with Manual updates, the FFIEC explained that “[t]he updates should not be interpreted as new requirements or as a new or increased focus on certain areas,” but rather “provide information and considerations related to certain customers that may indicate the need for bank policies, procedures, and processes to address potential money laundering, terrorist financing, and other illicit financial activity risks.”  Despite this disclaimer, the updates provide helpful insight into what examiners prioritize with regard to BSA/AML compliance.
Continue Reading  The FFIEC’S Third 2021 Update to the BSA/AML Examination Manual