On November 13, 2024, the Financial Crimes Enforcement Network (FinCEN) issued FIN-2024-Alert004 to help financial institutions identify fraud schemes associated with the use of deepfake media created with generative artificial intelligence (GenAI) in response to increased suspicious activity reporting. “Deepfake media” are a type of synthetic content that use artificial intelligence/machine learning to create realistic
The U.S. Department of the Treasury (“Treasury”) has released a Request for Information on the Uses, Opportunities, and Risks of Artificial Intelligence (“AI”) in the Financial Services Sector (“RFI”). Written comments are due by August 12, 2024.
AI is a broad topic and the term is sometimes used indiscriminately; as the RFI suggests, most AI systems being used or contemplated in the financial services sector involve machine learning, which is a subset of AI. The RFI implicitly concedes that Treasury is playing “catch up” and quickly needs to learn more about AI and how industry is using it. The RFI discusses a vast array of complex issues, including anti-money laundering (“AML”) and anti-fraud compliance, as well as fair lending and consumer protection concerns – particularly those pertaining to bias.
Continue Reading Treasury Issues Request for Information on Use of AI in Financial Services
The Financial Crimes Enforcement Network (“FinCEN”) recently released a Financial Trend Analysis (“FTA”) focusing on identity-related suspicious activity. The FTA was issued pursuant to section 6206 of the Anti-Money Laundering Act of 2020, which requires FinCEN to periodically publish threat pattern and trend information derived from BSA filings.
FinCEN examined information from Bank Secrecy Act (“BSA”) filings submitted in the 2021 calendar year. According to FinCEN’s analysis, 1.6 million “BSA filings” – presumably, the vast majority of which constituted Suspicious Activity Reports (“SARs”) – were identity-related, representing a total of $212 billion in suspicious activity. These filings constituted 42% of filings for that year, thereby meaning that approximately 3.8 million SARs were filed in 2021.
The descriptions and the explanations in the FTA necessarily turn on how the SAR filings chose to describe the suspicious activity at issue. This is presumably why most of the activity falls into the vague category of “general fraud” – because, apparently, this is the particular box on the SAR form which most of the SAR filers happened to choose. However, and we will describe, the activity in fact animating the vast majority of these SARs is some form of identity theft.
Continue Reading FinCEN Analysis Reveals $212 Billion in Identity-Related Suspicious Activity
The beneficial ownership information (“BOI”) registry under the Corporate Transparency Act (“CTA”) is now up and running at the Financial Crimes Enforcement Network (“FinCEN”). This post will follow up on a previous blog regarding the recently-published CTA BOI access regulations (the “Access Rule”). As we will discuss, the Access Rule leaves open many important questions for financial institutions (“FIs”) covered by the CTA, as they await further proposed regulations from FinCEN regarding alignment of the CTA with the Customer Due Diligence (“CDD”) Rule.
The full federal register publication for the Access Rule is here. It is 82 pages long. We therefore have created this separate 13-page document, which is slightly more user-friendly, setting forth only the actual regulations (now published at 31 C.F.R. § 1010.955).
Continue Reading Final CTA Access Rule Answers Some Questions, and Leaves Open Others
This morning, the Financial Crimes Enforcement Network (“FinCEN”) issued the much-anticipated final rule (“Final Rule”) under the Corporate Transparency Act (“CTA”) regarding access to beneficial ownership information (“BOI”) reported to FinCEN. These regulations could hardly have arrived any later than they did – the CTA becomes effective on January 1, 2024, although FinCEN recently extended the reporting deadline for companies created in 2024 to a period of 90 days from the date of creation.
The access regulations initially proposed in December 2022 (see our blog post here) were complex; the Final Rule is as well, or more so. Indeed, it is over 247 pages long, prior to its final publication version in the Federal Register. Given the Final Rule’s length, we will analyze it in more detail in a future blog post.
Today, we will describe the YouTube video contemporaneously released by FinCEN, which describes the Final Rule at a high level, and notes certain differences between it and the initially proposed regulations. The headline here is that FinCEN has attempted to address certain criticisms raised by financial institutions regarding the initially proposed regulations and their access to BOI. In the video, FinCEN Director Andrea Gacki observed that FinCEN still needs to propose regulations aligning the CTA with the existing Customer Due Diligence (“CDD”) Rule for banks and other financial institutions (“FIs”), which requires covered FIs to obtain BOI from designated entity customers.
This blog post is high-level and focuses only on the statements made during the video. The details of the Final Rule still need to be parsed. Also, FinCEN continued the information onslaught today by issuing an accompanying news release, fact sheet, statement for banks, and statement for non-bank financial institutions.
Continue Reading FinCEN Issues Final CTA BOI Access Rules, Heralded by YouTube Video
As the world now knows, Binance Holdings Limited, doing business as Binance.com (“Binance” or the “Company”), has entered into a plea agreement with the U.S. Department of Justice (“DOJ”).
Binance is registered in the Cayman Islands and regarded as the world’s largest virtual currency exchange. It agreed to plead guilty to conspiring to willfully violating the Bank Secrecy Act (“BSA”) by failing to implement and maintain an effective anti-money laundering (“AML”) program; knowingly failing to register as a money services business (“MSB”); and willfully causing violations of U.S. economic sanctions issued pursuant to the International Emergency Economic Powers Act (“IEEPA”). Despite the plea agreement, Binance will continue to operate.
Changpeng Zhao, also known as “CZ,” also pleaded guilty to violating the BSA by failing to implement and maintain an effective AML program. Zhao is Binance’s primary founder, majority owner, and – until now – CEO. As part of his plea agreement, Zhao has stepped down as the CEO, although he apparently will keep his shares in Binance.
As part of its plea agreement, Binance has agreed to forfeit $2,510,650,588 and to pay a criminal fine of $1,805,475,575 for a total criminal penalty of $4,316,126,163. Binance also entered into related civil consent orders with the Financial Crimes Enforcement Network (“FinCEN”), the Commodity Futures Trading Commission (“CFTC”), and the Office of Foreign Assets Controls (“OFAC”). Zhao also entered into a consent order with the CFTC.
The allegations are vast and detailed, and much digital ink already has been spilled regarding this matter. Our discussion therefore will be relatively high-level. Distilled, the government alleges that Binance – under the direction of Zhao – tried to hide the fact that it operated in the U.S., purposefully avoided any meaningful AML compliance, and consequently laundered many millions of dollars’ worth of cryptocurrency involving extremely serious criminal conduct, including terrorism, child pornography, and U.S. sanctions evasion.
As for Zhao, and as we will discuss, whether he will go to prison – and if so, for how long – is an open and very interesting question. His sentencing currently is scheduled for February 23, 2024.
Last week, FinCEN “communicated,” so to speak, to private industry, law enforcement, regulators, and legislators in three very different ways: through a FY 2022 Year In Review infographic; a first-of-its kind enforcement action against a trust company; and in statements before the U.S. House of Representatives. This post summarizes each of these developments, which are unified by the motif of FinCEN asserting that it has an increasing role in protecting the U.S. financial system against money laundering, terrorist financing and other illicit activity; providing critical data and analytical support to law enforcement agencies pursuing these goals; and simultaneously policing and trying to collaborate with private industry regarding these goals.
On March 30, 3023, the Financial Crimes Enforcement Network (FinCEN) issued a Financial Trend Analysis focusing on business email compromise (BEC) trends and patterns in the real estate sector (referred to as “RE BEC”). The report is required under Section 6206 of the Anti-Money Laundering Act of 2020 (AMLA). This section of AMLA requires FinCEN
On February 14, 2023, both the American Bankers Association (“ABA”) and the Bank Policy Institute (“BPI”) submitted comments to the Financial Crimes Enforcement Network (“FinCEN”) on FinCEN’s notice of proposed rulemaking (“NPRM”) relating to access to beneficial ownership information (“BOI”) reported to FinCEN under the Corporate Transparency Act (“CTA”). While both organizations had similar comments, mainly being that the proposed limits on FIs’ ability to use BOI retrieved from the database contradicts the CTA’s objective, the ABA recommended that FinCEN entirely withdraw the NPRM. Below, we break down each organization’s comments and strong critiques regarding the NPRM.
On December 16, the Financial Crimes Enforcement Network (“FinCEN”) issued a 54-page notice of proposed rulemaking (“NPRM”) regarding access by authorized recipients to beneficial ownership information (“BOI”) that will be reported to FinCEN under the Corporate Transparency Act (“CTA”). The CTA requires covered entities – including most domestic corporations and foreign entities registered to do business in the U.S. – to report BOI and company applicant information to a database created and run by FinCEN upon the entities’ creation or registration within the U.S. This database will be accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions (“FIs”) seeking to comply with their own Customer Due Diligence (“CDD”) compliance obligations, which requires covered FIs to obtain BOI from many entity customers when they open up new accounts.
In regards to this NPRM, FinCEN’s declared goal is to ensure that
(1) only authorized recipients have access to BOI; (2) authorized recipients use that access only for purposes permitted by the CTA; and (3) authorized recipients only redisclose BOI in ways that balance protection of the security and confidentiality of the BOI with furtherance of the CTA’s objective of making BOI available to a range of users for purposes specified in the CTA.
Further, FinCEN has indicated that, “[c]oincident with the protocols described in this NPRM, FinCEN is working to develop a secure, non-public database in which to store BOI, using rigorous information security methods and controls typically used in the Federal government to protect non-classified yet sensitive information systems at the highest security levels.”
The comment period for the NPRM is 60 days. The NPRM proposes an effective date of January 1, 2024, consistent with when the final BOI reporting rule at 31 C.F.R. § 1010.380 becomes effective. The proposed BOI access regulations will be set forth separately at 31 C.F.R. § 1010.955, rather than existing 31 C.F.R. § 1010.950, which governs the disclosure of other Bank Secrecy Act (“BSA”) information.
This NPRM relates to the second of three sets of regulations which FinCEN ultimately will issue under the CTA. As we have blogged (here and here), FinCEN already has issued regulations regarding the BOI reporting obligation itself. FinCEN still must issue proposed regulations on “reconciling” the new BOI reporting regulations and the existing CDD regulations applicable to covered FIs for obtaining BOI from their own entity customers.
As we discuss, the lengthy NPRM suggests answers to some questions, but it of course also raises other questions. Although domestic and even foreign government agencies will have generally broad access to the BOI database, assuming that they satisfy various requirements, the NPRM’s proposed access for FIs to the BOI database is relatively limited.