The federal banking agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively the “Agencies”), issued a notice of proposed rulemaking (“Agencies’ NPRM”) to modernize financial institutions’ anti-money laundering and countering terrorist financing (“AML/CFT”) programs. The Agencies’ NPRM is consistent with FinCEN’s recent AML/CFT modernization proposal (“FinCEN’s NPRM”), on which we blogged here.

The Agencies’ NPRM does not substantively depart from FinCEN’s NPRM and requires the same program requirements. Although the Anti-Money Laundering Act (“AML Act”) did not require the Agencies to amend their regulations, the Agencies’ goal is to maintain consistent program requirements. The NPRM states that financial institutions will not be subject to any additional burdens in complying with differing standards between FinCEN and the Agencies.   

Continue Reading  Federal Banking Agencies Issue NPRM Consistent with FinCEN’s AML/CFT Modernization Proposal

On July 3, the Financial Crimes Enforcement Network (FinCEN) published a notice of proposed rulemaking (NPRM) as part of a broader initiative to “strengthen, modernize, and improve” financial institutions’ anti-money laundering and countering the financing of terrorism (AML/CFT) programs. In addition, the NPRM seeks to promote effectiveness, efficiency, innovation, and flexibility with respect to AML/CFT programs; support the establishment, implementation, and maintenance of risk-based AML/CFT programs; and strengthen the cooperation between financial institutions (“FIs”) and the government.

This NPRM implements Section 6101 of the Anti-Money Laundering Act of 2020 (the “AML Act”).  It also follows up on FinCEN’s September 2020 advanced notice of proposed rulemaking soliciting public comment on what it described then as “a wide range of questions pertaining to potential regulatory amendments under the Bank Secrecy Act (‘BSA’) . . . . to re-examine the BSA regulatory framework and the broader AML regime[,]” to which FinCEN received 111 comments.

As we will discuss, the NPRM focuses on the need for all FIs to implement a risk assessment as part of an effective, risk-based, and reasonably designed AML/CFT program.  The NPRM also focuses on how consideration of FinCEN’s AML/CFT Priorities must be a part of any risk assessment.  However, in regards to addressing certain important issues, such providing comfort to FIs to pursue technological innovation, reducing the “de-risking” of certain FI customers and meaningful government feedback on BSA reporting, the NPRM provides nothing concrete.

FinCEN has published a five-page FAQ sheet which summarizes the NPRM.  We have created a 35-page PDF, here, which sets forth the proposed regulations themselves for all covered FIs.

The NPRM has a 60-day comment period, closing on September 3, 2024.  Particularly in light of the Supreme Court’s recent overruling of Chevron deference, giving the courts the power to interpret statutes without deferring to the agency’s interpretation, this rulemaking, once finalized, presumably will be the target of litigation challenging FinCEN’s interpretation of the AML Act. 

Continue Reading  FinCEN Issues Proposed Rulemaking Aimed at Strengthening and Modernizing AML Programs Across Multiple Industries

Priorities Echo Prior Alerts and Enforcement Actions

The SEC’s Division of Examinations (the “Division”) released on October 16 a report on its “Examination Priorities” (the “Report”) for fiscal year 2024.  This release occurred earlier than in prior years, which the Report’s prefatory message characterizes as an example of the Division’s “intention to provide more transparency” and “to move forward together with investors and industry to promote compliance.”

The Report

The Report highlights four major areas of focus for the Division’s examinations in the coming year, which it terms “risk areas impacting various market participants”:

  1. Anti-money laundering (“AML”);
  2. Information security and “operational resilience”;
  3. Crypto and emerging financial technologies (“fintech”); and
  4. Regulation systems compliance and integrity (“SCI”).

As to AML, the Report first rehearses the requirement of the Bank Secrecy Act (“BSA”) for broker-dealers: namely, that they establish AML programs tailored to their unique risk profile – their location, size, customer base, menu of products and services, and method of delivery of those products and services. The Report further notes that such AML programs must be reasonably designed to achieve compliance with the BSA and related regulations, must undergo independent testing of their viability, and must include customer due diligence procedures and ongoing transaction monitoring – including, where appropriate, filing of Suspicious Activity Reports (“SARs”) with the Financial Crimes Enforcement Network (“FinCEN”).  Although the Report also references “certain registered investment companies,” investment advisers as a group are not (yet) subject to the BSA.

Continue Reading  SEC Exam Priorities Target AML

Legislation Targets Unhosted Wallets, Validators and Digital Asset ATMs

On July 28th, Senators Elizabeth Warren (D-Mass), Roger Marshall (R-Kan.), Joe Manchin (D-W.Va.) and Lindsey Graham (R-S.C.), reintroduced the Digital Asset Anti-Money Laundering Act (the “Act”), legislation aimed at closing gaps in the existing anti-money laundering and countering of the financing of terrorism (AML/CFT) framework as it applies to digital assets. Senators Warren and Marshall previously had introduced the same piece of legislation in December 2022, but at that time it lacked widespread support and stalled in the Senate.

Now, potentially in response to crypto-friendly legislation that recently passed in the House, the Act gained momentum with a larger group of bipartisan legislators and may have a more promising future.  The Act also was reintroduced immediately on the heels of a successful amendment to the 2024 National Defense Authorization Act (NDAA) pertaining to AML compliance examinations for financial institutions under the Bank Secrecy Act (BSA) and the future regulation of anonymity-enhancing technologies, such as mixers or tumblers.  According to Senator Warren’s press release the Act currently enjoys the support of the Bank Policy Institute, the National District Attorneys Association, Major County Sheriffs of America, and the National Consumers League, among other groups.

As we discuss immediately below, the Act would make major changes to the current BSA/AML regulatory regime as it applies to digital assets.

Continue Reading  Bipartisan Group of Senators Re-Introduce the Digital Asset Money Laundering Act

On July 31, 2023, the United States Securities and Exchange Commission (“SEC”) published an alert outlining deficiencies the Division of Examinations has observed in broker-dealers’ (“BD”) compliance with anti-money laundering (“AML”) and countering terrorism financing (“CTF”) requirements.  While the alert addresses overarching compliance requirements for BDs, it focuses on deficiencies the Division of Examinations has observed with regard to independent testing of BDs’ AML programs, personnel training and identification and verification of customers and their beneficial owners.

The alert makes two over-arching observations.  First, BDs “did not appear to devote sufficient resources, including staffing, to AML compliance given the volume and risks of their business.”  Second, the “effectiveness of policies, procedures, and internal controls was reduced when firms did not implement those measures consistently.”  Emphasizing the key elements of an adequate AML program BDs must implement, the Alert then shifts its focus to independent testing and training and customer identification and customer due diligence.

Continue Reading  SEC Issues Alert Outlining Deficiencies in Broker-Dealers’ AML Compliance

In an unusual move, Laura Akahoshi, former Rabobank (the “Bank”) Chief Compliance Officer (“CCO”), filed on July 6, 2023 an opposition to the Office of the Comptroller of the Currency’s (“OCC”) dismissal of its own administrative enforcement proceeding against her.  Akahoshi filed her petition in the U.S. Ninth Circuit Court of Appeals, arguing in part that the Administrative Procedures Act and 18 U.S.C. § 1818 provide the court with jurisdiction to review the OCC’s dismissal.

The OCC’s initial enforcement proceeding stemmed from allegations that Akahoshi participated in an effort to withhold information from an OCC examiner in connection with an examination of the Bank’s Bank Secrecy Act (“BSA”)/Anti-Money Laundering (“AML”) program.  Specifically, the OCC alleged that Akahoshi had committed misconduct by failing to provide a report created by a third-party consulting firm regarding the adequacy of the Bank’s BSA/AML program.

The case against Akahoshi was one of several administrative enforcement actions that the OCC pursued after Rabobank NA agreed in February 2018 to pay more than $360 million in AML-related settlements reached with the U.S. Department of Justice (“DOJ”) and the OCC. As we previously blogged, the Bank’s former general counsel Daniel Weiss entered into a 2019 Consent Order in which he agreed to be barred from the banking industry and to pay a $50,000 fine.  Many of the allegations contained within the Notice of Charges against Akahoshi mirrored those contained within the Notice of Charges against Weiss.

Akahoshi’s efforts face significant legal challenges, as exemplified by the fact that, as we discuss, an ALJ recently denied her application for the $4.2 million in attorney fees and costs that she expended defending herself against the OCC enforcement action.  Nonetheless, the matter highlights several important and inter-related issues:  the potential liability of individuals for alleged AML compliance failures, and the related powers of regulators; the potential tensions between the interests of individual AML compliance personnel and the financial institution; the role of whistleblowers; and how regulators and the government can use AML compliance audits and reviews by third-party consultants – which can vary greatly in quality, and sometimes can double as stealth business pitches by the consultants – as a sword against the institution.

Continue Reading  Former Bank Compliance Chief Seeks Appellate Review of OCC Administrative Enforcement Proceeding Dismissal

Without much fanfare, the Financial Crimes Enforcement Network (FinCEN) published in June its Spring 2023 Rulemaking Agenda, which provides proposed timelines for upcoming key rulemakings projected throughout the rest of 2023.  FinCEN continues to focus on issuing rulemakings required by the Anti-Money Laundering Act of 2020 (the “AML Act”) and the Corporate Transparency Act (“CTA”).  FinCEN has been criticized for being slow in issuing regulations under the AML Act and the CTA, but Congress has imposed many obligations upon FinCEN, which still is a relatively small organization with a limited budget.

Continue Reading  FinCEN Provides Key Updates on Rulemaking Agenda Timeline

With Guest Speaker Matthew Haslinger of M&T Bank

We are extremely pleased to offer a podcast (here) on the legal and logistical issues facing financial institutions as they implement the regulations issued by the Financial Crimes Enforcement Network (FinCEN) pursuant to the Anti-Money Laundering Act of 2020 (AMLA) and the Corporate Transparency Act

The New York State Department of Financial Services (“NYDFS” or “the Department”) published a press release on February 24, 2022 announcing the issuance of a Consent Order (“the Consent Order”) to the National Bank of Pakistan (“NBP” or “the Bank”), which will require the Bank to pay $35 million in penalties to NYDFS.  In conjunction with the Department’s enforcement action, the Federal Reserve Bank of New York (“FRBNY”) also announced a $20.4 million penalty against NBP for its alleged Anti-Money Laundering (“AML”) violations.

The Consent Order describes NBP as a “multinational commercial bank incorporated in Pakistan in 1949 that is majority owned by the Pakistani government, with more than $20 billion in assets as of June 30, 2021.”  The Department’s issuance of the Consent Order marks the first major fine against a bank since Adrienne A. Harris was confirmed as New York’s top financial regulator (Superintendent of NYDFS) in January 2022.  In November 2021, while still leading the Department on an acting basis, Harris issued a consent order to Dubai-based Mashreqbank for sanctions violations requiring the bank to pay $100 million in penalties.

As we will discuss, the Department’s and the NYFRB’s actions sends a clear message confirming that repeated findings of violations over multiple examinations is a sure-fire way to become subject to enforcement.
Continue Reading  National Bank of Pakistan Fined $55.4 Million for Alleged Repeated AML and Compliance Deficiencies

Consent Order Stresses that Only Three AML Analysts Struggled to Review 100 “Alerts” Per Day, Each – and Notes in Passing that “Outside Examiners” Blessed the Bank’s AML Program for the Same Five Years that the Bank Allegedly Maintained a Willfully Deficient Program

On December 16, 2021, the Financial Crimes Enforcement Network (“FinCEN”) entered into a Consent Order with CommunityBank of Texas, N.A. (“CBOT”), in which CBOT admitted to major shortcomings with respect to the implementation and effectiveness of its anti-money laundering (“AML”) program. The monetary penalties imposed on CBOT are substantial: FinCEN assessed an $8 million penalty, although CBOT will receive credit for a separate $1 million penalty to be paid to the Office of the Comptroller of the Currency (“OCC”).

The Consent Order, available here, offers valuable insight into FinCEN’s reasoning for its enforcement actions.  According to the Consent Order, CBOT has a regional footprint and operates several branches in Texas.  It serves small and medium-sized businesses and professionals.  And, in the “back of the house,” CBOT established a typical AML system designed to detect and escalate alerts for suspicious activity for investigation and potential filing of Suspicious Activity Reports (“SARs”). However, FinCEN alleged that over a period of at least four years, CBOT “willfully” failed to effectively implement its AML, program, leading to a failure to file SARs and otherwise detect specific suspicious activity.  As detailed below, many of the alleged shortcomings of CBOT’s AML program flowed from a lack of compliance resources and personnel between 2015 and 2019: too few analysts were assigned to review and investigate potentially suspicious transactions, and as a result, downstream investigations and due diligence suffered, including an alleged failure to file at least 17 specific SARs.

Because the detailed Consent Order offers a somewhat rare opportunity to glean FinCEN’s reasoning behind its enforcement actions generally, we explore the alleged failures in some detail below.  Then, we summarize key details of the Consent Order, offer key takeaways, and note several questions that the Consent Order still leaves unresolved.
Continue Reading  FinCEN Assesses Civil Penalty Against CommunityBank of Texas for AML Program Weaknesses