We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.  Following up on a recent blog post,

Regulators Provide Greater Transparency into BSA/AML Enforcement Process

On August 13, 2020 the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, and Office of the Comptroller of the Currency (the “Agency” or collectively the “Agencies”) issued a joint statement updating and clarifying their 2007 guidance regarding how they evaluate enforcement actions when financial institutions violate or fail to meet BSA/AML requirements. The Financial Crimes Enforcement Network (“FinCEN”) followed with its own statement on August 18, 2020, setting forth its approach when considering enforcement actions against financial institutions that violate the BSA.

Below are a few highlights from the two sets of guidance:

  • The joint statement repeatedly emphasizes that isolated or technical deficiencies in BSA/AML compliance programs will not generally result in cease and desist orders.
  • The joint statement provides specific categories and examples of BSA/AML program failures that typically would (or would not) result in a cease and desist order. Certain of these examples are discussed below.
  • Compared to the 2007 guidance, the joint statement provides more detailed descriptions and examples of the pillars of BSA/AML compliance programs, such as designated BSA/AML personnel, independent testing, internal controls, and training.
  • FinCEN explains in its statement that it will base enforcement actions on violations of law, not standards of conduct contained solely in guidance documents.
  • The FinCEN statement lays out the factors FinCEN considers when determining the disposition of a BSA violation. Unsurprisingly, these factors include the pervasiveness and seriousness of the conduct and the violator’s cooperation and history of wrongdoing.

All in all, the two statements, particularly the joint statement, succeed in providing greater transparency into the regulators’ decision-making processes with regards to pursuing enforcement actions for violations of the BSA and for AML program deficiencies.
Continue Reading Federal Banking Agencies Issue Joint Statement On Enforcement of BSA/AML Requirements; FinCEN Follows With Its Own

Examiners Should Focus on Risk, Not Technical Perfection

On April 15, 2020, the Federal Financial Institutions Examination Council (“FFIEC”) released updates to the Bank Secretary Act/Anti-Money Laundering (“BSA/AML”) examination manual (the “Manual”). As the FFIEC Interagency press release described, the Manual provides “instructions to examiners when assessing the adequacy of a bank’s BSA/AML compliance program.” The “release of the updated sections provides further transparency into the BSA/AML examination process and does not establish new requirements.” The press release further stated the revisions were made to, among other objectives, emphasize examiners should be “tailoring BSA/AML examination to a bank’s risk profile,” to “ensure language clearly distinguishes between mandatory regulatory requirements and supervisory expectations” for examiners, and to “incorporate regulatory changes since the last update of the Manual in 2014.”

The Federal Deposit Insurance Corporation (“FDIC”) also issued a press release regarding the updates. Its statement recognized “financial institutions are faced with uncertainty during this unprecedented time,” therefore the FDIC cautioned the update, “which supports tailored examination work, has been in process for an extended period and should not be interpreted as new instructions or as an augmented focus.”

The updates focus on four steps in the examination process:

  • Scoping and Planning
  • BSA/AML Risk Assessment
  • Assessing the BSA Compliance Program
  • Developing Conclusions and Finalizing the Examination

The updates emphasize examiners should take a “risk-focused” approach to tailor the review of a regulated institution’s BSA/AML compliance program, meaning the examination should be tailored to the risk profile of that specific institution.  The Manual updates incorporate guidance on more recent developments such as Customer Due Diligence (“CDD”) and Beneficial Ownership requirements and a recognition of innovations in collaborations among smaller institutions.  Importantly, the Manual reminds examiners that banks have flexibility in the design of their BSA/AML compliance programs, and that minor weaknesses, deficiencies, and technical violations alone do not indicate an inadequate program.
Continue Reading FFIEC BSA/AML Examination Manual Updates Reveal Exam Process and Expectations

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.

In this podcast, we examine two recent OCC

Regulatory Examination and Related Enforcement Also Highlights Perceived Risks of Banking Crypto Clients

The Department of the Treasury’s Office of the Comptroller of the Currency (“OCC”) recently issued a Consent Order against M.Y. Safra Bank arising from the bank’s decision to accept a variety of high-risk, Digital Asset Customers (“DACs”), allegedly without implementing the necessary Bank Secrecy Act (“BSA”) and Anti-Money Laundering (“AML”) controls. Although the OCC did not impose a monetary penalty against the bank, it demanded that the bank implement and maintain a remarkably broad array of potentially costly and extremely detailed measures to strengthen its AML program. And, notably, the OCC specifically tasked the bank’s Board of Directors with implementing, overseeing, and reporting on these measures.

We describe here the OCC’s examination into and requirements imposed on M.Y. Safra Bank. The Consent Order is a reminder to the boards and management of all financial institutions that if they pursue novel and higher-risk customers – certainly, a potentially defensible business plan in our increasingly competitive business environment – then they absolutely have to adjust accordingly their AML compliance program and accompanying transaction monitoring to compensate for such increased risk. This is particularly true when those new customers employ novel technologies or business products which require a particularized ability to understand and address from an AML perspective. New, creative business lines are not necessarily bad – so long as the implementation of the AML compliance program is adjusted appropriately to identify and manage the new risk.

The Consent Order also is a reminder that, as the BSA/AML Examination Manual of the Federal Financial Institutions Examination Council states, “[t]he board of directors, acting through senior management, is ultimately responsible for ensuring that the bank maintains an effective BSA/AML internal control structure,” and otherwise must create a culture of compliance.

This Consent Order and related OCC AML exam and enforcement issues – including the liability of not just institutions, but also the potential individual liability of AML in-house professionals – will be the topic of a forthcoming installment in Ballard Spahr’s Consumer Finance Monitor Podcast by the firm’s AML Team. Please stay tuned our podcast, and read on here.
Continue Reading OCC Action Highlights Increased Accountability Facing Boards of Directors

On October 1st, the Office of the Comptroller of the Currency (OCC) published the Fiscal Year 2020 Bank Supervision Operating Plan (“FY 2020 Plan”).

The FY 2020 Plan sets forth the OCC’s supervision priorities and objectives for the fiscal year beginning October 1, 2019 and ending September 30, 2020. The supervision priorities set forth align with the the OCC’s Strategic Plan, Fiscal Years 2019-2023.

The FY 2020 Plan facilitates the development of supervisory strategies for individual national banks, federal savings associations, federal branches, federal agencies, and technology services providers. OCC staff members use the plan to guide their supervisory priorities, planning, and resource allocations.
Continue Reading The OCC Releases Fiscal Year 2020 Bank Supervision Operation Plan

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.  Our podcast discusses the conduct for which financial

Second Post in a Two-Part Series

NYDFS Action Highlights the Need for Good Monitoring – and Good Consultants

In part one of this two-part post, we provided some practical tips for financial institutions to increase the chances that their Anti-Money Laundering (“AML”) programs will withstand regulators’ scrutiny, including: (1) promoting a culture of AML/Bank Secrecy Act (“BSA”) compliance; (2) focusing on transaction monitoring; (3) improving information sharing; (4) identifying and handling high-risk accounts appropriately; and (5) knowing your risks and continually improving your AML program to control those risks.

In this post we’ll discuss the consequences of potentially failing to heed these practical tips in a specific case: the New York Department of Financial Services’ (DFS) recent enforcement action against Mashreqbank. Further, we look forward to discussing all of these issues in an upcoming podcast in Ballard Spahr’s Consumer Financial Monitor Podcast series. So please continue to stay tuned.

Mashreqbank is the oldest and largest private bank in the United Arab Emirates. Its New York branch is Mashreqbank’s only location in the United States. It offers correspondent banking and trade finance services and provides U.S. dollar clearing services to clients located in Southeast Asia, the Middle East and Northern Africa. In 2016, the branch cleared more than 1.2 million USD transactions with an aggregate value of over $367 billion. In 2017, the branch cleared more than one million USD transactions with an aggregate value of over $350 billion.

The DFS enforcement action asserted that Mashreqbank’s AML/BSA program was deficient in a number of respects and that the New York branch had failed to remediate identified compliance issues. The enforcement action began with a DFS safety and soundness examine in 2016. In 2017, DFS and the Federal Reserve Bank of New York (FRBNY) conducted a joint safety and soundness examination. DFS provided a report of its findings to which Mashreqbank submitted a response.

In a consent order signed on October 10, 2018, Mashreqbank admitted violations of New York laws and accepted a significant monetary penalty and increased oversight for deficiencies in its AML/BSA and Office of Foreign Assets Control (OFAC) programs. Regulators pursued the enforcement action despite the New York branch’s strong cooperation and demonstrated commitment to building an effective and sustainable compliance program. Among other things, Mashreqbank agreed to pay a $40 million fine; to hire a third-party compliance consultant to oversee and address deficiencies in the branch’s compliance function including compliance with AML/BSA requirements; and to develop written revised AML/BSA and OFAC compliance programs acceptable to DFS.

The DFS and FRBNY examination findings demonstrate Mashreqbank’s failure to follow the practical tips identified in part one of this post. Specifically, the regulators found that Mashreqbank failed to: (1) have appropriate transition monitoring; (2) identify and handle high-risk accounts appropriately; and (3) know its risk and improve its AML program to control those risks.

Further, and as our discussion will reflect, the Mashreqbank enforcement action is also notable in two other respects. First, the alleged AML failures pertain entirely to process and the general adequacy of the bank’s AML program – whereas the vast majority of other AML/BSA enforcement actions likewise discuss system failures, they usually also point to specific substantive violations, such as the failure to file Suspicious Activity Reports (“SARs”) regarding a particular customer or set of transactions. Second, although the use of external consultants usually represents a mitigating factor or even a potential reliance defense to financial institution defendants, the DFS turned what is typically a defense shield into a government sword and instead criticized Mashreqbank for using outside consultants who, according to DFS, were just not very rigorous. This alleged use of consultants performing superficial analysis became part of the allegations of affirmative violations against the bank, thereby underscoring how financial institutions must ensure that their AML/BSA auditors or other consultants are experienced, competent, and performing meaningful testing, particularly when addressing issues previously identified by regulators.
Continue Reading Practical Tips in Action: The Mashreqbank AML Enforcement Action

First Post in a Two-Part Series

How do financial institutions get in trouble with their regulators? Recent AML enforcement actions suggest that the following two failures are at the heart of most of these actions: (1) inadequately identifying, monitoring and/or reporting suspicious activity; and (2) failing to implement adequate internal controls. And these same issues crop up year after year.

In this post, we’ll discuss these failures and their root causes and provide practical tips for ensuring that your AML program will withstand the scrutiny of regulators. In our next post, we will discuss how these practical tips apply in a specific AML enforcement action: the recent consent order between the New York Department of Financial Services and Mashreqbank.  Further, we look forward to discussing all of these issues in an upcoming podcast in Ballard Spahr’s Consumer Financial Monitor Podcast series.  So please stay tuned.

The U.S. financial institutions that recently found themselves in the government’s crosshairs allegedly engaged in the following behavior:

  • Failing to investigate alerts on high-risk accounts where those accounts had been investigated previously, even when the new suspicious activity to which the bank had been alerted differed from the activity that it previously had investigated.
  • Having a policy of not investigating or filing SARs on cash withdrawals from branches near the Mexican border if the customer said they were withdrawing cash in the U.S., rather than carrying cash into the U.S. from Mexico, in order to avoid having to file a Report of International Transportation of Currency or Monetary Instruments (CMIR).
  • Capping the number of alerts from its transaction monitoring systems based on the number of staff available to review the alerts rather than on the risks posed by the transactions (and lying to regulators about it).
  • Failing to report the suspicious activities of a longtime customer despite having been warned that the customer was laundering the proceeds of an illegal and fraudulent scheme through accounts at the bank.
  • Failing to conduct necessary due diligence on foreign correspondent accounts.
  • A brokerage company failing to file SARs on transactions that showed signs of market manipulation.
  • A MSB’s failing to implement proper controls and discipline crooked agents because those agents were so profitable for the MSB, thereby enabling illegal schemes such as money laundering.

Although the behavior of these financial institutions may differ, the root causes of their failures do not. They include the following:

  • An inadequate, ineffective or non-existent risk assessment.
  • Elevating the business line over the compliance function.
  • Offering products or using new technologies without adequate controls in place.
  • Compliance programs that are not commensurate with the risks, often due to under investment in AML technology or other resources and/or lack of awareness of AML risks or controls.
  • Corporate silos, both human and technological, that prevent or hinder information sharing.
  • Insufficient screening of parties and relationships and lack of effective processes and controls around EDD.

So how can you ensure that your AML program is adequate? Here are some practical tips.
Continue Reading Practical Tips for Ensuring Your AML Program Withstands the Scrutiny of Regulators

The Treasury Inspector General for Tax Administration, or TIGTA, issued last month a Report, entitled The Internal Revenue Service’s Bank Secrecy Act Program Has Minimal Impact on Compliance, which sets forth a decidedly dim view of the utility and effectiveness of the current Bank Secrecy Act (“BSA”) compliance efforts by the Internal Revenue Service (“IRS”).  The primary conclusions of the detailed Report are that (i) referrals by the IRS to the Financial Crimes Enforcement Network (“FinCEN”) for potential Title 31 penalty cases suffer lengthy delays and have little impact on BSA compliance; (ii) the IRS BSA Program spent approximately $97 million to assess approximately $39 million in penalties for Fiscal Years (FYs) 2014 to 2016; and (iii) although referrals regarding BSA violations were made to IRS Criminal Investigation (“IRS CI”), most investigations were declined and very few ultimately were accepted by the Department of Justice for prosecution.

Arguably, the most striking claim by the Report is that “Title 31 compliance reviews [by the IRS] have minimal impact on Bank Secrecy Act compliance because negligent violation penalties are not assessed.”

A primary take-away from the Report is that an examination program lacking actual enforcement power is, unsurprisingly, not very effective.  The Report also highlights some potential problems which beset the IRS BSA Program, which include lack of staffing, lack of planning and coordination, and delay. Although the Report’s findings clearly suggest that what the IRS BSA Program really needs are resources and enhanced enforcement power, the repeated allusions in the Report to a certain purposelessness of the current BSA examination regime nonetheless might help fuel the current debate regarding possible AML/BSA reform, with an eye towards curbing regulatory burden.

The Report made five specific recommendations to the IRS for remedial steps. We will focus on four of those recommendations, and the findings upon which they rest:

  • Coordinate with FINCEN on the authority to assert Title 31 penalties, or reprioritize BSA Program resources to more productive work;
  • Leverage the BSA Program’s Title 31 authority and annual examination planning in the development of the IRS’s virtual currency strategy;
  • Evaluate the effectiveness of the newly implemented review procedures for FinCEN referrals; and
  • Improve the process for referrals to IRS CI.


Continue Reading U.S. Treasury Report: IRS BSA Program “Has Minimal Impact on Compliance”