Federal Deposit Insurance Corporation

On September 29, the Financial Crimes Enforcement Network (“FinCEN”) entered into a consent order with Shinhan Bank America (“SHBA”), which imposed a $15 million dollar civil penalty against SHBA for allegedly willfully failing to implement and maintain an AML program that meets the minimum requirements of the Bank Secrecy Act (“BSA”), and for allegedly willfully failing to accurately and timely report suspicious transactions to FinCEN.

In its press release, FinCEN noted that, as a result of SHBA’s inactions, “tens of millions of dollars in suspicious transactions were not reported to FinCEN in a timely manner, including transactions connected to tax evasion, public corruption, money laundering, and other financial crimes.”

Working in collaboration with FinCEN, the FDIC also separately issued a civil penalty against SHBA in the amount of $5 million dollars – which FinCEN will credit toward its own fine, leaving an amount owed of $10 million dollars – and the NYDFS also issued a stand-alone civil penalty in the amount of $10 million dollars.

As we will discuss, this enforcement action involves several typical allegations by the government, including an alleged failure to file required SARs, prior regulatory problems, and insufficient AML compliance staffing and funding.

Continue Reading  FinCEN Issues $15 Million Dollar Civil Penalty Against Shinhan Bank America for Alleged Failure to Implement and Maintain Effective AML Compliance Program

The Federal Reserve, FDIC, and OCC have released final interagency guidance for their respective supervised banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.  The guidance is intended to provide principles for effective third-party risk management for all  types of third-party relationships, regardless of how they may be structured.  At the same time, the agencies state that banking organizations have flexibility in their approach to assessing the risks posed by each third- party relationship and deciding the relevance of the considerations discussed in the final guidance

The final guidance rescinds and replaces each agency’s previously-issued guidance on risk management practices for third-party relationships.  In their July 2021 proposal, the agencies had included as an appendix FAQs issued by the OCC to supplement the OCC’s existing 2013 third-party risk management guidance.  The proposed guidance included the revised FAQs as an exhibit and the agencies sought comment on the extent to which the concepts discussed in the FAQs should be incorporated into the final guidance.  In their discussion of the final guidance, the agencies identify which concepts from the FAQs have been incorporated into the final guidance.

Continue Reading  Federal Banking Agencies Issue Final Interagency Guidance on Risk Management in Third-Party Relationships

A group of five Democratic Senators have sent a letter to the Federal Reserve, OCC, FDIC, and NCUA asking them to take several steps to protect consumers from scams when using Zelle to transfer money.

The Senators ask the four agencies “to closely review and examine the customer reimbursement and anti-money laundering (AML) practices of depository institutions that participate in the Zelle network.” They also ask the Federal Reserve and OCC “to examine Early Warning Services, Inc. (EWS), which operates the Zelle network, on an ongoing basis and for the four agencies “to coordinate their supervisory approach with the Consumer Financial Protection Bureau.”  The Senators note that the agencies have authority to supervise the banks that own and operate Zelle and the participating depository institutions for compliance “with key consumer protection and AML laws, including the Electronic Fund Transfer Act (EFTA) and the Bank Secrecy Act (BSA).”

Continue Reading  Democratic Senators Send Letter to Federal Banking Agencies Raising Concerns About Fraudulent Transactions

The Federal Reserve Board, Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency have issued a joint statement on crypto-asset risks to banking organizations.  The term “crypto-asset” refers to any digital asset implemented using cryptographic techniques.

The statement begins with the agencies’ observations that “[t]he events of the past year have

On July 6, the Financial Crimes Enforcement Network (“FinCEN”), The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively, “the Agencies”) issued a Joint Statement to “remind” banks that they, of course, should apply a risk-based approach to assessing customer relationships and conducting customer due diligence (“CDD”).

The Joint Statement appears to echo FinCEN’s June 22 Statement on Bank Secrecy Act Due Diligence for Independent ATM Owners or Operators (“ATM Statement”), in which FinCEN also “reminded” banks that “that not all independent ATM owner or operator customers pose the same level of money laundering, terrorist financing (ML/TF), or other illicit financial activity risk, and not all independent ATM owner or operator customers are automatically higher risk.”

Combined – and although generally worded – these publications appear to urge financial institutions (“FIs”) to not pursue broadly-applied “de-risking” strategies.  De-risking is the term for a FI’s decision to terminate a business relationship, or refuse to do business, with a type of customer because that type is associated with a perceived heightened risk of involvement in money laundering or terrorist financing.  Indeed, both new publications caution FIs against turning away potential customers, or closing the accounts of existing customers, on the basis of general customer types.  However, regulators themselves have been criticized for encouraging de-risking by driving highly risk-adverse decisions by FIs, who are unwilling to take the chance and assume the compliance costs of doing business with specific customers who may in fact be “legitimate,” but whose risk profile is deemed to be high due to their group affiliation.  Some front-line regulatory BSA/AML examiners arguably may review a FI’s compliance in a narrow and check-the-box manner versus a more holistic approach, and will not truly value broader societal and equity issues such as the need for equal access to the global financial system, particularly by certain industries and persons living in less-developed countries.  Accordingly, although these new publications are welcome, it might have been better if they had been more explicit – particularly because it is arguably ironic for regulators to be chiding FIs for conforming to de-risking behavior that regulators themselves have encouraged.

Continue Reading  FinCEN and Federal Functional Regulators Issue Coded Warnings Against De-Risking

As anticipated, the Office of the Comptroller of the Currency, the Federal Reserve Board, and the FDIC recently approved and released the Final Rule Requiring Computer-Security Incident Notification (“Final Rule”).  The Final Rule is designed to promote early awareness and stop computer security incidents before they become systemic.  It places new reporting requirements on both

Agencies Issue “Crypto Asset Roadmap” for 2022 Guidance, and OCC Confirms Prior Interpretive Letters on Crypto – So Long as Supervisory Regulators Do Not Object

The Board of Governors of the Federal Reserve System (“Federal Reserve”), the Federal Deposit Insurance Corporation (“FDIC”) and the Office of the Comptroller of the Currency (“OCC”) (collectively, the “Agencies”) issued on November 23 a short Joint Statement on Crypto-Asset Policy Sprint Initiative and Next Steps (“Joint Statement”), which announced – without further concrete detail – that they had assembled a “crypto asset roadmap” in order to provide greater clarity in 2022 to banks on the permissibility of certain crypto-asset activities.  Only the week before, the Chief Counsel for the OCC issued Interpretive Letter #1179, which confirmed that a bank could engage in certain cryptocurrency, distributed ledger and stablecoin activities – consistent with prior OCC letters – so long as a bank shows that it has sufficient controls in place, and first obtains written notice of “non objection” by its supervisory office.  This post will discuss both publications.

There is great overlap between the bank activities referenced in the Joint Statement and Interpretive Letter #1179.  The 2022 clarity promised by the “roadmap” presumably will supersede, once issued, Interpretive Letter #1179, which appears to function as a general stop-gap until the 2022 publications hopefully provide more detail regarding exactly how banks can attain compliance.

Federal banking regulators have been busy in this space.  These pronouncements come closely on the heels of a Report on Stablecoins issued earlier in November by the Agencies and the U.S. President’s Working Group on Financial Markets, which delineated perceived risks associated with the increased use of stablecoins and highlighted three concerns: risks to rules governing anti-money laundering (“AML”) compliance, risks to market integrity, and general prudential risks.
Continue Reading  Federal Bank Regulators Focus on Crypto Assets and Blockchain Activities

Travel Rule and Beneficiary Information Continues to Challenge Virtual Asset Service Providers

In late October, the Financial Action Task Force issued its long-awaited updated guidance on Virtual Assets and Virtual Asset Service Providers (“FATF Guidance”), an extremely lengthy and detailed document setting forth how virtual asset service providers (“VASPs”) and related virtual asset activities fall within the scope of FATF standards for anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”).  The FATF Guidance is important to VASPs worldwide, as well as the more traditional financial institutions (“FIs”) doing business with them.  Because of its great breadth, we focus here only on its comments regarding implementation of the so-called “Travel Rule” for virtual assets.  This portion of the FATF Guidance is particularly relevant to the U.S. because, as we have blogged, the Financial Crimes Enforcement Network (“FinCEN”) proposed regulations in 2020 – still pending – which would change the Travel Rule by lowering the monetary threshold for FIs from $3,000 to $250 for collecting, retaining, and transmitting information related to international funds transfers, and explicitly would make the Travel Rule apply to transfers involving convertible virtual currencies.

The FATF Guidance has additional relevance to U.S. VASPs and FIs because, this month, the U.S. President’s Working Group on Financial Markets (“PWG”), the Federal Deposit Insurance Corporation (“FDIC”), and the Office of the Comptroller (“OCC”) (together, “the U.S. Agencies”) issued a Report on Stablecoins (the “Report”).  Stablecoins are digital assets designed to maintain stable value as related to other reference assets, such as the U.S. Dollar.  In the Report, the U.S. Agencies delineate perceived risks associated with the increased use of stablecoins and highlight three types of concerns: risks to rules governing AML compliance, risks to market integrity, and general prudential risks.  We of course will focus here on the Report’s discussion of AML risks, particularly because it repeatedly invokes the FATF Guidance, thereby illustrating the increasing efforts by governments to seek a global and relatively coordinated approach to addressing AML/CFT concerns regarding virtual assets.
Continue Reading  Global Developments in AML and Virtual Assets:  FATF Guidance and the Travel Rule, and U.S. Pronouncements on Stablecoins

The OCC, FDIC, and Federal Reserve Board have issued a guide that is intended to assist community banks in conducting due diligence when considering relationships with financial technology (fintech) companies (Guide).

The issuance of the Guide follows the agencies’ July 2021 release of proposed interagency guidance for banking organizations on managing risks associated with third-party

U.S. Federal Reserve Building

The Federal Reserve, FDIC, and OCC released on July 13, 2021 proposed guidance for banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.  The proposal is the first time that the three agencies have proposed third-party