Federal Deposit Insurance Corporation

Subscribe to Federal Deposit Insurance Corporation

On July 6, the Financial Crimes Enforcement Network (“FinCEN”), The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively, “the Agencies”) issued a Joint Statement to “remind” banks that they, of course, should apply a risk-based approach to assessing customer relationships and conducting customer due diligence (“CDD”).

The Joint Statement appears to echo FinCEN’s June 22 Statement on Bank Secrecy Act Due Diligence for Independent ATM Owners or Operators (“ATM Statement”), in which FinCEN also “reminded” banks that “that not all independent ATM owner or operator customers pose the same level of money laundering, terrorist financing (ML/TF), or other illicit financial activity risk, and not all independent ATM owner or operator customers are automatically higher risk.”

Combined – and although generally worded – these publications appear to urge financial institutions (“FIs”) to not pursue broadly-applied “de-risking” strategies.  De-risking is the term for a FI’s decision to terminate a business relationship, or refuse to do business, with a type of customer because that type is associated with a perceived heightened risk of involvement in money laundering or terrorist financing.  Indeed, both new publications caution FIs against turning away potential customers, or closing the accounts of existing customers, on the basis of general customer types.  However, regulators themselves have been criticized for encouraging de-risking by driving highly risk-adverse decisions by FIs, who are unwilling to take the chance and assume the compliance costs of doing business with specific customers who may in fact be “legitimate,” but whose risk profile is deemed to be high due to their group affiliation.  Some front-line regulatory BSA/AML examiners arguably may review a FI’s compliance in a narrow and check-the-box manner versus a more holistic approach, and will not truly value broader societal and equity issues such as the need for equal access to the global financial system, particularly by certain industries and persons living in less-developed countries.  Accordingly, although these new publications are welcome, it might have been better if they had been more explicit – particularly because it is arguably ironic for regulators to be chiding FIs for conforming to de-risking behavior that regulators themselves have encouraged.

Continue Reading  FinCEN and Federal Functional Regulators Issue Coded Warnings Against De-Risking

As anticipated, the Office of the Comptroller of the Currency, the Federal Reserve Board, and the FDIC recently approved and released the Final Rule Requiring Computer-Security Incident Notification (“Final Rule”).  The Final Rule is designed to promote early awareness and stop computer security incidents before they become systemic.  It places new reporting requirements on both

Agencies Issue “Crypto Asset Roadmap” for 2022 Guidance, and OCC Confirms Prior Interpretive Letters on Crypto – So Long as Supervisory Regulators Do Not Object

The Board of Governors of the Federal Reserve System (“Federal Reserve”), the Federal Deposit Insurance Corporation (“FDIC”) and the Office of the Comptroller of the Currency (“OCC”) (collectively, the “Agencies”) issued on November 23 a short Joint Statement on Crypto-Asset Policy Sprint Initiative and Next Steps (“Joint Statement”), which announced – without further concrete detail – that they had assembled a “crypto asset roadmap” in order to provide greater clarity in 2022 to banks on the permissibility of certain crypto-asset activities.  Only the week before, the Chief Counsel for the OCC issued Interpretive Letter #1179, which confirmed that a bank could engage in certain cryptocurrency, distributed ledger and stablecoin activities – consistent with prior OCC letters – so long as a bank shows that it has sufficient controls in place, and first obtains written notice of “non objection” by its supervisory office.  This post will discuss both publications.

There is great overlap between the bank activities referenced in the Joint Statement and Interpretive Letter #1179.  The 2022 clarity promised by the “roadmap” presumably will supersede, once issued, Interpretive Letter #1179, which appears to function as a general stop-gap until the 2022 publications hopefully provide more detail regarding exactly how banks can attain compliance.

Federal banking regulators have been busy in this space.  These pronouncements come closely on the heels of a Report on Stablecoins issued earlier in November by the Agencies and the U.S. President’s Working Group on Financial Markets, which delineated perceived risks associated with the increased use of stablecoins and highlighted three concerns: risks to rules governing anti-money laundering (“AML”) compliance, risks to market integrity, and general prudential risks.
Continue Reading  Federal Bank Regulators Focus on Crypto Assets and Blockchain Activities

Travel Rule and Beneficiary Information Continues to Challenge Virtual Asset Service Providers

In late October, the Financial Action Task Force issued its long-awaited updated guidance on Virtual Assets and Virtual Asset Service Providers (“FATF Guidance”), an extremely lengthy and detailed document setting forth how virtual asset service providers (“VASPs”) and related virtual asset activities fall within the scope of FATF standards for anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”).  The FATF Guidance is important to VASPs worldwide, as well as the more traditional financial institutions (“FIs”) doing business with them.  Because of its great breadth, we focus here only on its comments regarding implementation of the so-called “Travel Rule” for virtual assets.  This portion of the FATF Guidance is particularly relevant to the U.S. because, as we have blogged, the Financial Crimes Enforcement Network (“FinCEN”) proposed regulations in 2020 – still pending – which would change the Travel Rule by lowering the monetary threshold for FIs from $3,000 to $250 for collecting, retaining, and transmitting information related to international funds transfers, and explicitly would make the Travel Rule apply to transfers involving convertible virtual currencies.

The FATF Guidance has additional relevance to U.S. VASPs and FIs because, this month, the U.S. President’s Working Group on Financial Markets (“PWG”), the Federal Deposit Insurance Corporation (“FDIC”), and the Office of the Comptroller (“OCC”) (together, “the U.S. Agencies”) issued a Report on Stablecoins (the “Report”).  Stablecoins are digital assets designed to maintain stable value as related to other reference assets, such as the U.S. Dollar.  In the Report, the U.S. Agencies delineate perceived risks associated with the increased use of stablecoins and highlight three types of concerns: risks to rules governing AML compliance, risks to market integrity, and general prudential risks.  We of course will focus here on the Report’s discussion of AML risks, particularly because it repeatedly invokes the FATF Guidance, thereby illustrating the increasing efforts by governments to seek a global and relatively coordinated approach to addressing AML/CFT concerns regarding virtual assets.
Continue Reading  Global Developments in AML and Virtual Assets:  FATF Guidance and the Travel Rule, and U.S. Pronouncements on Stablecoins

The OCC, FDIC, and Federal Reserve Board have issued a guide that is intended to assist community banks in conducting due diligence when considering relationships with financial technology (fintech) companies (Guide).

The issuance of the Guide follows the agencies’ July 2021 release of proposed interagency guidance for banking organizations on managing risks associated with third-party

U.S. Federal Reserve Building

The Federal Reserve, FDIC, and OCC released on July 13, 2021 proposed guidance for banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.  The proposal is the first time that the three agencies have proposed third-party

On April 12, 2021, the Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Board”), the Federal Deposit Insurance Corporation (“FDIC”), the National Credit Union Administration (“NCUA”) and the Financial Crimes Enforcement Network (“FinCEN”) issued a Request for Information (“RFI”) requesting comment on the extent to which the agencies’ previous guidance on model risk management supports banks’ compliance with Bank Secrecy Act (“BSA) and Anti-Money Laundering (“AML”) regulations and Office of Foreign Asset Control (“OFAC”) requirements.

The RFI asks for comments from interested parties on suggested changes to guidance or regulations, and whether aspects of the agencies’ approaches to BSA/AML and OFAC compliance are either working well, or could be improved.  The agencies explained that the reason for the RFI is to further understand current bank practices, and determine whether additional explanation or clarification of their guidance may be helpful.  Although the genesis of the RFI is not entirely clear, it appears that it was issued in response to certain financial institution inquiries or comments regarding how the maintenance of their BSA/AML compliance programs should incorporate principles set forth in earlier, more general regulatory guidance on model risk management for banks, which we describe below.  Further, the RFI has not occurred in a vacuum, but rather has appeared in the midst of a major, ongoing overhaul of the BSA/AML legislative, regulatory and enforcement regime.  Comments to the RFI must be received by June 11, 2021.
Continue Reading  Risk Management: Agencies Issue Request for Information on Intersection of Model Risk Management Guidance and BSA/AML Compliance

SARs Do Not Need to Be Filed At the First Sign of Potential Problems

Honoring “Keep Open” Letters from Law Enforcement Should Not Lead to Criticism

On January 19, 2021, the Financial Crimes Enforcement Network (FinCEN), along with the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, and the National Credit Union Administration jointly published Answers to Frequently Asked Questions Regarding Suspicious Activity Reporting and Other Anti-Money Laundering Considerations.  The agencies provided answers to certain frequently asked questions (FAQs) in an effort to (1) clarify for financial institutions the regulatory requirements related to Suspicious Activity Reports (SARs) that they must comply with; and (2) help financial institutions focus their resources on Bank Secrecy Act (BSA) reporting activities that provide the most value to law enforcement.

The banking agencies developed these FAQs in response to recommendations made by the Bank Secrecy Act Advisory Group, which are detailed in FinCEN’s Advance Notice of Proposed Rulemaking on Anti-Money Laundering Program Effectiveness published in September 2020.  Notably, the FAQs do not change existing legal obligations or create new regulatory requirements.  Instead, they address several questions that have emerged among anti-money laundering compliance personnel.  Generally, they are helpful and make clear that a decision to file a SAR in a particular case is driven by specific circumstances and good judgment, rather than a rigid “check the box” mentality.
Continue Reading  FinCEN and Other Federal Banking Agencies Provide Much-Needed Guidance on Suspicious Activity Reports

On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require supervised banking organizations to provide notification of significant computer security incidents to their primary federal regulator.  Under the proposed rule, for incidents

On November 3rd, voters in Arizona, New Jersey, South Dakota, Montana, and Mississippi passed ballot measures to bring legal cannabis to each of their states. It’s not every year that we see states from opposite ends of the political spectrum agree on something with such vigor. In fact, loosening the laws surrounding cannabis—be it medical use, recreational use, or farming of hemp products—has consistently been one of the only areas receiving bipartisan support in a country divided on almost everything else.

The passage of these ballot measures means that the cannabis industry will generate even more revenue. Despite the massive dollar amounts currently associated with the cannabis industry, reliable banking services remain elusive, due to federal drug and money laundering laws and the Bank Secrecy Act (“BSA”). This post will summarize the recent cannabis legislation, and recap the main roadblocks facing the industry (and financial institutions) from a financial compliance perspective.
Continue Reading  The State of Cannabis Affairs: New Legislation and a Regulatory Recap