The Federal Reserve Bank of Philadelphia (the “Philly Fed”) recently executed an agreement (the “Agreement”) with Pennsylvania-based Customers Bank (and its Customers Bancorp, Inc. holding entity) (collectively, “Customers”).  According to the Agreement, “the most recent examinations and inspections” of Customers by the Philly Fed identified “significant deficiencies” related to the bank’s risk management practices, Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) compliance, and regulations issued by the Office of Foreign Assets Control (“OFAC”).  

The source of these alleged deficiencies is alluded to by the Agreement, which immediately highlights two “digital assets-friendly” elements of Customers’ business model:

  • Customers’ “digital asset strategy”, i.e., “offering banking services to digital asset customers”; and, relatedly,
  • Customers’ facilitation of “dollar token activities,” which refers to the bank’s operation of an “instant payments platform” that allows the bank’s commercial clients “to make tokenized payments over a distributed ledger technology system” – though only to other Customers’ commercial clients.

The Agreement calls for Customers to submit a number of plans to the Philly Fed by October 5, 2024, several of which explicitly require the Philly Fed’s approval.

Continue Reading  Bank’s Digital Assets Business Strategy Draws Federal Reserve Scrutiny

The federal banking regulators (The Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation) issued on July 25 a lengthy joint statement outlining the potential risks that financial institutions face in arrangements with third parties to deliver bank deposit products and services. 

The federal banking agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively the “Agencies”), issued a notice of proposed rulemaking (“Agencies’ NPRM”) to modernize financial institutions’ anti-money laundering and countering terrorist financing (“AML/CFT”) programs. The Agencies’ NPRM is consistent with FinCEN’s recent AML/CFT modernization proposal (“FinCEN’s NPRM”), on which we blogged here.

The Agencies’ NPRM does not substantively depart from FinCEN’s NPRM and requires the same program requirements. Although the Anti-Money Laundering Act (“AML Act”) did not require the Agencies to amend their regulations, the Agencies’ goal is to maintain consistent program requirements. The NPRM states that financial institutions will not be subject to any additional burdens in complying with differing standards between FinCEN and the Agencies.   

Continue Reading  Federal Banking Agencies Issue NPRM Consistent with FinCEN’s AML/CFT Modernization Proposal

Opinion Can Invite New Challenges to Long-Standing BSA/AML Regulations

On July 1, 2024, the Supreme Court issued its opinion in Corner Post, Inc. v Board of Governors of the Federal Reserve System in which the Court determined when a Section 702 claim under the Administrative Procedure Act (APA) to challenge a final agency action first accrues. In a 6-3 Opinion, the Supreme Court sided with Corner Post in holding that a right of action first accrues when the plaintiff has the right to assert it in court—and in the case of the APA, that is when the plaintiff is injured by final agency action.

This ruling could open the litigation floodgates for industry newcomers to challenge longstanding agency rules. These APA challenges will be further aided by the Supreme Court’s recent overruling of Chevron deference, giving the courts the power to interpret statutes without deferring to the agency’s interpretation.

This development is relevant to potential challenges to anti-money laundering (“AML”) regulations promulgated under the Bank Secrecy Act (“BSA”) or other statutory schemes by the Financial Crimes Enforcement Network, the federal functional regulators, the Securities Exchange Commission, and FINRA. Many BSA/AML regulations were promulgated many years ago. Historically, litigation challenges to BSA/AML regulations have been rare. Given the combined effect of recent rulings by the Supreme Court, that could change.

Continue Reading  Supreme Court Opens Door to More APA Challenges by Ruling that Right of Action Accrues When Regulation First Causes Injury

On May 3, 2024, the Board of Governors of the Federal Reserve System (the “Federal Reserve”), the Federal Deposit Insurance Corporation (“FDIC”), and the Office of the Comptroller of the Currency (“OCC”) jointly released the “Third-Party Risk Management: A Guide for Community Banks” (the “Guide”), presenting it as a resource for community banks to bolster their third-party risk management programs, policies, and practices.

The Guide serves as a companion to the Interagency Guidance on Third-Party Relationship: Risk Management issued in June 2023 (on which we blogged, here).  It also relates to the OCC’s Fall 2023 Semiannual Risk Perspective, which emphasizes the need for banks to maintain prudent risk management practices – including practices tailored to address Bank Secrecy Act (“BSA”)/Anti-Money Laundering (“AML”) compliance risks with respect to fintech relationships.

The Guide acknowledges the widespread collaborations between community banks and third-party entities, and recognizes the strategic importance for such partnerships to improve competitiveness and adaptability. These collaborations provide community banks with access to a diverse array of resources, such as new technologies, risk management tools, skilled personnel, delivery channels, products, services, and market opportunities.

However, the Guide underscores that reliance on third parties entails a loss of direct operational control, thereby exposing community banks to a spectrum of risks.  Banks are still accountable for executing all activities in compliance with applicable laws and regulations.  “These laws and regulations include . . . those designed to protect consumers (such as fair lending laws and prohibitions against unfair, deceptive, or abusive acts or practices) and those addressing financial crimes (such as fraud and money laundering).”  Accordingly, the Guide emphasizes that the engagement of third parties does not absolve a bank of its responsibility to operate in a safe and sound manner and to comply with regulatory requirements, “just as if the bank were to perform the service or activity itself.”  The Guide sets forth this concept in bold, on the first page. 

The Guide’s emphasis on governance practices highlights the critical role of oversight, accountability, and documentation in ensuring regulatory compliance and safeguarding the interests of both banks and their customers.   Although the Guide styles itself as offering a framework tailored to the specific needs and challenges faced by community banks, it also offers direction to all financial institutions in regards to effective third-party risk management. 

Continue Reading  Federal Banking Agencies Issue Guide to Third-Party Risk Management Practices for Community Banks

Components of the U.S. Federal Reserve System recently prevailed in two lawsuits in which both plaintiffs – Custodia Bank and PayServices Bank – alleged the defendants were required to grant the plaintiffs’ master account requests and wrongfully denied them master accounts.  Both the United States District Court for the District of Wyoming and the United States District Court for the District of Idaho rejected these claims and instead ruled as a matter of law that the respective regional Federal Reserve Banks had discretion to deny the plaintiffs’ requests for a master account. 

Putting aside very extreme instances, these recent decisions further confirm that the Federal Reserve System appears to have near unfettered discretion in determining which banks can receive a master account.  Although these court rulings turn primarily on statutory interpretation issues and broad legal principles, these rulings will have particular practical consequences for financial institutions looking to serve niche industries – such as cryptocurrency and cannabis – which regulators perceive as presenting higher risks in regard to anti-money laundering, sanctions, safety and soundness and other regulatory concerns.

Continue Reading  Districts of Wyoming and Idaho Affirm Broad Fed Powers over Master Accounts

On March 28, 2024, the Financial Crimes Enforcement Network (FinCEN), in consultation with the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Board of Governors of the Federal Reserve System, issued a request for information (RFI).

The RFI seeks information and comment regarding the

Recently, the Industrial and Commercial Bank of China Ltd. (“ICBC”) entered into two consent orders. The first consent order is with the New York State Department of Financial Services (the “NYDFS”) for alleged deficiencies in the bank’s Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) and Office of Foreign Assets Control (“OFAC”) compliance screening programs over the past several examination cycles, as well as alleged violations of sharing confidential supervisory information. As we will discuss, the NYDFS consent order finds that ICBC violated New York banking law by backdating internal certifications – not themselves required by statute or regulation – and then not immediately disclosing these “false entries” to the NYDFS.

ICBC also entered into an Order to Cease and Desist (“C&D Order”) with the Board of Governors of the Federal Reserve (the “Federal Reserve”) for the alleged improper disclosure of confidential supervisory information, or CSI.  Generally, CSI is information relating to a regulatory examination or investigation, which cannot be disclosed without the agreement of the financial institution’s examining regulator – which here, of course, is the Federal Reserve.  As noted above, the NYDFS consent order also contains allegations of improper disclosure of CSI, which is also protected as confidential under New York banking law.  Ironically, the alleged disclosure of CSI was to the bank’s foreign regulator.

This is not the first time ICBC has had issues involving alleged BSA/AML deficiencies. In 2018, ICBC entered into a consent Cease and Desist Order with the Federal Reserve for similar BSA/AML deficiencies at its New York branch, about which we blogged here. Despite ICBC’s noted efforts in enhancing BSA/AML and OFAC compliance programs and promptly reporting the unauthorized disclosure of confidential supervisory information to the regulators, the bank was subjected to a $30 million civil money penalty from the NYDFS and another $2.4 million civil money penalty from the Federal Reserve.

Continue Reading  ICBC Agrees to Two Consent Orders for Alleged BSA/AML Deficiencies and Disclosure of Confidential Supervisory Information

Farewell to 2023, and welcome 2024.  As we do every year, let’s look back.

We highlight 10 of our most-read blog posts from 2023, which address many of the key issues we’ve examined during the past year: criminal money laundering enforcement; compliance risks with third-party fintech relationships; the scope of authority of bank regulators; sanctions

The United States District Court for the Southern District of New York (the “Court”) has issued a detailed and complicated Order in the case Banco San Juan Internacional, Inc. v. Fed. Reserve Bank of New York, denying a motion for preliminary injunction by Banco San Juan Internacional, Inc. (“BSJI”), a Puerto Rican bank entity, against the Federal Reserve Bank of New York (the “FRBNY”) and the Board of Governors of the Federal Reserve System (the “Board”).

The case arose out of the FRBNY’s decision to close BSJI’s master account for alleged deficiencies in its anti-money laundering (“AML”) system, which thereby posed systemic risk. The Court held, amongst other rulings, that there is no statutory right to a so-called “master account” with a federal reserve bank.

After the Court filed its Order on October 27, BSJI filed its appeal on October 30, and requested an emergency stay pending appeal and an expedited appeal. On November 9, 2023, the United States Court of Appeals for the Second Circuit referred BSJI’s motion for a stay pending appeal and to expedite to a three-judge motions panel and denied the request for a stay pending appeal.

As we have blogged, and generalizing greatly, having a master account allows financial institutions to operate in the normal course as a custodial bank in the U.S. Having a master account is therefore critical to any institution looking to operate in the U.S. financial system. Accordingly, the FRBNY’s decision, and the Court’s Order, in effect prevent BSJI from operating.

Although some of the background allegations are eye-catching, the Order makes broad legal pronouncements, many of which are not necessarily tied to the alleged facts. The Order therefore emphasizes the significant and unilateral powers of a federal reserve bank, and its discretion to provide or deny master accounts going forward. These powers apply to all financial institutions and require financial institutions to take a serious approach in meeting their AML obligations under the BSA as well as regulator remediation and recommendations regarding the same.  This matter also illustrates how a financial institution can resolve an enforcement action with the Department of Justice, only to find itself still facing an existential threat posed by a regulator for the same underlying activity. 

Continue Reading  SDNY Court Finds Broad Fed Powers Over Master Accounts in Puerto Rican Bank Case Involving AML Concerns