On July 6, the Financial Crimes Enforcement Network (“FinCEN”), The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively, “the Agencies”) issued a Joint Statement to “remind” banks that they, of course, should apply a risk-based approach to assessing customer relationships and conducting customer due diligence (“CDD”).

The Joint Statement appears to echo FinCEN’s June 22 Statement on Bank Secrecy Act Due Diligence for Independent ATM Owners or Operators (“ATM Statement”), in which FinCEN also “reminded” banks that “that not all independent ATM owner or operator customers pose the same level of money laundering, terrorist financing (ML/TF), or other illicit financial activity risk, and not all independent ATM owner or operator customers are automatically higher risk.”

Combined – and although generally worded – these publications appear to urge financial institutions (“FIs”) to not pursue broadly-applied “de-risking” strategies.  De-risking is the term for a FI’s decision to terminate a business relationship, or refuse to do business, with a type of customer because that type is associated with a perceived heightened risk of involvement in money laundering or terrorist financing.  Indeed, both new publications caution FIs against turning away potential customers, or closing the accounts of existing customers, on the basis of general customer types.  However, regulators themselves have been criticized for encouraging de-risking by driving highly risk-adverse decisions by FIs, who are unwilling to take the chance and assume the compliance costs of doing business with specific customers who may in fact be “legitimate,” but whose risk profile is deemed to be high due to their group affiliation.  Some front-line regulatory BSA/AML examiners arguably may review a FI’s compliance in a narrow and check-the-box manner versus a more holistic approach, and will not truly value broader societal and equity issues such as the need for equal access to the global financial system, particularly by certain industries and persons living in less-developed countries.  Accordingly, although these new publications are welcome, it might have been better if they had been more explicit – particularly because it is arguably ironic for regulators to be chiding FIs for conforming to de-risking behavior that regulators themselves have encouraged.

Continue Reading  FinCEN and Federal Functional Regulators Issue Coded Warnings Against De-Risking

The New York State Department of Financial Services (“NYDFS” or “the Department”) published a press release on February 24, 2022 announcing the issuance of a Consent Order (“the Consent Order”) to the National Bank of Pakistan (“NBP” or “the Bank”), which will require the Bank to pay $35 million in penalties to NYDFS.  In conjunction with the Department’s enforcement action, the Federal Reserve Bank of New York (“FRBNY”) also announced a $20.4 million penalty against NBP for its alleged Anti-Money Laundering (“AML”) violations.

The Consent Order describes NBP as a “multinational commercial bank incorporated in Pakistan in 1949 that is majority owned by the Pakistani government, with more than $20 billion in assets as of June 30, 2021.”  The Department’s issuance of the Consent Order marks the first major fine against a bank since Adrienne A. Harris was confirmed as New York’s top financial regulator (Superintendent of NYDFS) in January 2022.  In November 2021, while still leading the Department on an acting basis, Harris issued a consent order to Dubai-based Mashreqbank for sanctions violations requiring the bank to pay $100 million in penalties.

As we will discuss, the Department’s and the NYFRB’s actions sends a clear message confirming that repeated findings of violations over multiple examinations is a sure-fire way to become subject to enforcement.
Continue Reading  National Bank of Pakistan Fined $55.4 Million for Alleged Repeated AML and Compliance Deficiencies

As anticipated, the Office of the Comptroller of the Currency, the Federal Reserve Board, and the FDIC recently approved and released the Final Rule Requiring Computer-Security Incident Notification (“Final Rule”).  The Final Rule is designed to promote early awareness and stop computer security incidents before they become systemic.  It places new reporting requirements on both

Agencies Issue “Crypto Asset Roadmap” for 2022 Guidance, and OCC Confirms Prior Interpretive Letters on Crypto – So Long as Supervisory Regulators Do Not Object

The Board of Governors of the Federal Reserve System (“Federal Reserve”), the Federal Deposit Insurance Corporation (“FDIC”) and the Office of the Comptroller of the Currency (“OCC”) (collectively, the “Agencies”) issued on November 23 a short Joint Statement on Crypto-Asset Policy Sprint Initiative and Next Steps (“Joint Statement”), which announced – without further concrete detail – that they had assembled a “crypto asset roadmap” in order to provide greater clarity in 2022 to banks on the permissibility of certain crypto-asset activities.  Only the week before, the Chief Counsel for the OCC issued Interpretive Letter #1179, which confirmed that a bank could engage in certain cryptocurrency, distributed ledger and stablecoin activities – consistent with prior OCC letters – so long as a bank shows that it has sufficient controls in place, and first obtains written notice of “non objection” by its supervisory office.  This post will discuss both publications.

There is great overlap between the bank activities referenced in the Joint Statement and Interpretive Letter #1179.  The 2022 clarity promised by the “roadmap” presumably will supersede, once issued, Interpretive Letter #1179, which appears to function as a general stop-gap until the 2022 publications hopefully provide more detail regarding exactly how banks can attain compliance.

Federal banking regulators have been busy in this space.  These pronouncements come closely on the heels of a Report on Stablecoins issued earlier in November by the Agencies and the U.S. President’s Working Group on Financial Markets, which delineated perceived risks associated with the increased use of stablecoins and highlighted three concerns: risks to rules governing anti-money laundering (“AML”) compliance, risks to market integrity, and general prudential risks.
Continue Reading  Federal Bank Regulators Focus on Crypto Assets and Blockchain Activities

The OCC, FDIC, and Federal Reserve Board have issued a guide that is intended to assist community banks in conducting due diligence when considering relationships with financial technology (fintech) companies (Guide).

The issuance of the Guide follows the agencies’ July 2021 release of proposed interagency guidance for banking organizations on managing risks associated with third-party

U.S. Federal Reserve Building

The Federal Reserve, FDIC, and OCC released on July 13, 2021 proposed guidance for banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.  The proposal is the first time that the three agencies have proposed third-party

SARs Do Not Need to Be Filed At the First Sign of Potential Problems

Honoring “Keep Open” Letters from Law Enforcement Should Not Lead to Criticism

On January 19, 2021, the Financial Crimes Enforcement Network (FinCEN), along with the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, and the National Credit Union Administration jointly published Answers to Frequently Asked Questions Regarding Suspicious Activity Reporting and Other Anti-Money Laundering Considerations.  The agencies provided answers to certain frequently asked questions (FAQs) in an effort to (1) clarify for financial institutions the regulatory requirements related to Suspicious Activity Reports (SARs) that they must comply with; and (2) help financial institutions focus their resources on Bank Secrecy Act (BSA) reporting activities that provide the most value to law enforcement.

The banking agencies developed these FAQs in response to recommendations made by the Bank Secrecy Act Advisory Group, which are detailed in FinCEN’s Advance Notice of Proposed Rulemaking on Anti-Money Laundering Program Effectiveness published in September 2020.  Notably, the FAQs do not change existing legal obligations or create new regulatory requirements.  Instead, they address several questions that have emerged among anti-money laundering compliance personnel.  Generally, they are helpful and make clear that a decision to file a SAR in a particular case is driven by specific circumstances and good judgment, rather than a rigid “check the box” mentality.
Continue Reading  FinCEN and Other Federal Banking Agencies Provide Much-Needed Guidance on Suspicious Activity Reports

On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require supervised banking organizations to provide notification of significant computer security incidents to their primary federal regulator.  Under the proposed rule, for incidents

Stated Concern is that Terrorism is Funded Primarily Through Small International Transfers

Proposed Change Would Expand BSA Definition of “Money” to Include Virtual Currency

The Financial Crimes Enforcement Network (“FinCEN”) and the Federal Reserve Board (“Board”) have requested comment on an important proposed new rule that would amend the “Recordkeeping Rule” and “Travel Rule” under the Bank Secrecy Act (“BSA”) and expand them significantly. The proposed regulation would reduce the current $3,000 threshold to only $250 for international transfers, thereby substantially expanding the scope of these rules.

Even by FinCEN’s own estimates, the effect would be broad. According to FinCEN, the new regulation would affect an estimated 5,306 banks, 5,236 credit unions, and 12,692 money transmitters – including exchangers of digital assets, who arguably would be most impacted by the new regulation. Further, FinCEN estimates – likely conservatively – that compliance would require no less than 3.3 million additional hours, annually. FinCEN and the Board strongly suggest that such compliance burdens are worth the effort, given the perceived value to law enforcement in combatting terrorism, which tends to be funded by small international transfers.
Continue Reading  To Fight Terrorism, FinCEN and Federal Reserve Board Request Comment on Proposed Major Expansion of Recordkeeping and Travel Rules for International Transfers

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.  Following up on a recent blog post,