On March 28, 2024, the Financial Crimes Enforcement Network (FinCEN), in consultation with the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Board of Governors of the Federal Reserve System, issued a request for information (RFI).

The RFI seeks information and comment regarding the

Recently, the Industrial and Commercial Bank of China Ltd. (“ICBC”) entered into two consent orders. The first consent order is with the New York State Department of Financial Services (the “NYDFS”) for alleged deficiencies in the bank’s Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) and Office of Foreign Assets Control (“OFAC”) compliance screening programs over the past several examination cycles, as well as alleged violations of sharing confidential supervisory information. As we will discuss, the NYDFS consent order finds that ICBC violated New York banking law by backdating internal certifications – not themselves required by statute or regulation – and then not immediately disclosing these “false entries” to the NYDFS.

ICBC also entered into an Order to Cease and Desist (“C&D Order”) with the Board of Governors of the Federal Reserve (the “Federal Reserve”) for the alleged improper disclosure of confidential supervisory information, or CSI.  Generally, CSI is information relating to a regulatory examination or investigation, which cannot be disclosed without the agreement of the financial institution’s examining regulator – which here, of course, is the Federal Reserve.  As noted above, the NYDFS consent order also contains allegations of improper disclosure of CSI, which is also protected as confidential under New York banking law.  Ironically, the alleged disclosure of CSI was to the bank’s foreign regulator.

This is not the first time ICBC has had issues involving alleged BSA/AML deficiencies. In 2018, ICBC entered into a consent Cease and Desist Order with the Federal Reserve for similar BSA/AML deficiencies at its New York branch, about which we blogged here. Despite ICBC’s noted efforts in enhancing BSA/AML and OFAC compliance programs and promptly reporting the unauthorized disclosure of confidential supervisory information to the regulators, the bank was subjected to a $30 million civil money penalty from the NYDFS and another $2.4 million civil money penalty from the Federal Reserve.

Continue Reading  ICBC Agrees to Two Consent Orders for Alleged BSA/AML Deficiencies and Disclosure of Confidential Supervisory Information

Farewell to 2023, and welcome 2024.  As we do every year, let’s look back.

We highlight 10 of our most-read blog posts from 2023, which address many of the key issues we’ve examined during the past year: criminal money laundering enforcement; compliance risks with third-party fintech relationships; the scope of authority of bank regulators; sanctions

The United States District Court for the Southern District of New York (the “Court”) has issued a detailed and complicated Order in the case Banco San Juan Internacional, Inc. v. Fed. Reserve Bank of New York, denying a motion for preliminary injunction by Banco San Juan Internacional, Inc. (“BSJI”), a Puerto Rican bank entity, against the Federal Reserve Bank of New York (the “FRBNY”) and the Board of Governors of the Federal Reserve System (the “Board”).

The case arose out of the FRBNY’s decision to close BSJI’s master account for alleged deficiencies in its anti-money laundering (“AML”) system, which thereby posed systemic risk. The Court held, amongst other rulings, that there is no statutory right to a so-called “master account” with a federal reserve bank.

After the Court filed its Order on October 27, BSJI filed its appeal on October 30, and requested an emergency stay pending appeal and an expedited appeal. On November 9, 2023, the United States Court of Appeals for the Second Circuit referred BSJI’s motion for a stay pending appeal and to expedite to a three-judge motions panel and denied the request for a stay pending appeal.

As we have blogged, and generalizing greatly, having a master account allows financial institutions to operate in the normal course as a custodial bank in the U.S. Having a master account is therefore critical to any institution looking to operate in the U.S. financial system. Accordingly, the FRBNY’s decision, and the Court’s Order, in effect prevent BSJI from operating.

Although some of the background allegations are eye-catching, the Order makes broad legal pronouncements, many of which are not necessarily tied to the alleged facts. The Order therefore emphasizes the significant and unilateral powers of a federal reserve bank, and its discretion to provide or deny master accounts going forward. These powers apply to all financial institutions and require financial institutions to take a serious approach in meeting their AML obligations under the BSA as well as regulator remediation and recommendations regarding the same.  This matter also illustrates how a financial institution can resolve an enforcement action with the Department of Justice, only to find itself still facing an existential threat posed by a regulator for the same underlying activity. 

Continue Reading  SDNY Court Finds Broad Fed Powers Over Master Accounts in Puerto Rican Bank Case Involving AML Concerns

The Federal Reserve, FDIC, and OCC have released final interagency guidance for their respective supervised banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.  The guidance is intended to provide principles for effective third-party risk management for all  types of third-party relationships, regardless of how they may be structured.  At the same time, the agencies state that banking organizations have flexibility in their approach to assessing the risks posed by each third- party relationship and deciding the relevance of the considerations discussed in the final guidance

The final guidance rescinds and replaces each agency’s previously-issued guidance on risk management practices for third-party relationships.  In their July 2021 proposal, the agencies had included as an appendix FAQs issued by the OCC to supplement the OCC’s existing 2013 third-party risk management guidance.  The proposed guidance included the revised FAQs as an exhibit and the agencies sought comment on the extent to which the concepts discussed in the FAQs should be incorporated into the final guidance.  In their discussion of the final guidance, the agencies identify which concepts from the FAQs have been incorporated into the final guidance.

Continue Reading  Federal Banking Agencies Issue Final Interagency Guidance on Risk Management in Third-Party Relationships

On April 13, the State of Wyoming took the extraordinary step of filing a request for permission to intervene in the ongoing dispute between Custodia Bank, Inc. (“Custodia”) and the Board of Governors of the Federal Reserve System (“the Fed”) and the Federal Reserve Bank of Kansas City.  This dispute involves a complaint (now amended) filed by Custodia – a state-chartered special purpose depository institution (“SPDI”) based in Cheyenne, Wyoming – against the Fed and the Federal Reserve Bank of Kansas City, alleging that the defendants improperly denied Custodia’s application for a “master account” with the Fed. Generalizing greatly, having a master account allows financial institutions to operate in the normal course as a custodial bank in the U.S.  Having a Fed master account is therefore critical to any institution looking to operate in the U.S. financial system.

In a nutshell, Wyoming’s request to intervene critiques the defendants because of their “view of perceived inadequacies in Wyoming’s laws and regulations for SPDIs, [which are] partially responsible” for the denial of Custodia’s master account application.  More specifically, Wyoming accuses the defendants of seeking to treat Wyoming SPDIs in an inequitable manner, thereby “treating state-chartered non-federally regulated banks as second-class banks ineligible to compete with federally-regulated ones.”

This blog post focuses on an important issue referenced seemingly in passing in Wyoming’s request for permission to intervene, which is clearly motivating in part the filing by Wyoming:  on March 24, 2023, the Fed made public its January 27, 2023  Order Denying Application for Membership (the “Order”) by Custodia, which had requested the Fed’s approval under Section 9 of the Federal Reserve Act to become a member of the Federal Reserve System.  According to Wyoming, the Fed’s decision to deny Custodia’s application has the effect of preventing Custodia and other Wyoming SPDIs from ever being able to attain the status of federal regulation.  We focus here on the Order because of its much broader anti-money laundering (“AML”) and sanctions implications for any banks which are contemplating targeted services for the digital asset industry.  The 86-page Order is very detailed, and often also discusses safety and soundness concerns, as well as other issues.

As we discuss, the Order suggests that any bank will have a hard time convincing the Fed that crypto-heavy banking services can comply with the requirements of the Bank Secrecy Act (“BSA”) and U.S. sanctions law.  Likewise, the Fed has expressed its skepticism in the Order that blockchain analytics services, even when applied skillfully and with the best of intentions, actually can satisfy the BSA and U.S. sanctions law due to limitations inherent in crypto transactions relating to knowing with confidence who is actually conducting the transactions.  This same issue was also noted by the recent report by the U.S. Treasury regarding perceived AML and sanctions vulnerabilities in decentralized finance providers.

Continue Reading  State of Wyoming Wades Into Custodia Bank Dispute with Federal Reserve — In Wake of Fed’s Rejection of Bank Due to Crypto-Related AML and OFAC Concerns

A group of five Democratic Senators have sent a letter to the Federal Reserve, OCC, FDIC, and NCUA asking them to take several steps to protect consumers from scams when using Zelle to transfer money.

The Senators ask the four agencies “to closely review and examine the customer reimbursement and anti-money laundering (AML) practices of depository institutions that participate in the Zelle network.” They also ask the Federal Reserve and OCC “to examine Early Warning Services, Inc. (EWS), which operates the Zelle network, on an ongoing basis and for the four agencies “to coordinate their supervisory approach with the Consumer Financial Protection Bureau.”  The Senators note that the agencies have authority to supervise the banks that own and operate Zelle and the participating depository institutions for compliance “with key consumer protection and AML laws, including the Electronic Fund Transfer Act (EFTA) and the Bank Secrecy Act (BSA).”

Continue Reading  Democratic Senators Send Letter to Federal Banking Agencies Raising Concerns About Fraudulent Transactions

The Federal Reserve Board, Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency have issued a joint statement on crypto-asset risks to banking organizations.  The term “crypto-asset” refers to any digital asset implemented using cryptographic techniques.

The statement begins with the agencies’ observations that “[t]he events of the past year have

On July 6, the Financial Crimes Enforcement Network (“FinCEN”), The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively, “the Agencies”) issued a Joint Statement to “remind” banks that they, of course, should apply a risk-based approach to assessing customer relationships and conducting customer due diligence (“CDD”).

The Joint Statement appears to echo FinCEN’s June 22 Statement on Bank Secrecy Act Due Diligence for Independent ATM Owners or Operators (“ATM Statement”), in which FinCEN also “reminded” banks that “that not all independent ATM owner or operator customers pose the same level of money laundering, terrorist financing (ML/TF), or other illicit financial activity risk, and not all independent ATM owner or operator customers are automatically higher risk.”

Combined – and although generally worded – these publications appear to urge financial institutions (“FIs”) to not pursue broadly-applied “de-risking” strategies.  De-risking is the term for a FI’s decision to terminate a business relationship, or refuse to do business, with a type of customer because that type is associated with a perceived heightened risk of involvement in money laundering or terrorist financing.  Indeed, both new publications caution FIs against turning away potential customers, or closing the accounts of existing customers, on the basis of general customer types.  However, regulators themselves have been criticized for encouraging de-risking by driving highly risk-adverse decisions by FIs, who are unwilling to take the chance and assume the compliance costs of doing business with specific customers who may in fact be “legitimate,” but whose risk profile is deemed to be high due to their group affiliation.  Some front-line regulatory BSA/AML examiners arguably may review a FI’s compliance in a narrow and check-the-box manner versus a more holistic approach, and will not truly value broader societal and equity issues such as the need for equal access to the global financial system, particularly by certain industries and persons living in less-developed countries.  Accordingly, although these new publications are welcome, it might have been better if they had been more explicit – particularly because it is arguably ironic for regulators to be chiding FIs for conforming to de-risking behavior that regulators themselves have encouraged.

Continue Reading  FinCEN and Federal Functional Regulators Issue Coded Warnings Against De-Risking

The New York State Department of Financial Services (“NYDFS” or “the Department”) published a press release on February 24, 2022 announcing the issuance of a Consent Order (“the Consent Order”) to the National Bank of Pakistan (“NBP” or “the Bank”), which will require the Bank to pay $35 million in penalties to NYDFS.  In conjunction with the Department’s enforcement action, the Federal Reserve Bank of New York (“FRBNY”) also announced a $20.4 million penalty against NBP for its alleged Anti-Money Laundering (“AML”) violations.

The Consent Order describes NBP as a “multinational commercial bank incorporated in Pakistan in 1949 that is majority owned by the Pakistani government, with more than $20 billion in assets as of June 30, 2021.”  The Department’s issuance of the Consent Order marks the first major fine against a bank since Adrienne A. Harris was confirmed as New York’s top financial regulator (Superintendent of NYDFS) in January 2022.  In November 2021, while still leading the Department on an acting basis, Harris issued a consent order to Dubai-based Mashreqbank for sanctions violations requiring the bank to pay $100 million in penalties.

As we will discuss, the Department’s and the NYFRB’s actions sends a clear message confirming that repeated findings of violations over multiple examinations is a sure-fire way to become subject to enforcement.
Continue Reading  National Bank of Pakistan Fined $55.4 Million for Alleged Repeated AML and Compliance Deficiencies