Financial Crimes Enforcement Network (FinCEN)

On November 3rd, voters in Arizona, New Jersey, South Dakota, Montana, and Mississippi passed ballot measures to bring legal cannabis to each of their states. It’s not every year that we see states from opposite ends of the political spectrum agree on something with such vigor. In fact, loosening the laws surrounding cannabis—be it medical use, recreational use, or farming of hemp products—has consistently been one of the only areas receiving bipartisan support in a country divided on almost everything else.

The passage of these ballot measures means that the cannabis industry will generate even more revenue. Despite the massive dollar amounts currently associated with the cannabis industry, reliable banking services remain elusive, due to federal drug and money laundering laws and the Bank Secrecy Act (“BSA”). This post will summarize the recent cannabis legislation, and recap the main roadblocks facing the industry (and financial institutions) from a financial compliance perspective.
Continue Reading The State of Cannabis Affairs: New Legislation and a Regulatory Recap

To the surprise of no one, FinCEN announced today that it is extending the Geographic Targeting Order, or GTO, regarding real estate transactions.

FinCEN’s press release is here.  The new GTO is here.  It is identical to the most recently issued GTO.  This is a topic on which we previously have blogged extensively.

Stated Concern is that Terrorism is Funded Primarily Through Small International Transfers

Proposed Change Would Expand BSA Definition of “Money” to Include Virtual Currency

The Financial Crimes Enforcement Network (“FinCEN”) and the Federal Reserve Board (“Board”) have requested comment on an important proposed new rule that would amend the “Recordkeeping Rule” and “Travel Rule” under the Bank Secrecy Act (“BSA”) and expand them significantly. The proposed regulation would reduce the current $3,000 threshold to only $250 for international transfers, thereby substantially expanding the scope of these rules.

Even by FinCEN’s own estimates, the effect would be broad. According to FinCEN, the new regulation would affect an estimated 5,306 banks, 5,236 credit unions, and 12,692 money transmitters – including exchangers of digital assets, who arguably would be most impacted by the new regulation. Further, FinCEN estimates – likely conservatively – that compliance would require no less than 3.3 million additional hours, annually. FinCEN and the Board strongly suggest that such compliance burdens are worth the effort, given the perceived value to law enforcement in combatting terrorism, which tends to be funded by small international transfers.
Continue Reading To Fight Terrorism, FinCEN and Federal Reserve Board Request Comment on Proposed Major Expansion of Recordkeeping and Travel Rules for International Transfers

Advisory Suggests that COVID-19 Pandemic Exacerbates Conditions Contributing to Trafficking

The Financial Crimes Enforcement Network (“FinCEN”) recently issued an Advisory on Identifying and Reporting Human Trafficking and Related Activity (“Advisory”). This Advisory supplements FinCEN’s 2014 Guidance on Recognizing Activity that May be Associated with Human Smuggling and Human Trafficking – Financial Red Flags (“2014 Advisory”).

According to the Advisory, human trafficking is one of the most profitable and violent forms of international crime, generating an estimated $150 billion worldwide per year. A variety of industries within the United States are susceptible to human trafficking—hospitality, agricultural, janitorial services, construction, restaurants, care for persons with disabilities, salon services, massage parlors, retail, fairs and carnivals, peddling and begging, child care, domestic work, and drug smuggling and distribution.

FinCEN further indicates that “[t]he global COVID-19 pandemic can exacerbate the conditions that contribute to human trafficking, as the support structures for potential victims collapse, and traffickers target those most impacted and vulnerable.” In light of changing circumstances, the Advisory lists four additional typologies and 20 new red flags to help assist in identifying and reporting human trafficking – many of which pertain to the use of currency, an increasingly rare phenomenon in today’s digital economy. The Advisory urges financial institutions, including customer-facing staff that may be in contact with victims of human trafficking, to educate themselves on current methodologies used by traffickers and facilitators. The most practical aspects of the Advisory appear to be those that highlight the red flags which may arise with personal interactions between bank staff and customers who in fact are engaging in trafficking.
Continue Reading FinCEN Issues Advisory on Human Trafficking

On October 13, the Financial Crimes Enforcement Network (“FinCEN”) issued a COVID-19-related Advisory “to alert financial institutions to unemployment insurance (“UI”) fraud observed during the COVID-19 pandemic.” It is the fourth in a series of Advisories related to financial crimes arising from the pandemic (we covered previous Advisories on medical scams, imposter and money

Final Post in a Three-Post Series Regarding Recent Regulatory Action by FinCEN

On September 29, 2020, the Financial Crimes Enforcement Network (“FinCEN”) published a request for comment on existing regulations regarding enhanced due diligence (“EDD”) for correspondent bank accounts. The notice seeks to give the public an opportunity to comment on the existing regulatory requirements and burden estimates. Written comments must be received on or before November 30, 2020.

Currently, Bank Secrecy Act (“BSA”) regulations for due diligence and EDD for correspondent bank accounts require certain covered entities (banks, brokers or dealers in securities, futures, commission merchants, introducing brokers in commodities, and mutual funds) to establish due diligence programs that include risk-based, and, where necessary, enhanced policies, procedures, and controls reasonably designed to detect and report money laundering conducted through or involving any correspondent accounts established or maintained for foreign financial institutions. The regulations also require that these same financial institutions establish anti-money laundering (“AML”) programs “designed to detect and report money laundering conducted through or involving any private banking accounts established by the financial institutions.”

In issuing the request, FinCEN has not proposed any changes to the current regulations for correspondent or private banking. Instead, the request is intended to cover “a future expansion of the scope of the annual hourly burden and cost estimate associated with these regulations.”

This is the third and final post in a series of blogs regarding a recent flurry of regulatory activity by FinCEN. In our prior posts, we discussed a final rule by FinCEN extending BSA/AML regulatory requirements to banks lacking a Federal functional regulator, and FinCEN’s advanced notice of proposed rulemaking as to potential regulatory amendments regarding “effective and reasonably designed” anti-money laundering (“AML”) programs. Unlike the first two regulatory actions discussed in our series, FinCEN’s request for comments on the burdens of correspondent bank account due diligence and EDD seems purely procedural: it simply asks covered institutions to report how much time and resources are spent on compliance. Nonetheless, it’s hard not to conclude that this request for comment is a prelude to some future, more substantive action regarding correspondent bank account regulation. The U.S. Department of Treasury identified correspondent banking as a “key vulnerability” for exploitation by illicit actors in its 2020 National Strategy for Combating Terrorist and Other Illicit Financing. Further, and as we will discuss, correspondent banking has long had a troubled status: such accounts are simultaneously necessary to the world economy but also regarded as higher risk from an AML perspective. As a real-world example, an alleged lack of diligence regarding the risks posed by correspondent bank accounts played a prominent role in the major alleged AML failures suffered by Westpac, Australia’s second-largest retail bank, which contributed to the bank recently agreeing to a whopping $1.3 billion penalty for violating Australia’s AML/CTF Act.


Continue Reading Regulatory Round Up: FinCEN Solicits Comments on Due Diligence for Correspondent and Private Bank Accounts

October is National Cybersecurity Awareness Month, and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and Office of Foreign Assets Control (“OFAC”) kicked off the month by issuing two advisories that aim to increase cybersecurity awareness, assist financial institutions in detecting and reporting ransomware activity, and highlight potential sanctions risks for facilitating ransomware payments.

The FinCEN and OFAC advisories signal the seriousness with which the Department of Treasury treats the threat of cybercriminals and ransomware attacks. Both FinCEN and OFAC have now squarely placed an obligation on financial institutions and other payment intermediaries to put procedures in place to detect ransomware payments and to restrict payments to blocked individuals. It appears FinCEN and OFAC want to make sure cybercrime does not pay by cutting off cybercriminals’ access into the financial system.

While both FinCEN and OFAC have offered guidance to financial institutions formulating policies and procedures for deciding whether to process or report payment requests that may be connected to ransomware attacks, OFAC has also offered a warning: facilitating ransomware payments may lead to an enforcement action and civil penalties. Given the growing national security concerns associated with ransomware attacks, the advisories rightly encourage financial institutions and other payment intermediaries that facilitate ransomware payments to share information via Suspicious Activity Reports (“SARs”) and to fully cooperate with law enforcement during and after ransomware attacks.
Continue Reading FinCEN and OFAC Advisories Aim to Increase Cybersecurity Awareness and Thwart Ransomware Attacks in the Financial Sector

Second Post in a Three-Post Series Regarding Recent Regulatory Action by FinCEN

On September 16, 2020, the Financial Crimes Enforcement Network (“FinCEN”) issued an Advance Notice of Proposed Rulemaking (“ANPRM”) soliciting public comment on what it describes as “a wide range of questions pertaining to potential regulatory amendments under the Bank Secrecy Act (“BSA”).” As stated, the job which FinCEN created for itself that resulted in the ANPRM was not a small one: “to re-examine the BSA regulatory framework and the broader AML regime.”

The ANPRM seeks to help modernize the current BSA/AML regime – modernization being a frequent theme of public comments by FinCEN Director Ken Blanco, as we have blogged. Indeed, the U.S. Department of Treasury’s 2020 National Strategy for Combating Terrorist and Other Illicit Financing calls for AML modernization, in order to “[l]everag[e] new technologies and other responsible innovative compliance approaches to more effectively and efficiently detect illicit activity.” Meanwhile, and as we have blogged, Congress has been contemplating various proposals for BSA/AML reform for some time (see here, here, here, here and here).

Despite its broad language, however, the ANPRM essentially boils down to a potential amendment requiring those financial institutions already required under the BSA to have an AML compliance program to formally include a risk assessment as part of their program – and for the risk assessment to take into account the government’s AML priorities, which the government will announce approximately every two years. On the one hand, this proposal does not add much that is new, because the vast majority of financial institutions required to maintain AML programs already perform risk assessments in order to conduct KYC and file Suspicious Activity Reports (“SARs”). On the other hand, the ANPRM takes a standard industry practice and turns it into a new regulatory requirement, thereby increasing liability risk. The ANPRM also touches on the tension between the government creating objective requirements – which can be helpful because they add clarity – in a compliance and enforcement regime that is supposed to be flexible and “risk based.” Under any scenario, the ANPRM is important and certainly will be the focus of industry attention.

This is the second post in a series of three blogs regarding a recent flurry of regulatory activity by FinCEN. In our first post, we discussed a final rule by FinCEN extending BSA/AML regulatory requirements to banks lacking a Federal functional regulator. In our third and final post, we will discuss the publication by FinCEN of a request for comment on existing regulations regarding enhanced due diligence for correspondent bank accounts.
Continue Reading Regulatory Round Up: FinCEN Wants To Know What You Think About Modernizing the BSA/AML Regime

First Post in a Three-Post Series Regarding Recent Regulatory Action by FinCEN

The Financial Crimes Enforcement Network (“FINCEN”) has been busy. In the last two weeks, FinCEN has posted three documents in the Federal Register. Any one of these publications, standing alone, would be significant, particularly given the infrequency of such postings. Collectively they reflect an unusual flurry of regulatory activity by FinCEN, perhaps spurred by the impending election and potential management turn-over at FinCEN. These publications are:

  • A final rule (“Final Rule”) extending BSA/AML regulatory requirements to banks lacking a Federal functional regulator;
  • An advanced notice of proposed rulemaking regarding potential regulatory amendments regarding “effective and reasonably designed” anti-money laundering (“AML”) programs; and
  • A request for comment on existing regulations regarding enhanced due diligence for correspondent bank accounts.

Today, we discuss the Final Rule, published on September 14, 2020, extending BSA/AML regulatory requirements to banks lacking a Federal functional regulator. In our next posts, we will discuss the advanced notice and request for comment.

The Final Rule provides that banks lacking a Federal functional regulator now will be required to (i) develop and implement an AML program, (ii) establish a written Customer Identification Program (“CIP”) appropriate for the bank’s size and type of business, and (iii) verify the identity of the beneficial owners of their customers. While stressing the perceived importance of closing this prior gap in regulatory coverage, FinCEN also attempted to minimize concern that the Final Rule would impose a serious burden on the covered financial institutions. The Final Rule will become effective on November 16, 2020, with a compliance deadline of March 15, 2021.
Continue Reading Regulatory Round Up: FinCEN Extends BSA/AML Requirements to Banks Lacking a Federal Functional Regulator

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.  Following up on a recent blog post,