Financial Crimes Enforcement Network (FinCEN)

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.  Following up on a recent blog post,

Regulators’ Joint Statement Attempts to Clarify AML Expectations Regarding Potential Corrupt Actors

On August 21, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) and other banking regulators – specifically the Federal Reserve, the FDIC, the National Credit Union Administration, and the OCC – issued a joint statement that provides additional guidance in applying Bank Secrecy

Can BSA/AML Requirements Lead to Deemed Knowledge of Borrower Fraud?

The first two weeks of August brought a milestone of sorts in the ongoing recovery from the economic downturn brought on by the COVID-19 pandemic. The Paycheck Protection Program (“PPP”) ended its enrollment period on August 8, 2020 and the window for borrowers to apply to have their PPP loans forgiven opened on August 10, 2020.

The PPP was a centerpiece of the over $2 trillion Coronavirus Aid, Relief and Economic Security Act (“CARES Act”) that, according to a study by the Massachusetts Institute of Technology published on July 22, 2020 had to that point saved between 1.4 and 3.2 million jobs. Less formally observed but possibly more widely agreed, the PPP caused at least as many headaches with its rocky initial rollout and the ongoing uncertainty over applicable loan forgiveness standards. But, whereas implementing the PPP poses challenges to lenders now, due to the rampant fraud in the program (which, along with all COVID-19-related enforcement actions and policy statements, we track here) and its funding mechanics, it creates substantial downstream enforcement risk through the False Claims Act (“FCA”) for participating financial institutions.

Numerous districts already have charged borrowers with PPP-related fraud. To date, cases generally involve one of these scenarios:

  • Borrowers submitted fraudulent loan applications and supporting documents to seek PPP funds for businesses that either already had failed pre-pandemic or that they did not actually own.
  • Borrowers lied about amount, or even existence, of employees and payroll. These schemes involve inflated numbers of employees for companies, or even completely fake companies.
  • Borrowers certified that they would use loan funds to support payroll expenses or other allowable expenses, but in fact used all or most loan funds to pay personal and non-business expenses.

The prosecutions to date have all centered on relatively obvious fraud by borrowers, not lenders. But, wider-reaching investigations are occurring and though we are very much at the beginning of the enforcement phase, the magnitude of fraud in these programs is coming into focus. On September 1, 2020, the House Select Committee on the Coronavirus Crisis released a preliminary analysis finding, among other things, over $1 billion in fraudulent PPP loans were issued and identifying red flags with respect to an additional $2.98 billion in loans made to 11,000 borrowers.

And, as we discuss, the anti-money laundering (“AML”) requirements of lenders imposed under the Bank Secrecy Act (“BSA”) may expose lenders to greater risk under the FCA, which can impose civil liability for the reduced mental state of reckless disregard. Many lenders have extended PPP loans to previously-existing customers. This is a rational business decision, given typically lower business risks presented by existing customers and lower compliance costs, because existing customers do not need to provide beneficial ownership information under the Customer Due Diligence (“CDD”) rule of the BSA. However, because lenders also are required under the BSA to understand to a degree the historical and current activities of its customers, lenders may be deemed in future FCA actions to have “known” about red flags generated by fraudulent borrowers because of information obtained by the lenders properly executing their AML programs. That is, compliance with the BSA ironically may generate evidence for downstream FCA enforcement actions based on deemed “knowledge” by the lender of borrower malfeasance. This irony may be exacerbated by any disconnect in real time between the AML compliance staff at financial institutions and the front-line business people extending loans, particularly given the incredible speed with which institutions have extended PPP loans, at the government’s urging.

The point here is not that PPP lenders will face direct regulatory liability for alleged BSA/AML failures – although they may. Rather, the point is that PPP lenders may face enhanced FCA liability due to borrower information obtained through an entirely functional BSA/AML program. This phenomenon highlights the need for the “front” and “back” offices at lenders to communicate.
Continue Reading PPP Lenders and Fraudulent Borrowers: False Claims Act Liability and AML Risk

Law Enforcement Has Been Using GTO Data

First of Two Posts on Evolving Issues Regarding Real Estate and Money Laundering

The U.S. Government Accountability Office (“GAO”) has issued a report on the status and effectiveness of the Geographic Targeting Orders (“GTOs”) issued by the Financial Crimes Enforcement Network (“FinCEN”) since 2016, and on which we repeatedly have blogged.  The GAO’s report, entitled “Anti-Money Laundering — FinCEN Should Enhance Procedures for Implementing and Evaluating Geographic Targeting Orders,” (“the Report”) is lengthy.  In this post, we will describe the Report at a high level, and will attempt to focus on the portions which shed possible light on two key questions:  (1) how is law enforcement using the information culled from filings received by FinCEN as a result of the GTOs; and (2) whether the information obtained from GTO fillings may fuel legislation or regulations that will permanently subject portions of the real estate industry to anti-money laundering (“AML”) reporting requirements under the Bank Secrecy Act (“BSA”).

In our next post, we will turn from regulatory requirements to enforcement actions, and explore some recent high-profile civil forfeiture actions by the Department of Justice — at least some of which may have been fueled by information obtained through GTOs — involving real estate and alleged foreign corruption.  Under any scenario, these forfeiture actions confirm the U.S. government’s sustained focus on real estate as a mechanism for money laundering.
Continue Reading GAO Publishes Report on Effectiveness of Real Estate GTOs Issued by FinCEN

Regulators Provide Greater Transparency into BSA/AML Enforcement Process

On August 13, 2020 the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, and Office of the Comptroller of the Currency (the “Agency” or collectively the “Agencies”) issued a joint statement updating and clarifying their 2007 guidance regarding how they evaluate enforcement actions when financial institutions violate or fail to meet BSA/AML requirements. The Financial Crimes Enforcement Network (“FinCEN”) followed with its own statement on August 18, 2020, setting forth its approach when considering enforcement actions against financial institutions that violate the BSA.

Below are a few highlights from the two sets of guidance:

  • The joint statement repeatedly emphasizes that isolated or technical deficiencies in BSA/AML compliance programs will not generally result in cease and desist orders.
  • The joint statement provides specific categories and examples of BSA/AML program failures that typically would (or would not) result in a cease and desist order. Certain of these examples are discussed below.
  • Compared to the 2007 guidance, the joint statement provides more detailed descriptions and examples of the pillars of BSA/AML compliance programs, such as designated BSA/AML personnel, independent testing, internal controls, and training.
  • FinCEN explains in its statement that it will base enforcement actions on violations of law, not standards of conduct contained solely in guidance documents.
  • The FinCEN statement lays out the factors FinCEN considers when determining the disposition of a BSA violation. Unsurprisingly, these factors include the pervasiveness and seriousness of the conduct and the violator’s cooperation and history of wrongdoing.

All in all, the two statements, particularly the joint statement, succeed in providing greater transparency into the regulators’ decision-making processes with regards to pursuing enforcement actions for violations of the BSA and for AML program deficiencies.
Continue Reading Federal Banking Agencies Issue Joint Statement On Enforcement of BSA/AML Requirements; FinCEN Follows With Its Own

On Monday, the Financial Crimes Enforcement Network (FinCEN) issued new Frequently Asked Questions (FAQs) regarding customer due diligence (CDD) requirements for covered financial institutions.  The FAQs supplement FinCEN’s previously issued FAQs on the topic from July 2016 and April 2018 and deal with requirements regarding obtaining customer information, establishing a customer risk profile, and performing ongoing monitoring of the customer relationship.

The issuance of these FAQs amidst the current regulatory landscape – that is, in the context of FinCEN’s onslaught of guidance surrounding possible fraudulent schemes arising out the current global pandemic – is not a surprise.  Indeed, this week’s FAQs further clarifies FinCEN’s expectations that financial institutions take seriously not only their initial duties to conduct risk-appropriate levels of due diligence of their customers, but also continue to monitor the relationships on an ongoing basis and at a cadence that matches any assigned risk assessment.
Continue Reading FinCEN Issues New FAQs on CDD Rule

The Financial Crimes Enforcement Network (“FinCEN”) just issued yet another Advisory regarding fraud threats faced by financial institutions, as exacerbated by the COVID-19 pandemic. This Advisory pertains to “Cybercrime and Cyber-Enabled Crime Exploiting the Coronavirus Disease (COVID-19) Pandemic.” We consistently have blogged on FinCEN’s pronouncements on the enhanced fraud risks created by COVID-19.

The Financial Crimes Enforcement Network (“FinCEN”) just issued another Advisory pertaining to two consumer fraud schemes exacerbated by the COVID-19 pandemic. This Advisory focuses on “imposter schemes” and “money mule schemes, ”which we discuss below.

This most recent Advisory is the latest in a string of pronouncements relating to the pandemic by FinCEN, which has stated that it regularly will issue such documents. As we have blogged, FinCEN issued an Advisory on May 18 regarding medical scams related to the pandemic, and issued a companion Notice that “provides detailed filing instructions for financial institutions, which will serve as a reference for future COVID-19 advisories.” On April 3, 2020, FinCEN also updated its March 16, 2020 COVID-19 Notice in order to assist “financial institutions in complying with their Bank Secrecy Act (“BSA”) obligations during the COVID-19 pandemic, and announc[ing] a direct contact mechanism for urgent COVID-19-related issues.”

The most recent Advisory again provides a list of potential red flags that FinCEN believes that financial institutions should be monitoring for, in order to detect, prevent, and report such suspicious activity. As we previously have commented: although such lists can be helpful to financial institutions, they ultimately may impose de facto heightened due diligence requirements. The risk is that, further in time, after memories of the stressors currently imposed by COVID-19 have faded, some regulators may focus only on perceived historical BSA/AML compliance failures and will invoke these lists not merely as efforts by FinCEN to assist financial institutions in deterring crime, but as instances in which FinCEN was putting financial institutions on notice.

Further, the most recent Advisory suffers from the fact that its list of red flags for imposter schemes is best directed at consumers themselves, rather than at financial institutions offering services to consumers: many of the red flags pertain to anomalies in the communications sent directly by fraudsters to targeted consumer victims – information that financial institutions rarely possess.
Continue Reading FinCEN Issues Advisory on COVID-19 and Imposter and Money Mule Schemes

Ballard Spahr to Present on Banking and Cannabis

FinCEN and the National Credit Union Administration Both Issue Guidance on Hemp and Banking

We are really pleased to presenting on July 9, 2020 to the National Association of Federally-Insured Credit Unions (“NAFCU”) on banking issues relating to cannabis. The cannabis and hemp industry continues to pose a fascinating mix of competing opportunities and risks – particularly from an anti-money laundering (“AML”) perspective. Changing societal opinions and business opportunities can conflict with daunting legal landscapes and a spectrum of potential AML risks.

This is an important topic with evolving real-world implications, particularly for credit unions, which generally have been more willing to cater to cannabis and hemp-related clients than other financial institutions. Of course, we frequently have blogged on cannabis, hemp and banking, for which the legal landscape would change significantly if pending federal legislation were to pass.

Ultimately, this topic produces constant twists and turns, including two sets of guidance – described below – recently issued by the Financial Crimes Enforcement Network (“FinCEN”) and the National Credit Union Administration (“NCUA”). Both are consistent with a (slowly) growing acceptance of cannabis and hemp-related banking by both government and the financial industry.
Continue Reading The Banking of Cannabis and Hemp-Related Customers: An Update