Financial Crimes Enforcement Network (FinCEN)

Ruling Could Influence FinCEN in Forthcoming Regulations Under the CTA

On November 22nd, an appeals court in Luxembourg issued a decision that highlights the tensions between anti-money laundering (“AML”) goals and privacy concerns, and could impact impending beneficial ownership regulations to be issued under the U.S. Corporate Transparency Act (“CTA”).  Specifically, the appeals court decided

In our last post discussing the new regulations issued under the Corporate Transparency Act (“CTA”), we suggested that “time will tell whether industry groups will launch lawsuits challenging the Final Rule.”  That time has apparently come: on November 15, 2022, the National Small Business Association (“NSBA”) filed a complaint (“Complaint”) challenging the reporting requirements set forth in the CTA and the accompanying regulations issued by the Financial Crimes Enforcement Network (“FinCEN”). 

The Complaint names Treasury Secretary Janet Yellen, the U.S. Treasury Department, and FinCEN Acting Director Himamauli Das as defendants. 

This post describes the allegations made in the Complaint and offers some commentary on its merits. Spoiler: while the Complaint’s allegations that the CTA will impose significant burdens on reporting entities are well-taken, its constitutional claims largely face an uphill battle.  Rather than attacking the potential, narrow legal grounds suggested in our last blog post – did the CTA really authorize FinCEN to require covered businesses to report as a beneficial owner more than just one person with “substantial authority” – the NSBA instead has launched a constitutional broad side.

Continue Reading  Small Business Interest Group Challenges CTA’s Constitutionality

The “Highlights” — To Russia, With Crypto

The Financial Crimes Enforcement Network (“FinCEN”) issued on November 1 a Financial Trend Analysis regarding ransomware-related Bank Secrecy Act (“BSA”) filings during the second half of 2021 (the “Report”).  This publication follows up on a similar ransomware trend analysis issued by FinCEN regarding the first half of 2021, on which we blogged here.  

In the most recent analysis, FinCEN found that both the number of ransomware-related Suspicious Activity Reports (“SAR”) filed, and the dollar amounts at issue, nearly tripled from 2020 to 2021.  The notable takeaways from the Report include:

  • Ransomware-related SARs were the highest ever in 2021 (both in number of SARs and in dollar amounts of activity reported).
  • Ransomware-related SARs reported amounts totaling almost $1.2 billion in 2021.
  • Approximately 75% of ransomware-related incidents between June 2021 and December 2021 were connected to Russia-related ransomware variants.

The Report, which stated that the majority of these ransomware payments were made in Bitcoin, serves as a particular reminder to cryptocurrency exchanges of their role in both identifying and reporting ransomware-related transactions facilitated through their platforms.  The Report stresses that SAR filings play an essential role in helping FinCEN identify ransomware trends.

Continue Reading  FinCEN Reports Staggering Increase in Reported Ransomware Attacks

On October 19, 2022, the U.S. Attorney’s Office for D.C., on behalf of the Financial Crimes Enforcement Network (“FinCEN”), filed a civil complaint against Larry Dean Harmon (“Harmon”), seeking $60 million in civil penalties for alleged violations of the Bank Secrecy Act (“BSA”) in connection with Harmon’s involvement in now-defunct cryptocurrency services Helix and Coin Ninja LLC.  The complaint seeks to obtain a judgment on FinCEN’s 2020 Assessment of Civil Money Penalty against Harmon (“Assessment”), which is attached to the complaint and includes a detailed statement of facts.

As we have blogged, Harmon previously pled guilty to operating an unlicensed money transmitter business.  Harmon’s sentencing hearing in the criminal case has been continued, and he reportedly has been attempting to cooperate with the government.  It appears that the civil complaint may represent something of a formality:  it seeks to reduce the assessment against Harmon to an actual civil judgment, upon which the government can collect in theory, in anticipation of Harmon’s criminal sentencing and any potential additional matters in which he may attempt to cooperate.

According to the complaint, starting in 2014, Harmon operated Helix, a bitcoin “mixing” service, which Harmon allegedly advertised explicitly as a way for customers to conceal their identities from the government.  The statement of facts attached to the Assessment alleged that Harmon “publicly advertised Helix on Reddit forums dedicated to darknet marketplaces, actively seeking out and facilitating high-risk transactions directly through customer service and feedback.”  Such “mixing” services – designed to maximize anonymity – increasingly have drawn the ire of the government, as reflected by the recent and controversial action by the Office of Foreign Assets Control to sanction virtual currency “mixer” – or passive technology – Tornado Cash.  

Continue Reading  DOJ Files Lawsuit for $60 Million in Civil Penalties for Alleged BSA Violations by Crypto “Mixer”

FinCEN announced yesterday that, once again, it is extending the Geographic Targeting Order, or GTO, which requires U.S. title insurance companies to identify the natural persons behind so-called “shell companies” used in purchases of residential real estate not involving a mortgage.  FinCEN also has expanded slightly the reach of the GTOs.

The new GTO is 

Actions Highlight Risky Mix of Sanctions Law, Inadequate Transaction Monitoring and Dealing with Anonymity-Enhanced Cryptocurrencies

The Office of Foreign Assets Control (“OFAC”) and the Financial Crimes Enforcement Network (“FinCEN”) announced on October 11 simultaneous settlements with Bittrex, Inc. (“Bittrex”), a virtual currency exchange and hosted wallet provider. Under the OFAC settlement, Bittrex has agreed to pay $24,280,829.20 to settle its potential civil liability for 116,421 alleged violations of multiple sanctions programs. Under the FinCEN consent order, Bittrex agreed to pay a civil penalty of $29,280,829.20 for alleged anti-money laundering (“AML”) violations under the Bank Secrecy Act (“BSA”). FinCEN has agreed to credit Bittrex’s payment to OFAC against its penalty because it found that the alleged BSA violations “stem from some of the same underlying conduct”; thus, Bittrex’s total payments to the two regulators come to $29,280,829.20. 

According to the Department of the Treasury dual press release, the two settlements represent the first parallel enforcement actions by FinCEN and OFAC in the virtual currency and sanctions space. Also, it is OFAC’s largest virtual currency enforcement action to date. To further highlight the importance of the settlements, the press release quotes the OFAC Director Andrea Gacki and FinCEN Acting Director Himamauli Das, both sternly warning operators in the same environment as Bittrex to implement effective AML compliance and sanction screening programs.

It is conceivable that Bittrex, for years now, has been on notice that federal and state regulators are closely watching and expecting more comprehensive risk assessment programs and procedures from businesses transacting with virtual currency. As we previously blogged here, in 2019 the New York Department of Financial Services (“NYDFS”) denied Bittrex’s application for a Bitlicense, citing: “deficiencies in Bittrex’s BSA/AML/OFAC compliance program; a deficiency in meeting the Department’s capital requirement; and deficient due diligence and control over Bittrex’s token and product launches.”  In its letter denying Bittrex’s application, NYDFS set forth in detail the deficiencies it found in Bittrex’s BSA/AML/OFAC compliance program, noting that Bittrex’s compliance policies and procedures “are either non-existent or inadequate.”

As we will discuss, the FinCEN consent order highlights Bittrex’s alleged failure to address adequately the overall risk environment in which it operated, including transactions involving anonymity-enhanced cryptocurrencies, or AECs.  The consent order also highlights two repeated themes in enforcement actions: lack of adequate compliance staff, and a seemingly robust written compliance policy that was not matched by an effective day-to-day transaction monitoring system.

Continue Reading  OFAC and FinCEN Settle with Bittrex in Parallel Virtual Currency Enforcements

With Guest Speaker Matthew Haslinger of M&T Bank

We are extremely pleased to offer a podcast (here) on the legal and logistical issues facing financial institutions as they implement the regulations issued by the Financial Crimes Enforcement Network (FinCEN) pursuant to the Anti-Money Laundering Act of 2020 (AMLA) and the Corporate Transparency Act

Second Post in a Two-Post Series on the CTA Implementing Regulations

As we just blogged, the Financial Crimes Enforcement Network (“FinCEN”) has issued a final rule (“Final Rule”) regarding the beneficial ownership information (“BOI”) reporting requirements pursuant to the Corporate Transparency Act (“CTA”).  The Final Rule will require tens of millions of corporations and limited liability companies registered to do business in the United States to report their BOI to FinCEN.  FinCEN views this development as a “historic step in support of U.S. government efforts to crack down on illicit finance and enhance transparency.”

The Final Rule defines a “beneficial owner” whose information must be reported as “any individual who, directly or indirectly, either exercises substantial control over such reporting company or owns or controls at least 25 percent of the ownership interests of such reporting company.”  In this post, we focus on the “substantial control” prong of the beneficial ownership definition: “any individual who, directly or indirectly, . . . exercises substantial control over such reporting company.” (emphasis added). The Final Rule generally adopts the language of the proposed rule issued by FinCEN in December 2021, with some minor adjustments.

FinCEN expects reporting companies to always identify at least one beneficial owner under the “substantial control” prong, even if all other individuals are subject to an exclusion or fail to satisfy the “ownership interests” prong.  As we will discuss, the Final Rule contemplates that a covered reporting company may need to report multiple individuals under the “substantial control” prong.  Further, and although FinCEN still needs to issue proposed regulations regarding the following, the Final Rule’s broad definition of the “substantial control” prong under the CTA presumably will lead to FinCEN expanding the definition of “beneficial owner” under the existing Customer Due Diligence (“CDD”) rule applicable to banks and other financial institutions (“FIs”).

Continue Reading  FinCEN Issues Final Rule for Beneficial Ownership Reporting: The “Substantial Control” Prong

First Post in a Two-Post Series on the CTA Implementing Regulations

On September 30, 2022, the Financial Crimes Enforcement Network (“FinCEN”) issued its final rule, Beneficial Ownership Information Reporting Requirements (“Final Rule”), implementing the beneficial ownership reporting requirements of the Corporate Transparency Act (“CTA”). 

FinCEN’s September 29, 2022 press release is here; the Final Rule is here; and a summary “fact sheet” regarding the rule is here.  The Final Rule largely tracks the December 8, 2021 Notice of Proposed Rulemaking (the “Proposed Rule”), on which we blogged here and here

The Final Rule requires many corporations, limited liability companies, and other entities created in or registered to do business in the United States to report information (“BOI”) about their beneficial owners the persons who ultimately own and control the company — to FinCEN.  This information will be housed within the forthcoming Beneficial Ownership Secure System (“BOSS”), a non-public database under development by FinCEN. 

The Final Rule takes effect on January 1, 2024.  In a nutshell, (1) companies subject to the BOI reporting rules (“reporting companies”) created or registered before the effective date will have one year, until January 1, 2025, to file their initial reports of BOI and (2) reporting companies created or registered after the effective date will have 30 days after creation or registration to file their initial reports.  In addition to the initial filing obligation, reporting companies will have to file updates within 30 days of a relevant change in their BOI.  And, as we discuss, covered companies also will have to report their “company applicants,” which could include lawyers, accountants or other third-party professionals.

The Final Rule will have broad effect.  FinCEN estimates that over 32 million initial BOI reports will be filed in the first year of the Final Rule taking effect, and that approximately 5 million initial BOI reports and over 14 million updated reports will be filed in each subsequent year.  We summarize here the key provisions of the Final Rule.  In our next blog post, we will discuss the Final Rule’s broad definition of the “control” prong regarding who represents a “beneficial owner,” which will result in an expansion of the definition of “beneficial owner” under the existing Customer Due Diligence (“CDD”) rule applicable to banks and other financial institutions (“FIs”).

Continue Reading  FinCEN Issues Final Rule on Beneficial Ownership Reporting Requirements

On Friday, the Department of Justice (“DOJ”) announced two developments:  First, the release of a 66-page report, The Role of Law Enforcement in Detecting, Investigating, and Prosecuting Criminal Activity Related to Digital Assets (the “Report”), issued under President Biden’s March 9, 2022 Executive Order on Ensuring Responsible Development of Digital Assets.  Second, the establishment of the Digital Asset Coordinator (“DAC”) Network, a nationwide group of prosecutors designated as legal and technical experts in digital asset cases.

We focus here on the regulatory and legislative recommendations of the Report, which seek to expand significantly the ability of the DOJ to investigate and prosecute offenses involving digital assets. The recommendations include increasing criminal penalties, extending statutes of limitations, expanding venue provisions, enhancing the government’s forfeiture powers, and prohibiting virtual asset service providers from “tipping off” the subjects of grand jury subpoenas received by the providers.  The recommendations also include making clear that the federal criminal law against maintaining an unlicensed money transmitter applies to peer-to-peer platforms that purportedly do not take custody or assume control over the digital asset being exchanged; ensuring that the Financial Crimes Enforcement Network (“FinCEN”) issues a final rule expanding the application of the Travel Rule under the Bank Secrecy Act (“BSA”) to digital asset transfers; and expanding or arguably clarifying that the BSA applies to platforms dealing in non-fungible tokens, or NFTs, including online auction houses and digital art galleries.

Continue Reading  DOJ Issues Report on Digital Asset Law Enforcement Seeking Expansive New Powers, and Launches New Crypto Prosecutor Network