Know Your Customer (KYC)

Subscribe to Know Your Customer (KYC)

On April 13, the State of Wyoming took the extraordinary step of filing a request for permission to intervene in the ongoing dispute between Custodia Bank, Inc. (“Custodia”) and the Board of Governors of the Federal Reserve System (“the Fed”) and the Federal Reserve Bank of Kansas City.  This dispute involves a complaint (now amended) filed by Custodia – a state-chartered special purpose depository institution (“SPDI”) based in Cheyenne, Wyoming – against the Fed and the Federal Reserve Bank of Kansas City, alleging that the defendants improperly denied Custodia’s application for a “master account” with the Fed. Generalizing greatly, having a master account allows financial institutions to operate in the normal course as a custodial bank in the U.S.  Having a Fed master account is therefore critical to any institution looking to operate in the U.S. financial system.

In a nutshell, Wyoming’s request to intervene critiques the defendants because of their “view of perceived inadequacies in Wyoming’s laws and regulations for SPDIs, [which are] partially responsible” for the denial of Custodia’s master account application.  More specifically, Wyoming accuses the defendants of seeking to treat Wyoming SPDIs in an inequitable manner, thereby “treating state-chartered non-federally regulated banks as second-class banks ineligible to compete with federally-regulated ones.”

This blog post focuses on an important issue referenced seemingly in passing in Wyoming’s request for permission to intervene, which is clearly motivating in part the filing by Wyoming:  on March 24, 2023, the Fed made public its January 27, 2023  Order Denying Application for Membership (the “Order”) by Custodia, which had requested the Fed’s approval under Section 9 of the Federal Reserve Act to become a member of the Federal Reserve System.  According to Wyoming, the Fed’s decision to deny Custodia’s application has the effect of preventing Custodia and other Wyoming SPDIs from ever being able to attain the status of federal regulation.  We focus here on the Order because of its much broader anti-money laundering (“AML”) and sanctions implications for any banks which are contemplating targeted services for the digital asset industry.  The 86-page Order is very detailed, and often also discusses safety and soundness concerns, as well as other issues.

As we discuss, the Order suggests that any bank will have a hard time convincing the Fed that crypto-heavy banking services can comply with the requirements of the Bank Secrecy Act (“BSA”) and U.S. sanctions law.  Likewise, the Fed has expressed its skepticism in the Order that blockchain analytics services, even when applied skillfully and with the best of intentions, actually can satisfy the BSA and U.S. sanctions law due to limitations inherent in crypto transactions relating to knowing with confidence who is actually conducting the transactions.  This same issue was also noted by the recent report by the U.S. Treasury regarding perceived AML and sanctions vulnerabilities in decentralized finance providers.

Continue Reading  State of Wyoming Wades Into Custodia Bank Dispute with Federal Reserve — In Wake of Fed’s Rejection of Bank Due to Crypto-Related AML and OFAC Concerns

On April 6, 2023, the U.S. Department of the Treasury released a report examining vulnerabilities in decentralized finance (“DeFi”), including potential gaps in the United States’ anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) regulatory, supervisory, and enforcement regimes for DeFi.  The report concludes by making a series of recommendations, including the closing of “gaps” in the application of the Bank Secrecy Act (“BSA”) to the extent that certain DeFi services currently fall outside the scope of the BSA’s definition of a “financial institution” covered by the BSA.  The report cautions that it does not alter any existing legal obligations, issue any new regulatory interpretations, or establish any new supervisory expectations.

Continue Reading  U.S. Treasury Releases Report and Recommendations Regarding Vulnerabilities in Decentralized Finance

As we have repeatedly blogged, concerns about perceived anti-money laundering (“AML”) risks in the real estate industry are rising globally.  Consistent with this concern, the Financial Action Task Force (“FATF”) has updated its AML guidance for the real estate sector in a document entitled “Guidance for a Risk-Based Approach: Real Estate Sector,” (“FATF Guidance” or “the Updated Guidance”).  The FATF Guidance urges a variety of players in the real estate industry to adopt a risk-based approach (“RBA”) to mitigate AML risks and sets forth some high-level recommendations.  The Updated Guidance notably coincides with FinCEN’s advanced notice of proposed rulemaking to impose reporting and perhaps other requirements under the Bank Secrecy Act (“BSA”) for persons involved in real estate transactions to collect, report, and retain information, and the  recent extension of Geographic Targeting Orders for U.S. title insurance companies.

The FATF Guidance appears to be driven, at least in part, by FATF assessments showing that the real estate sector has high AML risks, which industry players often fail to appreciate and/or mitigate.  The Updated Guidance explains how various industry players can use an RBA to mitigate those risks.  It identifies sector-specific risks, sets forth strategies for assessing and managing those risks, and describes challenges the industry faces in doing so.  The FATF also offers specific guidance for “private sector players” and “supervisors” (e.g., countries and self-regulatory boards) for going forward.  The Updated Guidance includes tools, case studies, and examples of both private sector and supervisory practices to show real estate supervisors and practitioners how to implement FATF standards in an adequate, risk-based and effective manner.

The FATF is an inter-governmental policymaking body dedicated to creating AML standards and promoting effective measures to combat money laundering (“ML”) and terrorist financing (“TF”).  The FATF issued the Updated Guidance with input from the private sector, including from a public consultation with thirteen private-sector representatives (including from sector specific professional associations, the legal profession, FinTech providers, and non-profit organizations) in March and April 2022.  This consultation urged FinCEN, among other things, to provide greater clarity in the Updated Guidance regarding its applicability to the real estate sector and related professions (such as lawyers, notaries, and financial institutions) and extend FATF recommendations to broader real estate activities (such as property development and leasing).

Continue Reading  FATF Updates Risk-Based Approach Guidance for the Real Estate Sector

On April 28, 2022 the New York Department of Financial Services (“NYDFS”) issued its Guidance on Use of Blockchain Analytics, a document directed to all virtual currency business entities that either have a NYDFS Bitlicense or are chartered as a limited purpose trust company under the New York Banking Law.  The Guidance emphasizes “the importance of blockchain analytics to effective policies, processes, and procedures, including, for example, those relating to customer due diligence, transaction monitoring, and sanctions screening.”

The NYDFS is stressing the role of blockchain analytics in anti-money laundering (“AML”) compliance because “virtual currencies such as Bitcoin and Ether can be transferred peer-to-peer directly from one individual or entity to another pseudonymously, absent the use of a regulated third party (e.g., between non-custodial wallets, or self-hosted wallets that allow users to maintain control of their private keys). . . . [T]hese wallet addresses are typically pseudonymous, with nothing on the face of the transfer tying back to the originator, beneficiary, or underlying beneficial owners.”

Given the potential compliance challenges presented by such characteristics, the NYDFS wants virtual currency entities to leverage the fact that virtual currencies also enable provenance tracing because “the blockchain ledger’s immutability typically allows a historical view of a virtual currency transmission between wallet addresses, providing the opportunity for greater visibility into transaction lineage than is typically found with traditional, fiat funds transfers.”

The Guidance provides that, ultimately, all risk mitigation strategies must account for an entity’s business profile to assess risk across types of virtual currencies and effectively address the specific characteristics of any particular virtual currency involved.  If a virtual currency entity chooses to outsource its control functions to third-party service providers rather than use only internally developed blockchain analytics, it must have “clearly documented policies, processes, and procedures with regard to how the [third-party] blockchain analytics activity integrates into the [entity’s] overall control framework consistent with the [entity’s] risk profile.”
Continue Reading  NYDFS Stresses Use of Blockchain Analytics for AML Compliance by Virtual Currency Businesses

On March 7, the Financial Crimes Enforcement Network (“FinCEN”) issued an alert “advising all financial institutions to be vigilant against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions implemented in connection with the Russian Federation’s further invasion of Ukraine.”  The press release is here.  The alert itself is here.
Continue Reading  Russian Sanctions:  FinCEN Provides Red Flags for Potential Evasion Attempts

On December 1, 2021, the Federal Financial Institutions Examination Council (“FFIEC”) released updates to its Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual (the “Manual”), which provides guidance to examiners for evaluating a financial institution’s BSA/AML compliance program and its compliance with related regulatory requirements.  This update is the third of 2021: the FFIEC also released updates to the Manual on February 25, 2021 and June 21, 2021.

This most recent update to the Manual adds a new introductory section, Introduction – Customers.  The updated Manual also includes changes to sections pertaining to Charities and Nonprofit Organizations, Independent Automated Teller Machine Owners or Operators, and Politically Exposed Persons (“PEP”).  The breadth of this most recent Manual update is consistent with the previous 2021 updates.  In February, FFIEC released an introductory section and updates to three sections pertaining to Customer Identification Programs (“CIP”), Currency Transaction Reporting (“CTR”), and Transactions of Exempt Persons.  In June, the FFIEC released updates to four sections pertaining to International Transportation of Currency or Monetary Instruments Reporting, Purchase and Sale of Monetary Instruments Recordkeeping, Reports of Foreign Financial, and Special Measures.

Consistent with prior FFIEC Interagency press releases associated with Manual updates, the FFIEC explained that “[t]he updates should not be interpreted as new requirements or as a new or increased focus on certain areas,” but rather “provide information and considerations related to certain customers that may indicate the need for bank policies, procedures, and processes to address potential money laundering, terrorist financing, and other illicit financial activity risks.”  Despite this disclaimer, the updates provide helpful insight into what examiners prioritize with regard to BSA/AML compliance.
Continue Reading  The FFIEC’S Third 2021 Update to the BSA/AML Examination Manual

Government Alleges Systemic and Deliberate AML Failures

Filings Describe Tools for CVC Exchanges to Use for Customer Due Diligence and Transaction Monitoring

The Financial Crimes Enforcement Network (“FinCEN”) and the Commodity Futures Trading Commission (“CFTC”) announced on August 10 (here and here) settlements with the operators of the BitMEX cryptocurrency trading platform for alleged anti-money laundering (“AML”) violations under the Bank Secrecy Act (“BSA”), and for allegedly failing to register with the CFTC.  More specifically, FinCEN’s assessment of a civil monetary penalty and the CFTC’s consent order both involved the five companies operating the BitMEX platform: HDR Global Trading Limited, 100x Holding Limited, ABS Global Trading Limited, Shine Effort Inc Limited, and HDR Global Services (Bermuda) Limited (collectively, “BitMEX”).

BitMEX will pay regulators up to a combined $100 million civil monetary penalty; perform a “lookback” regarding the potential need to file additional Suspicious Activity Reports (“SARs”); and hire an independent consultant to conduct two reviews of BitMEX’s operations, policies, procedures, and controls, in order to confirm that BitMEX is not operating in the U.S., and that no U.S. customers are able to trade with the BitMEX platform.

According to the government filings, BitMEX is one of the oldest cryptocurrency derivative exchanges, with 1.3 million user accounts and a collection of annual fees in excess of $1 billion.  Combined, the government filings allege that for a period of six years between November 2014 and October 1, 2020, BitMEX offered trading of cryptocurrency derivatives to retail and institutional customers in the U.S. and worldwide through BitMEX’s website. Customers in the U.S. placed orders to buy or sell contracts directly through the website and BitMEX was aware that U.S. customers could access the BitMEX platform via virtual private network (“VPN”).

The civil penalty will be split between FinCEN and the CFTC.  However, the settlement involves an interesting “carrot” offered by the regulators:  $20 million of the penalty is suspended pending the successful completion of the SAR lookback and the two independent consultant reviews.

According to the government’s allegations, BitMEX deliberately ignored for years the most basic AML requirements, resulting in multitudinous violations and inviting – and even encouraging – its customers to launder illicit funds.  As we will describe, the government has alleged that BitMEX operated on the announced pretext that it was not subject to the BSA or U.S. commodities laws because it had no U.S. customers or operations, when senior management knew otherwise.
Continue Reading  FinCEN and CFTC Reach Groundbreaking $100 Million AML Settlement with BitMEX

A Guest Blog by Angelena Bradfield

Today we are very pleased to welcome guest blogger Angelena Bradfield, who is the Senior Vice President of AML/BSA, Sanctions & Privacy for the Bank Policy Institute. BPI is a nonpartisan public policy, research and advocacy group, representing the nation’s leading banks. Its members include universal banks, regional banks and the major foreign banks doing business in the United States.  BPI has been engaged in efforts to modernize the U.S. anti-money laundering/ countering the financing of terrorism (AML/CFT) regime for almost half a decade and worked closely with Senate and House leadership throughout the introduction and final passage of the Anti-Money Laundering Act of 2020 (AML Act). Angelena previously was a Vice President at The Clearing House Association, where she supported its regulatory affairs department in similar policy areas. Before that, she supported comprehensive immigration reform efforts at ImmigrationWorks USA and worked on various domestic policy issues at the White House where she served as a staff assistant in both the Domestic Policy Council and Presidential Correspondence offices.

We reached out to Angelena regarding BPI’s recent letter to the Financial Crimes Enforcement Network (FinCEN) commenting on its implementation of the Corporate Transparency Act (CTA).  Congress passed the CTA on January 1, 2021, as part of the AML Act.  The CTA requires certain legal entities to report their beneficial owners to a directory accessible by U.S. and foreign law enforcement and regulators.  This directory also will be accessible to U.S. financial institutions seeking to comply with their own AML obligations, particularly the beneficial ownership regulation, otherwise known as the Customer Due Diligence Rule (CDD Rule), already applicable to banks and other financial institutions. The CTA’s beneficial ownership directory is one of the most important and long-awaited changes to the BSA/AML regulatory regime, but it presents many challenges, both legal and logistical.  On April 5, 2021, FinCEN issued an advance notice of proposed rulemaking to solicit public comment on the CTA’s implementation.  In response, FinCEN received over 200 letters from industry stakeholders – including the letter from BPI.

This blog post again takes the form of a Q&A session, in which Angelena responds to questions posed by Money Laundering Watch about the CTA and how it should be implemented.  We hope you enjoy this discussion on this important topic. – Peter Hardy and Shauna Pierson
Continue Reading  Implementing the Corporate Transparency Act:  A Guest Blog

The Small Business Administration (“SBA”) recently issued a procedural notice (the “Notice”) to “All SBA Employees and Paycheck Protection Program Lenders” setting forth “Revised SBA Paycheck Protection Platform Procedures for Addressing Hold Codes on First Draw PPP Loans and Compliance Check Error Messages on First Draw PPP Loans and Second Draw PPP Loans.”  The Notice sets forth procedures Paycheck Protection Program (“PPP”) lenders must follow in approving First or Second Draw PPP loans under the 2021 Economic Aid Act.

PPP Experience To Date

As we discussed in a recent blog post, with the third round of PPP funding currently underway, the government, through SBA and the Financial Crimes Enforcement Network (“FinCEN”), has begun taking steps to clarify lender compliance obligations in implementing the PPP.  The onus of implementing the PPP has been on the private lenders participating in the program.  The SBA reiterates this responsibility in the Notice, emphasizing, “[u]nder the CARES Act, PPP Lenders are deemed to have delegated authority to make and approve PPP loans without prior SBA review.”

While lenders have been acting with this “delegated authority” since Spring 2020, they are only now beginning to operate with answers to how it can meet their compliance obligations under the Bank Secrecy Act (“BSA”) while quickly administering the PPP according to the parameters set forth in the CARES Act and subsequent SBA guidance.  And, with a new funding round opening nearly a year after the initial rounds, the government and private sector are both grappling with sifting through and processing relevant data accumulated through the first two funding rounds.

Under the CARES Act, PPP borrowers were originally limited to obtaining a single loan.  The Economic Aid Act changed that.  In addition to opening a new round of PPP lending to new borrowers – “First Draw” borrowers – the Economic Aid Act permitted prior borrowers to pursue a loan – “second Draw” PPP borrowers.  This expansion of the PPP program introduces lenders to a new category of borrowers: those that previously applied for and either did or did not (for whatever reason) receive a PPP loan.   What does this mean for lenders from a Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) perspective?  Information.
Continue Reading  New PPP Procedural Requirements Reflect Lenders’ Emerging AML Duties

The Financial Action Task Force (FATF) recently published a report titled Virtual Assets: Red Flag Indicators of Money Laundering and Terrorist Financing. The report discusses a number of red flag indicators of suspicious virtual asset (VA) activities identified “through more than one hundred case studies collected since 2017 from across the FATF Global Network, literature reviews, and open source research.” The purpose of the report is to help financial institutions (FIs), designated non-financial businesses and professions (DNFBPs), and virtual asset service providers (VASPs) to create a “risk-based approach to their Customer Due Diligence (CDD) requirements.”

The report focuses on the following six categories of red flag indicators: those (1) related to transactions, (2) related to transaction patterns, (3) related to anonymity, (4) about senders or recipients, (5) in the source of funds or wealth, and (6) related to geographical risks.

When discussing red flags relating to transactions, FATF suggests that the size and frequency of transactions can be a good indicator of suspicious activity. For example, making multiple high-value transactions in short succession (i.e. within a 24-hour period) or in a staggered and regular pattern, with no further transactions during a long period afterwards. With regard to transaction patterns, FATF notes that large initial deposits with new users or transactions involving multiple accounts should also raise suspicion.
Continue Reading  FATF Identifies Red Flags for Virtual Assets and Money Laundering