New York Department of Financial Services (NYDFS)

Subscribe to New York Department of Financial Services (NYDFS)

On December 15, 2022, the New York Department of Financial Services (“NYDFS”) published an Industry Letter detailing the Department’s guidance regarding banking organizations that wish to engage in virtual currency-related activities. Specifically, while the guidance reminds New York banking organizations, branches, and agencies of foreign banking organizations licensed by the Department (together, “Covered Institutions”) of the preexisting obligation to seek approval from the Department before engaging in new or significantly different virtual currency-related activity, the guidance describes the process and types of information that the Department considers relevant to its approval process.  The guidance is effective as of December 15, 2022, and was accompanied by a press release from NYDFS’ Superintendent Adrienne A. Harris.

For the purposes of the Industry Letter, “virtual currency-related activity” includes “all ‘virtual currency business activity,’ as that term is defined in 23 NYCRR § 200.2(q), as well as the direct or indirect offering or performance of any other product, service, or activity involving virtual currency that may raise safety and soundness concerns for the Covered Institution or that may expose New York customers of the Covered Institution or other users of the product or service to risk of harm.”  As we will discuss, any Covered Institution seeking NYDFS approval should focus in part on addressing the Bank Secrecy Act (“BSA”)/Anti-Money Laundering (“AML”) and Office of Foreign Asset Control (“OFAC”)-related risks posed by the virtual currency-related activity.

Continue Reading  NYDFS Releases Virtual Currency Guidance for Banking Organizations

Case Involves Familiar But Instructive Regulatory Findings

The New York Department of Financial Services (“NYDFS”) made clear last week that crypto companies can be held accountable for allegedly failing to comply with anti-money laundering (“AML”) / Bank Secrecy Act (“BSA”) regulations.  Federal and certain State laws require crypto companies like Robinhood Crypto, LLC (“RHC”) to maintain effective AML programs, and to implement systems to identify suspicious activity and block illegal transactions on their platforms (which we have previously discussed, including here and here).  On August 2, 2022, NYDFS announced that it entered a Consent Order penalizing RHC $30 million for alleged AML, cybersecurity and consumer protection violations.  RHC also is required to retain an independent consultant to perform compliance assessments evaluating the Company’s remediation efforts. 

This enforcement action is entirely consistent with the recent Guidance on Use of Blockchain Analytics issued by the NYDFS, directed to all virtual currency business entities that either have a NYDFS Bitlicense or are chartered as a limited purpose trust company under the New York Banking Law.  As we have blogged, the Guidance emphasizes “the importance of blockchain analytics to effective [AML] policies, processes, and procedures, including, for example, those relating to customer due diligence, transaction monitoring, and sanctions screening.”

The Consent Order contains a litany of alleged AML deficiencies, many of which have figured prominently in other enforcement actions.  We detail them below.  From a BSA/AML perspective, the key focus – not surprisingly – was on the adequacy of RHC’s transaction monitoring systems.  Again, the message is:  written policies and programs may look great on their face, but actual execution is key.  The adequate funding and staffing of compliance functions is also critical.

Continue Reading  Crypto Compliance Matters: NYDFS Fines Robinhood $30M for Alleged AML, Cybersecurity, and Consumer Protection Violations

On April 28, 2022 the New York Department of Financial Services (“NYDFS”) issued its Guidance on Use of Blockchain Analytics, a document directed to all virtual currency business entities that either have a NYDFS Bitlicense or are chartered as a limited purpose trust company under the New York Banking Law.  The Guidance emphasizes “the importance of blockchain analytics to effective policies, processes, and procedures, including, for example, those relating to customer due diligence, transaction monitoring, and sanctions screening.”

The NYDFS is stressing the role of blockchain analytics in anti-money laundering (“AML”) compliance because “virtual currencies such as Bitcoin and Ether can be transferred peer-to-peer directly from one individual or entity to another pseudonymously, absent the use of a regulated third party (e.g., between non-custodial wallets, or self-hosted wallets that allow users to maintain control of their private keys). . . . [T]hese wallet addresses are typically pseudonymous, with nothing on the face of the transfer tying back to the originator, beneficiary, or underlying beneficial owners.”

Given the potential compliance challenges presented by such characteristics, the NYDFS wants virtual currency entities to leverage the fact that virtual currencies also enable provenance tracing because “the blockchain ledger’s immutability typically allows a historical view of a virtual currency transmission between wallet addresses, providing the opportunity for greater visibility into transaction lineage than is typically found with traditional, fiat funds transfers.”

The Guidance provides that, ultimately, all risk mitigation strategies must account for an entity’s business profile to assess risk across types of virtual currencies and effectively address the specific characteristics of any particular virtual currency involved.  If a virtual currency entity chooses to outsource its control functions to third-party service providers rather than use only internally developed blockchain analytics, it must have “clearly documented policies, processes, and procedures with regard to how the [third-party] blockchain analytics activity integrates into the [entity’s] overall control framework consistent with the [entity’s] risk profile.”
Continue Reading  NYDFS Stresses Use of Blockchain Analytics for AML Compliance by Virtual Currency Businesses

The New York State Department of Financial Services (“NYDFS” or “the Department”) published a press release on February 24, 2022 announcing the issuance of a Consent Order (“the Consent Order”) to the National Bank of Pakistan (“NBP” or “the Bank”), which will require the Bank to pay $35 million in penalties to NYDFS.  In conjunction with the Department’s enforcement action, the Federal Reserve Bank of New York (“FRBNY”) also announced a $20.4 million penalty against NBP for its alleged Anti-Money Laundering (“AML”) violations.

The Consent Order describes NBP as a “multinational commercial bank incorporated in Pakistan in 1949 that is majority owned by the Pakistani government, with more than $20 billion in assets as of June 30, 2021.”  The Department’s issuance of the Consent Order marks the first major fine against a bank since Adrienne A. Harris was confirmed as New York’s top financial regulator (Superintendent of NYDFS) in January 2022.  In November 2021, while still leading the Department on an acting basis, Harris issued a consent order to Dubai-based Mashreqbank for sanctions violations requiring the bank to pay $100 million in penalties.

As we will discuss, the Department’s and the NYFRB’s actions sends a clear message confirming that repeated findings of violations over multiple examinations is a sure-fire way to become subject to enforcement.
Continue Reading  National Bank of Pakistan Fined $55.4 Million for Alleged Repeated AML and Compliance Deficiencies

First Post in a Two-Part Series

Recent actions in the crypto realm demonstrate that authorities and regulators have not slackened their commitment to applying and enforcing Anti-Money Laundering (“AML”) laws and regulations in the crypto industry.  These actions serve as reminders that not only is the government keeping a close eye on cryptocurrency, but its oversight and enforcement can and will come from many angles. What’s more, the government’s recent various proactive and reactive compliance efforts relating to cryptocurrency illustrate the policy principles behind its compliance initiatives from the theoretical to the stark, real world consequences they are intended to avoid.

In this post, we address recent major developments across a spectrum of regulatory, civil, and criminal enforcement cases involving cryptocurrencies, AML and money laundering – courtesy of the combined efforts of the Financial Crimes Enforcement Network (“FinCEN”), the New York Department of Financial Services (“NYDFS”), and the U.S. Department of Justice.

In our next post, we will discuss a 30-page Guidance just issued today by FinCEN, entitled “Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies” – which was accompanied by a 12-page FinCEN Advisory entitled “Advisory on Illicit Activity Involving Convertible Virtual Currency.”
Continue Reading  Update: Government Enforcement in the Cryptocurrency Space

UK-based Standard Chartered Bank (“SCB”) announced the terms of significant settlements last week with various U.S. and U.K. governmental agencies, resolving a series of related investigations into the bank’s alleged violations of international sanctions and concomitant failures of anti-money laundering (“AML”) controls over a period stretching from 2007 to 2014. The bank will pay a total of $1.1 billion in combined forfeitures and fines to various national and state agencies in the two countries — and extend, once again, its deferred prosecution agreements (“DPAs”) with the U.S. Department of Justice (“DOJ”) and the New York County District Attorney’s Office (“NYDA”).

Specifically, the bank will pay: a $480 million fine and a $240 million forfeiture to the DOJ; approximately $639 million to the U.S. Treasury Department Office of Foreign Assets Control (“OFAC”); over $292 million to the NYDA; almost $164 million to the Board of Governors of the Federal Reserve System; and $180 million to the New York Department of Financial Services.  The bank also will pay over £102 million (an amount approximately equal to over $133 million) to the U.K.’s Financial Conduct Authority (“FCA”).  After certain payments are credited against some of these penalties, the total will exceed $1 billion.

Continue Reading  Standard Chartered Bank Enters Combined $1 Billion+ Settlement with U.S. and U.K. Authorities Over Iranian Financial Transactions

More Allegations of Nordic Malfeasance Surface as Private Party Lawsuits Beset Danske Bank and SwedBank Gets Sucked into Unfolding Scandal

“Something was indeed rotten in the state of Denmark.” – Olav Haazen

In what is perhaps the least surprising development in the sprawling, continuously unfolding Danske Bank (“Danske”) money laundering scandal, investor groups have filed private securities fraud actions against the Denmark-based bank and its top executives: first in the United States District Court for the Southern District of New York then, most recently, in Copenhagen City Court in Denmark. These suits coincide with an announcement from the Securities and Exchange Commission (“SEC”) that it, too, was opening its own probe of potential securities and Anti-Money Laundering (“AML”) violations at Danske that could result in significant financial penalties on top of what could be the enormous private judgments. More significantly, the Danske shareholder suits and SEC investigation illustrate a second front of enormous exposure from a securities fraud standpoint for banks involved in their own money laundering scandals and a rock-solid guaranteed template for future investors similarly damaged by such scandals.

As we have blogged here, here and here, the Danske scandal – the largest alleged money laundering scandal in history – has yielded criminal and administrative investigations in Estonia, Denmark, France and the United Kingdom and by the United States Department of Justice. Those investigations have focused primarily on Danske’s compliance with applicable AML regulations, as well as the implementation and effectiveness of those regulations. The SEC and civil plaintiffs now have opened a new line of inquiry focusing less on the institutional and regulatory failures that yielded the scandal and responsibility for them and more on the damage those failures have caused Danske investors.

Meanwhile, banking stalwart Swedbank is reacting, with mixed success at best, to allegations that suspicious transactions involving billions of Euros passed from Danske’s Estonian branch through Swedbank’s own Baltic branches — allegations which have produced a controversial internal investigation report, a law enforcement raid, the loss of the bank’s CEO, and plunging stock value.

Continue Reading  And Here Come the Lawyers: Securities Fraud Suits Commence Private Litigation Phase of Danske Bank Scandal

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.  Our podcast discusses the conduct for which financial

Second Post in a Two-Part Series

NYDFS Action Highlights the Need for Good Monitoring – and Good Consultants

In part one of this two-part post, we provided some practical tips for financial institutions to increase the chances that their Anti-Money Laundering (“AML”) programs will withstand regulators’ scrutiny, including: (1) promoting a culture of AML/Bank Secrecy Act (“BSA”) compliance; (2) focusing on transaction monitoring; (3) improving information sharing; (4) identifying and handling high-risk accounts appropriately; and (5) knowing your risks and continually improving your AML program to control those risks.

In this post we’ll discuss the consequences of potentially failing to heed these practical tips in a specific case: the New York Department of Financial Services’ (DFS) recent enforcement action against Mashreqbank. Further, we look forward to discussing all of these issues in an upcoming podcast in Ballard Spahr’s Consumer Financial Monitor Podcast series. So please continue to stay tuned.

Mashreqbank is the oldest and largest private bank in the United Arab Emirates. Its New York branch is Mashreqbank’s only location in the United States. It offers correspondent banking and trade finance services and provides U.S. dollar clearing services to clients located in Southeast Asia, the Middle East and Northern Africa. In 2016, the branch cleared more than 1.2 million USD transactions with an aggregate value of over $367 billion. In 2017, the branch cleared more than one million USD transactions with an aggregate value of over $350 billion.

The DFS enforcement action asserted that Mashreqbank’s AML/BSA program was deficient in a number of respects and that the New York branch had failed to remediate identified compliance issues. The enforcement action began with a DFS safety and soundness examine in 2016. In 2017, DFS and the Federal Reserve Bank of New York (FRBNY) conducted a joint safety and soundness examination. DFS provided a report of its findings to which Mashreqbank submitted a response.

In a consent order signed on October 10, 2018, Mashreqbank admitted violations of New York laws and accepted a significant monetary penalty and increased oversight for deficiencies in its AML/BSA and Office of Foreign Assets Control (OFAC) programs. Regulators pursued the enforcement action despite the New York branch’s strong cooperation and demonstrated commitment to building an effective and sustainable compliance program. Among other things, Mashreqbank agreed to pay a $40 million fine; to hire a third-party compliance consultant to oversee and address deficiencies in the branch’s compliance function including compliance with AML/BSA requirements; and to develop written revised AML/BSA and OFAC compliance programs acceptable to DFS.

The DFS and FRBNY examination findings demonstrate Mashreqbank’s failure to follow the practical tips identified in part one of this post. Specifically, the regulators found that Mashreqbank failed to: (1) have appropriate transition monitoring; (2) identify and handle high-risk accounts appropriately; and (3) know its risk and improve its AML program to control those risks.

Further, and as our discussion will reflect, the Mashreqbank enforcement action is also notable in two other respects. First, the alleged AML failures pertain entirely to process and the general adequacy of the bank’s AML program – whereas the vast majority of other AML/BSA enforcement actions likewise discuss system failures, they usually also point to specific substantive violations, such as the failure to file Suspicious Activity Reports (“SARs”) regarding a particular customer or set of transactions. Second, although the use of external consultants usually represents a mitigating factor or even a potential reliance defense to financial institution defendants, the DFS turned what is typically a defense shield into a government sword and instead criticized Mashreqbank for using outside consultants who, according to DFS, were just not very rigorous. This alleged use of consultants performing superficial analysis became part of the allegations of affirmative violations against the bank, thereby underscoring how financial institutions must ensure that their AML/BSA auditors or other consultants are experienced, competent, and performing meaningful testing, particularly when addressing issues previously identified by regulators.
Continue Reading  Practical Tips in Action: The Mashreqbank AML Enforcement Action

Public Risks Posed by Unbanked and Cash-Heavy Industry Deemed Insufficient to Outweigh Federal Law Concerns

As we just blogged, the New York State Department of Financial Services (“NYDFS”) has published guidance to “clarify the regulatory landscape and encourage” New York, state-chartered banks and credit unions to “offer banking services” to “marijuana related businesses licensed by New York state[,]” thereby identifying New York as a state friendly to financial services for marijuana-related businesses. In stark contrast, Ed Leary, Commissioner of the Utah Department of Financial Institutions (“UDFI”), recently articulated the polar opposite position, thereby exemplifying the increasingly bewildering patchwork quilt of approaches to banking and anti-money laundering (“AML”) policy in regards to state-licensed marijuana businesses.

In a presentation on August 17, 2018 to members of the National Association of Industrial Banks and the Utah Association of Financial Services, Commissioner Leary advised that UDFI will not ask any financial institutions regulated by his department to provide banking or payment processing services to cannabis-related businesses. To the contrary, if any examination conducted by UDFI identifies evidence of cannabis-related banking activities, UDFI will cite the conduct as an apparent violation of federal law.
Continue Reading  Banking and Marijuana, Redux: Utah Department of Financial Institutions Commissioner Declares Opposite Position to New York’s Encouragement of Banking Services for Marijuana Businesses Licensed Under State Law