Office of the Comptroller of the Currency (OCC)

On April 12, 2021, the Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Board”), the Federal Deposit Insurance Corporation (“FDIC”), the National Credit Union Administration (“NCUA”) and the Financial Crimes Enforcement Network (“FinCEN”) issued a Request for Information (“RFI”) requesting comment on the extent to which the agencies’ previous guidance on model risk management supports banks’ compliance with Bank Secrecy Act (“BSA) and Anti-Money Laundering (“AML”) regulations and Office of Foreign Asset Control (“OFAC”) requirements.

The RFI asks for comments from interested parties on suggested changes to guidance or regulations, and whether aspects of the agencies’ approaches to BSA/AML and OFAC compliance are either working well, or could be improved.  The agencies explained that the reason for the RFI is to further understand current bank practices, and determine whether additional explanation or clarification of their guidance may be helpful.  Although the genesis of the RFI is not entirely clear, it appears that it was issued in response to certain financial institution inquiries or comments regarding how the maintenance of their BSA/AML compliance programs should incorporate principles set forth in earlier, more general regulatory guidance on model risk management for banks, which we describe below.  Further, the RFI has not occurred in a vacuum, but rather has appeared in the midst of a major, ongoing overhaul of the BSA/AML legislative, regulatory and enforcement regime.  Comments to the RFI must be received by June 11, 2021.
Continue Reading Risk Management: Agencies Issue Request for Information on Intersection of Model Risk Management Guidance and BSA/AML Compliance

SARs Do Not Need to Be Filed At the First Sign of Potential Problems

Honoring “Keep Open” Letters from Law Enforcement Should Not Lead to Criticism

On January 19, 2021, the Financial Crimes Enforcement Network (FinCEN), along with the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, and the National Credit Union Administration jointly published Answers to Frequently Asked Questions Regarding Suspicious Activity Reporting and Other Anti-Money Laundering Considerations.  The agencies provided answers to certain frequently asked questions (FAQs) in an effort to (1) clarify for financial institutions the regulatory requirements related to Suspicious Activity Reports (SARs) that they must comply with; and (2) help financial institutions focus their resources on Bank Secrecy Act (BSA) reporting activities that provide the most value to law enforcement.

The banking agencies developed these FAQs in response to recommendations made by the Bank Secrecy Act Advisory Group, which are detailed in FinCEN’s Advance Notice of Proposed Rulemaking on Anti-Money Laundering Program Effectiveness published in September 2020.  Notably, the FAQs do not change existing legal obligations or create new regulatory requirements.  Instead, they address several questions that have emerged among anti-money laundering compliance personnel.  Generally, they are helpful and make clear that a decision to file a SAR in a particular case is driven by specific circumstances and good judgment, rather than a rigid “check the box” mentality.
Continue Reading FinCEN and Other Federal Banking Agencies Provide Much-Needed Guidance on Suspicious Activity Reports

The Comptroller of the Currency (the “OCC”) has been busy, and focused on technology.  We discuss two recent developments: proposed regulations that would allow the OCC to grant exemptions relating to Suspicious Acivity Reports (“SARs”), and the OCC’s announcement that national banks and federal savings associations may employ both independent node verification networks (“INVNs”) and stablecoins to perform banking functions.

SAR Filing Exemptions

In late December, the OCC proposed new regulations to amend the “Suspicious Activity Report regulations to allow the OCC to issue exemptions . . . for national banks or federal savings associations that develop innovative solutions intended to meet Bank Secrecy Act requirements more efficiently and effectively.” While the Financial Crimes Enforcement Network (“FinCEN”) has long held the power to grant exemptions, the OCC does not possess equivalent authority. “As financial technology and innovation” rapidly evolve in monitoring and reporting financial crime, the OCC has determined it must create a flexible regulatory mechanism to keep pace.
Continue Reading The OCC Embraces Technology, Proposes Exemption to SAR Requirements and Announces Acceptance of Distributed Ledgers and Stablecoins

Covered Companies Must Report Beneficial Ownership to National Database Upon Incorporation

First Blog Post in an Extended Series on Legislative Changes to BSA/AML Regulatory Regime

Change is upon us.  The U.S. House and Senate have passed – over a Presidential veto – the National Defense Authorization Act (“NDAA”), a massive annual defense spending bill.  As we have blogged, this bill, now law, contains historic changes to the Bank Secrecy Act (“BSA”), coupled with other changes relating to money laundering, anti-money laundering (“AML”), counter-terrorism financing (“CTF”) and protecting the U.S. financial system against illicit foreign actors. This sweeping legislation will affect financial institutions, their clients, and law enforcement and regulators for many years.  This will be the first post of many on these important legislative changes, which should produce related regulatory pronouncements throughout 2021.

Today, we will focus on the enactment that has received the most attention:  the NDAA’s adoption of the Corporate Transparency Act (“CTA”) and its requirements for covered legal entities to report their beneficial owners at the time of their creation to a database accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions seeking to comply with their own AML compliance obligations.  The issue of beneficial ownership and the misuse of shell corporations has been at the heart of global AML regulation and enforcement for many years.  This legislation will be held out as a partial but important response to the continuing critiques by the international community of the United States as a haven for money laundering and tax evasion, often due to the perception that U.S. and state laws on beneficial ownership reporting are lax.

Beyond “just” the CTA, the breadth of the BSA/AML legislation is substantial. We have discussed BSA/AML reform for years, and many of the reforms (acknowledging that the word “reform” often involves a value judgment, and whether a particular change represents “reform” is typically in the eye of the beholder) that have been repeatedly bandied about by Congress, industry, think tanks and law enforcement are incorporated into this legislation, or at least referenced as topics for further study and follow-up.  We therefore will be blogging repeatedly on the many and various components of this legislation, which implicates a broad array of key issues: BSA/AML examination priorities; attempting to modernize the BSA regulatory regime, including by improving feedback by the government on the usefulness of SAR reporting; potential “no action” letters by FinCEN; requiring process-related studies tied to the effectiveness and costs of certain BSA requirements, including current SAR and CTR reporting; increased penalties under the BSA for repeat offenders; greater information sharing among industry and the government; enhancing the ability of the government to investigate the use of correspondent bank accounts; cyber security issues; focusing on trade-based money laundering; adding a whistleblower provision to the BSA; and including dealers in antiquities to the definition of “financial institutions” covered by the BSA.
Continue Reading U.S. Passes Historic BSA/AML Legislative Change

On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require supervised banking organizations to provide notification of significant computer security incidents to their primary federal regulator.  Under the proposed rule, for incidents

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.  Following up on a recent blog post,

Regulators’ Joint Statement Attempts to Clarify AML Expectations Regarding Potential Corrupt Actors

On August 21, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) and other banking regulators – specifically the Federal Reserve, the FDIC, the National Credit Union Administration, and the OCC – issued a joint statement that provides additional guidance in applying Bank Secrecy

Regulators Provide Greater Transparency into BSA/AML Enforcement Process

On August 13, 2020 the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, and Office of the Comptroller of the Currency (the “Agency” or collectively the “Agencies”) issued a joint statement updating and clarifying their 2007 guidance regarding how they evaluate enforcement actions when financial institutions violate or fail to meet BSA/AML requirements. The Financial Crimes Enforcement Network (“FinCEN”) followed with its own statement on August 18, 2020, setting forth its approach when considering enforcement actions against financial institutions that violate the BSA.

Below are a few highlights from the two sets of guidance:

  • The joint statement repeatedly emphasizes that isolated or technical deficiencies in BSA/AML compliance programs will not generally result in cease and desist orders.
  • The joint statement provides specific categories and examples of BSA/AML program failures that typically would (or would not) result in a cease and desist order. Certain of these examples are discussed below.
  • Compared to the 2007 guidance, the joint statement provides more detailed descriptions and examples of the pillars of BSA/AML compliance programs, such as designated BSA/AML personnel, independent testing, internal controls, and training.
  • FinCEN explains in its statement that it will base enforcement actions on violations of law, not standards of conduct contained solely in guidance documents.
  • The FinCEN statement lays out the factors FinCEN considers when determining the disposition of a BSA violation. Unsurprisingly, these factors include the pervasiveness and seriousness of the conduct and the violator’s cooperation and history of wrongdoing.

All in all, the two statements, particularly the joint statement, succeed in providing greater transparency into the regulators’ decision-making processes with regards to pursuing enforcement actions for violations of the BSA and for AML program deficiencies.
Continue Reading Federal Banking Agencies Issue Joint Statement On Enforcement of BSA/AML Requirements; FinCEN Follows With Its Own

The Office of the Comptroller of the Currency (“OCC”) issued a letter yesterday stating that  “a national bank [and federal savings associations] may provide . . . cryptocurrency custody services on behalf of customers, including by holding the unique cryptographic keys associated with cryptocurrency. This letter also reaffirms the OCC’s position that national banks may provide permissible banking services to any lawful business they chose, including cryptocurrency business, so long as they effectively manage the risks and comply with applicable law.”  (“Letter”).

The key phrase above is “any lawful business.”  When a financial institution deals with crypto clients, whether the institution is actually dealing with a customer engaged in lawful activity is literally the question.  Oddly, therefore, the Letter is simultaneously groundbreaking and yet also nothing new.
Continue Reading OCC Announces that Federally-Chartered Banks and Thrifts May Provide Custody Services for Crypto Assets

Examiners Should Focus on Risk, Not Technical Perfection

On April 15, 2020, the Federal Financial Institutions Examination Council (“FFIEC”) released updates to the Bank Secretary Act/Anti-Money Laundering (“BSA/AML”) examination manual (the “Manual”). As the FFIEC Interagency press release described, the Manual provides “instructions to examiners when assessing the adequacy of a bank’s BSA/AML compliance program.” The “release of the updated sections provides further transparency into the BSA/AML examination process and does not establish new requirements.” The press release further stated the revisions were made to, among other objectives, emphasize examiners should be “tailoring BSA/AML examination to a bank’s risk profile,” to “ensure language clearly distinguishes between mandatory regulatory requirements and supervisory expectations” for examiners, and to “incorporate regulatory changes since the last update of the Manual in 2014.”

The Federal Deposit Insurance Corporation (“FDIC”) also issued a press release regarding the updates. Its statement recognized “financial institutions are faced with uncertainty during this unprecedented time,” therefore the FDIC cautioned the update, “which supports tailored examination work, has been in process for an extended period and should not be interpreted as new instructions or as an augmented focus.”

The updates focus on four steps in the examination process:

  • Scoping and Planning
  • BSA/AML Risk Assessment
  • Assessing the BSA Compliance Program
  • Developing Conclusions and Finalizing the Examination

The updates emphasize examiners should take a “risk-focused” approach to tailor the review of a regulated institution’s BSA/AML compliance program, meaning the examination should be tailored to the risk profile of that specific institution.  The Manual updates incorporate guidance on more recent developments such as Customer Due Diligence (“CDD”) and Beneficial Ownership requirements and a recognition of innovations in collaborations among smaller institutions.  Importantly, the Manual reminds examiners that banks have flexibility in the design of their BSA/AML compliance programs, and that minor weaknesses, deficiencies, and technical violations alone do not indicate an inadequate program.
Continue Reading FFIEC BSA/AML Examination Manual Updates Reveal Exam Process and Expectations