Office of the Comptroller of the Currency (OCC)

Subscribe to Office of the Comptroller of the Currency (OCC) via RSS

The OCC, FDIC, and Federal Reserve Board have issued a guide that is intended to assist community banks in conducting due diligence when considering relationships with financial technology (fintech) companies (Guide).

The issuance of the Guide follows the agencies’ July 2021 release of proposed interagency guidance for banking organizations on managing risks associated with third-party

U.S. Federal Reserve Building

The Federal Reserve, FDIC, and OCC released on July 13, 2021 proposed guidance for banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.  The proposal is the first time that the three agencies have proposed third-party

On April 12, 2021, the Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Board”), the Federal Deposit Insurance Corporation (“FDIC”), the National Credit Union Administration (“NCUA”) and the Financial Crimes Enforcement Network (“FinCEN”) issued a Request for Information (“RFI”) requesting comment on the extent to which the agencies’ previous guidance on model risk management supports banks’ compliance with Bank Secrecy Act (“BSA) and Anti-Money Laundering (“AML”) regulations and Office of Foreign Asset Control (“OFAC”) requirements.

The RFI asks for comments from interested parties on suggested changes to guidance or regulations, and whether aspects of the agencies’ approaches to BSA/AML and OFAC compliance are either working well, or could be improved.  The agencies explained that the reason for the RFI is to further understand current bank practices, and determine whether additional explanation or clarification of their guidance may be helpful.  Although the genesis of the RFI is not entirely clear, it appears that it was issued in response to certain financial institution inquiries or comments regarding how the maintenance of their BSA/AML compliance programs should incorporate principles set forth in earlier, more general regulatory guidance on model risk management for banks, which we describe below.  Further, the RFI has not occurred in a vacuum, but rather has appeared in the midst of a major, ongoing overhaul of the BSA/AML legislative, regulatory and enforcement regime.  Comments to the RFI must be received by June 11, 2021.
Continue Reading  Risk Management: Agencies Issue Request for Information on Intersection of Model Risk Management Guidance and BSA/AML Compliance

SARs Do Not Need to Be Filed At the First Sign of Potential Problems

Honoring “Keep Open” Letters from Law Enforcement Should Not Lead to Criticism

On January 19, 2021, the Financial Crimes Enforcement Network (FinCEN), along with the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, and the National Credit Union Administration jointly published Answers to Frequently Asked Questions Regarding Suspicious Activity Reporting and Other Anti-Money Laundering Considerations.  The agencies provided answers to certain frequently asked questions (FAQs) in an effort to (1) clarify for financial institutions the regulatory requirements related to Suspicious Activity Reports (SARs) that they must comply with; and (2) help financial institutions focus their resources on Bank Secrecy Act (BSA) reporting activities that provide the most value to law enforcement.

The banking agencies developed these FAQs in response to recommendations made by the Bank Secrecy Act Advisory Group, which are detailed in FinCEN’s Advance Notice of Proposed Rulemaking on Anti-Money Laundering Program Effectiveness published in September 2020.  Notably, the FAQs do not change existing legal obligations or create new regulatory requirements.  Instead, they address several questions that have emerged among anti-money laundering compliance personnel.  Generally, they are helpful and make clear that a decision to file a SAR in a particular case is driven by specific circumstances and good judgment, rather than a rigid “check the box” mentality.
Continue Reading  FinCEN and Other Federal Banking Agencies Provide Much-Needed Guidance on Suspicious Activity Reports

The Comptroller of the Currency (the “OCC”) has been busy, and focused on technology.  We discuss two recent developments: proposed regulations that would allow the OCC to grant exemptions relating to Suspicious Acivity Reports (“SARs”), and the OCC’s announcement that national banks and federal savings associations may employ both independent node verification networks (“INVNs”) and stablecoins to perform banking functions.

SAR Filing Exemptions

In late December, the OCC proposed new regulations to amend the “Suspicious Activity Report regulations to allow the OCC to issue exemptions . . . for national banks or federal savings associations that develop innovative solutions intended to meet Bank Secrecy Act requirements more efficiently and effectively.” While the Financial Crimes Enforcement Network (“FinCEN”) has long held the power to grant exemptions, the OCC does not possess equivalent authority. “As financial technology and innovation” rapidly evolve in monitoring and reporting financial crime, the OCC has determined it must create a flexible regulatory mechanism to keep pace.
Continue Reading  The OCC Embraces Technology, Proposes Exemption to SAR Requirements and Announces Acceptance of Distributed Ledgers and Stablecoins

Covered Companies Must Report Beneficial Ownership to National Database Upon Incorporation

First Blog Post in an Extended Series on Legislative Changes to BSA/AML Regulatory Regime

Change is upon us.  The U.S. House and Senate have passed – over a Presidential veto – the National Defense Authorization Act (“NDAA”), a massive annual defense spending bill.  As we have blogged, this bill, now law, contains historic changes to the Bank Secrecy Act (“BSA”), coupled with other changes relating to money laundering, anti-money laundering (“AML”), counter-terrorism financing (“CTF”) and protecting the U.S. financial system against illicit foreign actors. This sweeping legislation will affect financial institutions, their clients, and law enforcement and regulators for many years.  This will be the first post of many on these important legislative changes, which should produce related regulatory pronouncements throughout 2021.

Today, we will focus on the enactment that has received the most attention:  the NDAA’s adoption of the Corporate Transparency Act (“CTA”) and its requirements for covered legal entities to report their beneficial owners at the time of their creation to a database accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions seeking to comply with their own AML compliance obligations.  The issue of beneficial ownership and the misuse of shell corporations has been at the heart of global AML regulation and enforcement for many years.  This legislation will be held out as a partial but important response to the continuing critiques by the international community of the United States as a haven for money laundering and tax evasion, often due to the perception that U.S. and state laws on beneficial ownership reporting are lax.

Beyond “just” the CTA, the breadth of the BSA/AML legislation is substantial. We have discussed BSA/AML reform for years, and many of the reforms (acknowledging that the word “reform” often involves a value judgment, and whether a particular change represents “reform” is typically in the eye of the beholder) that have been repeatedly bandied about by Congress, industry, think tanks and law enforcement are incorporated into this legislation, or at least referenced as topics for further study and follow-up.  We therefore will be blogging repeatedly on the many and various components of this legislation, which implicates a broad array of key issues: BSA/AML examination priorities; attempting to modernize the BSA regulatory regime, including by improving feedback by the government on the usefulness of SAR reporting; potential “no action” letters by FinCEN; requiring process-related studies tied to the effectiveness and costs of certain BSA requirements, including current SAR and CTR reporting; increased penalties under the BSA for repeat offenders; greater information sharing among industry and the government; enhancing the ability of the government to investigate the use of correspondent bank accounts; cyber security issues; focusing on trade-based money laundering; adding a whistleblower provision to the BSA; and including dealers in antiquities to the definition of “financial institutions” covered by the BSA.
Continue Reading  U.S. Passes Historic BSA/AML Legislative Change

On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require supervised banking organizations to provide notification of significant computer security incidents to their primary federal regulator.  Under the proposed rule, for incidents

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.  Following up on a recent blog post,

Regulators’ Joint Statement Attempts to Clarify AML Expectations Regarding Potential Corrupt Actors

On August 21, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) and other banking regulators – specifically the Federal Reserve, the FDIC, the National Credit Union Administration, and the OCC – issued a joint statement that provides additional guidance in applying Bank Secrecy

Regulators Provide Greater Transparency into BSA/AML Enforcement Process

On August 13, 2020 the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, and Office of the Comptroller of the Currency (the “Agency” or collectively the “Agencies”) issued a joint statement updating and clarifying their 2007 guidance regarding how they evaluate enforcement actions when financial institutions violate or fail to meet BSA/AML requirements. The Financial Crimes Enforcement Network (“FinCEN”) followed with its own statement on August 18, 2020, setting forth its approach when considering enforcement actions against financial institutions that violate the BSA.

Below are a few highlights from the two sets of guidance:

  • The joint statement repeatedly emphasizes that isolated or technical deficiencies in BSA/AML compliance programs will not generally result in cease and desist orders.
  • The joint statement provides specific categories and examples of BSA/AML program failures that typically would (or would not) result in a cease and desist order. Certain of these examples are discussed below.
  • Compared to the 2007 guidance, the joint statement provides more detailed descriptions and examples of the pillars of BSA/AML compliance programs, such as designated BSA/AML personnel, independent testing, internal controls, and training.
  • FinCEN explains in its statement that it will base enforcement actions on violations of law, not standards of conduct contained solely in guidance documents.
  • The FinCEN statement lays out the factors FinCEN considers when determining the disposition of a BSA violation. Unsurprisingly, these factors include the pervasiveness and seriousness of the conduct and the violator’s cooperation and history of wrongdoing.

All in all, the two statements, particularly the joint statement, succeed in providing greater transparency into the regulators’ decision-making processes with regards to pursuing enforcement actions for violations of the BSA and for AML program deficiencies.
Continue Reading  Federal Banking Agencies Issue Joint Statement On Enforcement of BSA/AML Requirements; FinCEN Follows With Its Own