Breadth of List Undermines Usefulness to Industry

As required by the Anti-Money Laundering Act (“AML Act”), the Financial Crimes Enforcement Network (“FinCEN”) issued on June 30, 2021 the first government-wide list of priorities for anti-money laundering and countering the financing of terrorism (“AML/CFT”) (the “Priorities”).  The Priorities purport to identify and describe the most significant AML/CFT threats facing the United States.  The Priorities have been much-anticipated because, under the AML Act, regulators will review and examine financial institutions in part according to how their AML/CFT compliance programs incorporate and further the Priorities, “as appropriate.”

Unfortunately, and as we will discuss, there is a strong argument that FinCEN has prioritized almost everything, and therefore nothing.
Continue Reading FinCEN Identifies AML/CFT “Priorities” For Financial Institutions

In the wake of the ongoing pandemic, various charities have been created with mission statements specific to COVID-19. What seems like an opportunity for giving back may present yet another vehicle for fraud to money launderers and other fraudsters.

To try to help weed out the legitimate from the not so innocent, on November 19, 2020, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a press release announcing a joint fact sheet (Fact Sheet), prepared in coordination with Federal Banking Agencies (defined below), “to provide clarity to banks on how to apply a risk-based approach to charities and other non-profit organizations (NPOs).” The press release and Fact Sheet seek to strike a balance between recognizing “the important role played by the charitable sector, especially during the COVID-19 pandemic” while reminding financial institutions to utilize the risk-based approach when conducting due diligence and developing risk profiles for charities and other NPOs.

This not the first time that the Treasury Department has raised concerns about charities, albeit in a different context: according to the Treasury Department’s reports on the 2020 National Strategy for Combatting Terrorist and other Illicit Financing and the 2018 National Terrorist Financing Risk Assessment, some charities and non-profit organizations (NPOs) “have been misused to facilitate terrorist financing.” And it is certainly not the first time that FinCEN has raised concerns about specific types of fraud fueled by the global pandemic (see here, here and here).
Continue Reading COVID-19 & Philanthropic Fraud

Second Post in a Three-Post Series Regarding Recent Regulatory Action by FinCEN

On September 16, 2020, the Financial Crimes Enforcement Network (“FinCEN”) issued an Advance Notice of Proposed Rulemaking (“ANPRM”) soliciting public comment on what it describes as “a wide range of questions pertaining to potential regulatory amendments under the Bank Secrecy Act (“BSA”).” As stated, the job which FinCEN created for itself that resulted in the ANPRM was not a small one: “to re-examine the BSA regulatory framework and the broader AML regime.”

The ANPRM seeks to help modernize the current BSA/AML regime – modernization being a frequent theme of public comments by FinCEN Director Ken Blanco, as we have blogged. Indeed, the U.S. Department of Treasury’s 2020 National Strategy for Combating Terrorist and Other Illicit Financing calls for AML modernization, in order to “[l]everag[e] new technologies and other responsible innovative compliance approaches to more effectively and efficiently detect illicit activity.” Meanwhile, and as we have blogged, Congress has been contemplating various proposals for BSA/AML reform for some time (see here, here, here, here and here).

Despite its broad language, however, the ANPRM essentially boils down to a potential amendment requiring those financial institutions already required under the BSA to have an AML compliance program to formally include a risk assessment as part of their program – and for the risk assessment to take into account the government’s AML priorities, which the government will announce approximately every two years. On the one hand, this proposal does not add much that is new, because the vast majority of financial institutions required to maintain AML programs already perform risk assessments in order to conduct KYC and file Suspicious Activity Reports (“SARs”). On the other hand, the ANPRM takes a standard industry practice and turns it into a new regulatory requirement, thereby increasing liability risk. The ANPRM also touches on the tension between the government creating objective requirements – which can be helpful because they add clarity – in a compliance and enforcement regime that is supposed to be flexible and “risk based.” Under any scenario, the ANPRM is important and certainly will be the focus of industry attention.

This is the second post in a series of three blogs regarding a recent flurry of regulatory activity by FinCEN. In our first post, we discussed a final rule by FinCEN extending BSA/AML regulatory requirements to banks lacking a Federal functional regulator. In our third and final post, we will discuss the publication by FinCEN of a request for comment on existing regulations regarding enhanced due diligence for correspondent bank accounts.
Continue Reading Regulatory Round Up: FinCEN Issues ANPRM on Modernizing the BSA/AML Regulatory Regime

On Monday, the Financial Crimes Enforcement Network (FinCEN) issued new Frequently Asked Questions (FAQs) regarding customer due diligence (CDD) requirements for covered financial institutions.  The FAQs supplement FinCEN’s previously issued FAQs on the topic from July 2016 and April 2018 and deal with requirements regarding obtaining customer information, establishing a customer risk profile, and performing ongoing monitoring of the customer relationship.

The issuance of these FAQs amidst the current regulatory landscape – that is, in the context of FinCEN’s onslaught of guidance surrounding possible fraudulent schemes arising out the current global pandemic – is not a surprise.  Indeed, this week’s FAQs further clarifies FinCEN’s expectations that financial institutions take seriously not only their initial duties to conduct risk-appropriate levels of due diligence of their customers, but also continue to monitor the relationships on an ongoing basis and at a cadence that matches any assigned risk assessment.
Continue Reading FinCEN Issues New FAQs on CDD Rule

Internal Investigation Report Stresses Lack of Intentional Misconduct – But the Investigation May Broaden

Westpac Banking Corporation (“Westpac”), Australia’s second largest retail bank, has been besieged by serious allegations of violating Australia’s Anti-Money Laundering (“AML”) and Counter-Terrorism Financing (“CTF”) Act. Just as Westpac was attempting to put some of these problems behind it, new potential AML/CTF problems have come to light.

In this post, we discuss what to expect for Westpac going forward, and the potential broadening of Australian regulator’s investigation into Westpac – a recent revelation quickly coming on the heels of Westpac’s public release on June 4 of the findings by the bank’s own internal investigation report into allegations that systemic compliance failures resulted in Westpac committing over 23 million breaches of Australia’s AML/CTF laws, pertaining in part to financial transactions involving alleged child exploitation. We previously have blogged on these alleged breaches (and the Statement of Claim brought by AUSTRAC, Australia’s AML/CTF regulator, stemming from those breaches), as well as on the private securities suits that followed these serious revelations.

The headline finding in the internal investigation report — which has been criticized — was its conclusion that the significant AML/CTF violations and failures it admitted were “due to technology failings and human error,” and that “[t]here was no evidence of intentional wrongdoing.” Consistent with a theme that emerges in many AML scandals, the lack of adequate and sufficiently trained personnel has been a key factor here.  Likewise, the Westpac internal investigation report also underscores the limits of automated AML/CFT systems.  Ultimately, any AML/CFT program is only as good as the people running it.
Continue Reading Westpac’s Alleged AML Failures Back in the News

Second Post in a Two-Post Series

On March 19, 2020, Swedbank received its first sanction at the conclusion of parallel investigations by Swedish and Estonian authorities for its role in the seemingly non-stop Anti-Money Laundering (“AML”) debacle centered around Danske Bank and its now-notorious Estonian Branch. In the first of what will likely be multiple sanctions, Swedbank AB was ordered to pay a record 4 billion Swedish Krona ($38 million) and its subsidiary, Swedbank AS, has been ordered to improve its AML risk control systems to comply with applicable requirements.

In our first post, we discussed the various public AML-related investigations and enforcement actions plaguing Swedbank. In this post, we discuss the details and implication of the report of internal investigation regarding Swedbank’s alleged deficiencies in its AML processes performed by an outside law firm at the request of Swedbank, which has made the report publically available.

The Report is lengthy and detailed.  As we discuss, however, the Report highlights some basic, evergreen issues in AML compliance and enforcement: the need to implement adequate systems to manage high-risk customers; the need to identify beneficial ownership; the need for top management to understand and truly respect AML compliance; the need for transparency with regulators; and the need for transparency by financial institutions with investors and the public.


Continue Reading AML Problems Plague Swedbank: The Internal Investigation Report

Danske Bank: “If we’re going down, you’re coming with us.”

First Post in a Two-Post Series

On March 19, 2020, Swedbank received the first of what will likely be multiple sanctions regarding alleged deficiencies in its Anti-Money Laundering (“AML”) processes and mishandling of information exchanges with public investigations. At the conclusion of parallel investigations by Swedish and Estonian authorities, Swedbank AB must now pay a record 4 billion Swedish Krona ($38 million) and its subsidiary, Swedbank AS, has been ordered to improve its AML risk control systems to comply with the applicable requirements. These penalties are all prelude to the ongoing investigations by the Latvian Police Department, European Central Bank, Swedish Economic Crime Authority, several United States authorities and, presumably, the inevitable private securities litigation to come.

In this post, we will discuss the various public AML-related investigations and enforcement actions plaguing Swedbank.  In our next post, we will discuss the details and implications of the report of internal investigation regarding these problems performed by an outside law firm at the request of Swedbank, which has made the report publicly available.  The bigger picture: the saga of Swedbank is just part of the larger and seemingly non-stop AML debacle centered around Danske Bank and its now-notorious Estonian Branch.
Continue Reading AML Problems Plague Swedbank

AMA Details Components of a Strong AML/BSA Program for the Gaming Industry

Earlier this month, the American Gaming Association (“AGA”) released an updated Best Practices for Anti-Money Laundering (“AML”) Compliance (“Best Practices Guidance”) reflecting a heightened focus on risk assessment as well as Know Your Customer/Customer Due Diligence measures for the gaming industry.  This update amends the industry’s first set of comprehensive best practices for AML compliance, issued in 2014.  At the time, the best practices were well-received by the U.S. Department of Treasury’s Financial Crimes Enforcement Network (“FinCEN”).  These updated Best Practices have drawn from recent FinCEN guidance and enforcement actions, the Treasury Department’s National Money Laundering Risk Assessment, and the Office of Foreign Assets Control’s (“OFAC”) updated compliance guidelines and provide detailed guidance regarding how the industry can continue to be “a leader in compliance.”


Continue Reading AMA Updates AML Best Practices for AML Compliance

Bank Accused of Being Asleep at the AML-CTF Switch

On November 20, 2019, AUSTRAC, Australia’s anti money-laundering (“AML”) and counter-terrorism financing (“CTF”) regulator, initiated an action in the Federal Court of Australia seeking civil penalty orders against Westpac Banking Corporation (“Westpac”), Australia’s second largest retail bank, alleging systemic failures to comply with Australia’s AML-CTF laws.  Specifically, AUSTRAC alleges over 23 million breaches of those laws, including activity involving potential child exploitation. As we will discuss, the bank has taken, and continues to take, several steps to try to mitigate and contain the scandal’s consequences.

The Allegations

AUSTRAC’s Statement of Claim focuses on Westpac’s correspondent banking relationships with financial institutions in other countries. Correspondent banking relationships require increased due diligence efforts because of the inherent money laundering and terrorism financing risks associated with cross border movement of funds; dealing with banks in high risk jurisdictions, doing business with banks who themselves do business in, or with, sanctioned or high risk countries; and the limited information about the identity and source of funds of customers of the correspondent banks.
Continue Reading Westpac Banking Corporation Faces Money Laundering Scandal in the Land Down Under

On July 22, 2019, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency and the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) (collectively the federal banking agencies), issued a joint statement entitled Joint Statement on Risk-Focused Bank Secrecy Act/Anti-Money Laundering Supervision (the “statement”).

The specific emphasis of the statement is to reiterate that the federal agencies will take a risk-focused approach to examinations. The statement itself does not purport to create new requirements but rather is a tool to enhance transparency in the approach used by the federal banking agencies in planning and performing BSA/AML examinations. As the statement notes, it “aligns with the federal banking agencies’ long-standing practices for risk-focused safety and soundness examinations.”

Risk Profiles

At the outset, the federal banking agencies urge banks to conduct a comprehensive risk assessment, which are deemed “a critical part of sound risk management.” Specifically, banks themselves have unique risk profiles given each bank’s focus (i.e., “a bank with a localized community focus likely has a stable, known customer base”) and complexity, which must be assessed at the outset when developing and implementing an adequate BSA/AML program.

Of particular note, the federal banking agencies state that banks that “operate in compliance with applicable law, properly manage customer relationships and effectively mitigate risk by implementing controls commensurate with those risk are neither prohibited nor discouraged from providing banking services.”  The statement goes on to assert that “banks are encouraged to manage customer relationships and mitigate risks based on customer relationships rather than declining to provide banking services to entire categories of customers.”
Continue Reading Joint Statement Issued by Federal Banking Agencies Highlights Importance of Banks’ Risk-Assessments