On September 8, the Office of the Comptroller of the Currency (“OCC”) published an extension of its notice and request for comment (the “Notice”) in the Federal Register regarding changes to the OCC’s Money Laundering Risk System (the “MLR System”)  The Notice indicates that the OCC is inviting greater scrutiny of customers and transactions involving

As we have repeatedly blogged, concerns about perceived anti-money laundering (“AML”) risks in the real estate industry are rising globally.  Consistent with this concern, the Financial Action Task Force (“FATF”) has updated its AML guidance for the real estate sector in a document entitled “Guidance for a Risk-Based Approach: Real Estate Sector,” (“FATF Guidance” or “the Updated Guidance”).  The FATF Guidance urges a variety of players in the real estate industry to adopt a risk-based approach (“RBA”) to mitigate AML risks and sets forth some high-level recommendations.  The Updated Guidance notably coincides with FinCEN’s advanced notice of proposed rulemaking to impose reporting and perhaps other requirements under the Bank Secrecy Act (“BSA”) for persons involved in real estate transactions to collect, report, and retain information, and the  recent extension of Geographic Targeting Orders for U.S. title insurance companies.

The FATF Guidance appears to be driven, at least in part, by FATF assessments showing that the real estate sector has high AML risks, which industry players often fail to appreciate and/or mitigate.  The Updated Guidance explains how various industry players can use an RBA to mitigate those risks.  It identifies sector-specific risks, sets forth strategies for assessing and managing those risks, and describes challenges the industry faces in doing so.  The FATF also offers specific guidance for “private sector players” and “supervisors” (e.g., countries and self-regulatory boards) for going forward.  The Updated Guidance includes tools, case studies, and examples of both private sector and supervisory practices to show real estate supervisors and practitioners how to implement FATF standards in an adequate, risk-based and effective manner.

The FATF is an inter-governmental policymaking body dedicated to creating AML standards and promoting effective measures to combat money laundering (“ML”) and terrorist financing (“TF”).  The FATF issued the Updated Guidance with input from the private sector, including from a public consultation with thirteen private-sector representatives (including from sector specific professional associations, the legal profession, FinTech providers, and non-profit organizations) in March and April 2022.  This consultation urged FinCEN, among other things, to provide greater clarity in the Updated Guidance regarding its applicability to the real estate sector and related professions (such as lawyers, notaries, and financial institutions) and extend FATF recommendations to broader real estate activities (such as property development and leasing).

Continue Reading  FATF Updates Risk-Based Approach Guidance for the Real Estate Sector

On July 6, the Financial Crimes Enforcement Network (“FinCEN”), The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively, “the Agencies”) issued a Joint Statement to “remind” banks that they, of course, should apply a risk-based approach to assessing customer relationships and conducting customer due diligence (“CDD”).

The Joint Statement appears to echo FinCEN’s June 22 Statement on Bank Secrecy Act Due Diligence for Independent ATM Owners or Operators (“ATM Statement”), in which FinCEN also “reminded” banks that “that not all independent ATM owner or operator customers pose the same level of money laundering, terrorist financing (ML/TF), or other illicit financial activity risk, and not all independent ATM owner or operator customers are automatically higher risk.”

Combined – and although generally worded – these publications appear to urge financial institutions (“FIs”) to not pursue broadly-applied “de-risking” strategies.  De-risking is the term for a FI’s decision to terminate a business relationship, or refuse to do business, with a type of customer because that type is associated with a perceived heightened risk of involvement in money laundering or terrorist financing.  Indeed, both new publications caution FIs against turning away potential customers, or closing the accounts of existing customers, on the basis of general customer types.  However, regulators themselves have been criticized for encouraging de-risking by driving highly risk-adverse decisions by FIs, who are unwilling to take the chance and assume the compliance costs of doing business with specific customers who may in fact be “legitimate,” but whose risk profile is deemed to be high due to their group affiliation.  Some front-line regulatory BSA/AML examiners arguably may review a FI’s compliance in a narrow and check-the-box manner versus a more holistic approach, and will not truly value broader societal and equity issues such as the need for equal access to the global financial system, particularly by certain industries and persons living in less-developed countries.  Accordingly, although these new publications are welcome, it might have been better if they had been more explicit – particularly because it is arguably ironic for regulators to be chiding FIs for conforming to de-risking behavior that regulators themselves have encouraged.

Continue Reading  FinCEN and Federal Functional Regulators Issue Coded Warnings Against De-Risking

Meaningful Overlap or Superficial Similarities?

On October 3, the release of the Pandora Papers flooded the global media, as millions of documents detailed incidents of wealthy and powerful people allegedly using so-called offshore accounts and other structures to shield wealth from taxation and other asset reporting. Data gathered by the International Consortium of Investigative Journalists, the architect of the Pandora Papers release, suggests that governments collectively lose $427 billion each year to tax evasion and tax avoidance. These figures and the identification of high-profile politicians and oligarchs involved in the scandal (Tony Blair, Vladimir Putin, and King Abdullah II of Jordan, to name a few) have grabbed headlines and spurred conversations about fairness in the international financial system – particularly as COVID-19 has highlighted and exacerbated economic disparities.

Much of the conduct revealed by the Pandora Papers appears to involve entirely legal structures used by the wealthy to – not surprisingly – maintain or enhance wealth.  Thus, the core debate implicated by the Pandora Papers is arguably one of social equity and related reputational risk for financial institutions (“FIs”), rather than “just” crime and anti-money laundering (“AML”). Media treatment of the Pandora Papers often blurs the distinction between AML and social concerns – and traditionally, there has been a distinction.

This focus on social concerns made us consider the current interest by the U.S. government, corporations and investors in ESG, and how ESG might begin to inform – perhaps only implicitly – aspects of AML compliance and examination.  ESG, which stands for Environmental, Social, and Governance, are criteria that set the foundation for socially-conscious investing that attempts to identify related business risks.  At first blush, the two are separate fields.  But as we discuss, there are ESG-related issues that link concretely to discrete AML issues: for example, transaction monitoring by FIs of potential environmental crime by customers for the purposes of filing a Suspicious Activity Report, or SAR, under the Bank Secrecy Act (“BSA”).  Moreover, there is a bigger picture consideration regarding BSA/AML relating to ESG:  will regulators and examiners of FIs covered by the BSA now consider – consciously or unconsciously – whether FIs are providing financial services to customers that are not necessarily breaking the law or engaging in suspicious activity, but whose conduct is inconsistent with ESG principles?

If so, then ESG concerns may fuel the phenomenon of de-risking, which is when FIs limit, restrict or close the accounts of clients perceived as being a high risk for money laundering or terrorist financing.  Arguably, and as we discuss, there also would be a historical and controversial analog – Operation Chokepoint, which involved a push by the government (not investors) for FIs to de-risk certain types of customers.  Regardless, interest in ESG means that FIs have to be even more aware of potential reputational risk with certain clients.  Even if the money in the accounts is perfectly legal, the next data breach can mean unwanted publicity for servicing certain clients.

These concepts are slippery, involve emerging trends that have yet to play out fully, and the similarities between AML and ESG can be overstated.  Nonetheless, it is possible that these two fields, both of which are subject to increasing global interest, may converge in important respects.  A preliminary discussion seems merited, however caveated or subject to debate.
Continue Reading  ESG, AML Compliance and the Convergence of Social Concerns

Breadth of List Undermines Usefulness to Industry

As required by the Anti-Money Laundering Act (“AML Act”), the Financial Crimes Enforcement Network (“FinCEN”) issued on June 30, 2021 the first government-wide list of priorities for anti-money laundering and countering the financing of terrorism (“AML/CFT”) (the “Priorities”).  The Priorities purport to identify and describe the most significant AML/CFT threats facing the United States.  The Priorities have been much-anticipated because, under the AML Act, regulators will review and examine financial institutions in part according to how their AML/CFT compliance programs incorporate and further the Priorities, “as appropriate.”

Unfortunately, and as we will discuss, there is a strong argument that FinCEN has prioritized almost everything, and therefore nothing.
Continue Reading  FinCEN Identifies AML/CFT “Priorities” For Financial Institutions

In the wake of the ongoing pandemic, various charities have been created with mission statements specific to COVID-19. What seems like an opportunity for giving back may present yet another vehicle for fraud to money launderers and other fraudsters.

To try to help weed out the legitimate from the not so innocent, on November 19, 2020, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a press release announcing a joint fact sheet (Fact Sheet), prepared in coordination with Federal Banking Agencies (defined below), “to provide clarity to banks on how to apply a risk-based approach to charities and other non-profit organizations (NPOs).” The press release and Fact Sheet seek to strike a balance between recognizing “the important role played by the charitable sector, especially during the COVID-19 pandemic” while reminding financial institutions to utilize the risk-based approach when conducting due diligence and developing risk profiles for charities and other NPOs.

This not the first time that the Treasury Department has raised concerns about charities, albeit in a different context: according to the Treasury Department’s reports on the 2020 National Strategy for Combatting Terrorist and other Illicit Financing and the 2018 National Terrorist Financing Risk Assessment, some charities and non-profit organizations (NPOs) “have been misused to facilitate terrorist financing.” And it is certainly not the first time that FinCEN has raised concerns about specific types of fraud fueled by the global pandemic (see here, here and here).
Continue Reading  COVID-19 & Philanthropic Fraud

Second Post in a Three-Post Series Regarding Recent Regulatory Action by FinCEN

On September 16, 2020, the Financial Crimes Enforcement Network (“FinCEN”) issued an Advance Notice of Proposed Rulemaking (“ANPRM”) soliciting public comment on what it describes as “a wide range of questions pertaining to potential regulatory amendments under the Bank Secrecy Act (“BSA”).” As stated, the job which FinCEN created for itself that resulted in the ANPRM was not a small one: “to re-examine the BSA regulatory framework and the broader AML regime.”

The ANPRM seeks to help modernize the current BSA/AML regime – modernization being a frequent theme of public comments by FinCEN Director Ken Blanco, as we have blogged. Indeed, the U.S. Department of Treasury’s 2020 National Strategy for Combating Terrorist and Other Illicit Financing calls for AML modernization, in order to “[l]everag[e] new technologies and other responsible innovative compliance approaches to more effectively and efficiently detect illicit activity.” Meanwhile, and as we have blogged, Congress has been contemplating various proposals for BSA/AML reform for some time (see here, here, here, here and here).

Despite its broad language, however, the ANPRM essentially boils down to a potential amendment requiring those financial institutions already required under the BSA to have an AML compliance program to formally include a risk assessment as part of their program – and for the risk assessment to take into account the government’s AML priorities, which the government will announce approximately every two years. On the one hand, this proposal does not add much that is new, because the vast majority of financial institutions required to maintain AML programs already perform risk assessments in order to conduct KYC and file Suspicious Activity Reports (“SARs”). On the other hand, the ANPRM takes a standard industry practice and turns it into a new regulatory requirement, thereby increasing liability risk. The ANPRM also touches on the tension between the government creating objective requirements – which can be helpful because they add clarity – in a compliance and enforcement regime that is supposed to be flexible and “risk based.” Under any scenario, the ANPRM is important and certainly will be the focus of industry attention.

This is the second post in a series of three blogs regarding a recent flurry of regulatory activity by FinCEN. In our first post, we discussed a final rule by FinCEN extending BSA/AML regulatory requirements to banks lacking a Federal functional regulator. In our third and final post, we will discuss the publication by FinCEN of a request for comment on existing regulations regarding enhanced due diligence for correspondent bank accounts.
Continue Reading  Regulatory Round Up: FinCEN Issues ANPRM on Modernizing the BSA/AML Regulatory Regime

On Monday, the Financial Crimes Enforcement Network (FinCEN) issued new Frequently Asked Questions (FAQs) regarding customer due diligence (CDD) requirements for covered financial institutions.  The FAQs supplement FinCEN’s previously issued FAQs on the topic from July 2016 and April 2018 and deal with requirements regarding obtaining customer information, establishing a customer risk profile, and performing ongoing monitoring of the customer relationship.

The issuance of these FAQs amidst the current regulatory landscape – that is, in the context of FinCEN’s onslaught of guidance surrounding possible fraudulent schemes arising out the current global pandemic – is not a surprise.  Indeed, this week’s FAQs further clarifies FinCEN’s expectations that financial institutions take seriously not only their initial duties to conduct risk-appropriate levels of due diligence of their customers, but also continue to monitor the relationships on an ongoing basis and at a cadence that matches any assigned risk assessment.
Continue Reading  FinCEN Issues New FAQs on CDD Rule

Internal Investigation Report Stresses Lack of Intentional Misconduct – But the Investigation May Broaden

Westpac Banking Corporation (“Westpac”), Australia’s second largest retail bank, has been besieged by serious allegations of violating Australia’s Anti-Money Laundering (“AML”) and Counter-Terrorism Financing (“CTF”) Act. Just as Westpac was attempting to put some of these problems behind it, new potential AML/CTF problems have come to light.

In this post, we discuss what to expect for Westpac going forward, and the potential broadening of Australian regulator’s investigation into Westpac – a recent revelation quickly coming on the heels of Westpac’s public release on June 4 of the findings by the bank’s own internal investigation report into allegations that systemic compliance failures resulted in Westpac committing over 23 million breaches of Australia’s AML/CTF laws, pertaining in part to financial transactions involving alleged child exploitation. We previously have blogged on these alleged breaches (and the Statement of Claim brought by AUSTRAC, Australia’s AML/CTF regulator, stemming from those breaches), as well as on the private securities suits that followed these serious revelations.

The headline finding in the internal investigation report — which has been criticized — was its conclusion that the significant AML/CTF violations and failures it admitted were “due to technology failings and human error,” and that “[t]here was no evidence of intentional wrongdoing.” Consistent with a theme that emerges in many AML scandals, the lack of adequate and sufficiently trained personnel has been a key factor here.  Likewise, the Westpac internal investigation report also underscores the limits of automated AML/CFT systems.  Ultimately, any AML/CFT program is only as good as the people running it.
Continue Reading  Westpac’s Alleged AML Failures Back in the News

Second Post in a Two-Post Series

On March 19, 2020, Swedbank received its first sanction at the conclusion of parallel investigations by Swedish and Estonian authorities for its role in the seemingly non-stop Anti-Money Laundering (“AML”) debacle centered around Danske Bank and its now-notorious Estonian Branch. In the first of what will likely be multiple sanctions, Swedbank AB was ordered to pay a record 4 billion Swedish Krona ($38 million) and its subsidiary, Swedbank AS, has been ordered to improve its AML risk control systems to comply with applicable requirements.

In our first post, we discussed the various public AML-related investigations and enforcement actions plaguing Swedbank. In this post, we discuss the details and implication of the report of internal investigation regarding Swedbank’s alleged deficiencies in its AML processes performed by an outside law firm at the request of Swedbank, which has made the report publically available.

The Report is lengthy and detailed.  As we discuss, however, the Report highlights some basic, evergreen issues in AML compliance and enforcement: the need to implement adequate systems to manage high-risk customers; the need to identify beneficial ownership; the need for top management to understand and truly respect AML compliance; the need for transparency with regulators; and the need for transparency by financial institutions with investors and the public.

Continue Reading  AML Problems Plague Swedbank: The Internal Investigation Report