Suspicious Activity Report (SAR)

Case Involves Familiar But Instructive Regulatory Findings

The New York Department of Financial Services (“NYDFS”) made clear last week that crypto companies can be held accountable for allegedly failing to comply with anti-money laundering (“AML”) / Bank Secrecy Act (“BSA”) regulations.  Federal and certain State laws require crypto companies like Robinhood Crypto, LLC (“RHC”) to maintain effective AML programs, and to implement systems to identify suspicious activity and block illegal transactions on their platforms (which we have previously discussed, including here and here).  On August 2, 2022, NYDFS announced that it entered a Consent Order penalizing RHC $30 million for alleged AML, cybersecurity and consumer protection violations.  RHC also is required to retain an independent consultant to perform compliance assessments evaluating the Company’s remediation efforts. 

This enforcement action is entirely consistent with the recent Guidance on Use of Blockchain Analytics issued by the NYDFS, directed to all virtual currency business entities that either have a NYDFS Bitlicense or are chartered as a limited purpose trust company under the New York Banking Law.  As we have blogged, the Guidance emphasizes “the importance of blockchain analytics to effective [AML] policies, processes, and procedures, including, for example, those relating to customer due diligence, transaction monitoring, and sanctions screening.”

The Consent Order contains a litany of alleged AML deficiencies, many of which have figured prominently in other enforcement actions.  We detail them below.  From a BSA/AML perspective, the key focus – not surprisingly – was on the adequacy of RHC’s transaction monitoring systems.  Again, the message is:  written policies and programs may look great on their face, but actual execution is key.  The adequate funding and staffing of compliance functions is also critical.

Continue Reading  Crypto Compliance Matters: NYDFS Fines Robinhood $30M for Alleged AML, Cybersecurity, and Consumer Protection Violations

The Financial Crimes Enforcement Network (FinCEN) and the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) issued a joint alert on June 28, 2022, warning of evasion attempts by individuals or entities to circumvent BIS export controls implemented in response to the Russian Federation’s renewed invasion of Ukraine. Both agencies urged financial institutions to remain vigilant against bad actors’ attempts to evade BIS export controls. The alert provided an overview of current BIS export restrictions, listed particular commodities of concern for export control evasion, and outlined transactional and behavioral red flags that could indicate attempts to avoid sanctions.

This is FinCEN’s third alert in relation to sanctions imposed on Russian in response to the war in Ukraine.  As we previously blogged, on March 7, 2022, FinCEN urged vigilance by financial institutions against potential Russian Federation attempts to evade sanctions. On March 16, 2022, FinCEN reiterated the need for increased vigilance by financial institutions in detecting suspicious transactions involving real estate, luxury goods, and other high-value assets.

The joint alert comes on the heels of the June 27, 2022 announcement by the United States and the other G7 nations to intensify their coordinated sanction measures in response to Russia’s war of aggression.  A day later, on June 28, 2022, the Treasury Department’s Office of Foreign Assets Control (OFAC) issued determinations pursuant to prior Executive Orders implementing the new measures.  These include prohibiting the importation of Russian gold (EO 14068), as well as new sanctions and export restrictions on entities like Rostec, a key Russian state owned conglomerate, which forms the foundation of Russia’s defense industry (EO 14024).

Continue Reading  FinCEN and BIS Issue Joint Alert on Potential Russian and Belarusian Export Control Evasion

On June 15, FinCEN issued an Advisory on Elder Financial Exploitation (“Advisory”) to warn financial institutions about the rising trend of elder financial exploitation (“EFE”), which FinCEN defines as “the illegal or improper use of an older adult’s funds, property, or assets, and is often perpetrated either through theft or scams.”  The Advisory is detailed.  It highlights new EFE typologies and potential red flags and builds upon a related advisory issued in 2011.  It also offers tips on Suspicious Activity Report (“SAR”) filings and describes other resources available to fight EFE.

Continue Reading  FinCEN Warns Against Elder Financial Exploitation

Enforcement Trends, Crypto, the AML Act — and More

We are very pleased to be moderating, once again, the Practising Law Institute’s 2022 Anti-Money Laundering Conference on May 17, 2022, starting at 9 a.m. This year’s conference will be both live and virtual — and it will be as informative, interesting and timely as always. 

On April 28, 2022 the New York Department of Financial Services (“NYDFS”) issued its Guidance on Use of Blockchain Analytics, a document directed to all virtual currency business entities that either have a NYDFS Bitlicense or are chartered as a limited purpose trust company under the New York Banking Law.  The Guidance emphasizes “the importance of blockchain analytics to effective policies, processes, and procedures, including, for example, those relating to customer due diligence, transaction monitoring, and sanctions screening.”

The NYDFS is stressing the role of blockchain analytics in anti-money laundering (“AML”) compliance because “virtual currencies such as Bitcoin and Ether can be transferred peer-to-peer directly from one individual or entity to another pseudonymously, absent the use of a regulated third party (e.g., between non-custodial wallets, or self-hosted wallets that allow users to maintain control of their private keys). . . . [T]hese wallet addresses are typically pseudonymous, with nothing on the face of the transfer tying back to the originator, beneficiary, or underlying beneficial owners.”

Given the potential compliance challenges presented by such characteristics, the NYDFS wants virtual currency entities to leverage the fact that virtual currencies also enable provenance tracing because “the blockchain ledger’s immutability typically allows a historical view of a virtual currency transmission between wallet addresses, providing the opportunity for greater visibility into transaction lineage than is typically found with traditional, fiat funds transfers.”

The Guidance provides that, ultimately, all risk mitigation strategies must account for an entity’s business profile to assess risk across types of virtual currencies and effectively address the specific characteristics of any particular virtual currency involved.  If a virtual currency entity chooses to outsource its control functions to third-party service providers rather than use only internally developed blockchain analytics, it must have “clearly documented policies, processes, and procedures with regard to how the [third-party] blockchain analytics activity integrates into the [entity’s] overall control framework consistent with the [entity’s] risk profile.”
Continue Reading  NYDFS Stresses Use of Blockchain Analytics for AML Compliance by Virtual Currency Businesses

The Office of the Comptroller of the Currency (“OCC”) entered into a Consent Order (available here) with Anchorage Digital Bank (“Anchorage”), which requires Anchorage to create a compliance committee and take steps to remediate alleged shortcomings with respect to the implementation and effectiveness of Anchorage’s Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) program.  Notably, Anchorage will pay no civil penalty.

Anchorage is not any regular entity overseen by the OCC:  it is a cryptocurrency custodian.  As we will discuss, the timing of the Consent Order indicates that even when regulators permit crypto activities by financial institutions, they remain cautious, particularly as to BSA/AML compliance.  The OCC’s actions send a clear message that regulated entities offering emerging technology financial services must adhere to the same BSA/AML monitoring and reporting requirements as more traditionally regulated entities.
Continue Reading  OCC Targets BSA/AML Compliance by Anchorage Digital Bank – Only 15 Months After Granting National Trust Bank Charter to the Crypto Custodian

Sanctions involving Russia is a front-burner issue for all businesses, but particularly for financial institutions. As we previously blogged, the Financial Crimes Enforcement Network (“FinCEN”) issued on March 7 an alert calling for increased vigilance in the face of potential evasion of Russian sanctions. On March 16, FinCEN issued its second alert on the topic (the “Alert”), reiterating the need for increased vigilance and assisting financial institutions in detecting suspicious transactions involving high-value assets to evade sanctions.

We discuss here the Alert, which provides guidance to financial institutions on how to identify suspicious transactions relating to the use of certain high-value assets by Russian elites, their family members and their “proxies.” The Alert reminds financial institutions of the importance of quickly identifying suspicious activity related to the disposition of sanctioned Russian assets. The Alert also highlights the international and domestic task forces that were formed to effectuate the sanctions laws we describe below, emphasizing the need for cross-agency collaboration and information sharing to achieve the common goal of sanctioning Russia’s power players.  However, and as we discuss, the Alert unfortunately offers no guidance on how “proxies” should be identified or defined.
Continue Reading  Russian Sanctions Redux: FinCEN Issues Guidance on Suspicious Transactions and Evasion Using High-Value Assets

On March 7, the Financial Crimes Enforcement Network (“FinCEN”) issued an alert “advising all financial institutions to be vigilant against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions implemented in connection with the Russian Federation’s further invasion of Ukraine.”  The press release is here.  The alert itself is here.
Continue Reading  Russian Sanctions:  FinCEN Provides Red Flags for Potential Evasion Attempts

On January 24, 2022, the Financial Crimes Enforcement Network (“FinCEN”) published a Notice of Proposed Rulemaking (“NPRM”).  FinCEN is proposing a rule to establish a pilot program that permits certain financial institutions to share Suspicious Activity Reports (“SARs”) in alignment with Section 6212(a) of the Anti-Money Laundering Act of 2020 (“AML Act”).

The Proposed Rule

This proposed rule would add a new section at 31 C.F.R. section 1010.240, which would enact a pilot program permitting financial institutions with SARs reporting obligations to share SARs and SARs information with its foreign branches, subsidiaries, and affiliates for the purpose of combating illicit finance risks.  According to FinCEN, this proposed rule ensures that federal and state law enforcement mechanisms would limit the sharing of SARs and information related to SARs.  Moreover, the proposed role considers the intelligence community’s potential concerns and would be governed by requirements and standards surrounding the confidentiality of personally identifying information and data security.

The pilot program does not apply to all foreign branches of a financial institution.  Rather, the proposed rule would largely exclude the sharing of SARs and SARs information with foreign affiliates in The People’s Republic of China, the Russian Federation, and any jurisdiction that is a state sponsor of terrorism, that is subject to United States sanctions, or that the Secretary of the Treasury (the “Secretary”) has determined cannot reasonably protect the security of SARs and SARs information.  A “state sponsor of terrorism” is a jurisdiction so determined by the United States Department of Justice.  The Secretary may, however, make exceptions to this prohibition on a case-by-case basis by notifying the Senate Committee on Banking, Housing, and Urban Affairs and the House Committee on Financial Services that such an exception is in the United States’ national security interests.
Continue Reading  Sharing is Caring: FinCEN Proposes Extending Sharing Suspicious Activity Reports to Foreign Affiliates

On January 13, 2022, Himamauli “Him” Das, the Acting Director of FinCEN, virtually addressed the Financial Crimes Enforcement Conference hosted by the American Bankers Association and the American Bar Association.  In his speech, Mr. Das highlighted the transformation and modernization of the anti-money laundering/counter-terrorist financing (“AML/CFT”) regulatory framework from a tool updated in the wake of September 11, 2001 to combat money flows to terrorist organizations, to an instrument designed to address the more complex current and future challenges presented by digital assets and strategic corruption.

Acting on the authority accorded FinCEN by the Anti-Money Laundering Act of 2020 (the “AML Act”), FinCEN has been in the process of reorganizing and upscaling several of its divisions in order to meet increased obligations. New divisions include the Global Investigations Division, the Strategic Operations Division and the Enforcement and Compliance Division, which together work to combine resources against bad actors, share information, and act to resolve investigations across the financial sector. Mr. Das focused on three additional areas that FinCEN would concentrate on moving forward: new threats, new innovations and new partnerships.
Continue Reading  Transformation of the AML/CFT Regulatory Regime Requires Innovation and Collaboration, According to FinCEN Acting Director