The OCC, FDIC, and Federal Reserve Board have issued a guide that is intended to assist community banks in conducting due diligence when considering relationships with financial technology (fintech) companies (Guide).

The issuance of the Guide follows the agencies’ July 2021 release of proposed interagency guidance for banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.  The proposal sets forth principles for managing risk in each stage of a third-party relationship life cycle, including conducting due diligence.  In the introduction to the Guide, the agencies indicate that the Guide draws from their existing guidance and is consistent with the proposed interagency guidance.

The agencies also note in the Guide’s introduction that while the Guide is written from a community bank perspective, the fundamental concepts discussed may be useful for banks of varying sizes and for other types of third-party relationships.  Banks are instructed to reference relevant guidance from the agencies that is listed in a footnote.

In the Guide’s introduction, the agencies indicate that because the Guide does not anticipate all types of third-party relationships and risk, a community bank can tailor how it uses information in the Guide based on its specific circumstances, the risks posed by each third-party relationship, and the related product, service or activity offered by the fintech company.  They also advise community banks that the scope and depth of due diligence will depend on the risk to the bank from the nature and criticality of the prospective activity to be performed by the fintech company.

The Guide discusses a series of topics to be considered by a community bank when conducting due diligence on a fintech company and provides potential sources of information and illustrative examples for each topic.  These topics consist of a fintech’s:

  • Business experience, business strategies and plans, and the qualifications and backgrounds of directors and principals;
  • Financial condition and competitive market environment and client base;
  • Legal and regulatory compliance;
  • Risk management policies, processes, and controls;
  • Information security program and information systems; and
  • Business continuity planning, incident response plan, and reliance on subcontractors.

The publication of the Guide is another indication of the increased attention that regulators seem to be paying of late to the area of third-party relationship risk management.  Whether this increased attention and guidance will translate to a heavier emphasis on such topics in the course of regulatory examinations remains to be seen.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

Government Alleges Systemic and Deliberate AML Failures

Filings Describe Tools for CVC Exchanges to Use for Customer Due Diligence and Transaction Monitoring

The Financial Crimes Enforcement Network (“FinCEN”) and the Commodity Futures Trading Commission (“CFTC”) announced on August 10 (here and here) settlements with the operators of the BitMEX cryptocurrency trading platform for alleged anti-money laundering (“AML”) violations under the Bank Secrecy Act (“BSA”), and for allegedly failing to register with the CFTC.  More specifically, FinCEN’s assessment of a civil monetary penalty and the CFTC’s consent order both involved the five companies operating the BitMEX platform: HDR Global Trading Limited, 100x Holding Limited, ABS Global Trading Limited, Shine Effort Inc Limited, and HDR Global Services (Bermuda) Limited (collectively, “BitMEX”).

BitMEX will pay regulators up to a combined $100 million civil monetary penalty; perform a “lookback” regarding the potential need to file additional Suspicious Activity Reports (“SARs”); and hire an independent consultant to conduct two reviews of BitMEX’s operations, policies, procedures, and controls, in order to confirm that BitMEX is not operating in the U.S., and that no U.S. customers are able to trade with the BitMEX platform.

According to the government filings, BitMEX is one of the oldest cryptocurrency derivative exchanges, with 1.3 million user accounts and a collection of annual fees in excess of $1 billion.  Combined, the government filings allege that for a period of six years between November 2014 and October 1, 2020, BitMEX offered trading of cryptocurrency derivatives to retail and institutional customers in the U.S. and worldwide through BitMEX’s website. Customers in the U.S. placed orders to buy or sell contracts directly through the website and BitMEX was aware that U.S. customers could access the BitMEX platform via virtual private network (“VPN”).

The civil penalty will be split between FinCEN and the CFTC.  However, the settlement involves an interesting “carrot” offered by the regulators:  $20 million of the penalty is suspended pending the successful completion of the SAR lookback and the two independent consultant reviews.

According to the government’s allegations, BitMEX deliberately ignored for years the most basic AML requirements, resulting in multitudinous violations and inviting – and even encouraging – its customers to launder illicit funds.  As we will describe, the government has alleged that BitMEX operated on the announced pretext that it was not subject to the BSA or U.S. commodities laws because it had no U.S. customers or operations, when senior management knew otherwise. Continue Reading FinCEN and CFTC Reach Groundbreaking $100 Million AML Settlement with BitMEX

European Commission Proposes EU-Level Supervisory Authority and Cryptocurrency Travel Rule

European Banking Authority Offers New Guidelines on AML Compliance Officers

Just as the United States has expanded significantly its anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) regulatory and enforcement regime through recent passage of the AML Act of 2020, the European Union (“EU”) has taken significant steps this summer towards implementing a rigorous new transnational AML enforcement framework.  Recent legislative proposals by the European Commission (the EU’s executive branch) aim to combat cross-border crime by ensuring uniform implementation and enforcement of AML/CFT principles, rules, and regulations, and by creating new recordkeeping requirement for certain cryptocurrency transactions.  Following the announcement of these legislative proposals, the European Banking Authority proposed in late July new EU-wide guidelines for AML/CFT compliance officers.  We examine each of these in turn. Continue Reading European Union Round-Up:  A Summer of AML Enforcement and Compliance Proposals

Case Presages Mandatory BSA Obligations for Antiquities Dealers under the AML Act

Exhibit A to the Amended Forfeiture Complaint: The Dream Tablet

In the midst of the invasion of Iraq and the subsequent civil instability, thousands of cultural artifacts were stolen from the National Museum of Iraq.  Among them: the Dream Tablet of Gilgamesh (the “Dream Tablet”), a clay tablet at least 3,000 years old, inscribed with part of the oldest works of narrative poetry in the world, the Epic of Gilgamesh.

The Dream Tablet illegally wound its way to the United States in 2003, and Hobby Lobby purchased it in 2014 for $1.67 million.  Now, it is returning to Iraq.  Per a July 27, 2021 Department of Justice (“DOJ”) press release, the Eastern District of New York ordered Hobby Lobby to forfeit the Dream Tablet because its importation violated the United States’ ban on the importation of Iraqi archaeological and ethnological materials.

Although this is not a pure money laundering case, this forfeiture action implicates the intersection of the antiquities and art trades and anti-money laundering (“AML”) concerns, a subject we cover frequently, including in a recent guest post by on potential AML regulations for the antiquities and art market.  Of course, the Anti-Money Laundering Act of 2020 (“AML Act”) in part imposes Bank Secrecy Act (“BSA”) obligations on antiquities dealers by defining a “person engaged in the trade of antiquities, including an advisor, consultant, or any other person who engages as a business in the solicitation or the sale of antiquities” as a “financial institution” covered by the BSA.  The Dream Tablet case illustrates the issues that antiquities dealers will have to face under a mandatory BSA/AML regime, including the filing of Suspicious Activity Reports (“SARs”). Continue Reading DOJ Obtains Forfeiture of the Dream Tablet of Gilgamesh

Fourth and Final Post in a Series on the FATF Plenary Outcomes

As we have previously blogged (here, here and here), the Financial Action Task Force (“FATF”) held its fourth Plenary on June 21-25, inviting delegates from around the world to meet (virtually) and discuss a wide range of global financial crimes and ongoing risk areas. Following the Plenary, FATF issued reports to detail their findings on specific topics. This post highlights three takeaways from the report entitled Second 12-Month Review of the Revised FATF Standards on Virtual Assets (“Report”).


In June 2019, the FATF issued guidance instructing its 180 international member governments to demand that virtual asset service providers (“VASPs), such as cryptocurrency exchanges and digital wallet providers, collect “accurate originator information and required beneficiary information” on transactions totaling $1,000 or more (see here for our detailed blog post on this subject).

The FATF also agreed to undertake a yearlong review documenting the progress that its member countries have made towards implementing its guidance on regulation of VASPs. It released the findings of that review in July 2020 and committed to a second 12-month review by June 2021. The Report, based on the findings of a self-assessment questionnaire provided to 128 jurisdictions, sets out the findings of the second 12-month review. Continue Reading FATF Continues to Stress AML Risks From Virtual Asset Service Providers

A Guest Blog by Angelena Bradfield

Today we are very pleased to welcome guest blogger Angelena Bradfield, who is the Senior Vice President of AML/BSA, Sanctions & Privacy for the Bank Policy Institute. BPI is a nonpartisan public policy, research and advocacy group, representing the nation’s leading banks. Its members include universal banks, regional banks and the major foreign banks doing business in the United States.  BPI has been engaged in efforts to modernize the U.S. anti-money laundering/ countering the financing of terrorism (AML/CFT) regime for almost half a decade and worked closely with Senate and House leadership throughout the introduction and final passage of the Anti-Money Laundering Act of 2020 (AML Act). Angelena previously was a Vice President at The Clearing House Association, where she supported its regulatory affairs department in similar policy areas. Before that, she supported comprehensive immigration reform efforts at ImmigrationWorks USA and worked on various domestic policy issues at the White House where she served as a staff assistant in both the Domestic Policy Council and Presidential Correspondence offices.

We reached out to Angelena regarding BPI’s recent letter to the Financial Crimes Enforcement Network (FinCEN) commenting on its implementation of the Corporate Transparency Act (CTA).  Congress passed the CTA on January 1, 2021, as part of the AML Act.  The CTA requires certain legal entities to report their beneficial owners to a directory accessible by U.S. and foreign law enforcement and regulators.  This directory also will be accessible to U.S. financial institutions seeking to comply with their own AML obligations, particularly the beneficial ownership regulation, otherwise known as the Customer Due Diligence Rule (CDD Rule), already applicable to banks and other financial institutions. The CTA’s beneficial ownership directory is one of the most important and long-awaited changes to the BSA/AML regulatory regime, but it presents many challenges, both legal and logistical.  On April 5, 2021, FinCEN issued an advance notice of proposed rulemaking to solicit public comment on the CTA’s implementation.  In response, FinCEN received over 200 letters from industry stakeholders – including the letter from BPI.

This blog post again takes the form of a Q&A session, in which Angelena responds to questions posed by Money Laundering Watch about the CTA and how it should be implemented.  We hope you enjoy this discussion on this important topic. – Peter Hardy and Shauna Pierson Continue Reading Implementing the Corporate Transparency Act:  A Guest Blog

U.S. Federal Reserve Building

The Federal Reserve, FDIC, and OCC released on July 13, 2021 proposed guidance for banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.  The proposal is the first time that the three agencies have proposed third-party risk management guidance on an interagency basis.  Comments on the proposal will be due no later than 60 days after the date it is published in the Federal Register.  The proposed guidance covers all types of third-party relationships, including those involving regulatory compliance under the Bank Secrecy Act.

The proposed guidance is based on the OCC’s existing 2013 third-party risk management guidance and includes changes to reflect that the guidance’s applicability would be extended to banking organizations supervised by all three federal banking agencies.  In March 2020, the OCC issued a revised set of FAQs to supplement its 2013 guidance that was intended to clarify the existing guidance and reflect evolving industry trends.  The proposed guidance includes the revised FAQs as an exhibit and the agencies seek comment on the extent to which the concepts discussed in the FAQs should be incorporated into the final guidance and whether there are additional concepts that would be helpful to include.

The proposed guidance states:

A third-party relationship is any business arrangement between a banking organization and another entity, by contract or otherwise.  A third-party relationship may exist despite a lack of contract or remuneration.  Third-party relationships can include relationships with entities such as vendors, financial technology (fintech) companies, affiliates, and the banking organization’s holding company.  While a determination of whether a banking organization’s relationship constitutes a business arrangement may vary depending on the facts and circumstances, third-party business arrangements generally exclude a bank’s customer relationships.

The proposed guidance sets forth principles for managing risk in each stage of a third-party relationship life cycle consisting of:

  • Planning for a relationship
  • Due diligence and third-party selection
  • Contract negotiation
  • Oversight and accountability
  • Ongoing monitoring
  • Termination

The proposed guidance also discusses the process that examiners will typically follow when reviewing a banking organization’s third-party risk management.

The principles provided by the proposed guidance are generalized in nature and there is no discussion in the guidance of how such principles should be applied to specific types of third-party relationships.  The OCC’s 2020 revised FAQs did address specific types of third-party relationships, such as relationships with data aggregators that collect customer-permissioned data from banks (including where aggregators engage in screen scraping activities), cloud computing providers, and relationships involving the use of alternative data.  As noted above, the agencies ask for comment on the extent to which the concepts discussed in the FAQs should be incorporated into the final guidance and whether there are additional concepts that would be helpful to include.  In addition, the series of questions on which the agencies request comment include:

  • Whether there is a need for greater detail in any areas
  • How the proposed description of third-party relationships could be clearer
  • The extent to which the discussion of “business arrangement” in the proposed guidance provides sufficient clarity to permit banking organizations to identify those arrangements for which the guidance is appropriate
  • What additional information the guidance could provide on managing the risks associated with third-party platforms that directly engage with end customers
  • How the guidance could further assist banking organizations in appropriately managing the compliance risks of business arrangements in which a third party engages in activities for which there are regulatory compliance requirements
  • What additional information the proposed guidance could provide for banking organizations to consider when managing risks related to different types of relationships with third parties (e.g. partnerships, joint ventures), including technology companies
  • What revisions would better assist banking organizations in assessing’s third-party risk as technologies evolve

CFPB-supervised banks and CFPB supervised non-banks to which the banking agencies’ guidance would not apply should take note that in 2016, the CFPB began to examine service providers to institutions it supervises on a regular, systematic basis, particularly those supporting the mortgage industry.  In 2016, the CFPB issued a revised bulletin titled “Compliance Bulletin and Policy Guidance 2016-02, Service Providers” setting forth its expectations for managing the risks of service provider relationships.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spar’s Anti-Money Laundering Team, please click here.

Third Post in a Series on the FATF Plenary Outcomes

This blog is the third post on the Financial Action Task Force (“FATF”) fourth Plenary, an event where delegates were invited from around the world to (virtually) meet and discuss a wide range of global financial crimes and ongoing risk areas.  Among the several strategic initiatives identified by FATF was Ethnic or Race Motivated Terrorist Financing (“EoRMTF”), on which FATF issued a report detailing its implications for anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) (the “Report”).

Similar to FATF’s first-time report regarding environmental crime and money laundering, the Report marks the first time FATF has looked at the financing of ethnically or racially motivated terrorism. The Report highlights how very difficult it can be to identify and trace EoRMTF, including because of the following factors: the major role of so-called “lone wolf” actors; competing legal regimes in different countries; growing transnational links between extreme right wing (“ERW”) groups; limited information on ERW groups; and the fact that some ERW groups are not considered illegal or have not been listed as groups to monitor.  The Report also notes the irony that ERW groups often use legal – not illicit – funds to promote their efforts, and that “ERW groups appear to be less concerned with concealing their transactions than in other forms of [terrorist financing]” – but that “many jurisdictions also reported that ERW actors are becoming increasing operationally sophisticated in how they move [and conceal] their funds.” Continue Reading FATF Report Stresses Challenges in Combatting Ethnically- and Racially-Motivated Terrorism

The Financial Crimes Enforcement Network (“FinCEN”) recently complied with two important deadlines under the Anti-Money Laundering Act (“AML Act”) —  issuing national priorities for AML and countering the financing of terrorism (“CFT”), and issuing an assessment on potential “no-action” letters.  Both of these publications were due on June 30, 2021.  This development prompted us to consider everything else that FinCEN and other agencies have to do under the AML Act by January 1, 2022.  It’s a lot — the requirements affect a very broad swath of issues and industries.  Certain agencies will be pushed to their capacity to comply meaningfully.  The latter half of 2021 will involve a flurry of activity under the AML Act, which in turn will produce another flurry of activity.

Specifically, the AML Act requires various components of the U.S. government to issue proposed and final regulations, and to conduct studies and reports for consideration by Congress, by January 1, 2022.  Generally, the Secretary of the Treasury – often, acting through the Financial Crimes Enforcement Network – is the agency tasked with these duties.  But these duties also can extend to the Federal functional regulators, the Attorney General, the Government Accountability Office, the Office of Management and Budget, and certain national security agencies – sometimes in consultation with relevant State financial regulators.

Given all of the upcoming deadlines, we thought that a high-level compendium would be useful. Accordingly, the key outcomes which the AML Act requires to be completed between December 27, 2021 and January 1, 2022, without reference to the responsible agencies, are set forth below. For your convenience, we provide a PDF setting forth these deadlines here, for you to save, print, and/or distribute.

The Act imposes other deadlines as well, but we focus here “only” on those coming to fruition by January 1 of next year.  Of course, in order for any final regulations to be issued by the deadlines, proposed regulations must be issued earlier in 2021.

  • Regulations regarding the Corporate Transparency Act (“CTA”) and related beneficial ownership (“BO”) reporting
  • Regulations regarding the implementation of national AML/CFT priorities
  • Regulations regarding AML/CFT requirements for the antiquities trade
  • Appointments of BSA Information Security Officers at FinCEN, the Internal Revenue Service, and each Federal functional regulator
  • Appointments of BSA Innovation Officers at FinCEN and each Federal functional regulator
  • Study on money laundering and the art trade
  • Rules regarding Suspicious Activity Report (“SAR”) pilot program for sharing information
  • Reports on SAR and Currency Transaction Report (“CTR”) effectiveness and potential streamlining of current filing requirements
  • Reports on general effectiveness of BSA regulations and guidance, and on usefulness of data from financial institution reporting under the BSA
  • Report on the activities of the FinCEN Exchange, a voluntary public-private information sharing partnership among law enforcement agencies, national security agencies, financial institutions, and FinCEN
  • Report on the objectives and activities of the FinCEN Office of Domestic Liaison
  • Report on how payment systems, including the use of virtual currency, are used to facilitate human trafficking and drug trafficking
  • Report on deferred and non-prosecution agreements entered into by Department of Justice regarding potential violations of the BSA
  • Report on impact of financial technology on financial crimes compliance
  • Report on trade-based money laundering
  • Reports on de-risking by financial institutions
  • Report on human trafficking
  • Report on money laundering tied to China
  • Report on money laundering tied to Russia
  • Report on efforts of authoritarian regimes to exploit the U.S. financial system
  • Report on policy considerations for disposition of assets recovered under the Kleptocracy Asset Recovery Rewards Act

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spar’s Anti-Money Laundering Team, please click here.

Second Post in a Series on the FATF Plenary Outcomes

As we blogged, last month the Financial Action Task Force (“FATF”) held its fourth Plenary, inviting delegates from around the world to (virtually) meet and discuss a wide range of global financial crimes and ongoing risk areas. Following the Plenary, FATF identified a number of strategic initiatives for future research and publication, and issued six reports to detail their findings on specific topics. One such report, Money Laundering from Environmental Crime (the “Report”), and its implications for anti-money laundering (“AML”) and countering the financing of terrorist (“CFT”), will be the focus of this post.

The 66-page Report is compiled from case studies and best practices submitted by over 40 countries, as well as input from international organizations like the International Monetary Fund and World Bank. While this Report is the first deep dive into environmental crimes and recommendations for members of the FATF Global Network, it is not the first time FATF has addressed environmental issues. The current Report aims to build upon FATF’s previous study on money laundering and the illegal wildlife trade, on which we also blogged. The current Report is also connected to earlier FATF studies on money laundering risks from the gold trade and the diamond trade.  Indeed, the Report references U.S. enforcement cases involving money laundering and gold or diamonds on which we previously have blogged (see here, here and here).

As this post will discuss, these areas of money laundering risk are often overlooked and are especially difficult to monitor. Further, the Report finds that “[l]imited cooperation between AML/CFT authorities and environmental crime and protection agencies in most countries presents a major barrier to effectively tackle [money laundering] from environmental crimes.”  Stated otherwise, government AML/financial flow experts and government environmental law experts don’t understand or even consider each other’s area of expertise, and often don’t communicate with each other, resulting in missed enforcement opportunities.  With global environmental crimes generating up to $281 billion per year, the Report suggests that government interventions are not proportionate to the severity of this issue. By issuing this Report, FATF hopes to raise awareness of the scope and scale of harm caused by environmental crimes and related money laundering, and enhance collaboration by financial crime and environmental crime enforcement officials. Continue Reading FATF Issues First-Ever Report on Environmental Crime and Money Laundering