The Federal Reserve Bank of Philadelphia (the “Philly Fed”) recently executed an agreement (the “Agreement”) with Pennsylvania-based Customers Bank (and its Customers Bancorp, Inc. holding entity) (collectively, “Customers”).  According to the Agreement, “the most recent examinations and inspections” of Customers by the Philly Fed identified “significant deficiencies” related to the bank’s risk management practices, Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) compliance, and regulations issued by the Office of Foreign Assets Control (“OFAC”).  

The source of these alleged deficiencies is alluded to by the Agreement, which immediately highlights two “digital assets-friendly” elements of Customers’ business model:

  • Customers’ “digital asset strategy”, i.e., “offering banking services to digital asset customers”; and, relatedly,
  • Customers’ facilitation of “dollar token activities,” which refers to the bank’s operation of an “instant payments platform” that allows the bank’s commercial clients “to make tokenized payments over a distributed ledger technology system” – though only to other Customers’ commercial clients.

The Agreement calls for Customers to submit a number of plans to the Philly Fed by October 5, 2024, several of which explicitly require the Philly Fed’s approval.

Continue Reading Bank’s Digital Assets Business Strategy Draws Federal Reserve Scrutiny

On August 1, 2024, the Department of Justice launched its Corporate Whistleblower Awards Pilot Program (the “Pilot Program”). Under this 3-year initiative managed by DOJ’s Criminal Division, a whistleblower may be eligible for an award of up to $50 million if she provides DOJ with information about corporate misconduct in certain industries.  As described in greater detail in the program guidance and below, the information must relate to at least one of four areas, including certain crimes relating to financial institutions, foreign corruption by companies, domestic corruption by companies and federal health care offenses involving private or other non-public health care benefit programs.

The Pilot Program has particular implications for financial institutions (“FIs”) and their anti-money laundering/countering the financing of terrorism (“AML/CFT”) compliance program personnel. Real-world application of the Pilot Program presumably will reveal the practical interplay (and possible tensions) between the Pilot Program and the relatively new whistleblower provisions under Bank Secrecy Act (“BSA”) created by the Anti-Money Laundering Act (“AML Act”), on which we have blogged frequently (see here, here, here, here, here and here).

Continue Reading DOJ Unveils Corporate Whistleblower Awards Pilot Program – With Implications for Financial Institutions and AML/CFT Compliance Personnel

Thereby Highlighting Need for Future Changes to Banks’ CDD Rule Systems

The Financial Crimes Enforcement Network (“FinCEN”) has published a two-page reference guide (“Guide”) comparing the requirements for reporting beneficial ownership information (“BOI”) to FinCEN under the Corporate Transparency Act (“CTA”) with the current requirements for covered entity customers to report BOI to their financial institutions (“FIs”) under the Bank Secrecy Act’s Customer Due Diligence (“CDD”) Rule. 

Entitled “Notice to Customers: Beneficial Ownership Information Reference Guide,” the Guide is styled as a reference tool for business customers of banks who also are covered by the CTA.  It is predominated by a chart, which we set forth at the end of this blog post, setting forth the differences in what information needs to be reported under the different reporting regimes.  But, as we discuss, the Guide also serves as a reminder to FIs — intentionally or not — that they soon will be required to revamp their long-standing CDD Rule compliance systems.

Continue Reading FinCEN Highlights Differences in CDD Rule and CTA Reporting of BOI

The federal banking regulators (The Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation) issued on July 25 a lengthy joint statement outlining the potential risks that financial institutions face in arrangements with third parties to deliver bank deposit products and services.  The joint statement also provides examples of risk management practices to manage such potential risks.

The joint statement does not establish new expectations for financial institutions.  Rather, “[t]his statement reemphasizes existing guidance; it does not alter existing legal or regulatory requirements or establish new supervisory expectations.”  According to the joint statement, “[t]he agencies support responsible innovation and support banks in pursuing third-party arrangements in a manner consistent with safe and sound practices and in compliance with applicable laws and regulations, including, but not limited to, those designed to protect consumers (such as fair lending laws and prohibitions against unfair, deceptive, or abusive acts or practices) and those addressing financial crimes (such as fraud and money laundering).”  As they have in the past, the agencies warned that “a bank’s use of third parties to perform certain activities does not diminish its responsibility to comply with all applicable laws and regulations.”

In addition to the joint statement, the agencies on July 31, 2024 published in the Federal Register a request for information in order to better understand the relationships banks have with fintechs.  Specifically, they “seek public comment to build on their understanding of these arrangements, including with respect to roles, risks, costs, and revenue allocation.  The agencies also seek additional information and stakeholder perspectives relevant to the implications of such arrangements, including for banks’ risk management, safety and soundness, and compliance with applicable laws and regulations.”  The agencies further seek information about how fintechs support increased access to financial services and products.

Bank-fintech relationships may enable banks to leverage newer technology to offer innovative products to meet evolving customer expectations, the agencies said. At the same time, those relationships may introduce potential risks, the agencies said, adding that the failure of banks to manage them may present consumer protection, safety and soundness and compliance concerns.  Consistent with the joint statement, the request for information and comment emphasized that banks ultimately remain responsible for numerous compliance requirements, including an effective anti-money laundering/countering the financing of terrorism compliance program.

The banking agencies previously issued guidance for risk management with third-party relationships in June 2023. In May 2024, the regulators issued a guide to third-party risk management at community banks.

Comments are due within 60 days.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

As we previously blogged, a Florida law (Fla. Stat. § 655.0323, entitled “Unsafe and unsound practices”) which became effective July 1, 2024 prohibits federal and state depository institutions conducting business in the state from denying services based on religion or political beliefs and activities. Every year, financial institutions must attest to their compliance with the Florida law. When he signed the bill into law, Governor Ron DeSantis said, “We are not going to allow big banks to discriminate based on someone’s political or religious beliefs, and we will continue to fight back against indoctrination in education and the workplace.”

As we will discuss, the Florida law also prohibits a financial institution acting on the basis of “any factor if it is not a quantitative, impartial, and risk-based standard, including any such factor related to the person’s business sector[.]” This prohibition in particular creates a clear challenge for implementing an anti-money laundering/countering the financing of terrorism (“AML/CFT”) compliance program, which inherently involves subjective judgments and an assessment of the risk presented by a customer based on its line of business. The problematic implications of the Florida law did not go unnoticed by the U.S. Congress or the U.S. Department of the Treasury (“Treasury”).

Continue Reading Three Members of Congress and U.S. Treasury Express Concerns that Florida Law Prohibiting Banks from Considering Customers’ Business Sectors or Political or Religious Beliefs Conflicts with Federal AML/CFT Requirements

Second in a Two-Part Series on the Utility of BSA Filings

In this post, we will once again consider the issue of the utility of Bank Secrecy Act (BSA) filings to the global anti-money laundering/countering the financing of terrorism (AML/CFT) compliance regime. 

In our first blog post in this series, we invited Don Fort, a former Chief of the Internal Revenue Service’s Criminal Investigation (CI) Division, to answer questions on utility of BSA filings from the perspective of law enforcement.  Here, we will discuss two recent publications by industry groups:  one by the Bank Policy Institute, the Financial Technology Association, the Independent Community Bankers of America, the American Gaming Association, and the Securities Industry and Financial Markets Association (collectively, the Associations), and another by the Wolfsberg Group, which is an association of 12 global banks which aims to develop frameworks and guidance for the management of financial crime risks.

The Associations respond to an estimate by the Financial Crime Enforcement Network (FinCEN) concerning the time required to complete a Suspicious Activity Report (SAR).  The Associations’ observations on SAR filing compliance costs are targeted and precise and serve as a good segue into the broader critiques and recommendations made by the Wolfsberg Group regarding overall AML/CFT reporting and how it might be more effective.

Continue Reading BSA Filings and Their Utility to Law Enforcement:  An Industry Viewpoint

The federal banking agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively the “Agencies”), issued a notice of proposed rulemaking (“Agencies’ NPRM”) to modernize financial institutions’ anti-money laundering and countering terrorist financing (“AML/CFT”) programs. The Agencies’ NPRM is consistent with FinCEN’s recent AML/CFT modernization proposal (“FinCEN’s NPRM”), on which we blogged here.

The Agencies’ NPRM does not substantively depart from FinCEN’s NPRM and requires the same program requirements. Although the Anti-Money Laundering Act (“AML Act”) did not require the Agencies to amend their regulations, the Agencies’ goal is to maintain consistent program requirements. The NPRM states that financial institutions will not be subject to any additional burdens in complying with differing standards between FinCEN and the Agencies.   

Continue Reading Federal Banking Agencies Issue NPRM Consistent with FinCEN’s AML/CFT Modernization Proposal

First in a Two-Part Series on the Utility of BSA Filings

Today we are very pleased to welcome guest blogger, Don Fort, who is the Director of Investigations at Kostelanetz LLP, and the past Chief of the Internal Revenue Service’s Criminal Investigation (CI) Division

As Chief of IRS-CI from 2017 to 2020, Don led the sixth largest U.S. law enforcement agency, managing a budget of over $625 million and a worldwide staff of approximately 3,000, including 2,100 special agents in 21 IRS field offices and 11 foreign countries. Don’s time in law enforcement included overseeing investigations of some of the most significant financial crimes involving tax evasion, sanctions evasion, money laundering, bribery, international corruption, bank malfeasance, cyber and cryptocurrency crimes, and terrorist financing.

We reached out to Don because we were interested in his perspective on the 2023 Year-in-Review (YIR) published by the Financial Crimes Enforcement Network (FinCEN), on which we previously blogged.  According to the YIR, there are about 294,000 financial institutions and other e-filers registered to file Bank Secrecy Act (BSA) reports with FinCEN.  Collectively, they filed during FY 2023 a total of 4.6 million Suspicious Activity Reports (SARs) and 20.8 million Currency Transaction Reports (CTRs), as well as 1.6 million Reports of Foreign Bank and Financial Accounts (FBARs), 421,500 Forms 8300 regarding cash payments over $10,000 received in a trade or business, and 143,200 Reports of International Transportation of Currency or Monetary Instruments (CMIRs) for certain cross-border transactions exceeding $10,000.  Although the YIR necessarily represents only a snapshot lacking full context, only a very small portion of those filings ever became relevant to actual federal criminal investigations.  But, the YIR makes clear that one of the most, or the most, important consumers of BSA filings is IRS-CI.

In our next related blog, we will discuss the utility of filings in the global anti-money laundering/countering the financing of terrorism compliance regime, from the perspective of industry – specifically, recent publications by the Wolfsberg Group, and the Bank Policy Institute, the Financial Technology Association, the Independent Community Bankers of America, the American Gaming Association, and the Securities Industry and Financial Markets Association.

This blog post again takes the form of a Q&A session, in which Don responds to questions posed by Money Laundering Watch about the impact of BSA filings, from the perspective of IRS-CI.  We hope you enjoy this discussion on this important topic. – Peter Hardy and Siana Danch

Continue Reading BSA Filings and Their Utility to Law Enforcement:  A Guest Blog

On July 3, the Financial Crimes Enforcement Network (FinCEN) published a notice of proposed rulemaking (NPRM) as part of a broader initiative to “strengthen, modernize, and improve” financial institutions’ anti-money laundering and countering the financing of terrorism (AML/CFT) programs. In addition, the NPRM seeks to promote effectiveness, efficiency, innovation, and flexibility with respect to AML/CFT programs; support the establishment, implementation, and maintenance of risk-based AML/CFT programs; and strengthen the cooperation between financial institutions (“FIs”) and the government.

This NPRM implements Section 6101 of the Anti-Money Laundering Act of 2020 (the “AML Act”).  It also follows up on FinCEN’s September 2020 advanced notice of proposed rulemaking soliciting public comment on what it described then as “a wide range of questions pertaining to potential regulatory amendments under the Bank Secrecy Act (‘BSA’) . . . . to re-examine the BSA regulatory framework and the broader AML regime[,]” to which FinCEN received 111 comments.

As we will discuss, the NPRM focuses on the need for all FIs to implement a risk assessment as part of an effective, risk-based, and reasonably designed AML/CFT program.  The NPRM also focuses on how consideration of FinCEN’s AML/CFT Priorities must be a part of any risk assessment.  However, in regards to addressing certain important issues, such providing comfort to FIs to pursue technological innovation, reducing the “de-risking” of certain FI customers and meaningful government feedback on BSA reporting, the NPRM provides nothing concrete.

FinCEN has published a five-page FAQ sheet which summarizes the NPRM.  We have created a 35-page PDF, here, which sets forth the proposed regulations themselves for all covered FIs.

The NPRM has a 60-day comment period, closing on September 3, 2024.  Particularly in light of the Supreme Court’s recent overruling of Chevron deference, giving the courts the power to interpret statutes without deferring to the agency’s interpretation, this rulemaking, once finalized, presumably will be the target of litigation challenging FinCEN’s interpretation of the AML Act. 

Continue Reading FinCEN Issues Proposed Rulemaking Aimed at Strengthening and Modernizing AML Programs Across Multiple Industries

Opinion Can Invite New Challenges to Long-Standing BSA/AML Regulations

On July 1, 2024, the Supreme Court issued its opinion in Corner Post, Inc. v Board of Governors of the Federal Reserve System in which the Court determined when a Section 702 claim under the Administrative Procedure Act (APA) to challenge a final agency action first accrues. In a 6-3 Opinion, the Supreme Court sided with Corner Post in holding that a right of action first accrues when the plaintiff has the right to assert it in court—and in the case of the APA, that is when the plaintiff is injured by final agency action.

This ruling could open the litigation floodgates for industry newcomers to challenge longstanding agency rules. These APA challenges will be further aided by the Supreme Court’s recent overruling of Chevron deference, giving the courts the power to interpret statutes without deferring to the agency’s interpretation.

This development is relevant to potential challenges to anti-money laundering (“AML”) regulations promulgated under the Bank Secrecy Act (“BSA”) or other statutory schemes by the Financial Crimes Enforcement Network, the federal functional regulators, the Securities Exchange Commission, and FINRA. Many BSA/AML regulations were promulgated many years ago. Historically, litigation challenges to BSA/AML regulations have been rare. Given the combined effect of recent rulings by the Supreme Court, that could change.

Continue Reading Supreme Court Opens Door to More APA Challenges by Ruling that Right of Action Accrues When Regulation First Causes Injury