https://www.law.com/newyorklawjournal/2020/06/03/active-u-s-enforcement-of-anti-money-laundering-rules-continues-unabated/?slreturn=20200503215828

In January 2020, the U.S. Department of the Treasury issued its National Strategy for Combatting Terrorist and Other Illicit Financing (2020 Strategy). This document details the key priorities of the U.S. government regarding the enforcement of the Bank Secrecy Act (BSA) and its broader agenda on efforts related to anti-money laundering and the combating the financing of terrorism (AML/CFT). Marking the 50th anniversary of the BSA, the U.S. Treasury described the 2020 Strategy as identifying key threats, vulnerabilities, and priorities for disrupting and preventing illicit finance activities within and transiting the U.S. financial system, and providing a roadmap to modernize the AML/CFT regime.

The 2020 Strategy follows a year when in 2019 global enforcers imposed more than $8 billion in anti-money laundering fines. This figure doubles the amount of penalties meted out in 2018, which approached $4.27 billion. U.S. enforcement agencies and regulators were the most active, handing out 25 penalties totaling $2.29 billion. Of the world’s top 50 banks, 12 were hit with fines in 2019.

Four months into 2020, this trend has continued. In March 2020, Swedbank AB was fined approximately $400 million (4 billion Swedish krona) for serious deficiencies in its anti-money laundering controls and for withholding documents from Swedish and Estonian regulators and is reportedly under investigation by U.S. enforcement agencies for the same concerns. U.S. financial regulators continue to focus on anti-money laundering enforcement, with the release of guidance and strategy documents. Most recently, in April 2020, the Federal Financial Institutions Examination Council (FFIEC) published a manual for AML examinations. In parallel to the broader strategy efforts, there have been a number of recent developments across the anti-money laundering enforcement spectrum.

U.S. Treasury 2020 AML Strategy

The U.S. Treasury 2020 Strategy outlines three primary priorities and supporting actions: (1) increasing transparency and closing gaps in the AML/CFT legal framework; (2) continuing to improve the efficiency and effectiveness of the AML/CFT regulatory and supervisory framework for financial institutions; and (3) enhancing current AML/CFT operational capabilities. The 2020 Strategy reinforces the July 22, 2019 Joint Statement on Risk issued by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency (OCC) and the Financial Crimes Enforcement Network (FinCEN), which focused on the BSA and AML supervision. The Joint Statement underscores the agencies’ expectation that banks will engage in risk assessments and calibrate their BSA/AML programs to identified risks. According to the Joint Statement, in regulatory agencies’ examinations of banks, “[e]xaminers review risk management practices to evaluate and assess whether a bank has developed and implemented effective processes to identify, measure, monitor, and control risks.” In addition, the 2020 Strategy follows the August 2019 announcement by FinCEN establishing a new division—the Global Investigations Division—to oversee U.S. and cross-border investigations.

The 2020 Strategy reviews in details “the most significant vulnerabilities in the United States supported by illicit actors.” The eight overlapping areas of concern include:

l  beneficial ownership information at company formation

l  real estate professionals and other “gatekeeping professions”

l  correspondent banking

l  cash, including bulk cash smuggling and trade-based money laundering

l  complicit actors in financial institutions and other businesses

l  compliance weakness

l  digital assets

l  non-bank financial institutions, such as money services businesses, broker-dealers and casinos.

The 2020 Strategy also emphasizes a number of steps underway to close gaps in the current legal framework. First, the 2020 Strategy emphasizes current legislative efforts that would require companies to report to the U.S. government their beneficial owners at the time they are formed and when their ownership changes.

Second, the 2020 Strategy will support legislation to minimize the risks of the laundering of illicit proceeds through real estate purchases. The 2020 Strategy notes that an estimated 20% of current real estate purchases do not involve financing and thus avoid the involvement of any party with AML/CFT obligations.

Third, the 2020 Strategy reveals that FinCEN is working to finalize the August 2016 Notice of Proposed Rulemaking which, if adopted, would extend AML program obligations to certain financial institutions and intermediaries currently residing outside the BSA framework. The final rule will remove the AML program exemption for banks that lack a federal functional regulator, including private banks, non-federally insured credit unions, and certain state-chartered trust companies. The final rule would prescribe minimum standards for AML programs and require all banks to establish and implement AML controls and comply with customer identification program rules and beneficial ownership information requirements.

Fourth, the 2020 Strategy will focus on revising and clarifying the U.S. regulatory framework to expand coverage of digital assets. In particular, the U.S. Treasury and other agencies are reviewing ways to update the U.S. regulatory framework to ensure that all types of digital asset transactions are effectively covered by our AML/CFT framework, that the threshold for customer identification of cross-border wires is lowered to better align with illicit finance risk and international standards, and that travel and recordkeeping regulations are more in line with technological advancements.

To further these combined efforts, the 2020 Strategy proposes to continue to lead the FATF, the global standard-setting body for combating AML/CFT. The 2020 Strategy proposes to work to ensure that other countries “understand and incorporate the FATF Standards to their domestic legal regime, and that they are accountable for deficiencies in complying with these standards.”

FFIEC Examination Manual

On April 15, 2020, the FFIEC, in collaboration with FinCEN, published updates to its Bank Secrecy Act/Anti-Money Laundering examination manual. According to FFIEC, the manual does not impose any new regulatory requirements but rather offers increased transparency into the examination process that federal and state regulators—including the Federal Reserve Board, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency, among others—apply when a financial institution’s BSA/AML compliance program is evaluated. The manual emphasizes a risk-focused approach to BSA/AML examinations noting that regulators are expected to tailor their examinations to the financial institutions’ risk profile.

The manual explains that a regulator must understand its regulated institutions’ BSA/AML compliance in light of their money laundering and terrorist financing (MLTF) risk profiles. The goal of a BSA/AML examination is to asses an institution’s ability to identify, measure, monitor, and control MLTF risks. The first step in such an examination is to review and assess prior examination reports, the institution’s own internal BSA/AML risk assessments, internal and external audits, and reporting data available from FinCEN. From there, the manual describes how examiners should conduct sample testing of the financial institution’s compliance with regulatory requirements and adherence to and appropriateness of its policies, procedures and processes. The manual includes a number of examples of the sort of testing a regulator may conduct and details how such testing should be done including:

l  sampling alerts and reviewing the investigation and decision-making process regarding Suspicious Activity Report (SAR) filings;

l  determining the accuracy of SARs and Currency Transaction Reports (CTRs);

l  confirming the institution has collected and verified appropriate customer information and due diligence, including accurate beneficial ownership information, on a sample of accounts;

l  reviewing management meeting minutes to determine whether audits or other independent findings have been reported to the board of directors or committee thereof; and

l  comparing staff training records with the institution’s training Policy.

Finally, the manual provides guidance for the regulator to formulate conclusions based on whether the assessment identified deficiencies and whether those deficiencies are technical or isolated thereby not prompting a serious regulatory concern, versus deficiencies that are systemic and repetitive. The manual describes a number of considerations in determining whether a deficiency rises to the level of being systemic, including if there is a high number of regulatory violations compared to total banking activity, if similar violations occur in different divisions, and whether the deficiencies impact suspicious activity monitoring and reporting. A number of examples of systemic deficiencies are provided, including:

l  failure to establish a risk-based due diligence program with enhanced procedures concerning foreign correspondent accounts and non-U.S. private banking customers;

l  SAR or CTR filings that are consistently late or frequently contain errors or omissions; and

l  consistently failing to obtain or verify and maintain required customer identification information.

Such deficiencies, if identified, could have a negative impact on the adequacy of a financial institution’s BSA/AML program and may be grounds for an enforcement action.

BSA/AML Penalties for Gatekeepers

In line with the focus of U.S. prosecutorial agencies on individual accountability, the role of gatekeepers in effective AML compliance has become more visible.

In July 2019, the U.S. OCC, a unit of the Department of Treasury, issued a consent order assessing a $50,000 civil money penalty against the former U.S. general counsel of Rabobank, N.A. In addition, as part of the order, the OCC barred the former general counsel from participating in the banking industry, absent the prior consent of the OCC. The OCC alleged that the former general counsel “knowingly and willfully participated in the making of materially false statements” to U.S. bank examiners and concealed information regarding the deficiencies in Rabobank’s AML compliance program, operational reporting and internal controls.

In January 2020, FinCEN assessed a $450,000 civil money penalty against the former Chief Operational Risk Officer at U.S. Bank N.A. for his failure to prevent violations of the BSA. In particular, during the former executive’s tenure, U.S. Bank improperly capped the number of alerts generated by its automated transaction monitoring system and failed to adequately staff the BSA compliance function. FinCEN highlighted the fact that in February 2010, FinCEN and the OCC publicly announced regulatory action against Wachovia Bank for conduct similar to that underlying the U.S. Bank programmatic deficiencies and that the relevance of this prior regulatory action was “discounted” by members of the former executive’s group.

Recent FINRA Enforcement

U.S.-registered broker-dealers are obligated under SEC Rule 17a-8 to comply with all BSA reporting and recordkeeping requirements. To ensure compliance, the Financial Industry Regulatory Authority (FINRA) adopted Rule 3310, requiring each member to design and implement a written AML program reasonably designed to achieve and monitor the member’s compliance with the requirements of the BSA.

Amid the increase in AML enforcement from the U.S. Department of Justice and other authorities, FINRA has stepped up its AML focus as well. In March 2019, FINRA accepted an offer of settlement from TriPoint Global Equities LLC, its President and Chief Compliance Officer and its Head Trader. FINRA found that TriPoint failed to develop and implement an AML program to identify potential suspicious activity in customers’ deposits and liquidation of penny stocks. In addition, TriPoint allegedly failed to investigate the red flags for penny stock transactions identified in its own AML plan. TriPoint was censured, fined $100,000 and ordered to pay disgorgement of commissions.

In October 2019, FINRA accepted an offer of settlement from BNP Paribas Securities and BNP Paribas Prime Brokerage. FINRA found that from February 2013 to March 2017, despite its penny stock activity, BNP did not develop and implement a written AML program that could reasonably be expected to detect and cause the reporting of potential suspicious transactions. According to the release, until 2016, BNP’s AML program did not include any surveillance targeting potential suspicious transactions involving penny stocks, even though BNP accepted the deposit of nearly 31 billion shares of penny stocks, with a notional value of approximately $338 million, from clients. BNP processed more than 70,000 wires with a total value of $233 billion, and at least 834 customer accounts were associated with high-risk jurisdictions or foreign currency-denominated wire transfer activity that purchased and sold penny stocks. BNP also did not implement any supervisory systems or written procedures to determine whether resales of securities complied with Section 5 of the Securities Act. BNP was censured and fined $15 million.

Role of the New York DFS in AML Enforcement

The New York State Department of Financial Services (DFS), which oversees state-chartered banks, non-U.S. bank branches and representative offices, insurance companies and money transmitters, among other financial institutions, remains a significant actor in the AML space and continues to aggressively pursue AML enforcement. Recent enforcement actions demonstrate that DFS is willing to act either in conjunction with, or independent of, U.S. enforcement agencies and regulators. DFS civil penalties are sometimes greater than penalties imposed by U.S. agencies or imposed when there is no U.S. enforcement proceeding.

On Jan. 1, 2017, DFS began enforcing its new AML regulation. See 3 N.Y.C.R.R. §116.2. The regulation, among other things, requires financial institutions to maintain risk-based programs to monitor transactions for potential violations of the BSA and anti-money laundering laws, and to block transactions involving entities on U.S. sanctions list. This new tool reinforced the preexisting regulatory regime that empowers the DFS to investigate and penalize banking practices it deems unsafe or unsound under New York Banking Law §44 and to examine and ensure accurate books and records under New York Banking Law §200-c. The DFS wasted no time to flex its new authority when, on Jan. 30, 2017, it fined Deutsche Bank AG $425 million for compliance failures that allowed traders to engage in a Russian mirror-trading scheme.

Since early 2017, DFS has regularly emphasized its focus on AML enforcement, imposing numerous large fines on financial institutions licensed by New York state for AML failures around the world:

l  In September 2017, DFS fined Habib Bank $225 million and revoked the license of its New York branch for extensive AML failures.

l  In January 2018, DFS fined Western Union $60 million for failing to sufficiently investigate suspicious transactions in China.

l  In October 2018, DFS fined Mashreqbank $40 million for violations of the BSA and AML laws in relation to its USD clearing business. The NYDFS also compelled the bank to hire third party compliance consultants to address the deficiencies and conduct a review of the New York branch’s past clearing activity.

l  In November 2018, DFS fined Société Générale $420 million in relation to the bank’s failure to prevent billions of dollars in transactions with embargoed or sanctioned entities in Iran, Sudan, Cuba and Libya.

l  In April 2019, DFS fined UniCredit Group $405 million for facilitating billions of dollars in transactions with entities in sanction countries, including Cuba, Iran, Libya, Myanmar, and Sudan.

In early 2019, after revelations that Danske Bank A/S had facilitated hundreds of billions of dollars in high risk transactions through its non-resident portfolio in Estonia, DFS began a broad multi-bank investigation of AML issues in the Baltic and CIS regions. According to public reporting, DFS is investigating the connections between some of the largest Nordic banks and Danske Bank, as well as certain smaller banks connected to suspected money laundering activity in Cyprus, Latvia, Lithuania, Moldova, and Russia.

The DFS only has regulatory authority over banks licensed by the state of New York, but exercises broad extraterritorial jurisdiction. DFS has exercise its jurisdiction over non-U.S. financial institutions where subject transactions (1) moved through its New York branch, (2) are cleared through a U.S.-based correspondent bank or (3) involve USD transactions.