Posts filed under ‘BSA/AML’

FinCEN Issues Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime

Written by: Jennifer Salisbury

On Tuesday, October 25, the Financial Crimes Enforcement Network (“FinCEN”) issued an Advisory to explain how regulations and requirements of the Bank Secrecy Act (the “BSA”) apply to cyber-events, cyber-enabled crime, and cyber-related information.

Under the BSA, a financial institution must file a Suspicious Activity Report (a “SAR”) in the event of any successful or unsuccessful cyber-event that poses or posed at least a $5,000 risk to such institution. Further, a SAR must be filed for any cyber-event that a financial institution knows or at all suspects was intended to influence a transaction or a series of transactions at such institution.  A cyber-event is an attempt to compromise or gain unauthorized electronic access to electronic systems, services, resources, or information.  In determining whether to report any cyber-event, a financial institution should take into consideration any information it has that relates at all to the cyber-event and should aggregate any funds and/or assets that were involved or put at all at risk by the cyber-event.  FinCEN also encourages any financial institution that discovers any cyber-event that falls outside of the mandatory SAR threshold to consider voluntarily filing a SAR because the information can still provide value to law enforcement investigations.

When filing a mandatory SAR, a financial institution should include any cyber-related information available to it. FinCEN also encourages any cyber-related information be included in the filing of any voluntary SAR.  Some examples of cyber-related information are IP addresses with timestamps, virtual-wallet information, device identifiers, and cyber-event information.  Both mandatory and voluntary SARs should include complete and accurate information including, to the extent available: a description and magnitude of the event; known or suspected time, location, and characteristics or signatures of the event; indicators of compromise; relevant IP addresses and their timestamps; device identifiers; methodologies used; and any other information the financial institution believes is relevant.

In addition, financial institutions should always ensure that they comply with any other cyber-related SAR requirements that might be imposed by their respective functional regulators.

To view the full text of the FinCEN Advisory, click here.

October 28, 2016 at 4:34 pm

New FinCEN Rule Requires Identification Procedures for Legal Entity Customers and Heightened Anti-Money Laundering Diligence for Financial Institutions

Written by: George Sand

A new FinCEN rule under the Bank Secrecy Act will require institutions to more specifically identify legal entity customers and increase Anti-Money Laundering (AML) diligence.  The rule will apply to “Covered Financial Institutions,” which includes banks; brokers or dealers in securities; mutual funds; and futures commission merchants and introducing brokers in commodities.

Under the rule, Covered Financial Institutions will be required to verify the identity of the beneficial owners of all legal entity customers when a new account is opened, with exceptions.  A beneficial owner is an individual who owns more than 25 percent of the equity interests in a company or is the single individual who exercises control. Covered Financial Institutions will be in compliance with obtaining beneficial owner information by either obtaining the information on a model certification form or by any other method that complies with the substantive requirements of the rule.  The procedures for identifying and verifying legal entity customers will be similar to the procedures for identifying individual customers under the Customer Identification Program (CIP).  Covered Financial Institutions identifying beneficial owners of legal entity customers may rely on the information supplied by the customer, provided that there is “no knowledge of facts that would reasonably call into question the reliability of the information.”  Covered Financial Institutions will be required to maintain records of the beneficial ownership information obtained, but may assign this duty to another financial instruction.

In addition, the FinCEN rule amends the Anti-Money Laundering (AML) Program Rule for each Covered Financial Institution to include risk-based procedures for conducting ongoing customer due diligence.  The amended rule applies to all entity customers, including existing entity customers.  The amended rule requires Covered Financial Institutions to develop a customer risk profile by using customer information gathered at account opening and using it as a baseline for suspicious activity reporting.  The rule requires ongoing monitoring to identify and report suspicious transactions, and update the customer information.  When a Covered Financial Institution detects relevant activity of a customer—for example, a change in beneficial ownership or increase in international wire activity—it is required to reassess and reevaluate the risk posed by the customer and update the customer information, including beneficial ownership information.  The rule is event-driven, and does not require Covered Financial Institutions to update the information on a periodic basis.

The rule is effective July 11, 2016, but compliance will not be mandatory until May 11, 2018. The Federal Register is expected to publish the rule on May 11, 2016.

May 12, 2016 at 10:42 am

FinCEN Proposes Extending Anti-Money Laundering Compliance Requirements to Investment Advisers

By: Eric Mikkelson

Yesterday, the United States Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) proposed a rule that would require SEC-registered investment advisers, including private equity and hedge funds, to comply with certain anti-money laundering (AML) rules. These rules already apply to other types of financial institutions such as banks and securities broker-dealers.

PURPOSE AND BACKGROUND

With these rules, FinCEN expects investment advisers to assist it in protecting the integrity of the overall financial system by making it harder for a client “trying to move or stash dirty money,” including terrorist financers, in this multi-trillion dollar sector. FinCEN perceives that investment advisers currently provide a relatively low-risk way for such illicit money to enter the system. This proposal has been discussed for years (similar rules have previously been proposed and withdrawn), and thus was not unexpected.

AML PROGRAMS AND SUSPICIOUS ACTIVITY REPORTING

The rule would require SEC-registered investment advisers to adopt and comply with tailored AML policies and file suspicious activity reports (SARs) with FinCEN as applicable. Many investment advisers have already implemented AML programs, either voluntarily or in response to an SEC-no action letter that allows broker-dealers to rely on investment advisers to perform their AML-related customer identification program obligations under certain circumstances. However, for other investment advisers, the development and implementation of a required, written AML policy and compliance with the applicable new reporting requirements could be a significant undertaking.

An AML policy should, at a minimum, (a) establish and implement policies, procedures and internal controls; (b) provide for independent testing for compliance; (c) designate a compliance officer; and (d) provide a training program. SARs would be required to be filed for transactions in excess of $5,000 which the adviser knows, or has reason to know, involve illegal or other suspicious activity.

CURRENCY TRANSACTION REPORTING

By expanding the definition of “financial institution” pursuant to the Bank Secrecy Act (which includes the PATRIOT Act) to include SEC-registered investment advisers, FinCEN would require them to file Currency Transaction Reports (CTRs), and keep and share other fund transmittal records that currently apply to other financial firms. Investment advisers are already  generally required to file Form 8300 for the receipt of more than $10,000 in cash or negotiable instruments. The new rule would replace the Form 8300 requirement with the CTR and would apply to transfers of more than $10,000 in actual currency, which may be less burdensome for the investment adviser in the case of transactions using negotiable instruments (not currency) that were previously reportable (although depending on the context those might now need to get picked up on an SAR). Additional records requirements imposed by the new rule apply for other transmissions exceeding $3,000. Such records will be required to be shared with other financial institutions in the payment chain. Some are similar to records already kept by the advisers, but advisers would need to confirm compliance with the nuances of the new rule.

EXAMINATION

FinCEN proposes to delegate its authority to examine advisers for compliance with this new rule to the SEC. FinCEN is expected to propose additional related rules jointly with the SEC, including requirements for a customer identification program for investment advisers.

View the full text of the proposed rule changes, and FinCEN’s explanation of it.

COMMENT PERIOD

Written public comment on the proposal will be accepted by FinCEN for a period of 60 days from the proposed rule’s publication in the Federal Register. If this rule is finalized, FinCEN is proposing that investment advisers have six months from the rule’s effective date to adopt compliant programs.

To discuss the proposed rule changes and the potential effect on your operations, please contact the attorneys listed below or your usal Stinson Leonard Street LLP attorney.

Eric Mikkelson

816.691.2680

bio | vCard | email

John Granda

816.691.3188

bio | vCard | email

David Jenson

612.33531464

bio | vCard | email

Tom Jensen

312.335.1809

bio | vCard | email

Jack Bowling

816.691.2314

bio | vCard | email

Vicki Westerhaus

816.691.2427

bio | vCard | email

Steve Quinlivan

612.335.7076

bio | vCard | email

August 28, 2015 at 5:30 am

“Legalized” Marijuana: A Banking Compliance Conundrum

Written byZane Gilmer

On July 1, 2015, Minnesota will join 23 other states and the District of Columbia as the latest jurisdiction to permit the sale of medical marijuana. Minnesota’s medical marijuana laws are much more restrictive than many of its sister states’ marijuana laws in terms of who may purchase products, the types of products that may be sold or consumed, and the number of facilities permitted to sell the products. Nevertheless, those restrictions do not eliminate the myriad of issues created by permitting the sale of marijuana, including compliance challenges for banks and other financial institutions. This article will address some of the key compliance issues that face Minnesota’s financial industry following the legalization of medical marijuana.

The “Cash-Only” Problem

Most of the major credit card companies prohibit the use of their card networks for marijuana purchases. As a result, “legalized” marijuana sales across the country are conducted largely on a cash basis. Many states that permit either medical or recreational marijuana have seen marijuana revenues soar into the millions of dollars on a weekly basis. The scenario in Minnesota will likely be no different. Financial institutions, however, have to proceed with caution in banking those marijuana proceeds.

The Bank Secrecy Act (“BSA”), for instance, requires banks to monitor money passing through their institutions for potential money-laundering activities.[1] To comply with the BSA, banks are required to a file Suspicious Activity Report (“SAR”) related to certain transactions they suspect involve potential money laundering. Because the cultivation, possession, and distribution of marijuana are illegal under the federal Controlled Substances Act, any proceeds deriving from those transactions would be proceeds of an illegal transaction. Any marijuana-related business (“MRB”) attempting to bank proceeds of marijuana sales would trigger the bank’s obligation to file a SAR. Banks that fail to file a SAR for a reportable activity face criminal and civil fines and other penalties. As a result, many banks in states where marijuana is legal have refused to offer depository services to marijuana businesses.

On February 14, 2014, in response to banks’ reluctance to accept marijuana proceeds, the Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and the Department of Justice (“DOJ”) issued separate guidance to financial institutions related to providing banking services to the marijuana industry.[2]

DOJ Guidance

The DOJ guidance makes clear that the provisions of the BSA, money-laundering statutes, and the unlicensed money remitter statute remain in effect with regard to marijuana-related conduct, despite efforts at the state level to legalize marijuana.[3] The DOJ guidance advises that its prosecutors, in determining whether to initiate an investigation or to charge an individual or institution for violation of a provision related to marijuana conduct, should focus on whether the conduct violates any of the following eight enforcement priorities:[4]

  1. Preventing the distribution of marijuana to minors;
  2. Preventing revenue from the sale of marijuana from going to criminal enterprises, gangs, and cartels;
  3. Preventing the diversion of marijuana from states where it is legal under state law to other states;
  4. Preventing state-authorized marijuana activity from serving as a pretext for trafficking other illegal drugs or other illegal activity;
  5. Preventing violence and the use of firearms in the cultivation and distribution of marijuana;
  6. Preventing drugged driving and the exacerbation of other adverse public health issues related to marijuana;
  7. Preventing the growing of marijuana on public lands and other public safety hazards associated with marijuana on public lands; and
  8. Preventing marijuana possession or use on federal property.

The guidance explains that a violation of one of these priorities may be ripe for investigation or prosecution, whereas a marijuana-related activity that does not implicate one of these priorities may not be appropriate for prosecution. Notably, however, the DOJ guidance does not guarantee that marijuana-related activities that do not implicate one of these priorities will not be prosecuted.

FinCEN Guidance

FinCEN, for its part, issued much more tangible guidance for the financial industry. Indeed, FinCEN’s stated goals in issuing its guidance were to clarify BSA “expectations for financial institutions seeking to provide services to marijuana-related businesses” and to “enhance the availability of financial services for, and the financial transparency of, marijuana-related businesses.”[5]

Development and Implementation of Thorough Customer Due Diligence Programs Required

FinCEN’s guidance provides that “the decision to open, close, or refuse any particular account or relationship should be made by each financial institution based on a number of factors specific to that institution.” To make these decisions, financial institutions are expected to develop and implement a thorough due diligence program that includes: (1) verifying with state authorities whether the MRB is licensed and registered; (2) reviewing the state application and supporting documentation submitted by the MRB to state authorities in support of its marijuana application; (3) requesting from state authorities information related to the MRB and individuals involved with it; (4) developing an understanding of the MRB’s “normal and expected activity,” including the products it sells and types of customers it serves; (5) ongoing monitoring of adverse public information concerning the MRB; (6) ongoing monitoring for any suspicious activity; and (7) updating the due diligence information on a periodic basis. The financial institution must also consider whether the MRB is in violation of one of the DOJ’s eight priorities or state law.

SARs for MRBs

If, after completing due diligence, the financial institution decides to provide services to the MRB, the financial institution must file one of two SARs: either a “Marijuana Limited” SAR—if the financial institution “reasonably believes” that the MRB is not in violation of any of the DOJ’s eight priorities or state law—or a “Marijuana Priority” SAR—if the financial institution reasonably believes that the MRB is in violation of one of the DOJ’s eight priorities or state law. In addition, the financial institution must file a “Marijuana Termination” SAR if it provides financial services to an MRB and later decides to terminate that relationship due to money-laundering concerns or if the MRB is in violation of one of the DOJ’s priorities.

To assist financial institutions in determining which SAR to file, the FinCEN guidance sets forth the following “red flags” that, if present, could mean that an MRB is violating one of the DOJ priorities or state law:

  1. An MRB appears to be using a state-licensed marijuana business as a pretext to launder money related to other criminal activity;
  2. An MRB cannot produce sufficient documentation and other evidence to demonstrate that it is duly licensed and operating in a manner consistent with state law;
  3. An MRB cannot demonstrate the legitimate source of significant outside investors;
  4. An MRB appears to be disguising its involvement in the marijuana industry;
  5. A review of publicly available information about an MRB and related parties reveals negative information;
  6. An MRB or related parties have been subject to state or local enforcement actions;
  7. An MRB engages in international or interstate activity;
  8. The owners or related parties of an MRB reside outside of the state in which the MRB is located;
  9. An MRB is located on federal property or marijuana that is sold by the business is grown on federal property;
  10. An MRB’s proximity to a school is not in compliance with state law; and
  11. An MRB purporting to be a “nonprofit” is engaged in commercial activity inconsistent with its designation as a nonprofit.

If any of these red flags exist, the financial institution must conduct further due diligence to determine whether the MRB is in compliance with the guidance.

Compliance Challenges Not Limited to Depository Accounts

In addition to the compliance challenges of providing depository services to MRBs, banks are also faced with similar issues related to extending loans to MRBs. Not only could such action be viewed as “aiding and abetting” a federal offense, but any loan proceeds and collateral securing the loan could be subject to federal forfeiture.[6] The same may also be true for loans to third parties. For example, if a bank lends money to a strip mall developer who then rents space to an MRB, the debt service paid by the borrower/landlord is likely going to be paid with at least some proceeds of marijuana sales by the borrower’s tenant, because the tenant likely used those proceeds to pay rent to the borrower. Further, banks risk litigation, including claims related to violations of the federal Racketeer Influenced and Corrupt Organizations Act [7]—for providing knowing assistance to MRBs in violation of federal drug laws—and False Claims Act lawsuits [8]—for using proceeds of federally backed loan programs to fund or assist state MRB operations that are unlawful under federal law.

In short, there are a myriad of compliance challenges facing banks in the wake of marijuana legalization. Those challenges, however, have proven manageable. The key is to develop and implement thorough policies and procedures based on DOJ and FinCEN guidance.

[1] 31 U.S.C. § 5311, et seq.; see also 18 U.S.C. §§ 1956 and 1957 (federal anti-money laundering statutes).

[2] FinCEN Guidance, “BSA Expectations Regarding Marijuana-Related Businesses,” February 14, 2014, available at http://www.fincen.gov/statutes_regs/guidance/pdf/FIN-2014-G001.pdf; James M. Cole, “Guidance Regarding Marijuana Related Financial Crimes,” U.S. Department of Justice, February 14, 2014, available at http://www.justice.gov/usao/co/news/2014/feb/DAG%20Memo%20-%20Guidance%20Regarding%20Marijuana%20Related%20Financial%20Crimes%202%2014%2014.pdf.

[3] DOJ Guidance, p. 2.

[4] Id.; James M. Cole, “Guidance Regarding Marijuana Enforcement,” U.S. Department of Justice, August 29, 2013, available at http://www.justice.gov/iso/opa/resources/3052013829132756857467.pdf.

[5] Press release announcing FinCEN guidance, available at http://www.fincen.gov/news_room/nr/html/20140214.html.

[6] See, e.g., 21 U.S.C. § 853 (forfeiture statute related to controlled substances violations); 18 U.S.C. § 981, et seq. (forfeiture statute related to money laundering).

[7] 18 U.S.C. § 1961, et seq.

[8] 31 U.S.C. § 3729, et seq.

 

July 21, 2015 at 10:59 am Leave a comment

Think You Know Your Customer? Check Out FinCEN’s Proposed BSA Rules

The Financial Crimes Enforcement Network (FinCEN) recently proposed regulations under the Bank Secrecy Act (BSA) in an effort to combat illicit financial activity, including terrorist financing and money laundering. The proposed regulations impose additional requirements for bank’s customer due diligence programs.

Continue Reading August 11, 2014 at 10:37 am Leave a comment


Enter your email address to follow this blog and receive notifications of new posts by email.

Produced & Maintained By

Stinson Leonard Street Logo

Categories

A legal resource for Banking & Financial Services

Archives


%d bloggers like this: