Posts tagged ‘SAR’

FinCEN Issues Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime

Written by: Jennifer Salisbury

On Tuesday, October 25, the Financial Crimes Enforcement Network (“FinCEN”) issued an Advisory to explain how regulations and requirements of the Bank Secrecy Act (the “BSA”) apply to cyber-events, cyber-enabled crime, and cyber-related information.

Under the BSA, a financial institution must file a Suspicious Activity Report (a “SAR”) in the event of any successful or unsuccessful cyber-event that poses or posed at least a $5,000 risk to such institution. Further, a SAR must be filed for any cyber-event that a financial institution knows or at all suspects was intended to influence a transaction or a series of transactions at such institution.  A cyber-event is an attempt to compromise or gain unauthorized electronic access to electronic systems, services, resources, or information.  In determining whether to report any cyber-event, a financial institution should take into consideration any information it has that relates at all to the cyber-event and should aggregate any funds and/or assets that were involved or put at all at risk by the cyber-event.  FinCEN also encourages any financial institution that discovers any cyber-event that falls outside of the mandatory SAR threshold to consider voluntarily filing a SAR because the information can still provide value to law enforcement investigations.

When filing a mandatory SAR, a financial institution should include any cyber-related information available to it. FinCEN also encourages any cyber-related information be included in the filing of any voluntary SAR.  Some examples of cyber-related information are IP addresses with timestamps, virtual-wallet information, device identifiers, and cyber-event information.  Both mandatory and voluntary SARs should include complete and accurate information including, to the extent available: a description and magnitude of the event; known or suspected time, location, and characteristics or signatures of the event; indicators of compromise; relevant IP addresses and their timestamps; device identifiers; methodologies used; and any other information the financial institution believes is relevant.

In addition, financial institutions should always ensure that they comply with any other cyber-related SAR requirements that might be imposed by their respective functional regulators.

To view the full text of the FinCEN Advisory, click here.

October 28, 2016 at 4:34 pm

FinCEN Proposes Extending Anti-Money Laundering Compliance Requirements to Investment Advisers

By: Eric Mikkelson

Yesterday, the United States Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) proposed a rule that would require SEC-registered investment advisers, including private equity and hedge funds, to comply with certain anti-money laundering (AML) rules. These rules already apply to other types of financial institutions such as banks and securities broker-dealers.


With these rules, FinCEN expects investment advisers to assist it in protecting the integrity of the overall financial system by making it harder for a client “trying to move or stash dirty money,” including terrorist financers, in this multi-trillion dollar sector. FinCEN perceives that investment advisers currently provide a relatively low-risk way for such illicit money to enter the system. This proposal has been discussed for years (similar rules have previously been proposed and withdrawn), and thus was not unexpected.


The rule would require SEC-registered investment advisers to adopt and comply with tailored AML policies and file suspicious activity reports (SARs) with FinCEN as applicable. Many investment advisers have already implemented AML programs, either voluntarily or in response to an SEC-no action letter that allows broker-dealers to rely on investment advisers to perform their AML-related customer identification program obligations under certain circumstances. However, for other investment advisers, the development and implementation of a required, written AML policy and compliance with the applicable new reporting requirements could be a significant undertaking.

An AML policy should, at a minimum, (a) establish and implement policies, procedures and internal controls; (b) provide for independent testing for compliance; (c) designate a compliance officer; and (d) provide a training program. SARs would be required to be filed for transactions in excess of $5,000 which the adviser knows, or has reason to know, involve illegal or other suspicious activity.


By expanding the definition of “financial institution” pursuant to the Bank Secrecy Act (which includes the PATRIOT Act) to include SEC-registered investment advisers, FinCEN would require them to file Currency Transaction Reports (CTRs), and keep and share other fund transmittal records that currently apply to other financial firms. Investment advisers are already  generally required to file Form 8300 for the receipt of more than $10,000 in cash or negotiable instruments. The new rule would replace the Form 8300 requirement with the CTR and would apply to transfers of more than $10,000 in actual currency, which may be less burdensome for the investment adviser in the case of transactions using negotiable instruments (not currency) that were previously reportable (although depending on the context those might now need to get picked up on an SAR). Additional records requirements imposed by the new rule apply for other transmissions exceeding $3,000. Such records will be required to be shared with other financial institutions in the payment chain. Some are similar to records already kept by the advisers, but advisers would need to confirm compliance with the nuances of the new rule.


FinCEN proposes to delegate its authority to examine advisers for compliance with this new rule to the SEC. FinCEN is expected to propose additional related rules jointly with the SEC, including requirements for a customer identification program for investment advisers.

View the full text of the proposed rule changes, and FinCEN’s explanation of it.


Written public comment on the proposal will be accepted by FinCEN for a period of 60 days from the proposed rule’s publication in the Federal Register. If this rule is finalized, FinCEN is proposing that investment advisers have six months from the rule’s effective date to adopt compliant programs.

To discuss the proposed rule changes and the potential effect on your operations, please contact the attorneys listed below or your usal Stinson Leonard Street LLP attorney.

Eric Mikkelson


bio | vCard | email

John Granda


bio | vCard | email

David Jenson


bio | vCard | email

Tom Jensen


bio | vCard | email

Jack Bowling


bio | vCard | email

Vicki Westerhaus


bio | vCard | email

Steve Quinlivan


bio | vCard | email

August 28, 2015 at 5:30 am

“Legalized” Marijuana: A Banking Compliance Conundrum

Written byZane Gilmer

On July 1, 2015, Minnesota will join 23 other states and the District of Columbia as the latest jurisdiction to permit the sale of medical marijuana. Minnesota’s medical marijuana laws are much more restrictive than many of its sister states’ marijuana laws in terms of who may purchase products, the types of products that may be sold or consumed, and the number of facilities permitted to sell the products. Nevertheless, those restrictions do not eliminate the myriad of issues created by permitting the sale of marijuana, including compliance challenges for banks and other financial institutions. This article will address some of the key compliance issues that face Minnesota’s financial industry following the legalization of medical marijuana.

The “Cash-Only” Problem

Most of the major credit card companies prohibit the use of their card networks for marijuana purchases. As a result, “legalized” marijuana sales across the country are conducted largely on a cash basis. Many states that permit either medical or recreational marijuana have seen marijuana revenues soar into the millions of dollars on a weekly basis. The scenario in Minnesota will likely be no different. Financial institutions, however, have to proceed with caution in banking those marijuana proceeds.

The Bank Secrecy Act (“BSA”), for instance, requires banks to monitor money passing through their institutions for potential money-laundering activities.[1] To comply with the BSA, banks are required to a file Suspicious Activity Report (“SAR”) related to certain transactions they suspect involve potential money laundering. Because the cultivation, possession, and distribution of marijuana are illegal under the federal Controlled Substances Act, any proceeds deriving from those transactions would be proceeds of an illegal transaction. Any marijuana-related business (“MRB”) attempting to bank proceeds of marijuana sales would trigger the bank’s obligation to file a SAR. Banks that fail to file a SAR for a reportable activity face criminal and civil fines and other penalties. As a result, many banks in states where marijuana is legal have refused to offer depository services to marijuana businesses.

On February 14, 2014, in response to banks’ reluctance to accept marijuana proceeds, the Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and the Department of Justice (“DOJ”) issued separate guidance to financial institutions related to providing banking services to the marijuana industry.[2]

DOJ Guidance

The DOJ guidance makes clear that the provisions of the BSA, money-laundering statutes, and the unlicensed money remitter statute remain in effect with regard to marijuana-related conduct, despite efforts at the state level to legalize marijuana.[3] The DOJ guidance advises that its prosecutors, in determining whether to initiate an investigation or to charge an individual or institution for violation of a provision related to marijuana conduct, should focus on whether the conduct violates any of the following eight enforcement priorities:[4]

  1. Preventing the distribution of marijuana to minors;
  2. Preventing revenue from the sale of marijuana from going to criminal enterprises, gangs, and cartels;
  3. Preventing the diversion of marijuana from states where it is legal under state law to other states;
  4. Preventing state-authorized marijuana activity from serving as a pretext for trafficking other illegal drugs or other illegal activity;
  5. Preventing violence and the use of firearms in the cultivation and distribution of marijuana;
  6. Preventing drugged driving and the exacerbation of other adverse public health issues related to marijuana;
  7. Preventing the growing of marijuana on public lands and other public safety hazards associated with marijuana on public lands; and
  8. Preventing marijuana possession or use on federal property.

The guidance explains that a violation of one of these priorities may be ripe for investigation or prosecution, whereas a marijuana-related activity that does not implicate one of these priorities may not be appropriate for prosecution. Notably, however, the DOJ guidance does not guarantee that marijuana-related activities that do not implicate one of these priorities will not be prosecuted.

FinCEN Guidance

FinCEN, for its part, issued much more tangible guidance for the financial industry. Indeed, FinCEN’s stated goals in issuing its guidance were to clarify BSA “expectations for financial institutions seeking to provide services to marijuana-related businesses” and to “enhance the availability of financial services for, and the financial transparency of, marijuana-related businesses.”[5]

Development and Implementation of Thorough Customer Due Diligence Programs Required

FinCEN’s guidance provides that “the decision to open, close, or refuse any particular account or relationship should be made by each financial institution based on a number of factors specific to that institution.” To make these decisions, financial institutions are expected to develop and implement a thorough due diligence program that includes: (1) verifying with state authorities whether the MRB is licensed and registered; (2) reviewing the state application and supporting documentation submitted by the MRB to state authorities in support of its marijuana application; (3) requesting from state authorities information related to the MRB and individuals involved with it; (4) developing an understanding of the MRB’s “normal and expected activity,” including the products it sells and types of customers it serves; (5) ongoing monitoring of adverse public information concerning the MRB; (6) ongoing monitoring for any suspicious activity; and (7) updating the due diligence information on a periodic basis. The financial institution must also consider whether the MRB is in violation of one of the DOJ’s eight priorities or state law.

SARs for MRBs

If, after completing due diligence, the financial institution decides to provide services to the MRB, the financial institution must file one of two SARs: either a “Marijuana Limited” SAR—if the financial institution “reasonably believes” that the MRB is not in violation of any of the DOJ’s eight priorities or state law—or a “Marijuana Priority” SAR—if the financial institution reasonably believes that the MRB is in violation of one of the DOJ’s eight priorities or state law. In addition, the financial institution must file a “Marijuana Termination” SAR if it provides financial services to an MRB and later decides to terminate that relationship due to money-laundering concerns or if the MRB is in violation of one of the DOJ’s priorities.

To assist financial institutions in determining which SAR to file, the FinCEN guidance sets forth the following “red flags” that, if present, could mean that an MRB is violating one of the DOJ priorities or state law:

  1. An MRB appears to be using a state-licensed marijuana business as a pretext to launder money related to other criminal activity;
  2. An MRB cannot produce sufficient documentation and other evidence to demonstrate that it is duly licensed and operating in a manner consistent with state law;
  3. An MRB cannot demonstrate the legitimate source of significant outside investors;
  4. An MRB appears to be disguising its involvement in the marijuana industry;
  5. A review of publicly available information about an MRB and related parties reveals negative information;
  6. An MRB or related parties have been subject to state or local enforcement actions;
  7. An MRB engages in international or interstate activity;
  8. The owners or related parties of an MRB reside outside of the state in which the MRB is located;
  9. An MRB is located on federal property or marijuana that is sold by the business is grown on federal property;
  10. An MRB’s proximity to a school is not in compliance with state law; and
  11. An MRB purporting to be a “nonprofit” is engaged in commercial activity inconsistent with its designation as a nonprofit.

If any of these red flags exist, the financial institution must conduct further due diligence to determine whether the MRB is in compliance with the guidance.

Compliance Challenges Not Limited to Depository Accounts

In addition to the compliance challenges of providing depository services to MRBs, banks are also faced with similar issues related to extending loans to MRBs. Not only could such action be viewed as “aiding and abetting” a federal offense, but any loan proceeds and collateral securing the loan could be subject to federal forfeiture.[6] The same may also be true for loans to third parties. For example, if a bank lends money to a strip mall developer who then rents space to an MRB, the debt service paid by the borrower/landlord is likely going to be paid with at least some proceeds of marijuana sales by the borrower’s tenant, because the tenant likely used those proceeds to pay rent to the borrower. Further, banks risk litigation, including claims related to violations of the federal Racketeer Influenced and Corrupt Organizations Act [7]—for providing knowing assistance to MRBs in violation of federal drug laws—and False Claims Act lawsuits [8]—for using proceeds of federally backed loan programs to fund or assist state MRB operations that are unlawful under federal law.

In short, there are a myriad of compliance challenges facing banks in the wake of marijuana legalization. Those challenges, however, have proven manageable. The key is to develop and implement thorough policies and procedures based on DOJ and FinCEN guidance.

[1] 31 U.S.C. § 5311, et seq.; see also 18 U.S.C. §§ 1956 and 1957 (federal anti-money laundering statutes).

[2] FinCEN Guidance, “BSA Expectations Regarding Marijuana-Related Businesses,” February 14, 2014, available at; James M. Cole, “Guidance Regarding Marijuana Related Financial Crimes,” U.S. Department of Justice, February 14, 2014, available at

[3] DOJ Guidance, p. 2.

[4] Id.; James M. Cole, “Guidance Regarding Marijuana Enforcement,” U.S. Department of Justice, August 29, 2013, available at

[5] Press release announcing FinCEN guidance, available at

[6] See, e.g., 21 U.S.C. § 853 (forfeiture statute related to controlled substances violations); 18 U.S.C. § 981, et seq. (forfeiture statute related to money laundering).

[7] 18 U.S.C. § 1961, et seq.

[8] 31 U.S.C. § 3729, et seq.


July 21, 2015 at 10:59 am Leave a comment

Enter your email address to follow this blog and receive notifications of new posts by email.

Produced & Maintained By

Stinson Leonard Street Logo


A legal resource for Banking & Financial Services


%d bloggers like this: