Last week the Financial Crimes Enforcement Network (FinCEN) issued much-anticipated Frequently Asked Questions (FAQs) that provide additional guidance to financial institutions relating to the implementation of the new Customer Due Diligence Rule (CDD Rule), set to go into effect on May 11, 2018. In general, the FAQs clarify certain issues that have caused implementation challenges for financial institutions. While FinCEN’s earlier guidance provided a general overview of the CDD Rule—including the purpose of the rule, the institutions to which it is applicable, and some relevant definitions—the new FAQs provide greater detail for financial institutions seeking to comply with the CDD Rule. The FAQs are meant to assist covered financial institutions in understanding the scope of their customer due diligence (CDD) obligations, as well as the rule’s impact on their broader anti-money laundering (AML) compliance. While the guidance is helpful in clarifying some of FinCEN’s expectations, the implementation challenge lies in applying the CDD Rule to a financial institution’s specific products and services.
As financial institutions work to meet the CDD Rule’s fast-approaching May 11 compliance deadline, they should pay special attention to the following key areas summarized below. Continue reading →
Court Defers to the FDIC and the Bank Secrecy Act/Anti-Money Laundering Examination Manual in Rejecting a Rare Challenge by a Bank to an Agency-Imposed Cease-and-Desist Order
On March 12, in California Pacific Bank v. FDIC, the U.S. Court of Appeals for the Ninth Circuit refused to set aside a cease-and-desist order imposed by the Federal Deposit Insurance Corporation (the “FDIC”) on California Pacific Bank (“California Pacific”). The order requires the bank to comply with, and correct identified violations of, the Bank Secrecy Act (the “BSA”) by improving the bank’s BSA compliance program and Suspicious Activity Report (“SAR”) filing procedures. In reaching its decision, the court deferred to the Bank Secrecy Act/Anti-Money Laundering Examination Manual, which is published by the Federal Financial Institutions Examination Council (the “FFIEC Manual”), as a definitive statement of the regulatory requirements for satisfying BSA program obligations. This deference along with an agency-friendly standard of review confirm the broad discretion that the FDIC and other federal banking agencies have in determining violations of the BSA and requiring related remedial actions. Continue reading →
Since the financial crisis—and more recently in the wake of the Wells Fargo sales practices scandal and the benchmark manipulation enforcement actions—bank regulators in the United States and around the world have become increasingly focused on reforming institutional culture and pursuing other actions to mitigate employee misconduct risk. The Federal Reserve Board’s recent and unprecedented enforcement action against Wells Fargo, which we have discussed previously, is a stark demonstration of regulators’ vigorous focus on these issues. In addition to misconduct that may take place against customers, counterparties, and markets, the recent attention on sexual harassment and employee treatment has also raised questions about the capacity of companies across sectors to address misconduct that takes place within the walls of the company itself. Continue reading →
On January 12, 2018, the Supreme Court granted a writ of certiorari in Raymond J. Lucia Cos., Inc. v. SEC, No. 17 130, a case raising a key constitutional issue relating to the manner in which the U.S. Securities and Exchange Commission’s (SEC or Commission) appoints its administrative law judges (ALJs). The Court will decide “[w]hether administrative law judges of the [SEC] are Officers of the United States within the meaning of the Appointments Clause.” The answer to this question matters because if SEC ALJs are “officers,” then they should have been appointed by the Commission itself instead of hired through traditional government channels—and the Commission only exercised its ALJ appointment authority in late-2017. Although the question is limited to SEC ALJs, any decision could also impact ALJs at other agencies government-wide.
At this point, both the petitioner and the Solicitor General (SG) actually agree that ALJs are officers. In its response to the cert petition raising this issue in Lucia, the SG, in an about-face, had abandoned the SEC’s long-held defense of the manner in which it appoints its ALJs. Up until now, in an attempt to fend off an asserted constitutional defect in their AJL’s method of appointment, the SEC has argued (with SG approval) that ALJs are “mere employees” of the SEC, and not “officers.” The day after the SG dropped this position—and with no warning in its briefing—the Commission took the step to appoint the current ALJs.Continue reading →
Many constituents have a vested interest in determining a firm’s culture of compliance: regulators, investors, prospective employees, among others. Investment advisers registered with the Securities and Exchange Commission must demonstrate their compliance culture during periodic examinations by the Office of Compliance, Inspection and Examinations. Current and former SEC examination staff often state that the primary indicator of a healthy compliance culture is the “tone from the top.” There are a number of steps that a firm can take to demonstrate that top management fosters an effective compliance culture. Continue reading →
On December 20, 2017, President Trump issued a new Executive Order (EO) targeting corruption and human rights abuses around the world.
The EO implements last year’s Global Magnitsky Human Rights Accountability Act (the Global Magnitsky Act), which authorized the president to impose sanctions against human rights abusers and those who facilitate government corruption. The US Department of the Treasury’s Office of Foreign Assets Control (OFAC), which will administer the EO, also added 15 individuals and 37 entities to its Specially Designated Nationals and Blocked Persons List (SDN List). Continue reading →
Treasury’s Financial Crimes Enforcement Network (“FinCEN”) recently announced the creation of the FinCEN Exchange, a new voluntary platform to facilitate information sharing between the government and industry on topics related to anti–money laundering (“AML”) and other financial crime issues. The program represents a significant step forward on two related priority areas for FinCEN: information sharing and public-private partnerships. Continue reading →
In August 2017, the Office of Compliance Inspections and Examinations (“OCIE”) of the Securities and Exchange Commission released the results of its second Cybersecurity Initiative, which examined cybersecurity-related preparedness and implementation efforts by 75 regulated financial entities. The resulting OCIE RiskAlert depicts an industry demonstrating heightened sensitivity to cyber risks, but also experiencing gaps between policy ambition and day-to-day execution, and confronting growing pains associated with accelerated change, including the introduction of significant new policies and procedures that may lack focus or consistent implementation. While the Risk Alert directly addresses the cybersecurity procedures of broker-dealers, investment advisers, and other SEC-regulated entities, companies in all industries should consider assessing their practices with respect to the issues highlighted by the SEC. Continue reading →
The compliance infrastructure for managing financial crime risk at financial institutions is intended to be based on utilizing a risk-based, rather than rule-based, approach. A risk-based approach seeks to allocate resources commensurate with varying risk levels, reflecting the fact that financial institutions cannot eliminate all the risk of illicit activity occurring within an institution without completely shutting down all of its business. To optimize compliance, financial institutions must balance the need to provide legitimate and critical financial services and products with appropriate controls designed to mitigate the financial crime risk associated with those services and products to appropriate levels.
Where activity would violate law or regulation, the calculus is easy because the activity is simply prohibited. However, most legitimate activity will necessarily allow for some level of risk that it may be abused by criminals to facilitate illicit conduct or to exploit products and services for illicit purposes. Arriving at the right balance within this context requires an understanding of the risks, what level of controls can reasonably be put in place to mitigate that risk, and then making judgments based on an institution’s tolerance for reputational, regulatory and operational risk, about whether to engage in the activity. This last element, the exercise of judgment, must be arrived at within the framework of an institution’s risk appetite statement. Continue reading →
On May 4, 2017, the U.S. Attorney’s Office for the Southern District of New York (“SDNY”) and the Financial Crimes Enforcement Network (“FinCEN”) announced the settlement of civil claims brought under the Bank Secrecy Act (“BSA”) against the former Chief Compliance Officer of MoneyGram International, Inc. (“MoneyGram”), Thomas Haider, stemming from MoneyGram’s failure to implement and maintain an effective anti-money laundering (“AML”) program or to timely file suspicious activity reports (“SARs”). The settlement represented the resolution of the first-ever suit filed by the federal government against an individual compliance officer in the finance industry, and is likely to add fuel to increasing anxiety regarding the Department of Justice’s (“DOJ”) willingness to hold corporate executives liable for compliance failings. Continue reading →