By Brian Monroe
December 31, 2019
Quote of the Day: “We cannot solve our problems with the same thinking we used when we created them.” – Albert Einstein
In today’s briefing, FinCEN asks for comments on true burden of new beneficial ownership obligations, just as it prepares to ramp up more bank information requests in fincrime investigations, gaming association releases compliance guidance, new sanctions resource, and more.
Please enjoy this unlocked story, part of the many benefits of being an ACFCS member.
Want to talk about industry trends, story ideas or get published? Feel free to reach out to ACFCS Vice President of Content Brian Monroe at the email address above. Now, on to more sweet sweet content!
All 23,615 banks, credit unions, securities firms, and mutual funds should submit comments to FinCEN about their ACTUAL burden in complying with the beneficial ownership rule.
FinCEN’s estimate of the burden of the collection of information is 30 minutes per legal entity account, with an average of 1.5 accounts per day (that’s new customers, existing customers opening new accounts, and existing customers hitting certain triggering events), as well as 20 minutes per institution per year to “update and maintain procedures.”
There’s nothing in their estimate about the time for training, QA, audits, or exam management; and my experience is that the number of new customers or revised customer files is much higher than the FinCEN estimate.
As a point of context, when FinCEN published the Final Rule in 2016 it estimated ~10.8 million accounts per year: for some reason that estimate has dropped to 8.9 million accounts in this notice.
Monroe’s Musings: This was a huge deal when FinCEN released draft versions of the rule and even resulted in unexpected shenanigans when the bureau came out with Frequently Ask Questions (FAQs) to help the industry, but ended up causing more consternation than fostering compliance clarity.
Needless to say, banks actually creating CDD compliance programs were left to juggle seemingly conflictive formal rules and undulating guidance, raising the cost of implementing updated rules all the more.
Well, now is a time for the industry to give the bubbling, frothing and foaming vitriol an outlet, and tell FinCEN exactly how you feel so that, potentially, in this new “era of innovation,” the agency will be more receptive to feedback, constructive criticism and even, (industry waits with baited breath) some form of exemptive relief.
Treasury’s Financial Crimes Unit ramps up foreign targeting, investigations, with banks possibly fielding more agency information requests in the year ahead
U.S. financial institutions may be required to provide more customer information to the Treasury Department’s financial crimes office as it ramps up its focus on foreign money-laundering threats – potentially adding to an already weighty compliance burden.
The Treasury’s Financial Crimes Enforcement Network (FinCEN) year established a new division to oversee foreign and domestic investigations. The Global Investigations Division, created in August, was previously part of FinCEN’s enforcement office.
That FinCEN carved out the investigations unit as a stand-alone office highlights one of the agency’s key priorities in the year ahead, former officials said.
FinCEN is expected to use its targeted investigative powers more frequently, including its authority under the Patriot Act to prohibit foreign banks from opening correspondent accounts with U.S. financial institutions, lawyers say.
Other powers include the ability to request information from banks on customer transactions, and to require additional disclosures on transactions made in certain U.S. cities that FinCEN deems as risky.
One power that FinCEN may rely on more in the year ahead is what’s known as Section 311 authority, which allows the agency to impose special measures on banks, such as record-keeping or due diligence requirements – or even effectively blacklist any U.S. or large international bank from dealing with the entity.
FinCEN most recently used the authority to name Iran as a primary money-laundering concern, prohibiting the nation’s financial institutions from opening U.S. correspondent accounts.
FinCEN officials have said in speeches in recent months that they plan to put a bigger focus on using their investigative powers to spot and prevent criminal activity such as terrorist financing, human trafficking and fraud, among other areas.
The agency may use its Section 311 authority to target types of transactions and accounts that pose a money-laundering threat, Jamal El-Hindi, deputy director at FinCEN, said during a speech in October.
That is a change from its historic use of its 311 authority to target foreign banks and jurisdictions, he said.
The creation of the new global investigations division will allow FinCEN to use its information-gathering authority more frequently, Kenneth Blanco, the director of FinCEN, said in a speech this month, (via The WSJ).
Monroe’s Musings: There are many compliance takeaways in this story that have the potential to add to the burden for some institutions, particularly larger, international banks with operations in riskier parts of the world – like the Middle East, Eastern Europe and certain parts of Asia – so operations had better be prepared.
Firstly, an information request from FinCEN, if it hits your institution, and there are hits to that entity in your institution, means more than just sending the bureau a timely response.
But let’s take a quick look at some of these “information requests” and how banks should respond to them externally and, just as importantly, internally.
If the request comes via a broad Patriot Act 314(a) query, that is one level of response that comes with relatively mild internal investigative and remedial tethers. A bank can simply respond in the affirmative and await a more formal subpoena. As a precautionary measure, they bank can do a mini-lookback on the account to ensure nothing was missed.
If the request comes from a specific subpoena from a federal investigative agency that is not FinCEN tied to large accounts or to accounts linked with riskier parts of the world, that ratchets things up a bit higher.
The bank should not only respond to the request quickly and aggressively, the bank should consider doing a more thorough lookback for a longer period of time and also review any accounts, individuals or companies with strong links to the entities requested by the agency.
Now we go to the third, and most risky and exhaustive request: the more expansive and potentially more frequent information request coming straight from FinCEN.
Banks have to realize this is a request coming from the country’s financial intelligence unit that has found concrete links to a potentially large-scale financial crime case at your institution. So the institution should consider a very broad and proactive remediation and find and file on any missed suspicious activity reports (SARs), before examiners come calling.
Now, more on that. FinCEN works hand in hand with federal regulators, so it’s not a stretch that FinCEN, if they found weaknesses in the response to the information request or, the worst of all, reviews SARs by the bank and finds them weak – or doesn’t find them at all – the bank could be facing a formal enforcement action or compliance penalty.
Casino gaming association updates best practices for AML Compliance, including tips for stronger risk assessments, oversight of high rollers
The American Gaming Association (“AGA”) has released an updated Best Practices for Anti-Money Laundering (“AML”) Compliance (“Best Practices Guidance”) reflecting a heightened focus on risk assessment as well as Know Your Customer/Customer Due Diligence measures for the gaming industry.
The broad update offers key tactics to better risk assess customer categories, strengthen oversight of whale customers and details the need for stronger training covering staff in and out of dedicated compliance roles. The guidance amends the industry’s first set of comprehensive best practices for AML compliance, issued in 2014.
At the time, the best practices were well-received by the U.S. Department of Treasury’s Financial Crimes Enforcement Network (“FinCEN”).
These updated Best Practices have drawn from recent FinCEN guidance and enforcement actions, Treasury Department’s National Money Laundering Risk Assessment, and the Office of Foreign Assets Control’s updated compliance guidelines and provide detailed guidance regarding how the industry can continue to be “a leader in compliance.”
The Elements of an AML/BSA Compliance Program
At the outset, the Best Practices Guidance states that “to safeguard the integrity of the casino industry and the U.S. Financial System, casino companies have developed effective risk-based programs….”
Indeed, the Best Practices Guidance underscores the need for casinos to maintain a strong culture of compliance by allocating substantial employee time to AML compliance. This includes:
- Establishing internal controls and policies and procedures to assure ongoing compliance
- Ensuring independent testing of an AML program at a scope and frequency that matches current risk assessment
- Training personnel in, among other things, the identification of unusual financial transactions and aggregation of currency transactions
- Designating an individual responsible for assuring day-to-day AML compliance
- Providing adequate resources to compliance functions
The Best Practices Guidance further notes that casinos may find it valuable to participate in FinCEN’s voluntary information-sharing program. We focus here on a couple areas of note in the Best Practices Guidance: the Risk Assessment, Employee Training, and Know Your Customer/Customer Due Diligence Requirements.
The centerpiece of the Best Practices Guidance is the development of a robust risk assessment protocol that will tailor an effective compliance program to casino operations. It suggests casinos ask themselves the following questions:
- First, what are the entry and exit points at the casino for patron funds that may come from illicit sources?
- Second, what casino departments or employees are best positioned to detect the entry and exit of such funds?
- Third, what are characteristics of transactions that may involve illicit funds, or of patrons who are more likely to engage in suspicious activity?
- Fourth, what measures (including automation) do we have in place to mitigate these risks?
- How effective are those measures?
Ongoing and Enhanced Due Diligence for high volume patrons
Casinos should review persons against public records to determine whether they are politically exposed persons, subject to negative reports, or have a prior criminal history relevant to AML risk.
Based on such information gathering, the casino may want to obtain more information regarding the patron’s source of funds, leveraging information sharing where possible.
If based on due diligence the casino were to find that multiple SARs had been filed for a patron, negative news, or the receipt of law enforcement request for information concerning a patron, the Best Practices Guidance urges casinos to consider terminating or restricting the relationship with the patron, (via Ballad Spahr).
Introduction to Multi-National Sanctions Programs and Tax-Evasions Tactics: A resource for implementing U.S. sanctions, understanding purpose of programs
Longtime compliance professional, officer and consultant, Bachir El Nakib, has created a resource to help financial crime compliance to help better understand the depth, breadth and nuances of global sanctions programs.
Here are some snippets:
The purpose of sanctions
Sanctions are a tool of foreign policy, and aim “to coerce a change in behaviour, to constrain behaviour, or to communicate a clear political message to other countries or persons.”
The EU describes them as: “an essential tool of the EU’s Common Foreign and Security Policy … used by the EU as part of an integrated and comprehensive policy approach, involving political dialogue, complementary efforts and the use of other instruments at its disposal.”
Arms embargoes normally cover the sale, supply and transport of military goods. In EU regimes, these must be included in the EU’s Common Military List.8 Related technical and financial assistance is usually also included in the ban. The export of equipment used for internal repression, and dual-use goods (that can be used for both civil and military purposes) may also be prohibited.
Asset freezes concern funds and economic resources owned or controlled by targeted individuals or companies. Funds, such as cash, cheques, bank deposits, stocks and shares may not be accessed, moved or sold, and other tangible or intangible assets—including real estate—cannot be sold or rented.
Asset freezes also include a ban on providing resources to targeted individuals or companies. In effect, business transactions with targeted individuals or companies cannot be carried out.
Visa or travel bans
Individuals targeted by a travel ban are denied entry to the sanctioning country at its external borders. If visas are required for entering the country, they will not be granted to people subject to such restrictions on admission. EU measures do not oblige an EU Member State to refuse entry to its own nationals.
Other sectoral restrictions
Sectoral restrictions include, for example, prohibitions on certain kinds of financial transactions or certain types of trade.
To see the full page along with several insightful graphics, please visit, (via Bachir El Nakib).