- In a new statement on the compliance pitfalls of the pandemic, FinCEN issues fresh details around the deadline of key fincrime filings, potential tangles tied to a just-released stimulus package and a new COVID-19 direct contact mechanism.
- The statement is the second by FinCEN in less than a month covering the compliance aftershocks of the still-spreading coronavirus, with the first urging institutions to prepare for a surge in disaster-related frauds, hacks and cyberattacks.
- FinCEN’s alert echoes other domestic and foreign regulatory, investigative and watchdog bodies calling on banks – some that have seen AML teams scattered to the wind and laid off – to soldier on by prioritizing certain pandemic-related cases as the unofficial first line of defense against a rising tide of illicit finance.
A new statement by FinCEN related to COVID-19 issues guidelines about key fincrime compliance filing deadlines and adds clarity around potential AML tangles tied to a core piece of the just-released $2 trillion stimulus package: the Paycheck Protection Program.
By Brian Monroe
April 3, 2020
In its second statement on the compliance pitfalls of the pandemic, a top U.S. Treasury agency has issued fresh details around the deadline of key fincrime filings, potential tangles tied to a just-released stimulus package and a new COVID-19 direct contact mechanism.
The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), the country’s financial intelligence unit and arbiter of anti-money laundering rules, has provided further information to financial institutions in “response to the Coronavirus Disease 2019 (COVID-19) Pandemic,” according to a new updated notice.
To read the full notice, click here.
The notice from FinCEN, the second in less than a month, is more support and tacit guidance from yet another government agency acknowledging that the coronavirus pandemic is affecting what is in many cases the first line of defense against money laundering and other financial crimes: anti-money laundering (AML), fraud and cybersecurity officers.
The novel coronavirus, first identified in Wuhan China in December, has in recent months leapt across international borders and cemented itself in anchor points in Italy, Spain and now the jurisdiction with the most confirmed cases: The United States.
Global cases are nearing 1.1 million with more than 59,000 deaths, according to Worldometers.
The United States currently has the most COVID-19 cases in the world, more than 277,000, which is double Italy at just under 120,000 and Spain, which is nearly equal to Italy at a little more than 119,000.
Not surprisingly, as the economy founders and the pandemic takes lives and life savings, regulatory, investigative and watchdog bodies the world over have called on banks – some that have seen AML teams scattered to the wind and laid off – to soldier on by prioritizing certain cases and preparing for a surge in frauds and cyberattacks.
FinCEN is aware of this and trying to give what guidance it can.
As well, the latest missive from the bureau is also informed by the just-passed economic stimulus initiative.
The expansive $2 trillion package has tethers to AML requirements because financial institutions must typically engage in certain identity, and likely risk, verification requirements before loaning money – but the bureau is allowing banks to rely on customer information previously captured under original fincrime compliance checks.
FinCEN stated it is “committed to promoting the success of the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), including the need to facilitate expeditious disbursal of CARES Act funds,” according to the latest statement.
Taking CARE of AML, beneficial ownership requirements
FinCEN stated that it does not want banks to stumble balancing AML duties, also referred to as the Bank Secrecy Act (BSA), beneficial ownership requirements and one of the primary components of the CARES Act: the Paycheck Protection Program (PPP).
In short, under the new program, a company can take out a loan to keep or rehire workers and – if the operation is able to keep staffers employed – the loan can be turned into a grant and effectively wouldn’t have to be repaid as the bank would reimbursed by the federal government.
In what should be welcome news for banks already struggling under the weight of AML obligations, FinCEN stated that for eligible federally insured depository institutions and federally insured credit unions, PPP loans for existing customers “will not require re-verification under applicable BSA requirements, unless otherwise indicated by the institution’s risk-based approach to BSA compliance.”
In essence this means that banks won’t have to engage in a broad update of the corporate customer, including updating beneficial ownership information, a newer requirement in recent years banks have had to adopt to make it harder for criminals and corrupt oligarchs to operate behind anonymous, impenetrable ownership structures.
For non-PPP loans, FinCEN stated that certain exceptive relief to beneficial ownership requirements granted in September 2018 is still in effect, such as not having certain annual rollover products forcing a bank to re-verify all corporate customer beneficial ownership information.
To read the full 2018 ruling on exceptive relief, click here.
FinCEN is also taking a less prescriptive, and potentially draconian, view on banks encountering any vagaries or dark corners when attempting to implement the freshly-minted PPP loan program.
To the extent that renewal, modification, restructuring, or extension for existing legal entity customers falls outside of the scope of that ruling, FinCEN recognizes that a “risk-based approach taken by financial institutions may result in reasonable delays in compliance.”
FinCEN touches on fudging AML filing deadlines
Delays could be a theme for many duties under AML rules.
FinCEN “appreciates that financial institutions are taking actions to protect employees, their families, and others in response to the COVID-19 pandemic, which has created challenges in meeting certain BSA obligations, including the timing requirements for certain BSA report filings.”
To counter this, FinCEN stated it is working more closely with federal regulators and banks to better determine what risks, vulnerabilities and criminal trends are at play to help institutions better marshal their flagging resources.
One area FinCEN is pulling back is in recently updated duties around customer transaction reports (CTRs), the bank report to capture customer details for transactions of more than $10,000.
In February, FinCEN issued an administrative ruling to clarify obligations around aggregating CTRs involving sole proprietorships and legal entities operating under a “doing business as” (DBA) name.
The difficulty, however, multiplied when FinCEN also advised that when a CTR is prepared for a legal entity such as a partnership, incorporated business, or limited liability company, the aggregated CTR should contain the various headquarters and even separate locations, according to analysis by law firm Buckley.
In the ruling FinCEN stated the form should “contain, among other things, the entity’s home office or headquarters information,” according to Buckley. According to the ruling, “[w]hen multiple entity locations are involved in an aggregated CTR, a separate Part I section should be prepared for each location involved.”
“FinCEN has heard from certain financial institutions and trade associations for financial institutions about difficulties in meeting certain BSA obligations, including the timing requirements for certain BSA report filings,” the bureau stated.
In response to “concerns regarding certain timing requirements of BSA filings, FinCEN recognizes that certain regulatory timing requirements with regard to BSA filings may be challenging during the COVID-19 pandemic and that there may be some reasonable delays in compliance.”
As a result, FinCEN stated it would suspend implementation of the February 6, 2020 ruling (FIN-2020-R001) on CTR filing obligations when reporting transactions involving sole proprietorships and entities operating under a “doing business as” (DBA) name (the “2020 Ruling”) until further notice.
To read the full February administrative ruling, click here.
New FinCEN COVID-19 Online Contact Mechanism
Along with pulling back on some of the more complicated and resource-intensive areas of certain filings, FinCEN is also making it easier to contact them directly when financial institutions need more immediate assistance and have a pressing question that could open them up to regulatory scrutiny or, conversely, be of value to law enforcement.
FinCEN has created a COVID-19-specific “online contact mechanism, via a specific drop-down category, for financial institutions to communicate to FinCEN COVID-19-related concerns while adhering to their BSA obligations.”
Financial institutions that wish to communicate such COVID-19-related concerns to FinCEN must go to www.FinCEN.gov, click on “Need Assistance,” and select “COVID19” in the subject drop-down list.
Such COVID-19-related communications are “strongly encouraged but not required,” and could also be paired with a query to a bank’s federal functional regulator.
But with FinCEN and regulators also likely overwhelmed, and facing extensive delays in getting back to struggling institutions, the bureau is urging banks to be agile, creative and “innovative,” with a focus on prioritization, effectiveness and results – a callback to the December 2018 interagency joint statement on “Innovative Efforts to Combat Money Laundering and Terrorist Financing.”
FinCEN warns: Don’t skimp on AML as fraud, cyber risks soar
In its first statement on the convergence of compliance duties and challenges presented by the coronavirus on March 16, FinCEN stated it was cognizant that when global catastrophes strike, criminals, fraudsters and hackers of all stripes will try to take advantage of the turmoil to launder money or enrich their coffers.
The relatively rare communique encouraged financial institutions to “Communicate Concerns Related to the Coronavirus Disease 2019 (COVID-19) and to Remain Alert to Related Illicit Financial Activity.”
To read the first full FinCEN advisory, click here.
FinCEN stated it was advising financial institutions to “remain alert about malicious or fraudulent transactions similar to those that occur in the wake of natural disasters.”
Through an analysis of public reports and proprietary data in its AML database, FinCEN highlighted several emerging trends:
- Imposter Scams – Bad actors attempt to solicit donations, steal personal information, or distribute malware by impersonating government agencies (e.g., Centers for Disease Control and Prevention), international organizations (e.g., World Health Organization (WHO)), or healthcare organizations.
- Investment Scams – The U.S. Securities and Exchange Commission (SEC) urged investors to be wary of COVID-19-related investment scams, such as promotions that falsely claim that the products or services of publicly traded companies can prevent, detect, or cure coronavirus.
- Product Scams – The U.S. Federal Trade Commission (FTC) and U.S. Food and Drug Administration (FDA) have issued public statements and warning letters to companies selling unapproved or misbranded products that make false health claims pertaining to COVID-19. Additionally, FinCEN has received reports regarding fraudulent marketing of COVID-19-related supplies, such as certain facemasks.
- Insider Trading – FinCEN has received reports regarding suspected COVID-19-related insider trading.
This isn’t the first time FinCEN has warned the financial sector about the fraud and disaster connection.
The bureau tackled the issue originally in a 2017 “Advisory to Financial Institutions Regarding Disaster-Related Fraud,” which detailed other relevant typologies, such as benefits fraud, charities fraud, and cyber-related fraud.
For suspected suspicious transactions linked to COVID-19, along with checking the appropriate suspicious activity report-template (SAR-template) box(es) for certain typologies, FinCEN is also encouraging financial institutions to enter “COVID19” in Field 2 of the SAR-template to make it easier for law enforcement to find during dives into the AML database.
In public statements and releases from other regulators, they have taken a different tack than FinCEN, stating that banks will get support from examiners in some form of “regulatory relief,” including a longer buffer between exams and be more forgiving for late or missed regulatory filings.