Loading…

Dusting off the Congressional Version of an “Aged Shelf Company”

On April 21, 2020, the United States Senate resolvedthat the bill from the House of Representatives (H.R. 266) entitled ‘An Act making appropriations for the Department of the Interior, environment, and related agencies for the fiscal year ending September 30, 2019, and for other purposes’, do pass with the following AMENDMENT: Strike all after the enacting clause and insert …” the “Paycheck Protection Program and Health Care Enhancement Act”.

Apparently, in order to extend the Paycheck Protection Program quickly, Congress needed a bill that had been sitting around waiting to be amended and passed in a jiffy. They found it in a bill introduced by Representative Betty McCollum (D. MN. – 4th) on January 8, 2019 for appropriations for the Department of the Interior for 2019. They took that aged bill off the congressional shelf, stripped it of everything but its existence and history, and have re-purposed it for the PPP and healthcare funding for the coronavirus emergency.

What Congress found was the congressional equivalent of an aged shelf company. What is an “aged shelf company”? Apparently, a leading authority on aged shelf companies seems to be Wyoming Corporate Services Inc., which provides some top-shelf information on aged shelf companies.

https://wyomingcompany.com/aged-corporation/ has the following:

What exactly are Shelf Companies & Shell Companies? What are the differences?

A Shell company defined by Wikipedia: “A shell corporation is a company which serves as a vehicle for business transactions without itself having any significant assets or operations … Shell corporations are not in themselves illegal, and they do have legitimate business purposes.”

A Shelf company defined by Wikipedia: “A shelf corporation, shelf company, or aged corporation is a company or corporation that has had no activity.  It was created and left with no activity – metaphorically put on the “shelf” to “age”.  The company can then be sold to a person or group of persons who wish to start a company without going through all the procedures of creating a new one.”

Here at Wyoming Corporate Services, Inc. we do not offer, nor have we ever offered Shell companies, so we are not going to spend additional time discussing them.

We do offer Aged Shelf Companies.  Companies that we formed ourselves, placed up on the shelf and have maintained all the State required records and fees.  We guarantee in writing that they are all clean and pristine.  They do not have EIN#, bank accounts, trade lines, D&B credit scores.  They have never been used and this is the reason we can make such a guarantee. Visit our aged shelf companies page to browse a partial list of our current inventory.

Who uses Shelf Companies and why?

    • To save the time and effort involved in creating a new company.  Let’s say you have a real estate closing or transaction and would like to use a Corporation or LLC and need it right away.  In most cases, our shelf companies will come with a PDF copy of all your Articles the same day you order, and you can utilize them that same day. In many cases a bank account can be established for the entity the same day.
      • To have the ability to bid on contracts.  Some jurisdictions require a company to be in business for a certain length of time in order to bid or qualify for consideration.
      • Leasing equipment.  Often leasing companies don’t like to lease to companies that are less than six month old.
      • Perception in the market place that the company has a longevity.  Maybe you have been a sole proprietor for many years and now have decided to incorporate.  You don’t want to appear to new or potential customers that you “just started”, but rather have been in business for awhile.
      • Privacy.  The reality of the world we all now live in is there is very little privacy or the ability to have privacy.  We are often lead to believe that anyone seeking privacy must be “trying to hid something” or they are “doing something illegal”.   Therefore, if we have “nothing to hide” we should filet and display all of our personal and business dealings for public review, approval and consumption.  This is simply not true.  There are many legitimate, legal and varied reasons for one wishing to keep ones personal and business dealing out of the prying public eye.  Fortunately Wyoming is a State that still believes citizens can and most importantly still have a RIGHT to do so.  Wyoming still has the Old West mind set that if you want privacy, you have a right to it.

Please don’t be misled or misinformed by the current furor over the “Panama Papers” and role of shell vs shelf companies. Do your own research – there is a lot of great, informative and accurate information out there.

Apparently, Mitch McConnell uses aged shelf bills to save the time and effort involved in creating a new bill.

Wyoming Corporate Services Inc. is offering its 245 aged shelf companies for $645 for a company aged less than a month all the way to $5,895 for its oldest vintage – July 2006. And aged shelf companies created in January 2019 – like the bill introduced by Representative McCollum that Senator McConnell has dusted off – are going for $995. Mitch may have saved American taxpayers some money!

“Money Laundering/Terrorist Financing and Other Illicit Financial Activity” – a New BSA/AML Focus?

If this is, in fact, a new standard for the assessment of U.S. financial institutions’ BSA/AML compliance programs, then I believe it is a positive development.

The April 15, 2020 revision of four of the five introductory sections of the FFIEC BSA/AML Examination Manual is 43 pages long. It begins with “Scoping and Planning” a BSA/AML examination. In the just-replaced section from the 2014 Manual, the objective of scoping and planning was to “identify the bank’s BSA/AML risks”. The new objective is to “develop an understanding of the bank’s money laundering, terrorist financing (ML/TF) and other illicit financial activity risk profile.”

In fact, the phrase “money laundering, terrorist financing and other illicit financial activity risk” or “ML/TF and other illicit financial activity risk” appears fifty-three (53) times in forty-three (43) pages in this April 2020 update.

The phrase “money laundering or terrorist financing risk” appears three (3) times in the current Manual (twice in the CDD section, once in the MSB section), but the phrase “ML/TF and other illicit financial activity” appears exactly zero (0) times in 442 pages of the 2014 BSA/AML Examination Manual.[1]

It appears, then, that the regulatory agencies have replaced the term “BSA/AML risk” and “BSA/AML risk profile” with the phrase “ML/TF risk” and “ML/TF risk profile.”

What are the practical impacts, if any, with the regulators’ shift from examining a bank’s “BSA/AML risk profile” to examining a bank’s “ML/TF risk profile”?

Without guidance from the regulators, without knowing their intent, it’s impossible to say what, if any, practical difference there is.

What the regulators haven’t yet touched is the Introduction section of the Manual, which precedes the four sections they have updated. So, the 2014 Introduction remains. Among other things, the Introduction includes some discussion of money laundering and terrorist financing. At page 7:

Money Laundering and Terrorist Financing

The BSA is intended to safeguard the U.S. financial system and the financial institutions that make up that system from the abuses of financial crime, including money laundering, terrorist financing, and other illicit financial transactions.  Money laundering and terrorist financing are financial crimes with potentially devastating social and financial effects.  From the profits of the narcotics trafficker to the assets looted from government coffers by dishonest foreign officials, criminal proceeds have the power to corrupt and ultimately destabilize communities or entire economies.  Terrorist networks are able to facilitate their activities if they have financial means and access to the financial system.  In both money laundering and terrorist financing, criminals can exploit loopholes and other weaknesses in the legitimate financial system to launder criminal proceeds, finance terrorism, or conduct other illegal activities, and, ultimately, hide the actual purpose of their activity.

Banking organizations must develop, implement, and maintain effective AML programs that address the ever-changing strategies of money launderers and terrorists who attempt to gain access to the U.S. financial system.  A sound BSA/AML compliance program is critical in deterring and preventing these types of activities at, or through, banks and other financial institutions.

At page 8:

Terrorist Financing

The motivation behind terrorist financing is ideological as opposed to profit-seeking, which is generally the motivation for most crimes associated with money laundering.  Terrorism is intended to intimidate a population or to compel a government or an international organization to do or abstain from doing any specific act through the threat of violence.  An effective financial infrastructure is critical to terrorist operations.  Terrorist groups develop sources of funding that are relatively mobile to ensure that funds can be used to obtain material and other logistical items needed to commit terrorist acts.  Thus, money laundering is often a vital component of terrorist financing.

It appears, then, that the 2014 Introduction remains and provides clear direction that a sound BSA/AML compliance program is critical in deterring and preventing money laundering and terrorist financing at, or through, banks and other financial institutions. And it appears also that the 2020 updates have further emphasized the importance of focusing on ML/TF and other illicit financing activity risks as this phrase doesn’t appear at all in the old/existing Manual.

In this article I will make three observations about money laundering and terrorist financing, and all three come from a Congressional hearing that occurred almost seventeen (17) years ago – a year before the first BSA/AML Examination Manual was published – that was held by the House Financial Services Subcommittee on Oversight and Investigations. That hearing was titled “Improving Financial Oversight: A Private Sector View of Anti-Money Laundering Efforts”. It was held on May 18, 2004. The hearing transcript is available at Congressional Hearing May 2004. In full disclosure, I was one of five witnesses to appear before the Sub-Committee. The others were David Aufhauser (then a Senior Counsel, Center for Strategic and International Studies and Counsel, Williams & Connolly LLP, and previously General Counsel at the Treasury Department); John Byrne, at the time the Director of Center for Regulatory Compliance, American Bankers Association; Joe Cachey, then the Vice President, Global Compliance and Chief Compliance Officer and Counsel, Western Union Financial Services; and Steve Emerson, Executive Director, The Investigative Project.

1. From an operational point of view, money laundering and terrorist financing are different problems

“From a purely operational point of view, money laundering and terrorist financing are two, very, very different problems. Traditional money laundering prevention is a transaction-focused internally sourced issue where transactions lead to relational links. Terrorist financing prevention is very different. It is a relationship-focused, externally sourced issue where relational links lead to transactions.” – written testimony of Jim Richards, Operations Executive for Global Anti-Money Laundering, Bank of America, footnote 10 on page 13.

Seventeen years later, I wish I had taken a page from the FFIEC manual and added something about “money laundering is often a vital component of terrorist financing.” But in the immediate post-9/11 environment, most of our success in finding terrorist financing or the funding of terrorist operations came from getting names or other leads from law enforcement. That said, Sub-Committee Chairwoman Sue Kelly (D. NY) asked me “[c]an you identify any particular case in which your companies worked with law enforcement to stop the flow of funds to a terrorist group or an activity of some sort?” I replied:

“Madam Chairman, off the top of my head, I can think at least two particular cases: One prior to September 11 and one after September 11. In both cases, we identified what we thought was suspicious activity. Again, we are not required to detect money laundering or terrorist financing, we are required to detect and report suspicious activity. We did that. In both cases, we felt it was significant enough that we immediately contacted law enforcement, which we are entitled and indeed perhaps required to do if it is an ongoing, serious matter. And in this case, it was the Boston U.S. Attorney’s Office, and they immediately contacted us and sought the underlying records that were the basis of our suspicious activity reports. Subsequent news events confirmed that what we had reported was indeed tied to potential terrorist financing.”

So I actually contradicted myself: we reported what we thought was money laundering or suspicious activity, and subsequent events revealed that what we had actually reported was terrorist financing or the funding of terrorist activity. The FFIEC is correct: money laundering is often a vital component of terrorist financing.

2. Money laundering and terrorist financing should not just be viewed as problems, but as symptoms of problems

“… from the perspective of a bank’s risk officer, money laundering or terrorist financing is not a problem, but a symptom of an underlying operational or control problem.  When looked at from this perspective, the risk officer is able to look at the filing of a SAR or the activity represented in the SAR as a symptom of an underlying problem with account opening procedures, document collection and verification procedures, branch AML training, or the monitoring or surveillance functions.  Looking at money laundering or terrorist financing as a symptom rather than a problem can be an effective way to focus on and eliminate or mitigate the underlying causes.” – Written testimony of Jim Richards, page 13, footnote 10.

Seventeen years later, I wish I had written “from the perspective of a bank’s risk officer, money laundering or terrorist financing is not just a problem, but also a symptom of an underlying operational or control problem …”. Obviously, money laundering is a problem. As is terrorist financing. But the important point I was trying to make is that identifying and reporting the suspicious activity – whether related to money laundering or terrorist financing, or both – is not the end-game for the reporting financial institution. It’s equally important to take those reports – to take the problems that you’ve identified and reported – and view them as symptoms of possible problems or issues with your underlying operational controls, or policies and procedures, or training, or even auditing or independent testing, and to correct those problems. Being able to prevent money laundering or terrorist financing is the ultimate goal.

I attempted to explain this notion of symptom versus problem in answering a question from Congressman Jeb Hensarling (R. TX 5th):

Mr. Hensarling. Thank you, Madam Chair. Mr. Richards, I believe in your testimony you stated that money laundering or terrorist financing is not a problem but a symptom of a problem. Could you elaborate and explain that statement?

Mr. Richards. Yes. We believe that within the context of the total issue of operating risk, that the act of filing a suspicious activity report is not the end of your duty but indeed you take the suspicious activity reports and then you go back and look at the commonalities between them to determine whether the money laundering that you have reported or suspicious activity you are reported is caused by issues relating to account opening, failure to collect the proper identification, it might be a branch training issue where you have to train the people in the branch environment, something like that.

So that rather than looking at the end game being the filing of a suspicious activity report, you look at it as just the beginning of trying to see if there is an underlying operational issue in the bank. If you address the underlying operational issue, you may resolve the suspicious activity that is occurring in your bank. So, again, if you look at it as not a problem but a symptom, you can then drill down and see what the real underlying operational problem may be.

Mr. Hensarling. Thank you.

3. Managing money laundering and terrorist financing risks can only be done with creative, committed, and courageous professionals in the public and private sectors, working together

“The success of the financial sector’s anti-money laundering and terrorist financing prevention efforts is entirely dependent on two things: First, cooperation between and coordination by all of the parties involved: the law enforcement and intelligence communities, the regulatory community, the private sector, our trade associations, such as the ABA, and others; and, second, creative, committed professionals dedicated to this task. In my experience, Madam Chairman, the American financial sector has both.” – written testimony of Jim Richards

Just as I wish I had written “money laundering or terrorist financing is not just a problem, but also a symptom …”, seventeen years later I wish I had added “courageous” to my description of the type of professional that are dedicated to fighting money laundering, terrorist financing, and other illicit financial activity.

Since my Congressional testimony in 2004, I’ve come to realize that Winston Churchill was right when it comes to courage: “Courage is the single attribute upon which all other attributes depend”.

In an article I published in December 2018 titled “Rules-Based Monitoring, Alert-to-SAR Ratios, and False Positive Rates: Are We Having the Right Conversations?”  I wrote this about the importance of courage:

“After 20+ years in the AML/CTF field – designing, building, running, tuning, and revising programs in multiple global banks – I am convinced that rules-based interaction monitoring and customer surveillance systems, running against all of the data and information available to a financial institution, managed and tuned by innovative, creative, courageous financial crimes subject matter experts, can result in an effective, efficient, proactive program that both provides timely, actionable intelligence to law enforcement and meets and exceeds all regulatory obligations. Can cloud-based, cross-institutional, machine learning-based technologies assist in those efforts? Yes! If properly deployed and if running against all of the data and information available to a financial institution, managed and tuned by innovative, creative, courageous financial crimes subject matter experts.”

And in a March 2019 article titled “Lessons Learned as a BSA Officer 1998-2018” , one of the nine lessons I described was on the importance of courage. After quoting Winston Churchill (“Courage is the single attribute upon which all other attributes depend”), I wrote:

“After the September 2001 terrorist attacks, the 9/11 Commission was set up to look at what happened, and why. In its final report issued in 2004, they concluded that the US government’s failures could be grouped into four major categories: failure of policy, failure of capabilities, failure of management, and failure of imagination. And they concluded that the “most important failure” was a lack of imagination. I believe that all four of those failures – of policy, of capabilities, of management, and of imagination – have one thing in common. A failure of courage. What do I mean by courage? Courage to speak freely – but respectfully and fairly. Courage to walk away when your principles are compromised. Courage to change. Courage to listen. Courage to compromise.”

Finally, I apparently used the word “courage” six times in a podcast I did with the esteemed Jo Ann Barefoot in April 2018, just weeks after I retired from Wells Fargo. In the show notes, Jo Ann wrote, in part, that “executing the transformation [to digitally-enabled regulation] will take imagination, vision, wisdom and even courage, which is why I invited today’s guest to join us.  He is Jim Richards, founder of the new firm, RegTech Consulting, and I think he used the word “courage” six times, in our talk.”[2]

Conclusion

I don’t believe there are any practical differences between BSA/AML risks, on the one hand, and money laundering, terrorist financing (ML/TF) and other illicit financial activity risks, on the other hand. But if there are differences, then a greater focus on managing – and being examined on how financial institutions manage – ML/TF and other illicit financial activity risks is a positive thing.

It will take cooperation between, coordination by, and the courage of all of the parties involved in the fight against money laundering and terrorist financing: the law enforcement and intelligence communities, the regulatory communities, private sector financial institutions, fintech disrupters and vendors of financial crimes systems, trade associations, and others. In my experience, the American financial sector has what it takes to effectively manage money laundering and terrorist financing and other illicit financial activity risks.

[1] In fairness, the phrase “money laundering, terrorist financing, and other illicit financial transactions” appears in the current Introduction section (page 7).

[2] https://www.jsbarefoot.com/podcasts/2018/5/14/the-courage-to-change-former-wells-fargo-bsa-officer-jim-richards

The US BSA/AML Regime – Have We Just Gone From Aspiring to be “Effective” to Merely Being “Adequate”?

On April 15, 2020, federal and state banking agencies updated parts of the BSA/AML Examination Manual (“Manual”), a document that was first published in 2005 and has been revised and re-published four times since, with the last full edition published in November 2014. The Manual provides what and how examiners examine banks and other financial institutions (collectively, “banks”) for compliance with BSA/AML laws and regulations. Just as important, the Manual is the blueprint that allows banks to build and maintain their programs, and for bank auditors to audit those programs, with some confidence that they’re meeting regulatory requirements and their regulators’ expectations.

OCC Comptroller Otting’s statement on the release of the revisions to the Manual included the following statement:

Today, the FFIEC agencies published updates to the BSA/AML Examination Manual that represent a significant step forward in our efforts to improve how we ensure banks have effective programs to safeguard the banking system against financial crime, particularly money laundering and terrorist financing.[1](emphasis added)

Ensuring that banks have effective programs is critical. This “effectiveness” standard is how the United States itself is judged by the Financial Action Task Force, or FATF, which rates its member countries’ technical compliance with its Recommendations as well as how effective their BSA/AML regimes are in fighting financial crime.

“Effectiveness” is a hot topic in financial crimes risk management. Just last December, the Wolfsberg Group issued its statement on effectiveness.[2] The opening paragraphs of that statement are instructive:

The Wolfsberg Group – Statement on Effectiveness

Making AML/CTF Programmes more effective

The Wolfsberg Group (the Group) is an association of thirteen global banks, founded in 2000, which aims to develop frameworks and guidance for the management of financial crime risk in general, with a more recent and strategic focus on enhancing the effectiveness of global Anti-Money Laundering/Counter Terrorist Financing (AML/CTF) programmes. The topic of effectiveness has also been more widely discussed across the AML/CTF community in recent years.

In 2013, the Financial Action Task Force (FATF) determined that jurisdictions simply having reasonable legal frameworks in place for financial crime prevention was no longer sufficient.  FATF stated that “each country must enforce these measures, and ensure that the operational, law enforcement and legal components of an AML/CFT system work together effectively to deliver results: the 11 immediate outcomes.”  As a result, FATF changed the way it conducted mutual evaluations of its member states, no longer focusing solely on technical compliance with its 40 Recommendations, but also evaluating the overall effectiveness of the AML/CTF regime based on evidence that the outcomes were being achieved.

Notwithstanding FATF’s approach, Financial Institutions (FIs) still tend to be examined by national supervisors almost exclusively on the basis of technical compliance rather than focussing on the practical element of whether AML/CTF programmes are really making a difference in the fight against financial crime.  The Group believes that, in practice, there is as yet insufficient consideration of whether an FI’s AML/CTF programme is effective in achieving the overall goals of the AML/CTF regime which go beyond technical compliance. As a result, FIs devote a significant amount of resources to practices designed to maximise technical compliance, while not necessarily optimising the detection or deterrence of illicit activity.  The Group believes that jurisdictions should adopt the FATF’s focus on effective outcomes and therefore, that an FI’s AML/CTF programme should have three key elements:

    1. Comply with AML/CTF laws and regulations
    2. Provide highly useful information to relevant government agencies in defined priority areas
    3. Establish a reasonable and risk-based set of controls to mitigate the risks of an FI being used to facilitate illicit activity

The Group believes that supervisors and/or relevant government agencies should assess the effectiveness of an FI’s AML/CTF programme based on the above criteria, recognising that no two FIs are the same and each FI’s risk mitigation strategy must be tailored to meet its risk appetite.

This certainly seems in line with Comptroller Otting’s statement that these new BSA Exam Manual updates will help “ensure banks have effective programs to safeguard the banking system against financial crime”.

So if these updates are, in fact, a significant step forward to improve how the OCC ensures banks have effective BSA/AML programs, how come the OCC – and the other federal and state examiners – seem to have lowered their examination standards from assessing whether banks have effective programs, to assessing whether banks have adequate programs?

First, since I’m making a stink about the difference between effective and adequate, I’ll pause and offer some definitions. I went to one source only: Merriam-Webster. Here’s what I found:

Effective – producing a decided, decisive, or desired effect: as in an effective policy.

Adequate – sufficient for a specific need or requirement; as in adequate time. Also, good enough, or of a quality that is acceptable but not better than acceptable: as in a machine that does an adequate job[3]

These seem in line with what we expect: effective is a higher standard than adequate. Being an effective leader is better than being an adequate leader. And having an effective program is better than having an adequate program.

The FFIEC BSA/AML Examination Manual

Let’s first take a look at the language from the existing Manual, or rather the parts of the Manual that were just changed. As explained in the “Introduction” section of the 2014 Manual (which is over 440 pages long, by the way):

“… the manual is structured to allow examiners to tailor the BSA/AML examination scope and procedures to the specific risk profile of the banking organization.  The manual consists of the following sections:

    • Introduction
    • Core Examination Overview and Procedures for Assessing the BSA/AML Compliance Program
    • Core Examination Overview and Procedures for Regulatory Requirements and Related Topics
    • Expanded Examination Overview and Procedures for Consolidated and Other Types of BSA/AML Compliance Program Structures
    • Expanded Examination Overview and Procedures for Products and Services
    • Expanded Examination Overview and Procedures for Persons and Entities
    • Appendixes

The core and expanded overview sections provide narrative guidance and background information on each topic; each overview is followed by examination procedures.  The “Core Examination Overview and Procedures for Assessing the BSA/AML Compliance Program” and the “Core Examination Overview and Procedures for Regulatory Requirements and Related Topics” (core) sections serve as a platform for the BSA/AML examination and, for the most part, address legal and regulatory requirements of the BSA/AML compliance program.  The “Scoping and Planning” and the “BSA/AML Risk Assessment” sections help the examiner develop an appropriate examination plan based on the risk profile of the bank.  There may be instances where a topic is covered in both the core and expanded sections (e.g., funds transfers and foreign correspondent banking).  In such instances, the core overview and examination procedures address the BSA requirements while the expanded overview and examination procedures address the AML risks of the specific activity.

At a minimum, examiners should use the following examination procedures included within the “Core Examination Overview and Procedures for Assessing the BSA/AML Compliance Program” section of this manual to ensure that the bank has an adequate BSA/AML compliance program commensurate with its risk profile:

    • Scoping and Planning (refer to page 11)
    • BSA/AML Risk Assessment (refer to page 18)
    • BSA/AML Compliance Program (refer to page 28)
    • Developing Conclusions and Finalizing the Examination (refer to page 40)”

It is these last four bulleted sections that form the basis for all exams of banks’ BSA programs. And it is these four bulleted sections that were updated on April 15, 2020. A side-by-side comparison of the 2014 BSA Exam Manual (partial) table of contents and the April 2020 updates (complete) shows clearly what the regulators have focused on:

The regulatory agencies didn’t touch the 2014 Manual’s Introduction section. What they focused on are the sections on the four “pillars” of a BSA/AML compliance program. Where the 2014 Manual goes through each of the four pillars in a total of five pages, and then includes examination procedures for the overall compliance program at the end, the new 2020 update takes a different approach: it breaks out each of the four pillars, and has objectives and examination procedures for each. It is a more detailed and comprehensive approach.

So the 2014 Introduction section remains in place. That section uses three different adjectives in describing bank’s programs:

  • Page 1: “An effective BSA/AML compliance program requires sound risk management …”
  • Page 2: “… ensure that the bank has an adequate BSA/AML compliance program commensurate with its risk profile”
  • Page 6: “The federal banking agencies work to ensure that the organizations they supervise understand the importance of having an effective BSA/AML compliance program in place.”
  • Page 7: “Banking organizations must develop, implement, and maintain effective AML programs that address the ever-changing strategies of money launderers and terrorists who attempt to gain access to the U.S. financial system.  A sound BSA/AML compliance program is critical in deterring and preventing [money laundering, terrorist financing, and other illicit financial transactions] at, or through, banks and other financial institutions.”

In the four “pillar” sections that were updated in 2020, the words “effective” or “effectiveness” appear four times in forty-three pages. Those words appeared seventeen times in the old 2014 version.

Let’s go through those sections, with a focus on the differences in the use of the words “effective” and “adequate”.

Scoping & Planning

The 2014 “Scoping and Planning” section begins on page 11 with “The BSA/AML examination is intended to assess the effectiveness of the bank’s BSA/AML compliance program and the bank’s compliance with the regulatory requirements pertaining to the BSA, including a review of risk management practices.”

The 2020 “Scoping and Planning” section begins on page 1 with: “Examiners assess whether the bank has developed and implemented adequate processes to identify, measure, monitor, and control those risks and comply with BSA regulatory requirements.”

So the regulators have shifted from effective to adequate.

The 2014 “Scoping and Planning” section then continues with a reference to risk assessment. At page 11: “risk assessment has been given its own section to emphasize its importance in the examination process and in the bank’s design of effective risk-based controls.”

The 2020 update provides, on page 4: “The BSA/AML Risk Assessment section provides information and procedures for examiners in determining whether the bank has developed a risk assessment process that adequately identifies the ML/TF and other illicit financial activity risks within its banking operations.”

So the regulators will determine whether the risk assessment adequately identifies risks: not whether it effectively identifies risks.

The 2014 edition does use the term “adequate in a few places. At page 12 is a reference to the Examination Plan: “At a minimum, examiners should conduct the examination procedures included in the following sections of this manual to ensure that the bank has an adequate BSA/AML compliance program commensurate with its risk profile.” And in a mixed message, under the heading “Transaction Testing” is: “Examiners perform transaction testing to evaluate the adequacy of the bank’s compliance with regulatory requirements, determine the effectiveness of its policies, procedures, and processes, and evaluate suspicious activity monitoring systems.”

There’s no mixed message in the 2020 update, though. Under the heading “Risk-Focused Testing” on page 6 is: “Examiners perform testing to assess the adequacy of the bank’s BSA/AML compliance program, relative to its risk profile, and the bank’s compliance with BSA regulatory requirements.” And at page 8 is the new objective for risk-focused BSA/AML supervision examination procedures: “Determine the examination activities necessary to assess the adequacy of the bank’s BSA/AML compliance program, relative to its risk profile, and the bank’s compliance with BSA regulatory requirements.”

So again, it’s fair to say (write) that the regulators have shifted from effective/effectiveness to adequate/adequacy.

Page 34 of the 2014 Manual sets out the objectives of the exam procedures: “Assess the adequacy of the bank’s BSA/AML compliance program. Determine whether the bank has developed, administered, and maintained an effective program for compliance with the BSA and all of its implementing regulations.”

Page 18 of the 2020 update sets out the objective when assessing the BSA/AML compliance program: “Assess whether the bank has designed, implemented, and maintains an adequate BSA/AML compliance program that complies with BSA regulatory requirements.” And at page 20: the objective of “assessing the BSA/AML compliance program examination procedures” is to “[d]etermine whether the bank has designed, implemented, and maintains an adequate BSA/AML compliance program that complies with BSA regulatory requirements.”

Internal Controls

There are some interesting differences in the main section on the system of internal controls – one of the four pillars of a BSA/AML compliance program.[4]

The 2014 Manual sets out the objectives for the overall BSA/AML compliance program: “Assess the adequacy of the bank’s BSA/AML compliance program.  Determine whether the bank has developed, administered, and maintained an effective program for compliance with the BSA and all of its implementing regulations.” (page 28). The 2014 Manual then goes through each of the four pillars, and does so in five pages, then includes examination procedures for the overall compliance program. The 2020 update takes a different approach: it breaks out each of the four pillars, and has objectives and examination procedures for each.

The 2020 update doesn’t use the terms effective or adequate in the Internal Controls section. Rather, it refers to “ongoing” compliance (“[t]he board of directors, acting through senior management, is ultimately responsible for ensuring that the bank maintains a system of internal controls to assure ongoing compliance with BSA regulatory requirements.”).

Independent Testing

As to independent testing, the 2020 update includes an Objective: “Assess the adequacy of the bank’s independent testing program” (page 24). The objective of the exam procedures is to “[d]etermine whether the bank has designed, implemented, and maintains an adequate BSA/AML independent testing program for compliance with BSA regulatory requirements”. There isn’t similar language or detail in the 2014 Manual.

BSA Compliance Officer

The changes to the BSA Compliance Officer pillar are extensive. The 2020 update includes an objective: to “[c]onfirm that the bank’s board of directors has designated a qualified individual or individuals (BSA compliance officer) responsible for coordinating and monitoring day-to-day compliance with BSA regulatory requirements. Assess whether the BSA compliance officer has the appropriate authority, independence, access to resources, and competence to effectively execute all duties.” (page 29). In this section is the following: ” The board of directors is responsible for ensuring that the BSA compliance officer has appropriate authority, independence, and access to resources to administer an adequate BSA/AML compliance program based on the bank’s ML/TF and other illicit financial activity risk profile.”

The objective of the exam procedures for this pillar is to “[c]onfirm that the bank’s board of directors has designated a qualified individual or individuals (BSA compliance officer) responsible for coordinating and monitoring day-to-day compliance with BSA regulatory requirements.  Determine whether the BSA compliance officer has the appropriate authority, independence, access to resources, and competence to effectively execute all duties”.

The 2014 Manual provides that “[t]he board of directors, acting through senior management, is ultimately responsible for ensuring that the bank maintains an effective BSA/AML internal control structure, including suspicious activity monitoring and reporting.” (page 29). And at page 32: “[t]he board of directors is responsible for ensuring that the BSA compliance officer has sufficient authority and resources (monetary, physical, and personnel) to administer an effective BSA/AML compliance program based on the bank’s risk profile.”

To summarize: the 2014 Manual provided that the board is responsible for ensuring the BSA Compliance Officer has sufficient authority and resources to administer an effective program. The 2020 updates provide that the board is now responsible for ensuring the BSA Compliance Officer has appropriate authority and resources to administer an adequate program. What has not changed, though, with the 2020 update is this: “the board of directors is ultimately responsible for the bank’s BSA/AML compliance.”

Training

The standards for BSA/AML training seem to have dropped, also. The 2014 Manual provided that “[t]he training program should reinforce the importance that the board and senior management place on the bank’s compliance with the BSA and ensure that all employees understand their role in maintaining an effective BSA/AML compliance program.” (page 33).

The 2020 update provides: “The training program may be used to reinforce the importance that the board of directors and senior management place on the bank’s compliance with the BSA and that all employees understand their role in maintaining an adequate BSA/AML compliance program.” (page 32).

Conclusion

The Wolfsberg Group’s December 2019 Statement on Effectiveness ended with this:

The Group believes that jurisdictions should adopt the FATF’s focus on effective outcomes and therefore, that an FI’s AML/CTF programme should have three key elements: (1) Comply with AML/CTF laws and regulations; (2) Provide highly useful information to relevant government agencies in defined priority areas; and (3) Establish a reasonable and risk-based set of controls to mitigate the risks of an FI being used to facilitate illicit activity

The Group believes that supervisors and/or relevant government agencies should assess the effectiveness of an FI’s AML/CTF programme based on the above criteria, recognising that no two FIs are the same and each FI’s risk mitigation strategy must be tailored to meet its risk appetite.

Starting in 2005 with the first FFIEC BSA/AML Examination Manual, and continuing to the last full publication in 2014, the purpose of a BSA/AML regulatory exam was to determine whether banks had an effective BSA/AML compliance program, and the directors of those banks, who were ultimately responsible for their bank’s BSA/AML compliance, were to ensure the BSA Compliance Officer had sufficient authority and resources to administer an effective program. The 2020 update appears to have lowered those bars: going forward, the purpose of a BSA/AML regulatory exam is to determine whether banks have an adequate BSA/AML compliance program, and the directors of those banks, who remain ultimately responsible for their bank’s BSA/AML compliance, are now to ensure the BSA Compliance Officer has appropriate authority and resources to administer an adequate program.

It will be interesting to see what, if any, differences this new adequate standard will bring as regulatory examiners across America will be walking into banks and credit unions and announcing, “hello, we’re here to determine whether you have an adequate program.” That is a very different greeting, and a very different exam, and possibly a very different result, than if that examiner walked in and announced, “hello, we’re here to determine whether you have an effective BSA/AML compliance program.”

Post Script

In an article I wrote in August 2019 titled  “Lessons Learned as a BSA Officer – 1998 to 2018” one of the nine lessons was that words and punctuation matter. I wrote that one should use adjectives and adverbs sparingly, if at all:

Most modifiers are unnecessary. Whether necessary or not, as a risk professional you should be aware of both your use of adjectives and adverbs, and when reading others’ use of adjectives and adverbs. When confronted with any modifier, ask yourself (i) why is that modifier being used? (ii) is it being used correctly? (iii) does it change the meaning of the sentence in a way that is unintended? (iv) is it being used consistently with other modifiers? And (v) could it limit or prevent us in the future?

In this case the state and federal banking agencies changed the adjective “effective” to “adequate” to describe the quality of the BSA/AML program they will expect to see and will examine to. I hope that this was unintended, or else five to ten years from now, after a long-held standard of effectiveness is replaced by one of mere adequacy, we could be limited in our ability to fight financial crime.

Endnotes

[1] https://www.occ.gov/news-issuances/news-releases/2020/nr-occ-2020-55.html

[2] https://www.wolfsberg-principles.com/sites/default/files/wb/pdfs/Effectiveness%201%20pager%20Wolfsberg%20Group%202019%20FINAL_Publication.pdf

[3] https://www.merriam-webster.com/

[4] The 2014 FFIEC Exam Manual “was a collaborative effort of the federal and state banking agencies” and FinCEN (2014 Manual, page 1). The Interagency Statement accompanying the 2020 update provided “The Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and State Liaison Committee (Agencies) revised the sections in close collaboration with Treasury’s Financial Crimes Enforcement Network.” And FinCEN hasn’t (yet) issued a press release or otherwise publicly acknowledged the 2020 updates. Regardless, the agencies’ Title 12 BSA/AML compliance program includes four pillars, and FinCEN’s Title 31 BSA/AML compliance program includes five pillars.

CARES Act and PPP Loans – Has the SBA Actually “Approved” Any PPP Loans? Or Are Its Deputies Doin’ All the Approvin’?

The Small Business Administration (SBA) has announced that as of April 15th it had “approved” about 1,300,000 Paycheck Protection Program (PPP) loans for about $289 billion (that’s just over $220,000 per loan, on average). The program kicked off on April 3rd: so that’s 1,300,000 approvals in 13 days, or 100,000 approvals every day, including weekends.

That’s a marked improvement over the SBA’s 2019 daily approval rate of about 160 loan approvals every day.

In 2019 the SBA approved a total of just under 59,000 loans totaling about $30 billion. In 2020, through March 20th, the SBA approved 24,745 loans for ~$12.5 billion. According to the SBA’s last congressional report (Fiscal 2021 Congressional Justification & Fiscal 2019 Performance Report), it noted that “The time to process a 7(a) non-delegated loan greater than $350,000 decreased from 15 days to 9 days (40 percent efficiency gain) [from FY 2017] and for loans under $350,000, from 6 to 2 days (67 percent efficiency gain).” So in fiscal 2019, the SBA approved about 46,100 7(a) loans totaling $23.2 billion. Each of those took between 2 and 9 days. And based on SBA’s data, about 20% of its 7(a) loans are under $350,000, and 80% are over $350,000.

So when faced with a volume of 59,000 loans in a year, it takes the SBA about two days to process the smaller loans, and nine days to approve the bigger loans.

So how did the SBA go from approving 160 7(a) loans per day in 2019 to approving 100,000 PPP loans per day in 2020? They deputized the lenders!

The CARES Act Has Deputized PPP Lenders – They Get to Approve the Loans They Make!

Section 1102 of the CARES Act creates the PPP and sets out the “what” that needs to be done (the “how” is reserved to the regulations). Section 1102(a) amends the existing section 7(a) of the Small Business Act (15 U.S.C. 636(a)) to add the PPP provisions in subsection 36 of section 7(a). The key is paragraph (F), titled “Delegated Authority”. It provides:

“(ii) DELEGATED AUTHORITY. (I) IN GENERAL.—For purposes of making covered loans for the purposes described in clause (i), a lender approved to make loans under this subsection shall be deemed to have been delegated authority by the Administrator to make and approve covered loans, subject to the provisions of this paragraph.”

That seems pretty clear: the SBA has deputized the lenders, and its the lenders that will make AND approve PPP loans, not the SBA. Is there anything different in the Interim Final Rule, or regulations? No. In fact, the Interim Final Rule refers to lenders making PPP loans, but is silent on lenders approving loans – even the law now gives lenders delegated authority to make and approve PPP loans. The phrase “make and approve” or “making and approving” doesn’t appear in the final rule.

So when the SBA announces that it has approved 1.3 million PPP loans in the first thirteen days of the PPP, what it really means is that its deputies – the roughly 5,000 banks, credit unions, and other lenders that have signed up for the PPP – have made 1.3 million PPP loans and, through the delegation powers in the statute, approved them. But one needs to question whether those 5,000 lenders have actually approved that many PPP loans, or whether they have simply submitted the electronic paperwork to the SBA’s E-Tran system and the SBA has returned 1.3 million PPP Loan Numbers back to those lenders, and are slowly working through the underwriting requirements and approving PPP loans methodically and carefully. It’s likely the latter.

5 + 4 = 6 … Treasury’s New PPP Math Is Creating Unnecessary Confusion, & Here’s a Proposed Solution

I’ve written two articles on the CARES Act’s Paycheck Protection Program (PPP) – the $350 billion, or $350,000,000,000, pot of federal money available for the lucky few hundred thousand or so of the roughly thirty million American small businesses that can navigate the labyrinth of regulatory requirements to apply for and be approved to get a loan that is intended to cover their payroll for 8 weeks or so. See The CARES Act and the PPP – We Know A Surge of Fraud is Coming

On April 13th the Treasury Department issued some guidance intended to clarify how the PPP lenders – mostly banks and credit unions – can satisfy some of their regulatory requirements around identifying the beneficial owners of the small businesses they’ll be lending to. In some of the more creative math I’ve seen in a while, they were somehow able to take the 5 things required under one set of regulations, combine them with the 4 things required under another set of regulations, and come up with 6 things. Instead of speeding up the delivery of the much-needed assistance to small businesses across America, their math may have the opposite effect.

Title 15 Small Business Administration (SBA) requirements

On April 2nd the SBA rolled out its requirements. Among other things, the two-page Borrower Form requires the “authorized representative” of the small business to certify a number of things, notably (for purposes of this labyrinth) five pieces of information – name, SSN/TIN, Address, Title, and Ownership Percentage – of up to five people that own 20 percent or more of the small business. And, according to the Interim Final Rule published on April 2nd, the lender (bank or credit union) can rely on that certification. And the authorized representative has to provide their name, title, and a signature.

So to summarize – for Title 15 SBA purposes, the borrower’s authorized representative needs to certify five pieces of information on as many as five legal owners of the borrower, and the bank lender can rely on that certification.

Title 31 Bank Secrecy Act (BSA) requirements

In May 2018 the federal anti-money laundering regulations were changed to add a requirement that financial institutions collect and verify “beneficial ownership” information of legal entity customers. Beneficial ownership was made up of what is called the “ownership prong” – a natural person owning twenty-five percent or more of the legal entity – and the “control prong” – one person who controlled the legal entity. The regulation also provided a Beneficial Ownership Certification form. The result was that the person opening the account had to certify a number of things, notably (for purposes of this labyrinth) four pieces of information – name, SSN/TIN, address, and Date of Birth (DOB) – of up to five people: up to four that own twenty-five percent or more of the legal entity and the single “control” person. According to the regulation, the bank can rely on that certification ““provided that it has no knowledge of facts that would reasonably call into question the reliability of such information.” And the account opener has to provide their name, title, and a signature. And the bank is required to verify that beneficial ownership information: not that the persons are the beneficial owners, because that can’t reasonably be done, but that the persons are … persons. And that verification needs to be done within a reasonable time after the account is opened.

And there are some complications in the BSA rule around existing customers opening new accounts, and whether the bank can rely on existing beneficial ownership information or not. Essentially, a bank needs to document whether and when and how it will it can rely on existing information, and that documentation is part of what is known as its “risk-based BSA compliance program”.

So to summarize – for Title 31 BSA purposes, the legal entity’s account opener needs to certify four pieces of information on as many as four legal owners and one control person, and the bank can rely on that certification unless it knows of something that calls into question the reliability of the information, and the bank needs to verify that the persons are, in fact, persons.

Title 31 BSA requirements for Title 15 SBA PPP Loans

On April 13 Treasury and the SBA revised previously published FAQs to add a question and answer relating to how the Title 31 BSA requirements relating to collection (and verification) of beneficial ownership information would be applied to the Title 15 SBA PPP loans. And FinCEN issued, for the first time, the same question and answer. These are summarized below:

Treasury FAQ:  Does the information lenders are required to collect from PPP applicants regarding every owner who has a 20% or greater ownership stake in the applicant business (i.e., owner name, title, ownership %, TIN, and address) satisfy a lender’s obligation to collect beneficial ownership information (which has a 25% ownership threshold) under the BSA?

Existing customers:  if the PPP loan is being made to an existing customer and the lender previously verified the necessary information, the lender does not need to re-verify the information.  Furthermore, if federally insured banks and credit unions have not yet collected such beneficial ownership information on existing customers, such institutions do not need to collect and verify beneficial ownership information for those customers applying for new PPP loans, unless otherwise indicated by the lender’s risk-based approach to BSA compliance.

New customers: the lender’s collection of SIX THINGS – owner name, title, ownership %, TIN, address, and date of birth – from as many as 5 natural persons with a 20% or greater ownership stake in the applicant business will be deemed to satisfy applicable BSA requirements and FinCEN regulations governing the collection of beneficial ownership information. Decisions regarding further verification of beneficial ownership information collected from new customers should be made pursuant to the lender’s risk-based approach to BSA compliance.

Leaving aside (for the moment) the vexing issue of what a bank’s risk-based BSA compliance program requires it to do for existing high risk customers applying for PPP loans, the most elaborate labyrinth the government has created is for new customers. For these new-to-the-lender customers, there appears to be a trade-off. Purely for SBA purposes, PPP lenders need to collect but perhaps not verify SIX things – the name, TIN, DOB, address, title, and ownership percentage – one of which (DOB) isn’t on the PPP Form, for up to 5 natural persons as legal owners. The April 13th guidance doesn’t say anything about the BSA “control” person – nor does it say whether the SBA Authorized Representative can be that control person. And because a lender’s risk-based BSA compliance program requires it to verify beneficial owners, the PPP lender still needs to verify that the Beneficial Owners are, in fact, human beings … not that they are, in fact, the Beneficial Owners of the Applicant Borrower. Also, for both the BSA’s “person opening the account” and the SBA’s “Authorized Representative”, the financial institution must collect the person’s name, title, and signature.

A Possible Solution to Treasury’s Math Problem

The likelihood of rampant money laundering through PPP loans is pretty slim. The likelihood of fraud, though, is 100%. How much fraud is dependent on a lot of factors, but banks are adept at lending money and keeping fraud rates down. In normal times. These are not normal times. But everyone involved in this effort wants to get the $350,000,000,000 into the hands of deserving American small businesses as soon as possible, knowing that there will be some abuses, frauds, mistakes, corruption, laziness, willful blindness, etc., etc. in the process.

But making the lenders collect six pieces of information on the owners of small businesses when neither of the applicable regulatory regimes require them to collect more than five seems to add a layer of unnecessary complexity and can only slow down the lending process.

Having to collect 5 pieces of information (but not DOB) from as many as five legal owners for SBA purposes, and to collect four pieces of information (including DOB) from as many as four legal owners AND one control person for BSA purposes, and now to have to collect SIX pieces of information (including DOB) from five persons for SBA/BSA purposes creates confusion. Treasury needs to take its own risk-based approach: satisfy SBA requirements today, BSA requirements before you forgive the loan.

So here’s my suggestion to Treasury (and the regulatory agencies): PPP lenders can rely on the certifications in the Form 2483 PPP Borrower form. Those lenders can satisfy their BSA-related beneficial ownership requirements by the earlier of (i) September 30, 2020, or (ii) before the PPP loan is forgiven. In other words, focus on the PPP borrowers and requirements today, and worry about the BSA requirements later this summer. Full stop.

CARES Act PPP Loans – Is There A Loan “Dead Zone”?

The Coronavirus Aid, Relief, and Economic Security Act (CARES Act) was signed into law by the President on March 27, 2020. It is a stunning piece of legislation meant to support our first responders and medical personnel treating those that are stricken, and to provide emergency economic relief to individuals, small businesses, and even large corporations that have been so adversely impacted by the pandemic.

The ink was barely dry on the CARES Act (enacted March 27th), which created the $349 billion Small Business Administration’s Paycheck Protection Program loan program, when the Interim Final Rules were published (April 3rd). Those PPP loans will be doled out by qualified lenders to qualified Applicants, in increments of up to $10 million per Applicant (limit of one per Applicant). Those loans will bear interest at 1% per year, with interest and principle payments deferred for six months and – here’s the best part – the Government will forgive “qualifying” loans.

As of 7:00 am PST on April 7th, there were about 1,800 lenders that had previously been approved, and another 600 or so that have only recently been approved, to act as SBA PPP lenders. How will they be compensated?

According to the Treasury Department’s Treasury PPP Fact Sheet there is a simple fee schedule:

The SBA – not the small business borrower – will pay the lender a processing fee based on the balance of the financing outstanding at the time of final disbursement in the following amounts:

  • five percent for loans of not more than $350,000;
  • three percent for loans of more than $350,000 and less than $2,000,000; and
  • one percent for loans of at least $2,000,000

(see 15 USC s. 636(a)(36)(P)).

And the SBA Interim Final Rule has similar language to the Treasury Fact Sheet. At page 24 of the  Interim Final Rule is this:

What fees will lenders be paid? SBA will pay lenders fees for processing PPP loans in the following amounts:

i. Five (5) percent for loans of not more than $350,000;

ii. Three (3) percent for loans of more than $350,000 and less than $2,000,000; and

iii. One (1) percent for loans of at least $2,000,000.

So this appears to be pretty simple: a loan up to $350,000 gets the lender a fee of 5% of the amount of the loan. A loan of more than $350,000 and less than $2,000,000 gets the lender a fee of 3%. And a loan of $2,000,000 or more gets the lender a fee of 1%.

Was that the intent?

So a PPP loan of, say, $350,000 gets the lender a fee of $17,500 (at 5%) and a loan of, say, $400,000 gets the lender a fee of $12,000 (at 3%)? Or did Treasury intend that a loan of, say, $500,000, would get the lender a fee of 5% on the first $350,000 and 3% on the next $150,000? Or for loans of, say, $4,000,000, the lender would get a fee of 5% on the first $350,000, 3% on the next $1,650,000, and 1% on the balance? If that was the intent, why didn’t Treasury write something like it had in 13 CFR §120.220, but for PPP loans:

  • for loans up to $350,000, five percent of the loan amount;
  • for loans from $350,000 up to $2,000,000, $17,500 on the first $350,000 and 3% on the balance of the loan amount; and
  • for loans of $2,000,000 up to $10,000,000 (the maximum PPP loan), $60,000 on the first $2,000,000 and 1% on the balance of the loan amount

I did some calculations, and something interesting occurs. We get a range of loans where a lender will make less in fees even when lending out more money. Here’s what it looks like: for loan amounts up to $350,000, the lender gets a fee that goes up to $17,500. But for a loan just over $350,000 – and in this example I went up $25,000 – the lender makes over $6,000 less in fees. As can be seen, there is a “Dead Zone” of PPP loans between $350,000 and $600,000 where the lender makes less in fees than if it loaned $350,000 or less. And the PPP Loan Dead Zone is even broader for Agents: that zone extends from $350,000 to $700,000.

(there is also an Agent fee that follows the same ranges as the lender fee, only in amounts of 1%, 0.5%, and 0.25%).

And a similar PPP Loan Dead Zone occurs at the next step-drop in fees – for loans of $2,000,000 or more, the lender fee is 1%. So a lender will make less on a $6,000,000 PPP loan than it would make on a $1,950,000 loan. The high dollar PPP Loan Dead Zone for Agents is $2,000,000 to $4,000,000.

Could this fee structure create some misaligned incentives for lenders? Could a lender somehow “encourage” those $575,000 loans to become $650,000 loans, even if the borrower has only applied for $575,000? Could a lender process a $350,000 loan – with a $17,500 fee – before it processes a $400,000 loan – with a $12,000 fee?

So where does that leave us? As I wrote in my last article, nobody knows. As Yogi Berra once said,

It’s tough to make predictions, especially about the future.

So how can Treasury eliminate the PPP Loan Dead Zone?

Treasury can change the fee structure to something like this:

  • for loans up to $350,000, five percent of the loan amount;
  • for loans from $350,000 up to $2,000,000, $17,500 on the first $350,000 and 3% on the balance of the loan amount; and
  • for loans of $2,000,000 up to $10,000,000 (the maximum PPP loan), $60,000 on the first $2,000,000 and 1% on the balance of the loan amount

With that, there are no PPP Loan Dead Zones … the larger the loan, the greater the fee. Fair enough, let’s get these loans processed!

The CARES Act and the Paycheck Protection Program – We Know A Surge of Fraud is Coming, Let’s Prevent it Now

SBA’s disaster loan programs suffer increased vulnerability to fraud and unnecessary losses when loan transactions are expedited to provide quick relief and sufficient controls are not in place. The expected increase in loan volume and amounts, and expedited processing timeframes will place additional stress on existing controls. – SBA Inspector General White Paper, “Risk Awareness and Lessons Learned from Audits and Inspections of Economic Injury Disaster Loans and Other Disaster Lending”. April 3, 2020

This article has been updated from its original publication date of April 6, 2020.

The Coronavirus Aid, Relief, and Economic Security Act (CARES Act) was signed into law by the President on March 27, 2020. It is a stunning piece of legislation meant to support our first responders and medical personnel treating those that are stricken, and to provide emergency economic relief to individuals, small businesses, and even large corporations that have been so adversely impacted by the pandemic.

The ink was barely dry on the CARES Act (enacted March 27th), which created the $349 billion Small Business Administration’s Paycheck Protection Program loan program, when the Interim Final Rules were published on various government websites (April 3rd, with publication in the Federal Register scheduled for April 15th). Those PPP loans will be doled out by qualified lenders to qualified Applicants, in increments of up to $10 million per Applicant based on the Applicant’s monthly payroll (essentially 2.5 times the monthly payroll, with some exceptions and limitations), with a limit of one PPP loan per Applicant. Those loans will bear interest at 1% per year, with interest and principle payments deferred for six months and – here’s the best part – the Government will forgive “qualifying” loans.

As soon as the program launched, two things happened. First, thousands of new lenders applied to be PPP lenders – from a pre-PPP of about 1,800 qualified lenders to over 4,000 qualified lenders in a matter of days. Second, many of the qualified lenders were inundated with applications. One of the lenders, Wells Fargo, publicly stated that it had max’ed out its funding capacity ($10 billion) to lend under this new PPP loan program: Wells Fargo was only able to extend its participation after the Federal Reserve relaxed some terms of an asset cap order it had imposed back in February 2020. Bank of America reported that it received 177,000 applications in the first two days seeking $32.6 billion in PPP loans. One week into the program, the SBA apparently had “approved” (more on that later) over 660,000 applications from 4,300 qualified lenders for loans of more than $168 billion. And yet the rules are not yet fully understood, and new guidance is coming out daily.

In 2006 I wrote about the dilemma facing BSA/AML programs:

We’ll be judged tomorrow on what we’re doing today, under standards and expectations that haven’t yet been set, based on best practices that haven’t been shared.

This lament has never been more applicable than it is today with these SBA PPP loans and the BSA obligations that follow.

As I read the Interim Final Rules – the 13 CFR Part 120 IFRs around eligibility generally as well as the 13 CFR Part 121 IFRs around affiliates and the common management standard – it LOOKS like lenders can rely on the documents submitted and certifications given by the borrower and its authorized representative in order to determine eligibility of the borrower, use of the loan proceeds, loan amount, and eligibility for forgiveness … but lenders “must comply with the applicable lender obligations set forth in this interim final rule”.

Here is some of the guidance set out in the Interim Final Rule:

At page 5: “SBA will allow lenders to rely on certifications of the borrower in order to determine eligibility of the borrower and use of loan proceeds and to rely on specified documents provided by the borrower to determine qualifying loan amount and eligibility for loan forgiveness. Lenders must comply with the applicable lender obligations set forth in this interim final rule, but will be held harmless for borrowers’ failure to comply with program criteria; remedies for borrower violations or fraud are separately addressed in this interim final rule.”

That is positive. The Interim Final Rule then poses a question, “What do lenders need to know and do?” then answers it in three sections, each posing a question:

a. Who is eligible to make PPP loans?

b. What do lenders have to do in terms of loan underwriting?

c. Can lenders rely on borrower’s documentation for loan forgiveness?

In response to the second question – what do lender have to do in terms of loan underwriting – the SBA provides the following answer (at pages 21-23 of the Interim Final Rule):

“Each lender shall:

i. Confirm receipt of borrower certifications contained in Paycheck Protection Program Application form issued by the Administration;

ii. Confirm receipt of information demonstrating that a borrower had employees for whom the borrower paid salaries and payroll taxes on or around February 15, 2020;

iii. Confirm the dollar amount of average monthly payroll costs for the preceding calendar year by reviewing the payroll documentation submitted with the borrower’s application; and

iv. Follow applicable BSA requirements:

I. Federally insured depository institutions and federally insured credit unions should continue to follow their existing BSA protocols when making PPP loans to either new or existing customers who are eligible borrowers under the PPP. PPP loans for existing customers will not require reverification under applicable BSA requirements, unless otherwise indicated by the institution’s risk-based approach to BSA compliance.

II. Entities that are not presently subject to the requirements of the BSA, should, prior to engaging in PPP lending activities, including making PPP loans to either new or existing customers who are eligible borrowers under the PPP, establish an anti-money laundering (AML) compliance program equivalent to that of a comparable federally regulated institution. Depending upon the comparable federally regulated institution, such a program may include a customer identification program (CIP), which includes identifying and verifying their PPP borrowers’ identities (including e.g., date of birth, address, and taxpayer identification number), and, if that PPP borrower is a company, following any applicable beneficial ownership information collection requirements. Alternatively, if available, entities may rely on the CIP of a federally insured depository institution or federally insured credit union with an established CIP as part of its AML program. In either instance, entities should also understand the nature and purpose of their PPP customer relationships to develop customer risk profiles. Such entities will also generally have to identify and report certain suspicious activity to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). If such entities have questions with regard to meeting these requirements, they should contact the FinCEN Regulatory Support Section at FRC@fincen.gov. In addition, FinCEN has created a COVID-19-specific contact channel, via a specific drop-down category, for entities to communicate to FinCEN COVID-19-related concerns while adhering to their BSA obligations. Entities that wish to communicate such COVID-19-related concerns to FinCEN should go to www.FinCEN.gov, click on “Need Assistance,” and select “COVID19” in the subject drop-down list.

Each lender’s underwriting obligation under the PPP is limited to the items above and reviewing the “Paycheck Protection Application Form.” Borrowers must submit such documentation as is necessary to establish eligibility such as payroll processor records, payroll tax filings, or Form 1099-MISC, or income and expenses from a sole proprietorship. For borrowers that do not have any such documentation, the borrower must provide other supporting documentation, such as bank records, sufficient to demonstrate the qualifying payroll amount.

So it looks like the obligations include some detailed BSA-related customer due diligence requirements, citing an April 3rd FinCEN press release on risk-based approaches to BSA.

The new (as of April 2nd) Form 2483 PPP Borrower Application has a lot of detail on 20% or more owners as well as whether entities are “Affiliates” based on the Common Management Standard … so can lenders rely on the borrowers’ certifications contained in these forms absolutely, no matter how patently false or incomplete? Probably not. There must be an implied level of due diligence, as there is with beneficial ownership information.

So it looks like risk-based BSA/AML customer due diligence will trump otherwise willfully blind reliance on patently false certifications, and when the PPP lending storm is over and the tide is out two years from now, the SBA will be holding lenders to account for fraudulent applications, dubious certifications, and sloppy underwriting.

The opportunities for PPP-related fraud are off-the-charts.

Every fraudster on the planet knows that the US Government just created a $350 billion pot of money that needs to be lent out in the next 90 days based on eligibility determined by the “certifications” the borrowers will submit. Even if deliberate fraud (fraudulent or fake borrowers created by professional fraudsters) and opportunity fraud (legitimate small businesses that deliberately “fudge” a few facts in order to qualify for a loan or even inadvertently misstate a few facts) amounts to only 1% of this pot of money, that is $3.5 billion, or enough to pay the promised $1,200 to 3 million Americans.[1]

Even if banks can process hundreds of thousands of PPP loans, can the SBA approve them?

This is a trick question, written to make a point. And that point is that it doesn’t look like the SBA will be “approving” these PPP loans like they did (and continue to do) for “regular” 7(a) loans. In 2019 the Small Business Administration approved a total of just under 59,000 loans totaling about $30 billion. In 2020, through March 20th, the SBA approved 24,745 loans for ~$12.5 billion. According to the SBA’s last congressional report (Fiscal 2021 Congressional Justification & Fiscal 2019 Performance Report), it noted that “The time to process a 7(a) non-delegated loan greater than $350,000 decreased from 15 days to 9 days (40 percent efficiency gain) [from FY 2017] and for loans under $350,000, from 6 to 2 days (67 percent efficiency gain).” So in fiscal 2019, the SBA approved about 46,100 7(a) loans totaling $23.2 billion. Each of those took between 2 and 9 days.

There will be hundreds of thousands of SBA PPP loans written in the next 90 days for as much as $349 billion – over 660,000 loans in the first week for almost $170 billion. But the SBA isn’t approving these; it is simply acknowledging that it received the necessary borrower and lender forms and sending the lender back a Loan Number. With that, the lender then processes, underwrites, and disburses the loan proceeds.

SBA’s E-Tran System Has Been Glitchy … and according to the SBA’s most recent report to Congress, it had 4,191 employees in 2019 but only 3,274 in 2020.

The SBA’s E-Tran system is its electronic loan processing system that allows approved lenders to submit loan information and documentation. Lenders upload the information and documentation and provide a certification (more on that later) and the SBA returns a loan number. With that, the lender has the delegated authority to fund the loan.

And my guess is that the first PPP loans to go to the SBA will be from existing (experienced) lenders lending to their current (experienced) borrowers … to be followed by experienced lenders lending to new (inexperienced) borrowers … to be followed by those new (inexperienced) lenders the SBA is currently approving who will likely lend to new (inexperienced) borrowers. Inexperience + Inexperience = Opportunities for Fraud. So expect the fraudsters to migrate to the inexperienced borrowers.

What will the bank lenders need to do to meet their BSA obligations?

It’s too early to know. The SBA requirements for beneficial owners seem to require 20% or more legal ownership (so up to five persons with legal ownership) and a stunningly complex “control” disclosure requirement set out in 13 CFR Part 121. But, it looks like the SBA is going to allow lenders to rely on the certifications of their borrowers. For SBA purposes. Those lenders still must comply with their BSA requirements.

So the SBA lenders will have information on up to five owners and, perhaps, on some affiliated persons under the SBA’s “common management standard”. The BSA requirements for beneficial owners seem simple in comparison: 25% or more legal ownership (so up to four persons with legal ownership) and a simple “control prong” of one person set out in 31 CFR Part X.

And where SBA expectations or guidance is still to be provided, BSA regulatory expectations have been set with FinCEN’s Ruling (in FIN-2018-R004). That Ruling carves out an exemption from the beneficial ownership rule so that banks – in this case lenders – do not need to re-verify beneficial ownership information for extensions of loans that do not require underwriting review and approval. Based on that Ruling, the exemption does not appear to apply to these PPP loans, as they are, by definition, underwritten. So even though FinCEN’s unofficial press release from April 2nd – it wasn’t formal Guidance or a Ruling – says that PPP loans for existing customers will not require re-verification under applicable BSA requirements, that is qualified by “unless otherwise indicated by the institution’s risk-based approach to BSA compliance.” That risk-based approach should have followed the FIN-2008-R004 Ruling that exempted renewals of loans that didn’t require underwriting.

So where does that leave us? Nobody knows. As Yogi Berra once said,

It’s tough to make predictions, especially about the future.

Three things I will predict with certainty, though. First, we will get new guidance, advisories, press releases, and rulings to come from the SBA and from multiple agencies that oversee the BSA, probably on a daily basis (as I was writing this, the Federal Reserve issued a press release that it will establish a facility to facilitate lending to small businesses via the Small Business Administration’s Paycheck Protection Program (PPP) by providing term financing backed by PPP loans). Second, fraudsters are going to exploit the Paycheck Protection Program. And third, we’ll manage through this and come out stronger and better for it.

Back in January and early February, we failed to recognize that the then-nascent COVID-19 epidemic raging through Asia would, by mid-February, become a full-blown pandemic that would ravage the planet. Comparing the inevitable fraud that will emerge from the Paycheck Protection Program to the coronavirus pandemic is ridiculous, but we can learn from our pandemic planning and take the steps now to prevent, detect, and mitigate the fraud that will accompany the PPP.

Late Tuesday evening, April 6, the Treasury Department published FAQs on the PPP program. Treasury PPP FAQs April 6, 2020. The 18th and last Q/A was the following:

18. Question: Are PPP loans for existing customers considered new accounts for FinCEN Rule CDD purposes? Are lenders required to collect, certify, or verify beneficial ownership information in accordance with the rule requirements for existing customers?

Answer: If the PPP loan is being made to an existing customer and the necessary information was previously verified, you do not need to re-verify the information. Furthermore, if federally insured depository institutions and federally insured credit unions eligible to participate in the PPP program have not yet collected beneficial ownership information on  existing customers, such institutions do not need to collect and verify beneficial ownership information for those customers applying for new PPP loans, unless otherwise indicated by the lender’s risk-based approach to BSA compliance.

Parsing this answer out, Treasury is giving guidance only on PPP loans for existing customers: existing customers with verified beneficial ownership information, and existing customers without verified beneficial ownership information … unless otherwise indicated by the lender’s BSA policies and procedures. There is nothing about PPP loans for new customers.

What has FinCEN said about the PPP loans? In an April 3rd press release  FinCEN wrote:

Compliance with BSA Obligations – Compliance with the Bank Secrecy Act (BSA) remains crucial to protecting our national security by combating money laundering and related crimes, including terrorism and its financing.  FinCEN expects financial institutions to continue following a risk-based approach, and to diligently adhere to their BSA obligations.  FinCEN also appreciates that financial institutions are taking actions to protect employees, their families, and others in response to the COVID-19 pandemic, which has created challenges in meeting certain BSA obligations, including the timing requirements for certain BSA report filings.  FinCEN will continue outreach to regulatory partners and financial institutions to ensure risk-based compliance with the BSA, and FinCEN will issue additional new information as appropriate.

Beneficial Ownership Information Collection Requirements for Existing Customers – One of the primary components of the CARES Act is the Paycheck Protection Program (PPP).  For eligible federally insured depository institutions and federally insured credit unions, PPP loans for existing customers will not require re-verification under applicable BSA requirements, unless otherwise indicated by the institution’s risk-based approach to BSA compliance.

For non-PPP loans, FinCEN reminds financial institutions of FinCEN’s September 7, 2018 ruling (FIN-2018-R004) offering certain exceptive relief to beneficial ownership requirements.  To the extent that renewal, modification, restructuring, or extension for existing legal entity customers falls outside of the scope of that ruling, FinCEN recognizes that a risk-based approach taken by financial institutions may result in reasonable delays in compliance.

FinCEN will continue to assess reasonable risk-based approaches to BSA obligations and will issue further information, as appropriate, particularly as the CARES Act is implemented.

April 13 FAQs Provide More Guidance

The 25th and last question in the April 13 FAQs provides some clearer guidance on the beneficial ownership issue:

25. Question: Does the information lenders are required to collect from PPP applicants regarding every owner who has a 20% or greater ownership stake in the applicant business (i.e., owner name, title, ownership %, TIN, and address) satisfy a lender’s obligation to collect beneficial ownership information (which has a 25% ownership threshold) under the Bank Secrecy Act?

Answer: For lenders with existing customers: With respect to collecting beneficial ownership information for owners holding a 20% or greater ownership interest, if the PPP loan is being made to an existing customer and the lender previously verified the necessary information, the lender does not need to re-verify the information. Furthermore, if federally insured depository institutions and federally insured credit unions eligible to participate in the PPP program have not yet collected such beneficial ownership information on existing customers, such institutions do not need to collect and verify beneficial ownership information for those customers applying for new PPP loans, unless otherwise indicated by the lender’s risk-based approach to Bank Secrecy Act (BSA) compliance.

For lenders with new customers: For new customers, the lender’s collection of the following information from all natural persons with a 20% or greater ownership stake in the applicant business will be deemed to satisfy applicable BSA requirements and FinCEN regulations governing the collection of beneficial ownership information: owner name, title, ownership %, TIN, address, and date of birth. If any ownership interest of 20% or greater in the applicant business belongs to a business or other legal entity, lenders will need to collect appropriate beneficial ownership information for that entity. If you have questions about requirements related to beneficial ownership, go to FinCEN Resources Link . Decisions regarding further verification of beneficial ownership information collected from new customers should be made pursuant to the lender’s risk-based approach to BSA compliance.

So where does that leave us?

According to the SBA’s March 20th weekly update, roughly 13% of the 21,106 7(a) loans it has approved in 2020 are categorized as “change of ownership”. So beneficial ownership is a dynamic attribute that needs to be managed. Below are my thoughts on where we are at 8:20 a.m. PST on April 7, 2020:

  1. Compliance with the Bank Secrecy Act (BSA) remains crucial. FinCEN expects financial institutions to diligently adhere to their BSA obligations. Not to adhere to BSA obligations, to diligently adhere.
  2. PPP loans for existing customers will not require re-verification (if you’ve already verified them) or verification (if you haven’t previously verified beneficial ownership), unless otherwise indicated by your risk-based approach to BSA compliance. So for your higher- and high-risk customers applying for PPP loans, whether previously verified or not, re-verify beneficial ownership. Be diligent about those “cash intensive” businesses that you likely have characterized as higher- or high-risk.
  3. As to new customers, there appears to be a trade-off of sorts. For Title 31 BSA purposes, non-PPP lenders need to collect and verify the name, TIN, address, and DOB of up to four legal owners and one control person. For Title 13 SBA purposes, PPP lenders need to collect but perhaps not verify the name, TIN, address, DOB, title, and ownership percentage of up to four legal owners. The April 13th guidance doesn’t say anything about the BSA control person and whether the SBA Authorized Representative would or could be that control person.
  4. In answering the question “can lenders rely on borrower’s documentation for loan forgiveness?” the Interim Final Rule – again, published by the SBA and Treasury – provides, “Yes. The lender does not need to conduct any verification … the Administrator [of the SBA] will hold harmless any lender that relies on such borrower’s documents and attestation … section 1106(h) [of the CARES Act] prohibits the Administrator from taking any enforcement action …”. So in two places the rule provides that the SBA Administrator will not and cannot take any action against a lender. That is pretty specific. It doesn’t provide that the Federal Government will not and cannot take any action against a lender … does that mean that the lender’s functional regulator (e.g., the OCC) can bring a “safety and soundness” action against a sloppy PPP lender under Title 12? Can FinCEN bring a Title 31 action? Can the Department of Justice bring a Title 18 action? The answer to those three questions is “probably, maybe, perhaps.”

My advice? As FinCEN reminded us, compliance with the BSA remains crucial. Be diligent and confirm – in writing – whatever you decide to do in your policies and procedures and with your regulators. Remember, you will be judged tomorrow on what you’re doing today, under standards and expectations that haven’t yet been set, based on best practices that haven’t been shared.

[1] This paper deals only with the PPP. There are other COVID-19 related disaster loan programs, such as the emergency Economic Injury Disaster Loan (EIDL) program. The SBA Inspector General issued a White Paper on April 3, 2020 titled “Risk Awareness and Lessons Learned from Audits and Inspections of Economic Injury Disaster Loans and Other Disaster Lending”. In that paper, the IG noted that “SBA’s disaster loan programs suffer increased vulnerability to fraud and unnecessary losses when loan transactions are expedited to provide quick relief and sufficient controls are not in place. The expected increase in loan volume and amounts, and expedited processing timeframes will place additional stress on existing controls.” See https://www.sba.gov/sites/default/files/2020-04/SBA_OIG_WhitePaper_20-12_508_0.pdf

Marijuana $475,000,000 in Tax Revenue? IRS Says “No Thanks, We Have Other Priorities”

On March 30, 2020 the Treasury Inspector General released a OIG Report titled  “The Growth of the Marijuana Industry Warrants Increased Tax Compliance Efforts and Additional Guidance”. It is, in large part, a stinging rebuke of the way the IRS has handled – or has avoided handling – federal income tax payments made, and tax returns filed, by marijuana related businesses, or MRBs.

To the extent that Government laws and regulations discourage banking for marijuana businesses (and to the extent they encourage cash only transactions), they also may be indirectly and unintentionally encouraging tax noncompliance. – Report, page 5

From a federal tax perspective, MRBs face a number of hurdles.

Limited Access to Banking and the Impact on Paying Taxes

“Marijuana businesses have limited access to banking because marijuana is classified as a Schedule I controlled substance, and banks and credit unions who service marijuana businesses can potentially be charged with money laundering. Many financial institutions are not willing to risk potential civil or criminal liability associated with their obligations under the Bank Secrecy Act (BSA).” – Report, page 4.

And the entirety of page 5 of the Report is important:

“One of the main barriers for banks and credit unions is the information reporting requirements when providing banking services to marijuana businesses. For example, BSA regulations require the filing of a Suspicious Activity Report (SAR) when a financial institution knows, suspects, or has reason to suspect that a transaction of $5,000 or more involves funds derived from an illegal activity or is an attempt to disguise funds derived from an illegal activity.

The SAR filing requirement is both costly and risky as the reporting of all transactions the financial institution has with the respective marijuana business can be extensive, and if the activity is incorrectly reported, fines to the financial institution could result. Banks and credit unions that service marijuana businesses may charge large fees to compensate for the extensive reporting requirements and risk for providing services to these businesses. One credit union in California stated it was charging banking fees to marijuana businesses of up to $10,000 as an upfront fee and $5,000 a month for producers and $7,500 a month for dispensaries. Another small credit union in Oregon that serves marijuana businesses stated the credit union filed more than 13,500 individual reports over the past two years (2017 and 2018) for approximately 500 cannabis clients.

We have also identified recent trends with banks and credit unions providing banking services to marijuana businesses. According to the U.S. Treasury Financial Crimes Enforcement Network, the number of financial institutions actively banking marijuana-related businesses increased from 401 in October 2017 to 715 in June 2019. However, the lack of banking access continues to be an issue in the marijuana industry with most banks or credit unions across the United States not willing to accept marijuana business customers. Marijuana businesses without bank account access are also unable to set up merchant accounts for accepting credit or debit cards. This results in most marijuana businesses conducting business transactions in cash only. Marijuana businesses may have automated teller machines on the premises for customers to facilitate cash only transactions.

The main tax-related concern about cash intensive businesses is that cash transactions are more difficult to track and are therefore more likely to go unreported to the IRS. Unlike checks and credit card receipts, cash transactions do not generally result in third-party information capable of being reported to the IRS. To the extent that Government laws and regulations discourage banking for marijuana businesses (and to the extent they encourage cash only transactions), they also may be indirectly and unintentionally encouraging tax noncompliance.”

(citations omitted)

There are at least three issues stemming from the difficulties that cash intensive businesses, such as MRBs, have in obtaining and keeping banking relationships. First is that they may not file tax returns at all: the OIG observed a filing rate of active MRBs to be between 60% to 70%. Second, they may under report income that is not flowing through a bank relationship or is not otherwise being tracked and monitored: the OIG observed an under-reporting rate of about 25%. And third is the penalty that filers must pay for not paying federal taxes electronically. Known as the Failure To Deposit, or FTD penalties for not making tax payments by ACH, the OIG found that almost half the MRBs that were potentially unbanked, based on FTD data, paid penalties. The OIG recommended, at page 22 of the Report:

“Taxpayers including marijuana businesses should not be penalized because they cannot satisfy their respective employment tax obligations via the required electronic transmission process. The current conflict between Federal and State law regarding marijuana business activity is well established regarding banking access. The IRS needs to increase awareness of the current FTD penalty relief policies for unbanked taxpayers such as marijuana businesses.”

This was one of the few (of six) recommendations that the IRS agreed to.

I.R.C. §280E from 1982

In 1982, section 280E was added to the Internal Revenue Code to prohibit businesses engaged in illegal activity from deducting business expenses such as payroll, employee benefits, and rent from gross income for purposes of determining federal income tax. Section 280E was the legislative response to a number of court decisions that allowed illegal businesses to deduct certain expenses incurred in operating those illegal businesses. Since the Controlled Substances Act makes it federally illegal to manufacture or distribute marijuana, §280E then prohibits the deduction of expenses incurred in trafficking controlled substances. The only expenses allowed by §280E  is cost of goods sold, so businesses that sell marijuana can reduce gross receipts by the cost of goods sold but cannot deduct other business expenses.

 

The Report included a hypothetical example of the impact of §280E to a marijuana related business. As seen from Figure 2, the effective tax rate is about 80% – $80,750 on net income of $100,000.

The OIG found that about 60% of the MRBs in their sample that filed federal tax returns improperly applied §280E adjustments, yet “the IRS lacks guidance to taxpayers and tax professional in the marijuana industry” and that “no references to marijuana businesses can be found in IRS publications.” The OIG estimated the 5-year impact on federal tax collected in the three states (California, Oregon, and Washington) was almost $250 million.

 

I.R.C. §471(c) from 2017

The Tax Cuts and Jobs Act of 2017 added section 471(c) to the Internal Revenue Code to provide some relief to small businesses in whether and how they could track and account for their cost of goods sold. The OIG noted:

“Under this new provision, marijuana businesses could argue they are entitled to use a method of accounting that includes all expenses in cost of goods sold to potentially avoid the impact of I.R.C. § 280E. According to IRS Chief Counsel, at least two practitioners have identified this issue and have questioned IRS personnel on how the IRS plans to handle I.R.C. § 471(c) as applied to marijuana industry taxpayers. These practitioners have identified the potential unintended consequence of I.R.C. § 471(c) that appears to allow small marijuana businesses to include non-cost of goods sold expenses in their cost of goods sold and potentially avoid the application of I.R.C. § 280E. IRS Chief Counsel noted that practitioners assert that the new law may provide small business taxpayers wide latitude to characterize all expenditures as cost of goods sold. The effect of the law is still uncertain.” – Report, page 15.

The OIG’s fourth recommendation was that the IRS should publish guidance on the impact of § 471(c) on § 280E. The IRs response was, essentially, that it was too busy:

Recommendation: that the IRS “develop and distribute, internally and externally, specific guidance on the application of I.R.C. § 471(c) in conjunction with I.R.C. § 280E for taxpayers that report Schedule I related activities on Federal tax returns.”

IRS Response: “IRS Chief Counsel disagreed with this recommendation because the Department of the Treasury and Chief Counsel resources at present are focused on priority guidance in response to the Tax Cuts and Jobs Act and identifying and reducing regulatory burdens in response to Executive Order 13789.” – Report, page 22.

Marijuana Businesses – “High Impact” for IRS Attention

The IRS has acknowledged that the marijuana industry is a “high impact compliance area” because of its unique tax compliance risks due to I.R.C. § 280E, cash intensive sales, and potential lost tax revenue. In fact, the OIG report estimated a five-year impact of approximately $475 million. The OIG had two recommendations for the IRS: that the IRS develop a comprehensive compliance approach for the marijuana industry (recommendation 1 on page 13); and that the IRS use more state information (which it was reluctant to use) to identify non-filers (recommendation 5 at page 20). The IRS response to both recommendations was the same:

Recommendation 1 –  IRS should develop a comprehensive compliance approach for the marijuana industry and leverage state marijuana business lists to identify non-compliant taxpayers. IRS Response: “whether it pursues taxpayers in the marijuana industry depends on priorities and available resources … it will use data analytics to identify the size and scope of non-compliant taxpayers and prioritize the compliance activities based on resources available.” – Report, page 13

Recommendation 5 – IRS should leverage publicly available state tax information and expand use of Fed/State agreements to identify non-filers and unreported income in the marijuana industry. IRS Response: “whether it pursues taxpayers in the marijuana industry depends on priorities and available resources … it will review the publicly available State tax information and Fed/State agreements to determine whether and how they could be legally, systemically, effectively, and efficiently used in compliance activities.” – Report, page 20

Conclusion

It’s unfortunate that this report was published in the midst of the Great Pandemic of 2020: but for the pandemic, it would have garnered more attention from the public and Congress. Tax compliance should be encouraged and tax enforcement should be consistently and fairly applied. The Treasury Inspector General has reported that neither is happening with respect to the marijuana industry, and the IRS response to its Inspector General seems to be “we’ll think about, but we’ve got other things to worry about”.  The IRS doesn’t seem too interested in an industry made up of thousands of marijuana related businesses employing hundreds of thousands of people that is apparently under-reporting hundreds of millions of dollars – perhaps billions of dollars – of federal taxes. After the coronavirus pandemic eases, perhaps somebody in Congress can ask the Commissioner of the IRS what would get his attention.

“Descriptive & Memorable” – The Fed’s soon-to-be-published Pandemic Response Accountability Committee Website

The CARES Act, section 15010(g) (1) (A) requires that: “Not later than 30 days after the date of enactment of this Act, the [Pandemic Response Accountability] Committee shall establish and maintain a user-friendly, public-facing website to foster greater accountability and transparency in the use of covered funds and the Coronavirus response, which shall have a uniform resource locator that is descriptive and memorable.”

Subsection (3) provides that the Committee shall ensure that the website provides “materials and information explaining the Coronavirus response and how covered funds are being used. The materials shall be easy to understand and regularly updated”.

There follows thirteen explicit requirements, including … any progress reports, audits, inspections, or other reports … user-friendly visual presentations to enhance public awareness of the use of covered funds and the Coronavirus response … detailed data on any Federal Government awards over $150,000 … by month to each State and congressional district, where applicable … a means for the public to give feedback on the performance of any covered funds and of the Coronavirus response, including confidential feedback … a link to estimates of the jobs sustained or created by this Act to the extent practicable … a plan from each Federal agency for using covered funds.

Stay tuned – April 26th is the due date for this new descriptive, memorable, and critically important website. Congress and, more importantly, the public, need to keep a watchful eye over how the hundreds of billions of dollars are being allocated and spent. Bookmark your calendar … and stay safe.

Update April 27, 2020 – the website went online at https://pandemic.oversight.gov

The CARES Act of 2020: “Tall, Dark, or Handsome” and “Tall, Dark, and Handsome” in one bill

There is a big difference between someone who is tall, dark, and handsome – he is all three of those things – and a guy who is tall, dark, or handsome – he is one of those things. Unfortunately, the new Special Inspector General for Pandemic Recovery is the Congressional version of tall, dark, or handsome, and their peers – the Executive Director and Deputy Executive Director of the Pandemic Response Accountability Committee – are the Congressional versions of tall, dark, and handsome. Although Congress didn’t take my pre-passage advice to spruce up the SIGPR (there wasn’t time, apparently), we can still hope that they are as polished as their PRAC peers.

In an article I wrote in August 2019 titled  “Lessons Learned as a BSA Officer – 1998 to 2018” I covered nine topics:

  1. All the Cooks in the AML Kitchen aka Stakeholders
  2. All the Resources Available to You
  3. The 5 Dimensions of Risk – Up, Down, Across, Out, and Within
  4. FinTech versus Humans
  5. The 7 Cs – What Makes a Good Analyst/Investigator
  6. Tall, Dark and Handsome – Words and Punctuation Matter!
  7. SMEs v SMEs – Subject Matter Experts vs Subject Matter Enthusiasts
  8. Is Transaction Monitoring a Thing of the Past?
  9. The Importance of Courage

I thought of topic 6 – Tall, Dark and Handsome – the morning I read the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) bill that the Senate and House were then negotiating. Back in 2019 I wrote the following:

Tall, Dark, and Handsome – Words (especially adjectives and adverbs) and punctuation matter!

    1. Write simply and clearly

“We know all too well that drugs are killing record numbers of Americans – and almost all of them come from overseas.”  Former AG Jeff Sessions, August 2018 speech

This is a good example of a poorly written sentence that is begging for clarity. The phrase “almost all” means very little: at least 51% and less than 100%. Second, do “almost all” drugs come from overseas, or do almost all Americans come from overseas? And finally, Mexico is the source country for 90% – 94% of heroin entering the US, and the final transit country for 90% of the cocaine entering the US. Mexico isn’t actually overseas from the US.

    1. Use Adjectives and Adverbs Sparingly, if at all

Most modifiers are unnecessary. Whether necessary or not, as a risk professional you should be very aware of both your use of adjectives and adverbs, and when reading others’ use of adjectives and adverbs. When confronted with any modifier, ask yourself (i) why is that modifier being used? (ii) is it being used correctly? (iii) does it change the meaning of the sentence in a way that is unintended? (iv) is it being used consistently with other modifiers? And (v) could it limit or prevent us in the future?

    1. Watch out for Red Flag Words and Phrases

Intended, Primarily, Pilot, Agile Development, shall versus may, Artificial Intelligence, Machine Learning

Special Inspector General for Pandemic Recovery

Section 4018 of the CARES Act calls for the appointment of a new Special Inspector General for Pandemic Recovery. This appears to be a position similar to the TARP (Troubled Assets Relief Program) Inspector General position created after the 2007-2009 economic crisis to manage the TARP monies distributed to banks, the auto companies, and other businesses.

(I’ll point out that, just as the DMV’s vanity license department checks that proposed vanity license plates aren’t offensive, I’m sure someone in the Congressional Research Acronym Program Office checked the title for possible embarrassments. In this case, SIGPaR is much preferable to, say, Pandemic Inspector General.)

What is the federal government looking for in its new Special Inspector General for Pandemic Recovery? As seen from the screen shot of the section in the bill, “the nomination of the Special Inspector General  shall be made on the basis of integrity and demonstrated ability in accounting, auditing, financial analysis, law, management analysis, public administration, or investigations.”

To put it another way, the nomination shall be made on the basis of two things: (i) integrity, and (ii) demonstrated ability in either accounting or auditing or financial analysis or law or management analysis or public administration or investigations.

Prior to the passage of the Act, I suggested that Congress change “or” to “and” on line 8 of section 4018(b). As I wrote in my original article (published March 26th, the day vefore the bill was signed into law), “It would be great if we had a Special Inspector General for Pandemic Recovery who exhibited integrity and demonstrated ability in accounting, auditing, financial analysis, law, management analysis, public administration, and investigations. She’ll need all of those attributes to do her job, I expect.”

Unfortunately, Congress didn’t take up my suggestion.

And oddly enough, pursuant to section 15010(c)(3)(B)(ii) of the CARES Act, two other critical oversight positions created by the Act – the Executive Director and Deputy Executive Director of the Pandemic Response Accountability Committee – shall:

“(I) have demonstrated ability in accounting, auditing, and financial analysis;

(II) have experience managing oversight of large organizations and expenditures; and

(III) be full-time employees of the Committee.”

 There you have it: the legislative equivalent of “tall, dark, or handsome” (the Special Inspector General) and “tall, dark, and handsome” (the Executive Director and Deputy Executive Director of the Pandemic Response Accountability Committee) in one Bill. Yikes!