Loading…

SAFE Banking Act of 2019 – Some Suggestions for the Senate

The SAFE Banking Act, HR 1595, was approved by the House on September 25, 2019. As written, it is a “bill to create protections for depository institutions that provide financial services to cannabis-related legitimate businesses and service providers for such businesses, and for other purposes.” There has been much written about the SAFE Banking Act, but as I went through it, I saw a number of things that need to be addressed.  So below are some general comments and observations – written in blue italics – and some suggestions for the Senate – written in red bold italics – as the Senate considers what, if any, changes to make to the House version, and whether to actually vote on their version of the SAFE Banking Act.

The link to the text is SAFE Banking Act – congress.gov

SAFE Banking Act, HR 1595 as approved by the House of Representatives, September 25, 2019

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE; PURPOSE.

(a) SHORT TITLE.—This Act may be cited as the ‘‘Secure And Fair Enforcement Banking Act of 2019’’ or the ‘‘SAFE Banking Act of 2019’’.

(b) PURPOSE.—The purpose of this Act is to increase public safety by ensuring access to financial services to cannabis-related legitimate businesses and service providers and reducing the amount of cash at such businesses.

Comment – The purpose statement focuses on public safety and getting cash out of cannabis businesses. But there is very little else in the Act that specifically addresses public safety or cash. Note the modifier “legitimate” (see section 14 definition)

SEC. 2. SAFE HARBOR FOR DEPOSITORY INSTITUTIONS.

(a) IN GENERAL.—A Federal banking regulator may not—

(1) terminate or limit the deposit insurance or share insurance of a depository institution under the Federal Deposit Insurance Act (12 U.S.C. 1811 et seq.), the Federal Credit Union Act (12 U.S.C. 1751 et seq.), or take any other adverse action against a depository institution under section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818) solely because the depository institution provides or has provided financial services to a cannabis-related legitimate business or service provider;

(2) prohibit, penalize, or otherwise discourage a depository institution from providing financial services to a cannabis-related legitimate business or service provider or to a State, political subdivision of a State, or Indian Tribe that exercises jurisdiction over cannabis-related legitimate businesses;

Comment – Section 2 is clearly a safe harbor from actions taken by a federal banking regulator – not from the Department of Justice. Compare this to section 4’s broader protections. Note that 12 USC 1818 is the “cease and desist” section. The phrase “solely because” is significant: the intent and effect of this is that a federal banking regulator can bring an adverse action against a depository institution providing financial services to a cannabis-related legitimate business if that institution otherwise violates banking laws or regulations.

(3) recommend, incentivize, or encourage a depository institution not to offer financial services to an account holder, or to downgrade or cancel the financial services offered to an account holder solely because— (A) the account holder is a cannabis-related legitimate business or service provider, or is an employee, owner, or operator of a cannabis-related legitimate business or service provider; (B) the account holder later becomes an employee, owner, or operator of a cannabis-related legitimate business or service provider; or (C) the depository institution was not aware that the account holder is an employee, owner, or operator of a cannabis-related legitimate business or service provider;

Comment – Section 2(a)(3) introduces protections for account holders who are employees, owners, and operators. Also, note that (2) provides that regulators cannot discourage financial institutions from providing services, and (3) provides that regulators cannot encourage financial institutions not to provide services. What was the legislative intent?

(4) take any adverse or corrective supervisory action on a loan made to— (A) a cannabis-related legitimate business or service provider, solely because the business is a cannabis-related legitimate business or service provider; (B) an employee, owner, or operator of a cannabis-related legitimate business or service provider, solely because the employee, owner, or operator is employed by, owns, or operates a cannabis-related legitimate business or service provider, as applicable; or (C) an owner or operator of real estate or equipment that is leased to a cannabis-related legitimate business or service provider, solely because the owner or operator of the real estate or equipment leased the equipment or real estate to a cannabis-related legitimate business or service provider, as applicable; or

(5) prohibit or penalize a depository institution (or entity performing a financial service for or in association with a depository institution) for, or otherwise discourage a depository institution (or entity performing a financial service for or in association with a depository institution) from, engaging in a financial service for a cannabis-related legitimate business or service provider.

(b) SAFE HARBOR APPLICABLE TO DE NOVO INSTITUTIONS.—Subsection (a) shall apply to an institution applying for a depository institution charter to the same extent as such subsection applies to a depository institution.

Comment – Section 2(a)(5) is interesting with the addition of “(or entity performing a financial service for or in association with a depository institution) …”. Subsections 2(a)(2) and (5) could be combined without loss of meaning.

SEC. 3. PROTECTIONS FOR ANCILLARY BUSINESSES.

For the purposes of sections 1956 and 1957 of title 18, United States Code, and all other provisions of Federal law, the proceeds from a transaction involving activities of a cannabis-related legitimate business or service provider shall not be considered proceeds from an unlawful activity solely because—

(1) the transaction involves proceeds from a cannabis-related legitimate business or service provider; or

(2) the transaction involves proceeds from— (A) cannabis-related activities described in section 14(4)(B) conducted by a cannabis-related legitimate business; or (B) activities described in section 14(13)(A) conducted by a service provider.

Senate Suggestion 1 – The title of section 3 is the only reference to “ancillary businesses”. This is a left-over from the original SAFE Banking Act. This section should be changed to  “Protections from Federal Laws Relating to Specified Unlawful Activity”

SEC. 4. PROTECTIONS UNDER FEDERAL LAW.

(a) IN GENERAL.—With respect to providing a financial service to a cannabis-related legitimate business or service provider within a State, political subdivision of a State, or Indian country that allows the cultivation, production, manufacture, sale, transportation, display, dispensing, distribution, or purchase of cannabis pursuant to a law or regulation of such State, political subdivision, or Indian Tribe that has jurisdiction over the Indian country, as applicable, a depository institution, entity performing a financial service for or in association with a depository institution, or insurer that provides a financial service to a cannabis-related legitimate business or service provider, and the officers, directors, and employees of that depository institution, entity, or insurer may not be held liable pursuant to any Federal law or regulation— (1) solely for providing such a financial service; or (2) for further investing any income derived from such a financial service.

Comment – Section 4’s protections extend more broadly than the narrower section 2 safe harbor, notably because individuals are protected.

(b) PROTECTIONS FOR FEDERAL RESERVE BANKS AND FEDERAL HOME LOAN BANKS.—With respect to providing a service to a depository institution that provides a financial service to a cannabis-related legitimate business or service provider (where such financial service is provided within a State, political subdivision of a State, or Indian country that allows the cultivation, production, manufacture, sale, transportation, display, dispensing, distribution, or purchase of cannabis pursuant to a law or regulation of such State, political subdivision, or Indian Tribe that has jurisdiction over the Indian country, as applicable), a Federal reserve bank or Federal Home Loan Bank, and the officers, directors, and employees of the Federal reserve bank or Federal Home Loan Bank, may not be held liable pursuant to any Federal law or regulation— (1) solely for providing such a service; or (2) for further investing any income derived from such a service.

(c) PROTECTIONS FOR INSURERS.—With respect to engaging in the business of insurance within a State, political subdivision of a State, or Indian country that allows the cultivation, production, manufacture, sale, transportation, display, dispensing, distribution, or purchase of cannabis pursuant to a law or regulation of such State, political subdivision, or Indian Tribe that has jurisdiction over the Indian country, as applicable, an insurer that engages in the business of insurance with a cannabis-related legitimate business or service provider or who otherwise engages with a person in a transaction permissible under State law related to cannabis, and the officers, directors, and employees of that insurer may not be held liable pursuant to any Federal law or regulation— (1) solely for engaging in the business of insurance; or (2) for further investing any income derived from the business of insurance.

(d) FORFEITURE.— (1) DEPOSITORY INSTITUTIONS.—A depository institution that has a legal interest in the collateral for a loan or another financial service provided to an owner, employee, or operator of a cannabis-related legitimate business or service provider, or to an owner or operator of real estate or equipment that is leased or sold to a cannabis-related legitimate business or service provider, shall not be subject to criminal, civil, or administrative forfeiture of that legal interest pursuant to any Federal law for providing such loan or other financial service. (2) FEDERAL RESERVE BANKS AND FEDERAL HOME LOAN BANKS.—A Federal reserve bank or Federal Home Loan Bank that has a legal interest in the collateral for a loan or another financial service provided to a depository institution that provides a financial service to a cannabis-related legitimate business or service provider, or to an owner or operator of real estate or equipment that is leased or sold to a cannabis-related legitimate business or service provider, shall not be subject to criminal, civil, or administrative forfeiture of that legal interest pursuant to any Federal law for providing such loan or other financial service.

SEC. 5. RULES OF CONSTRUCTION.

(a) NO REQUIREMENT TO PROVIDE FINANCIAL SERVICES.—Nothing in this Act shall require a depository institution, entity performing a financial service for or in association with a depository institution, or insurer to provide financial services to a cannabis-related legitimate business, service provider, or any other business.

(b) GENERAL EXAMINATION, SUPERVISORY, AND ENFORCEMENT AUTHORITY.—Nothing in this Act may be construed in any way as limiting or otherwise restricting the general examination, supervisory, and enforcement authority of the Federal banking regulators, provided that the basis for any supervisory or enforcement action is not the provision of financial services to a cannabis-related legitimate business or service provider.

Comment – Section 5(a) allows financial service providers to decide not to engage with cannabis-related legitimate businesses or service providers. It does not extend that to the employees, officer, or operators of those businesses, though. Section 5(b) gives teeth to the section 2 safe harbor language (“solely because the depository institution provides or has provided financial services to a cannabis-related legitimate business or service provider”). However, section 5(b) could be better written by including the “solely” term.

SEC. 6. REQUIREMENTS FOR FILING SUSPICIOUS ACTIVITY REPORTS.

Section 5318(g) of title 31, United States Code, is amended by adding at the end the following:

‘‘(5) REQUIREMENTS FOR CANNABIS-RELATED LEGITIMATE BUSINESSES.—

‘‘(A) IN GENERAL.—With respect to a financial institution or any director, officer, employee, or agent of a financial institution that reports a suspicious transaction pursuant to this subsection, if the reason for the report relates to a cannabis-related legitimate business or service provider, the report shall comply with appropriate guidance issued by the Financial Crimes Enforcement Network. The Secretary shall ensure that the guidance is consistent with the purpose and intent of the SAFE Banking Act of 2019 and does not significantly inhibit the provision of financial services to a cannabis-related legitimate business or service provider in a State, political subdivision of a State, or Indian country that has allowed the cultivation, production, manufacture, transportation, display, dispensing, distribution, sale, or purchase of cannabis pursuant to law or regulation of such State, political subdivision, or Indian Tribe that has jurisdiction over the Indian country.

Senate Suggestion 2 – Section 6 adds a new subsection (5). Subsection (1) doesn’t change: it provides “The Secretary may require any financial institution, and any director, officer, employee, or agent of any financial institution, to report any suspicious transaction relevant to a possible violation of law or regulation.” This section calls for “guidance” from FinCEN, not a regulation or regulations. First, is this the existing (2014) FinCEN guidance, or does it contemplate new, yet to be issued, guidance? If the latter, there is no time frame for issuing such guidance. I would make this clear: FinCEN guidance to be issued within 180 days. Compare this to section 7. And see comments on section 10. Second, question whether that guidance would satisfy the Administrative Procedures Act. See the (excellent) testimony of Margaret (Meg) Tahyar: https://www.banking.senate.gov/imo/media/doc/Tahyar%20Testimony%204-30-19.pdf and the federal banking regulators Interagency Statement on Clarifying the Role of Supervisory Guidance, https://www.fdic.gov/news/news/press/2018/pr18059a.pdf

‘‘(B) DEFINITIONS.—For purposes of this paragraph: ‘‘(i) CANNABIS.—The term ‘cannabis’ has the meaning given the term ‘marihuana’ in section 102 of the Controlled Substances Act (21 U.S.C. 802). ‘‘(ii) CANNABIS-RELATED LEGITIMATE BUSINESS.—The term ‘cannabis-related legitimate business’ has the meaning given that term in section of the SAFE Banking Act of 2019. ‘‘(iii) INDIAN COUNTRY.—The term ‘Indian country’ has the meaning given that term in section 1151 of title 18. ‘‘(iv) INDIAN TRIBE.—The term ‘Indian Tribe’ has the meaning given that term in section 102 of the Federally Recognized Indian Tribe List Act of 1994 (25 7 U.S.C. 479a). ‘‘(v) FINANCIAL SERVICE.—The term ‘financial service’ has the meaning given that term in section 14 of the SAFE Banking Act of 2019. ‘‘(vi) SERVICE PROVIDER.—The term ‘service provider’ has the meaning given that term in section 14 of the SAFE Banking Act of 2019. ‘‘(vii) STATE.—The term ‘State’ means each of the several States, the District of Columbia, Puerto Rico, and any territory or possession of the United States.’’.

SEC. 7. GUIDANCE AND EXAMINATION PROCEDURES.

Not later than 180 days after the date of enactment of this Act, the Financial Institutions Examination Council shall develop uniform guidance and examination procedures for depository institutions that provide financial services to cannabis-related legitimate businesses and service providers.

Senate Suggestion 3 – See the comments for section 6. Between these two sections, CRLB/SP program requirements, including SAR reporting guidance, won’t be available to financial institutions for ~6 months after the enactment of the Act. That creates problems for the section 10 report. And why is this language – FFIEC guidance and exam procedures in 180 days – different than the similar hemp section 11(b) – federal banking regulators to publish best practices within 90 days?

SEC. 8. ANNUAL DIVERSITY AND INCLUSION REPORT.

The Federal banking regulators shall issue an annual report to Congress containing—

(1) information and data on the availability of access to financial services for minority-owned and women-owned cannabis-related legitimate businesses; and

(2) any regulatory or legislative recommendations for expanding access to financial services for  minority-owned and women-owned cannabis-related legitimate businesses.

SEC. 9. GAO STUDY ON DIVERSITY AND INCLUSION.

(a) STUDY.—The Comptroller General of the United States shall carry out a study on the barriers to market-place entry, including in the licensing process, and the access to financial services for potential and existing minority-owned and women-owned cannabis-related legitimate businesses.

(b) REPORT.—The Comptroller General shall issue a report to the Congress—(1) containing all findings and determinations made in carrying out the study required under subsection (a); and (2) containing any regulatory or legislative recommendations for removing barriers to marketplace entry, including in the licensing process, and expanding access to financial services for potential and existing minority-owned and women-owned cannabis-related legitimate businesses.

SEC. 10. GAO STUDY ON EFFECTIVENESS OF CERTAIN REPORTS ON FINDING CERTAIN PERSONS.

Not later than 2 years after the date of the enactment of this Act, the Comptroller General of the United States shall carry out a study on the effectiveness of reports on suspicious transactions filed pursuant to section 15 5318(g) of title 31, United States Code, at finding individuals or organizations suspected or known to be engaged with transnational criminal organizations and whether any such engagement exists in a State, political subdivision, or Indian Tribe that has jurisdiction over Indian country that allows the cultivation, production, manufacture, sale, transportation, display, dispensing, distribution, or purchase of cannabis. The study shall examine reports on suspicious transactions as follows: (1) During the period of 2014 until the date of the enactment of this Act, reports relating to marijuana-related businesses. (2) During the 1-year period after date of the enactment of this Act, reports relating to cannabis-related legitimate businesses.

Senate Suggestion 4 – Why is this study limited to looking at whether SARs are effective at identifying transnational criminal organization connections to CRLBs? The study should look at whatever patterns, trends, typologies can be identified from all 5318(g)(5) SARs (as well as CTRs), not just connections to TCOs. This is a lost opportunity.

Senate Suggestion 5 – Comparing the MRB SAR regime to the CRLB SAR regime is a sound idea, but the mechanics or timing are not right. CRLB SARs won’t immediately be filed by financial institutions: FinCEN must first either enact a regulation or issue guidance relating to CRLB SAR filings. The triggering event cannot be until/after the date of enactment of this Act, but until/after a regulation or guidance is published or written.

SEC. 11. BANKING SERVICES FOR HEMP BUSINESSES.

(a) FINDINGS.—The Congress finds that— (1) the Agriculture Improvement Act of 2018 (Public Law 115–334) legalized hemp by removing it from the definition of ‘‘marihuana’’ under the Controlled Substances Act; (2) despite the legalization of hemp, some hemp businesses (including producers, manufacturers, and retailers) continue to have difficulty gaining access to banking products and services; and (3) businesses involved in the sale of hemp-derived cannabidiol (‘‘CBD’’) products are particularly affected, due to confusion about their legal status.

(b) FEDERAL BANKING REGULATOR HEMP BANKING GUIDANCE.—Not later than the end of the 90-day period beginning on the date of enactment of this Act, the Federal banking regulators shall jointly issue guidance to financial institutions—(1) confirming the legality of hemp, hemp-derived CBD products, and other hemp-derived cannabinoid products, and the legality of engaging in financial services with businesses selling hemp, hemp-derived CBD products, and other hemp-derived cannabinoid products, after the enactment of the Agriculture Improvement Act of 2018; and (2) to provide recommended best practices for financial institutions to follow when providing financial services and merchant processing services to businesses involved in the sale of hemp, hemp-derived CBD products, and other hemp-derived cannabinoid products.

Senate Suggestion 6 – See section 7, which calls for FFIEC guidance and exam procedures in 180 days. Why is this section calling for the federal banking regulators to publish best practices within 90 days? Also, if a financial institution knows that its customer is selling unapproved hemp-derived CBD products in violation of the FFD&C Act, is it protected by this section?

Senate Suggestion 7 – Why are merchant processing services called out in this section, and nowhere else? If merchant processing services are not “financial services”, then this is a huge gap in the Act, as (arguably) the most important financial service a CRLB can obtain is merchant services. See section 14(7).

(c) FINANCIAL INSTITUTION DEFINED.—In this section, the term ‘‘financial institution’’ means any person providing financial services.

Senate Suggestion 8 – What is the purpose of subsection (c)?

SEC. 12. APPLICATION OF SAFE HARBORS TO HEMP AND CBD PRODUCTS.

(a) IN GENERAL.—Except as provided under subsection (b), the provisions of this Act (other than sections 6 and 10) shall apply to hemp (including hemp-derived cannabidiol and other hemp-derived cannabinoid products) in the same manner as such provisions apply to cannabis.

Senate Suggestion 9 – The House version excludes hemp from Section 6, the SAR reporting section, and Section 10, the study of SARs to determine if there are any transnational criminal organizations connections to the cannabis industry. Is it the intent of Congress that hemp and hemp products are not covered by the SAR reporting obligations but are otherwise covered by FFIEC guidance and examination procedures?

(b) RULE OF APPLICATION.—In applying the provisions of this Act described under subsection (a) to hemp, the definition of ‘‘cannabis-related legitimate business’’ shall be treated as excluding any requirement to engage in activity pursuant to the law of a State or political subdivision thereof.

(c) HEMP DEFINED.—In this section, the term ‘‘hemp’’ has the meaning given that term under section 297A of the Agricultural Marketing Act of 1946 (7 U.S.C. 1639o).

SEC. 13. REQUIREMENTS FOR DEPOSIT ACCOUNT TERMINATION REQUESTS AND ORDERS.

(a) TERMINATION REQUESTS OR ORDERS MUST BE VALID.—

(1) IN GENERAL.—An appropriate Federal banking agency may not formally or informally request or order a depository institution to terminate a specific customer account or group of customer accounts or to otherwise restrict or discourage a depository institution from entering into or maintaining a banking relationship with a specific customer or group of customers unless— (A) the agency has a valid reason for such request or order; and (B) such reason is not based solely on reputation risk.

(2) TREATMENT OF NATIONAL SECURITY THREATS.—If an appropriate Federal banking agency believes a specific customer or group of customers is, or is acting as a conduit for, an entity which— (A) poses a threat to national security; (B) is involved in terrorist financing; (C) is an agency of the Government of Iran, North Korea, Syria, or any country listed from time to time on the State Sponsors of Terrorism list; (D) is located in, or is subject to the jurisdiction of, any country specified in subparagraph (C); or (E) does business with any entity described in subparagraph (C) or (D), unless the appropriate Federal banking agency determines that the customer or group of customers has used due diligence to avoid doing business with any entity described in subparagraph (C) or (D), such belief shall satisfy the requirement under paragraph (1).

(b) NOTICE REQUIREMENT.—

(1) IN GENERAL.—If an appropriate Federal banking agency formally or informally requests or orders a depository institution to terminate a specific customer account or a group of customer accounts, the agency shall— (A) provide such request or order to the institution in writing; and (B) accompany such request or order with a written justification for why such termination is needed, including any specific laws or regulations the agency believes are being violated by the customer or group of customers, if any.

(2) JUSTIFICATION REQUIREMENT.—A justification described under paragraph (1)(B) may not be based solely on the reputation risk to the depository institution.

(c) CUSTOMER NOTICE.—

(1) NOTICE REQUIRED.—Except as provided under paragraph (2) or as otherwise prohibited from being disclosed by law, if an appropriate Federal banking agency orders a depository institution to terminate a specific customer account or a group of customer accounts, the depository institution shall inform the specific customer or group of customers of the justification for the customer’s account termination described under subsection (b).

(2) NOTICE PROHIBITED.— (A) NOTICE PROHIBITED IN CASES OF NATIONAL SECURITY.—If an appropriate Federal banking agency requests or orders a depository institution to terminate a specific customer account or a group of customer accounts based on a belief that the customer or customers pose a threat to national security, or are otherwise described under subsection (a)(2), neither the depository institution nor the appropriate Federal banking agency may inform the customer or customers of the justification for the customer’s account termination. (B) NOTICE PROHIBITED IN OTHER CASES.—If an appropriate Federal banking agency determines that the notice required under paragraph (1) may interfere with an authorized criminal investigation, neither the depository institution nor the appropriate Federal banking agency may inform the specific customer or group of customers of the justification for the customer’s account termination.

(d) REPORTING REQUIREMENT.—Each appropriate Federal banking agency shall issue an annual report to the Congress stating— (1) the aggregate number of specific customer accounts that the agency requested or ordered a depository institution to terminate during the previous year; and (2) the legal authority on which the agency relied in making such requests and orders and the frequency on which the agency relied on each such authority.

(e) DEFINITIONS.—For purposes of this section: (1) APPROPRIATE FEDERAL BANKING AGENCY.—The term ‘‘appropriate Federal banking agency’’ means— (A) the appropriate Federal banking agency, as defined under section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813); and (B) the National Credit Union Administration, in the case of an insured credit union. (2) DEPOSITORY INSTITUTION.—The term ‘‘depository institution’’ means— (A) a depository institution, as defined under section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813); and (B) an insured credit union.

SEC. 14. DEFINITIONS.

In this Act:

(1) BUSINESS OF INSURANCE.—The term ‘‘business of insurance’’ has the meaning given such term in section 1002 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (12 U.S.C. 5481).

(2) CANNABIS.—The term ‘‘cannabis’’ has the meaning given the term ‘‘marihuana’’ in section 102 of the Controlled Substances Act (21 U.S.C. 802).

(3) CANNABIS PRODUCT.—The term ‘‘cannabis product’’ means any article which contains cannabis,  including an article which is a concentrate, an edible, a tincture, a cannabis-infused product, or a topical.

(4) CANNABIS-RELATED LEGITIMATE BUSINESS.—The term ‘‘cannabis-related legitimate business’’ means a manufacturer, producer, or any person or company that— (A) engages in any activity described in subparagraph (B) pursuant to a law established by a State or a political subdivision of a State, as determined by such State or political subdivision; and (B) participates in any business or organized activity that involves handling cannabis or cannabis products, including cultivating, producing, manufacturing, selling, transporting, displaying, dispensing, distributing, or purchasing cannabis or cannabis products.

Senate Suggestion 10 – This appears to be an unnecessarily complicated definition. It could be simplified to: “CRLB “means any person or legal entity that engages in or participates in any business or organized activity pursuant to a law established by a State or a political subdivision of a State, as determined by such State or political subdivision, that involves cultivating, producing, manufacturing, selling, transporting, displaying, dispensing, distributing, or purchasing cannabis or cannabis products.” Does the inclusion of the word “legitimate” mean that those cannabis-related businesses that are in violation of their state-licensing requirements are not covered by the SAFE Banking Act, and banks providing services to those non-legitimate cannabis-related businesses also not protected?

(5) DEPOSITORY INSTITUTION.—The term ‘‘depository institution’’ means— (A) a depository institution as defined in section 3(c) of the Federal Deposit Insurance Act (12 U.S.C. 1813(c)); (B) a Federal credit union as defined in section 101 of the Federal Credit Union Act (12 U.S.C. 1752); or (C) a State credit union as defined in section 101 of the Federal Credit Union Act (12 U.S.C. 1752).

(6) FEDERAL BANKING REGULATOR.—The term ‘‘Federal banking regulator’’ means each of the Board of Governors of the Federal Reserve System, the Bureau of Consumer Financial Protection, the Federal Deposit Insurance Corporation, the Federal Housing Finance Agency, the Financial Crimes Enforcement Network, the Office of Foreign Asset Control, the Office of the Comptroller of the Currency, the National Credit Union Administration, the Department of the Treasury, or any Federal agency or department that regulates banking or financial services, as determined by the Secretary of the Treasury.

(7) FINANCIAL SERVICE.—The term ‘‘financial service’’— (A) means a financial product or service, as defined in section 1002 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (12 U.S.C. 5481); (B) includes the business of insurance; (C) includes, whether performed directly or indirectly, the authorizing, processing, clearing, settling, billing, transferring for deposit, transmitting, delivering, instructing to be delivered, reconciling, collecting, or otherwise effectuating or facilitating of payments or funds, where such payments or funds are made or transferred by any means, including by the use of credit cards, debit cards, other payment cards, or other access devices, accounts, original or substitute checks, or electronic funds transfers; (D) includes acting as a money transmitting business which directly or indirectly makes use of a depository institution in connection with effectuating or facilitating a payment for a cannabis-related legitimate business or service provider in compliance with section 5330 of title 31, United States Code, and any applicable State law; and (E) includes acting as an armored car service for processing and depositing with a depository institution or a Federal reserve bank with respect to any monetary instruments (as defined under section 1956(c)(5) of title 18, United States Code.

Senate Suggestion 11 – See section 7, which provides, in part, “financial services and merchant processing services to businesses involved in the sale of hemp, hemp-derived CBD products, and other hemp-derived cannabinoid products.” This definition of “financial services” appears to include merchant services. Sections 7 and 14 need to be reconciled.

(8) INDIAN COUNTRY.—The term ‘‘Indian country’’ has the meaning given that term in section 1151 of title 18.

(9) INDIAN TRIBE.—The term ‘‘Indian Tribe’’ has the meaning given that term in section 102 of the Federally Recognized Indian Tribe List Act of 1994 (25 U.S.C. 479a).

(10) INSURER.—The term ‘‘insurer’’ has the meaning given that term under section 313(r) of title 31, United States Code.

(11) MANUFACTURER.—The term ‘‘manufacturer’’ means a person who manufactures, compounds, converts, processes, prepares, or packages cannabis or cannabis products.

(12) PRODUCER.—The term ‘‘producer’’ means a person who plants, cultivates, harvests, or in any way facilitates the natural growth of cannabis.

(13) SERVICE PROVIDER.—The term ‘‘service provider’’— (A) means a business, organization, or other person that— (i) sells goods or services to a cannabis-related legitimate business; or (ii) provides any business services, including the sale or lease of real or any other property, legal or other licensed services, or any other ancillary service, relating to cannabis; and (B) does not include a business, organization, or other person that participates in any business or organized activity that involves handling cannabis or cannabis products, including cultivating, producing, manufacturing, selling, transporting, displaying, dispensing, distributing, or purchasing cannabis or cannabis products.

Comment – This is an expansive definition as it includes those that sell a good or service to a CRLB that could have no connection to the actual cannabis business (e.g. is a Starbucks a “service provider” if it sells coffee to budtender?). Perhaps regulations or regulatory guidance will narrow this down.

(14) STATE.—The term ‘‘State’’ means each of the several States, the District of Columbia, Puerto Rico, and any territory or possession of the United States.

SEC. 15. DISCRETIONARY SURPLUS FUNDS.

Section 7(a)(3)(A) of the Federal Reserve Act (12 U.S.C. 289(a)(3)(A)) is amended by striking ‘‘$6,825,000,000’’ and inserting ‘‘$6,821,000,000’’.

SEC. 16. DETERMINATION OF BUDGETARY EFFECTS.

The budgetary effects of this Act, for the purpose of complying with the Statutory Pay-As-You-Go Act of 2010, shall be determined by reference to the latest statement titled ‘‘Budgetary Effects of PAYGO Legislation’’ for this Act, submitted for printing in the Congressional Record by the Chairman of the House Budget Committee, provided that such statement has been submitted prior to the vote on passage.

FinCEN’s BSA Value Project – An Effort to Provide Actionable Information for SAR Filers

Two Million SARs are Filed Every Year … But Which Ones Provide Tactical or Strategic Value to Law Enforcement?

Included in the Director’s remarks was some interesting information on an eight-month old “BSA Value Project” that may have been started because, as Director Blanco remarked, FinCEN has “heard during our discussions that there continues to be a desire for more feedback on what FinCEN is seeing in the BSA data in terms of trends [and] we need to do better SAR analysis for wider trends and typologies …”. Director Blanco noted that “We want to provide more feedback, and we will.”

There has not been much public mention of the BSA Value Project: a quick Google search shows that FinCEN’s Associate Director Andrea Sharrin introduced the BSA Value Project at a Florida International Bankers Association (FIBA) conference on March 12, 2019, and then Director Blanco described it in his August 13th remarks:

In January 2019, FinCEN began an ambitious project to catalogue the value of BSA reporting across the entire value chain of its creation and use. The project will result in a comprehensive and quantitative understanding of the broad value of BSA reporting and other BSA information to all types of consumers of that information.

We already know that BSA data plays a critical role in keeping our country strong, our financial system secure, and our families safe from harm. But FinCEN is using the BSA Value Project to improve how we communicate the way BSA information is valued and used, and to develop metrics to track and measure the value of its use on an ongoing basis. The project has included hundreds of interviews with stakeholder groups, including casinos.

So far, the study has confirmed there are extensive and extremely varied uses of BSA information across all stakeholders (including by the private sector) consistent with their missions.

Almost One in Four FBI and IRS-CI Investigations Use BSA Data

Director Blanco made the following remarks on the usefulness of BSA data:

All FBI subject names are run against the BSA database. More than 21 percent of FBI investigations use BSA data, and for some types of crime, like organized crime, nearly 60 percent of FBI investigations use BSA data. Roughly 20 percent of FBI international terrorism cases utilize BSA data.

The Internal Revenue Service-Criminal Investigation section alone conducts more than 126,000 BSA database inquiries each year. And as much as 24 percent of its investigations involving criminal tax, money laundering, and other BSA violations are directly initiated by, or associated with, a BSA report.

In addition to providing controlled access to the data to law enforcement, FinCEN also proactively pushes certain information to them on critical topics. On a daily basis, FinCEN takes the suspicious activity reports and we run them through several categories of business rules or algorithms to identify reports that merit further review by our analysts.

Our terrorist financing-related business rules alone generate over 1,000 matches each month for review and further dissemination to our law enforcement and regulatory partners in what we call a Flash report. These Flash reports enable the FBI, for example, to identify, track, and disrupt the activities of potential terrorist actors. It is incredibly valuable information.

But Which BSA Filings are Providing Real Value to Law Enforcement?

There is no doubt that the (roughly) 20 million BSA reports that are filed each year provide great value to law enforcement. But questions remain about the utility of those filings, and the costs of preparing them. Some of those questions include: (i) which of those reports provide value? (ii) what kind of value is being provided – tactical and/or strategic? (iii) can financial institutions eliminate the “no value” filings and deploy those resources to higher-value filings? (iv) can financial institutions automate the preparation and filing of the low value filings and deploy those resources to the highest-value filings?

I have written a number of articles on the need for better reporting on the utility of SAR filings. Links to three of them are:

SAR Feedback 314(d) – July 30 2019

BSA Reports and Federal Criminal Cases – June 5 2019

The TSV SAR Feedback Loop – June 4 2019

Conclusion

Kudos to Director Blanco and his FinCEN team for their initiative and efforts around the BSA Value Project. The results of the Project could be a game-changer for the financial industry’s BSA/AML programs. The industry is being inundated with calls to apply machine learning and artificial intelligence to make their AML programs more effective and efficient. But if those institutions don’t know which of their filings provide value, and arguably only one in four is providing value, they cannot effectively use machine learning or AI.

The entire industry is looking forward to the results of FinCEN’s BSA Value Project!

A Better Way to Fight Money Laundering – American Banker quotes Jim Richards and Others

Jim Richards was quoted in an August 2019 American Banker article titled “Is There a Better Way to Fight Money Laundering?” by Victoria Finkel. AB Link

The article is well-researched, well-written, and accurately and fairly makes the point that there are better ways to fight money laundering, but there are impediments. Like all articles, though, the editors are required to edit, and quotes are often trimmed to fit the flow, cadence, and tone of the article.

Below are the two quotes that are in the article. I’ll add the context for each.

“Everybody in the regime wants to try to make it more efficient and effective, but everybody’s got a different definition of efficient and effective,” said Jim Richards, the former global head of financial crimes risk management for Wells Fargo and the founder of RegTech Consulting.

What was not included in the article was the next sentence, where I stated that:

“The prudential regulators are focused on safety and soundness, or how we do our jobs: conducting risk assessments, writing policies and procedures, risk rating and performing due diligence on our customers, documenting and validating the models developed for monitoring transactions, and documenting the reasons why we don’t file a suspicious activity report. Law enforcement, on the other hand, is focused on how well we do our jobs: providing timely, actionable intelligence to law enforcement in order to fight financial crime. And since it is the regulators, not law enforcement, that are examining us, our focus is rightly on compliance – how we do our jobs – and not on how well we provide intelligence to law enforcement.”

The article also quotes Greg Baer of the Bank Policy Institute, who has this take on the dilemma of being examined on how we do our jobs, not on how well we do our jobs:

“The examiners who determine compliance are not allowed to know, in all but rare cases, what becomes of the suspicious activity reports that are filed,” Baer of the Bank Policy Institute said. “So that compliance rating is driven far more by things like, are there written policies and procedures, has there been strict one hundred percent adherence to those policies and procedures, rather than the efficacy of the SARs that are filed. What that leads to is, AML is examined much the same way as any other function — through a check-box kind of approach,” Baer said. This in turns shifts the balance with regard to bank priorities, with compliance becoming the main focus. That includes an over reliance on defensive SARs and a fixation on minutiae, according to industry experts.”

John Byrne, a long-time industry expert, is also quoted:

“We have these laws for one reason and one reason alone — and that’s to get valuable data and information in the hands of law enforcement, so there can be a reaction,” said John Byrne, an expert on anti-money-laundering issues and vice chairman of AML RightSource. “When regulators are criticizing banks for being a couple of days late in a filing or putting a company on a cash reporting exemption list by error, that’s a problem.”

The next Richards quote deals with the lack of actionable feedback on the reports that are being filed:

“What the CFOs and the CEOs are saying is, what are we getting for all this money we’re pumping into the AML/BSA regime?” said Richards, the former Wells Fargo executive. “Can we produce fewer alerts and have it cost less and investigate fewer cases and file better SARs? The answer to that is maybe — but we don’t know what a better SAR is.”

We don’t know what a better SAR is because the feedback SAR filers get from regulators, law enforcement, and FinCEN is scattered and ad hoc, at best, and non-existent, at worst. I have written about the need for feedback through what I have called TSV SARs, or Tactical or Strategic Value SARs, on multiple occasions. See, for example, https://regtechconsulting.net/money-laundering-terrorist-financing-general/fincens-fy2020-report-to-congress-reveals-its-priorities-and-performance/

The American Banker article has some other excerpts that deserve mention. First is an estimate of the amount of illicit funds in the US financial system:

“The United Nations Office on Drugs and Crime estimates that as much as $2 trillion is illegally laundered around the world each year — while law enforcement reportedly catches less than 1% of that. As much as $300 billion in illicit funds make their way through the U.S. financial system in a given year, according to the Treasury Department.”

The estimate of the amount of illicit funds flowing through the US financial system is close to the amount of illicit funds reported by SAR filings!

In 2018, banks and credit unions filed ~975,000 SARs. Based on some empirical data and some conversations with BSA Officers, the average depository institution SAR reports ~$245,000. In 2018, MSBs filed ~875,000 SARs. Those average about $36,000. “Others” filed another $275,000 SARs, and I’ll guess that those averaged ~$50,000. The total? Almost $300 billion. And that doesn’t include a percentage of the 18 million Currency Transaction Reports: if the average CTR reported $20,000 and 20% of the CTRs involved illicit funds, that would add another $70 billion being reported by financial institutions. So it may not be a reporting issue at all.

So, financial institutions are reporting over $300 billion in potential illicit funds flowing through the US financial system every year. But what percentage of the total flow of funds is illicit? Based on excerpts from the 2015 and 2018 US National Money Laundering Risk Assessments, the total annual flow of funds through the two main wire transfers systems (Fedwire and CHIPS), ACH, debit cards, and cash is about $2 quadrillion dollars. So the illicit funds flowing through the US system represent about 0.0001% of the total funds. Interesting …

A second excerpt that caught my eye is the following:

“… broad AML legislation recently introduced by a bipartisan group of senators — Mark Warner, D-Va., Doug Jones, D-Ala., Tom Cotton, R-Ark., and Mike Rounds, R-S.D. — would require the Department of Justice to report annually on how frequently law enforcement agencies use Bank Secrecy Act reporting as part of their investigations.”

What is interesting is that while it would be great to have a new law to compel the Justice Department to report annually on how law enforcement is using BSA reports, there already is a law that compels the Treasury Department to report semi-annually on how law enforcement is using BSA reports, and it is not being enforced! Take a look at the USA PATRIOT Act’s section 314(d). Once again, I’ve written about this: https://regtechconsulting.net/aml-regulations-and-enforcement-actions/sar-feedback-what-ever-happened-to-section-314d/

Hopefully, this well-researched, well-written American Banker article will be well-received by everyone who has an interest in seeing the US BSA/AML regime become more effective, more efficient, and better serve the global, national, and local financial systems and financial institutions as we continue the fight against financial crime.

SAR Feedback? What Ever Happened to Section 314(d)?

Wouldn’t it be great if Treasury published a report, perhaps semi-annually, that contained a detailed analysis identifying patterns of suspicious activity and other investigative insights derived from suspicious activity reports (SARs) and investigations conducted by federal, state, and local law enforcement agencies (to the extent appropriate) and distributed that report to financial institutions that filed those SARs?

To get Treasury to do that, though, would probably require Congress to pass a law compelling it to do so.

Hold it. Congress did pass that law.  Almost 18 years ago. And, by all accounts, it’s still on the books. What happened to those semi-annual reports? When did they begin? If they began, when did they end?

Section 314(d) – Its Origins

What became 314(d) was introduced in the House version of what became the USA PATRIOT Act. The House version, the Financial Anti-Terrorism Act, was introduced on October 3, 2001. It was marked up by the House Financial Services Committee on October 11. The Senate version, originally titled the Uniting and Strengthening America Act, or USA Act, was introduced on October 4th and had sections 314(a) (public to private sector information sharing), 314(b) (cooperation among financial institutions, or private-to-private sector information sharing), and 314(c) (“rule of construction”). There was no 314(d) in that early version.

On October 17th, HR 3004, the Financial Anti-Terrorism Act, was passed by the House 412-1. Title II was “public-private cooperation”. Section 203 was:

“Reports to the Financial Services Industry on Suspicious Financial Activities – at least once each calendar quarter, the Secretary shall (1) publish a report containing a detailed analysis identifying patterns of suspicious activity and other investigative insights derived from suspicious activity reports and investigations conducted by federal, state, and local law enforcement agencies to the extent appropriate; and (2) distribute such report to financial institutions as defined in section 5312 of title 31, US code.”

The Senate and House versions were reconciled, and on October 23rd the House Congressional Record shows a consideration of what was then the USA PATRIOT Act. That version of the bill then included what had been section 203 and was now 314(d). It was the same, except instead of a quarterly report it was a semi-annual report (“at least once each calendar quarter” was changed to “at least semiannually”).

SAR Activity Review – Was That The Answer to 314(d)?

The ABA has written, and at least one former FinCEN employee has stated that the “SAR Activity Review – Trends, Tips, and Issues” was the response to 314(d). The SAR Activity Reviews were excellent resources. They contained sections on SAR statistics, national trends and analysis, law enforcement cases, tips on SAR form preparation and filing, issues and guidance, and an industry forum. The first SAR Activity Review noted that it was published under the auspices of the BSAAG, was to be published semi-annually in October and April, and was “the product of a continuing collaboration among the nation’s financial institutions, federal law enforcement, and regulatory agencies to provide meaningful information about the preparation, use, and utility of SARs.”  Although that certainly sounds like it is responsive to section 314(d), there is no reference to 314(d).

And the first SAR Activity Review was published more than a year before 314(d) was passed. Even the first SAR Activity Review published after the enactment of the USA PATRIOT Act and section 314(d) – the 4th issue published on July 31, 2002 – didn’t make any reference to 314(d). Beginning with the 6th issue of the SAR Activity Review, published in October 2003, the authors broke out the statistics from the “Trends, Tips & Issues” document and published a separate, and more detailed, “SAR Activity Review – By The Numbers”. The last SAR Activity Review (the 23rd) and the last “By The Numbers” (the 18th) were published on April 30, 2013. None of those forty-one publications referenced 314(d). After the SAR Activity Reviews stopped, FinCEN continued to publish “SAR Statistics”, and did so three times from June 2014 through March 2017.  For the last few years, FinCEN has maintained SAR Stats on its website – https://www.fincen.gov/reports/sar-stats  – that is updated on a monthly basis. Those statistics are useful, but cannot be thought of as “containing a detailed analysis identifying patterns of suspicious activity and other investigative insights derived from suspicious activity reports and investigations conducted by federal, state, and local law enforcement agencies to the extent appropriate”, quoting the 314(d) language.

Does Anyone Know What Happened to 314(d)?

I don’t have the answer to that question. Perhaps 314(d) is seen as satisfied by the accumulation of advisories, guidance, bulletins, etc., published by FinCEN and other Treasury bureaus and agencies and departments from time to time. Perhaps there is a Treasury Memorandum out there that I’m not aware of that provides a simple explanation. Perhaps not: most BSA/AML experts I speak with are not even aware of 314(d), and if the SAR Activity Review did satisfy the spirit and intent of 314(d), the last one was published more than six years ago. But everyone in the private sector BSA/AML risk management space has been clamoring for more feedback from law enforcement and FinCEN on the effectiveness and usefulness of their SAR filings. Perhaps a renewed (or any) focus on 314(d) is the answer.  The revival of 314(d) could give FinCEN the mandate they’ve been looking for to provide more valuable information to the private sector producers of Suspicious Activity Reports. We would all benefit.

A Contempt Fine of $50,000 a Day for “Stashing Documents” But Not Producing Them

Three Chinese “multi-billion dollar banks disregarding an order to produce records or a witness essential to an investigation into a state-sponsor of terrorism’s proliferation of nuclear weapons” are hit with a fine of $50,000 for every day they refuse to comply, concluded Federal District Court Justice Beryl A. Howell in a May 15, 2019 Opinion that was only recently unsealed. Judge Howell noted that “Bank Three’s stashing documents somewhere in its facilities is not responsible to the subpoena.”

In story published June 24th – Link – the Washington Post identified the three Chinese banks as Bank of Communications, China Merchant’s Bank, and Shanghai Pudong Development Bank. This writer offers no comment on the accuracy of the Post’s claims.

This will be an interesting case, or series of cases, to follow. Titles 18 and 50 are impacted and US/Chinese relations could be impacted.

 

The original (March 18, 2019) Order is available on PACER at March 18 Order to Compel

The May 15th Order is available on PACER at May 15 Contempt Order

REAL ID Act of 2005 … REAL Beneficial Owners Act of 2019?

Can something like the REAL ID Act of 2005 be used to solve the beneficial ownership issue?

Without a national registry of beneficial ownership (BO) information, banks can collect BO information, but have no way to verify it

The REAL ID Act of 2005 compelled the 50 states to have their citizens’ state-issued identification documents meet certain minimum requirements and issuance standards … could a similar thing be done to compel the 50 states to have their state-created legal entities meet certain minimum requirements for beneficial ownership information?

The REAL ID Act of 2005 established minimum security standards for state-issued driver’s licenses and identification cards by prohibiting Federal agencies from accepting non-compliant state-issued driver’s licenses and identification cards that do not meet the Act’s minimum standards. The REAL ID Act was a way for the Federal Government to compel (sort of) the fifty states to meet certain standards for their drivers’ licenses. The Federal Government essentially told the fifty states “you have the power to issue state drivers’ licenses, and you can do what you’d like, but if you want those licenses to be used for any federal purposes, such as accessing Federal facilities, entering nuclear power plants, and, notably, boarding federally regulated commercial aircraft, then they have to meet our standards.”

The REAL ID Act’s genesis was the attacks of 9/11. It enacted recommendations from the July 2002 National Strategy for Homeland Security and the July 2004 9/11 Commission Report that the Federal Government “set standards for the issuance of sources of identification, such as driver’s licenses.” The REAL ID Act was included in the Emergency Supplemental Appropriation for Defense, the Global War on Terror, and Tsunami Relief Act of 2005 (PL 109-13, 119 Stat. 231 at 302), and the actual ID provisions are in Title II, Improved Security for Drivers’ Licenses and Personal Identification Cards, section 202, “minimum document requirements and issuance standards for federal recognition.” (Section 204 provides for grants to states to implement the document requirements and issuance standards).

The main part of section 202 provides:

REAL ID Act regulations weren’t finalized until January 2008, at which time it was clear that it would take billions of dollars and many years to get states into compliance. States were originally required to be compliant by May 2008 (the regulations weren’t published until January 2008). That deadline was extended multiple times to 2009, then 2011, then 2013, then 2015, and extended again to January 22, 2018. As of April 2018, only thirty states were compliant and the remaining twenty had obtained extensions. For those with non-compliant driver’s licenses issued by compliant states, they have until October 1, 2020 to get a compliant driver’s license.

To find out more about the REAL ID Act requirements, California’s DMV site has a good section: CA DMV on REAL ID Act

Can’t Board an Airplane … Can’t Bid on Federal Contracts

How could something like the REAL ID Act help banks with the beneficial ownership issue? Like driver’s licenses, creation of legal entities is left to each state, and (anecdotally) only three states currently require the collection and verification of beneficial ownership information.

Like they did to effectively compel the fifty states to issue individuals’ driver’s licenses that met federal standards, the federal government could pass a law that would prevent entities created in states that do not meet certain Beneficial Ownership standards from bidding on and winning federal government contracts. In other words, those states would not be compelled to collect, verify, and maintain accurate beneficial ownership information on state-incorporated legal entities, but would need to have an incorporation regime that did so if it wanted those legal entities to be able to bid on federal government contracts.

This might be a radical idea, full of legal and regulatory pitfalls. There might be dozens of reasons why it can’t work. But it might work. Or something similar could work (it doesn’t have to be about bidding on federal contracts).  But there must be something that could work. As Arthur C. Clarke wrote, “new ideas pass through three phases: it can’t be done; it probably can be done, but it’s not worth doing; I knew it was a good idea all along!”

One word of further caution. It will have taken fifteen years for all states to comply with the REAL ID Act of 2005 requirements. Hopefully it wouldn’t take states fifteen years to comply with the REAL Beneficial Owners Act of 2019.

44% of UK Solicitors Tested Are Not Meeting ML/TF Regulatory Requirements – but Unlike Their American Counterparts, At Least They Have Regulatory Requirements

A review by the UK’s Solicitors Regulation Authority (SRA) results in 44% of solicitor firms tested will be subject to disciplinary process. That’s bad, but what is worse is that US lawyers performing the same type of work are not subject to equivalent regulations

There are 7,000 regulated law firms in England and Wales that are subject to the anti-money laundering program and reporting regulations promulgated as a result of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Act 2017. Among other things, those firms are required to have a risk-based ML/TF compliance program, including customer due diligence and suspicious activity reporting requirements.

Note 1: not all “lawyers” are subject to these regulations. In the UK (and Canada) lawyers are either barristers – representing clients in criminal and civil proceedings in court – or solicitors – acting for clients in all other legal matters. The ML/TF regulations apply, generally, to solicitors, or “independent legal professionals and trust of company service providers” that provide “legal or notorial services to other persons, when participating in financial or real property transactions concerning” the buying or selling of real property and businesses, managing client money or asserts, opening and management of bank, savings, or securities accounts, and creating companies, trusts, and foundations. Put simply, financial, company, or property transactional work outside the court systems is covered by the ML/TF program and reporting requirements.

Note 2: the money laundering and terrorist financing compliance program requirements address at least (or only) three (3) of the enumerated thirty-eight (38) risks identified by the SRA in its Regulatory Risks Index. Ten (10) of the risks relate to the market and are not given a “severity” score: twenty-eight (28) of the risks relate to individual firms and are given a severity risk. Those risks range from a low of 4% for geographical or jurisdictional conflicts to a high of 96% for misuse of money or assets. The mean (average) risk is 43%, and the median (middle) risk is 38%. The second highest severity score was for criminal association (77%), the third highest was for money laundering (73%), and the fourth highest was for bribery and corruption (67%). Other than stealing clients’ money, the Solicitors Regulation Authority considers financial crimes – associating with criminals, money laundering, and bribery and corruption – to be the risks with the greatest severity. So with such severe risk, one would assume that firms would be serious about their compliance requirements: the results of the SRA’s review suggest otherwise.

In 2018 the SRA reviewed the programs of 59 law firms. On May 7, 2019 the SRA published the results. The actual report is at Go to the review. The press release is at https://www.sra.org.uk/sra/news/press/aml-tcsp-review-2019.page.

The SRA’s press release provided as follows:

A review has shown that a significant minority of law firms are not doing enough to prevent money laundering, with some falling seriously short.

The review did not find evidence of actual money laundering or that firms had any intention of becoming involved in criminal activities. However, it did find a range of breaches of the 2017 Money Laundering Regulations, as well as poor training and processes.

One of the biggest areas of concern was firms’ risk assessments. A firm risk assessment is required in legislation and should be the backbone of a firm’s anti-money laundering approach. We found that more than a third (24) of firms reviewed fell short in this area, including four that had no risk assessment at all.

There were also issues around appropriate customer due diligence. This included inadequate processes in almost a quarter (14) of firms to manage risks around Politically Exposed Persons, known as PEPs. However, in some instances effective customer due diligence did result in firms turning down work. Fifteen firms had done this, with one of the main reasons being evasive clients.

As a result of the review we have put 26 firms [out of 59] into our disciplinary processes. We have also published a warning notice reminding the profession of their obligations, particularly in relation to firm risk assessments. And we have begun a further review of 400 other law firms to check compliance with the Governments 2017 Money Laundering Regulations. This review will be led by a new dedicated anti-money laundering unit, being set up to bolster resources to prevent and detect money laundering.

But as important as what the press release did include is what it did not include. According to the actual report:

“Firms had raised low numbers of internal suspicious activity reports (ISARs).” The actual data, represented by the graphic below, suggests an even bleaker picture: only three (3) of fifty-nine (59) firms  – or one out of twenty – averaged more than one internal report on potential suspicious activity per year.  And the report noted that “only 10 firms had submitted SARs in the last 24 months”, but like the ISAR data, the actual SAR data was even more bleak, with only two (2) of the fifty-nine (59) firms filing more than one SAR a year over the last two years. 

Other results are worth highlighting:

  • two firms failed to consider the countries that they operate in and failed to have a PEP process in place
  • two firms failed to consider the geographical location of their clients or the nature of their firm’s work
  • five firms failed to consider the types of transactions that they undertake. They also failed to provide information and procedures in their AML policy about scrutinising complex and/or unusual transaction or transactions that have no apparent economic or legal purpose
  • one firm failed to address how they deliver legal services and also acknowledged that they do not see 5% of their clients
  • five firms that did not have a file [client] risk assessment process in place. This is concerning and suggests that some firms are not systematically addressing money laundering issues. This undermines the ability of fee earners to detect issues, report concerns and mitigate risks.
  • nine firms that had a [client risk assessment] process in place, but the fee earner was unable to provide an adequate risk assessment for each file. These failures suggest some firms struggle to monitor the compliance levels of fee earners and/or fail to implement the process/policy
  • We made eight referrals into our disciplinary processes about inadequate AML policies. This included one referral for a complete lack of written policies
  • of the 59 firms we visited, the fee earner we spoke to at 10 of the firms (17%) was unable to provide the relevant CDD for each of their files
  • eight files did not contain adequate information and/or recorded evidence about beneficial owners of the relevant trust or company
  • eight firms had no PEP process. These firms were referred into our disciplinary process

These same firms are advising financial institutions on how to comply with UK AML laws and regulations. It is inconceivable that these firms would ignore their own advice – assuming it is good advice – by having programs that have inadequate risk assessments, missing or inadequate customer due diligence files, no or inadequate internal processes for escalating unusual or potentially suspicious activity, and missing SARs. In fairness, though, where five firms have no programs, fifty-four have programs; where eight firms have no PEP process, fifty-one have a PEP process. And, as the headline indicates, at least the UK solicitors are equal partners with their financial institution clients in the global fight against money laundering and terrorist financing … unlike their American counterparts.

Regulators Testify on BSA/AML

Sed quis custodiet ipsos Custodes

But who will guard the guards themselves? – Roman poet and satirist Juvenal, c. 100 AD

On May 15, 2019 the Senate Banking Committee held a hearing on “Oversight of Financial Regulators”. The link to the hearing is:

https://www.banking.senate.gov/hearings/oversight-of-financial-regulators

The heads of the OCC, FDIC, and NCUA, and the head of regulatory supervision of the Board of Governors of the Federal Reserve, submitted written statements and testified. Anti-money laundering (AML) and its regulatory regime under the Bank Secrecy Act (BSA) were touched on by three of the four witnesses in their written statements.

The OCC’s Comptroller, Joseph Otting, had the following:

“Compliance risk remains elevated as banks seek to manage money-laundering risks in a complex, dynamic operating and regulatory environment.”

“My priorities also include improving the efficiency and effectiveness of Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations, supervision, and examination, while continuing to support law enforcement, protect the financial system from those who seek to exploit it for illicit and illegal purposes, and reduce the burden of BSA/AML compliance.”

And under the heading “Bank Secrecy Act and Anti-Money Laundering”, the Comptroller wrote:

The BSA and AML laws and regulations exist to protect our financial system from criminals who would exploit that system for their own illegal purposes or use that system to finance terrorism. While regulators and the industry share a commitment to fighting money laundering and other illegal activities, the process for complying with current BSA/AML laws and regulations has become inefficient and costly. It is critical that the BSA/AML regime be updated and enhanced to address today’s threats and better use the capabilities of modern technology to protect the financial system from illicit activity.

The OCC has taken a leadership role in coordinating discussions with the FDIC, Board of Governors of the Federal Reserve System, National Credit Union Administration, Treasury’s Office of Financial Intelligence, and FinCEN to identify and implement ways to improve the efficiency and effectiveness of BSA/AML regulations, supervision, and examinations, while continuing to meet the requirements of the statute and regulations, support law enforcement, and reduce BSA/AML compliance burden. In October 2018, these agencies released a joint statement clarifying ways in which community banks with a lower BSA risk profile may be able to increase efficiency and reduce burden in their BSA/AML compliance programs by sharing BSA resources. The statement describes how these banks can effectively use collaborative arrangements to share human, technology, or other resources related to BSA compliance to reduce costs, increase operational efficiency, and leverage specialized expertise.

More recently, in December 2018, these agencies issued a joint statement encouraging banks to take innovative approaches to meet their BSA/AML compliance obligations. The statement recognizes significant potential for technological innovation to transform BSA/AML compliance. In addition to assisting banks’ efforts to control their costs, innovation is increasingly necessary to counter constantly changing threats, as illicit financing methods evolve to exploit vulnerabilities in existing systems. The statement makes clear the agencies are committed to continued engagement with the private sector to modernize and innovate in their BSA/AML compliance programs. The OCC is actively engaged in discussions with banks and other stakeholders regarding ways to explore enhanced technology usage while maintaining the current strong protections for the financial system.

The OCC also has identified areas in which legislative changes could increase the impact and efficiency of BSA/AML regulation and compliance programs. The OCC generally supports legislative changes that would reduce unnecessary industry burden and compliance costs and allow for more effective information sharing related to illicit finance. These include requiring a regular review of BSA/AML regulations to identify those that could be strengthened, refined or to reduce unnecessary burden, and providing safe harbors to promote sharing of information.

The written statements of Jelena Williams, Chair of the FDIC, and Randal K. Quarles, Vice Chair for Supervision for the Federal Reserve, did not include anything on BSA/AML.

The written statement of Rodney E. Hood, Chairman of the National Credit Union Administration (NCUA), included the following on BSA/AML (footnotes omitted):

Ensuring Compliance with the Bank Secrecy Act The NCUA takes seriously its obligations to supervise federal credit unions for compliance with the various BSA and AML laws and regulations. As technology has become embedded in financial systems, even small financial institutions like credit unions can be vulnerable to illicit finance activity. The NCUA examines federal credit union compliance with BSA during every examination that we conduct. Additionally, the NCUA assists state regulators by conducting BSA examinations in federally insured, state-chartered credit unions where state resources are limited. In 2018, the NCUA conducted 3,308 BSA examinations in federal credit unions.

The NCUA’s BSA reviews are risk-focused and include a set of core procedures that cover an institution’s compliance with the pillars of the BSA. These core procedures are based on the FFIEC examination procedures we issue jointly with the other federal financial regulatory agencies. In addition to the core procedures, examiners are trained and directed to tailor examinations based on the unique risk characteristics of each federal credit union. Federal credit unions that have diverse platforms with higher risk activities will receive an expanded review tailored to the unique risk characteristics they present. Conversely, examinations of smaller, low-risk credit unions are appropriately scaled to minimal necessary procedures consistent with their risk characteristics and our obligations under the FCU Act.

The NCUA coordinates regularly with our counterparts as the other federal financial regulatory agencies, as well as the Financial Crimes Enforcement Network (FinCEN). The NCUA actively participates in the Bank Secrecy Act Advisory Group (BSAAG) and the FFIEC BSA Working Group. Additionally, the NCUA is part of a recently established interagency working group to improve effectiveness and streamline, where possible, our regulations and supervisory processes. The working group recently issued a Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing, as well as an Interagency Statement on Shared BSA Resources. Both joint statements provide appropriate information for institutions to leverage resources and new technologies to improve and streamline their BSA compliance obligations. The NCUA intends to continue to foster collaborative working relationships with our regulatory counterparts, including FinCEN. I believe that this is especially important in addressing substantial concerns related to the proliferation of cash-based businesses, which further necessitates reforming and modernizing the BSA regime.

Finally, the NCUA also communicates with the credit union industry through numerous channels, including: BSAAG participation and outreach; assistance and participation in national events applicable to the BSA attended by credit union industry professionals and leaders; and through periodic and ongoing training via webinars. The NCUA continues to maintain transparency in its policy positions. To that end, the agency publishes our examination and policy manuals, as well as nearly all guidance and directives provided to examiners related to the supervisory process or examinations.

I’ve highlighted three excerpts from Comptroller’s Otting’s statement:

It is critical that the BSA/AML regime be updated and enhanced to address today’s threats and better use the capabilities of modern technology to protect the financial system from illicit activity.

The agencies issued a joint statement encouraging banks to take innovative approaches to meet their BSA/AML compliance obligations. The statement recognizes significant potential for technological innovation to transform BSA/AML compliance.

The OCC generally supports legislative changes that would reduce unnecessary industry burden and compliance costs and allow for more effective information sharing related to illicit finance. These include requiring a regular review of BSA/AML regulations to identify those that could be strengthened, refined or to reduce unnecessary burden, and providing safe harbors to promote sharing of information.

Comptroller Otting’s testimony – and indeed the actions of the OCC and the other regulators – around the encouragement of innovative uses of technology is a very positive for all financial institutions struggling to balance the competing and sometimes conflicting interests and perspectives of their regulators, their customers, and law enforcement. The promotion of sharing information is also very positive: financial institutions working individually will never fulfill their regulatory obligations effectively or efficiently, and can only do so by sharing information with other institutions. Big data intelligence and collaborative investigations are the future of BSA/AML.

FinCEN’s Advisories and Guidance – “Persuasive Precedential Effect”, Whatever That Means

US-based AML practitioners are familiar with FinCEN Guidance and Advisories. Most are probably not sure what the differences are between a Guidance document and an Advisory. But both seem to have something called “persuasive precedential effect”. What is persuasive precedential effect? Is it different from non-persuasive precedential effect? My spell check doesn’t recognize the word “precedential”, and Googling the phrase only brings back 74 hits.

Just what is “persuasive precedential effect”? Having just glanced at the title of the first search result – “Legitimacy Model for the Interpretation of Plurality Decisions” – I couldn’t bear to try to answer that question myself, so … could a financial institution subject to the BSA please seek an Administrative Ruling from FinCEN to get an answer to the question “what does the phrase ‘persuasive precedential effect’ actually mean?”

FinCEN’s Regulatory Releases – Regulations, Guidance, Statements of Policy, Advisories, and Enforcement Rulings

On May 9, 2019, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), which has responsibility for the administration of the Bank Secrecy Act (BSA) under Treasury Order 180-01 (1992), issued formal Guidance (FIN-2019-G001) titled “Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies.”

https://www.fincen.gov/sites/default/files/2019-05/FinCEN%20Guidance%20CVC%20FINAL%20508.pdf

Also on May 9th, FinCEN issued an Advisory (FIN-2019-A003) titled “Advisory on Illicit Activity Involving Convertible Virtual Currency”.

https://www.fincen.gov/sites/default/files/advisory/2019-05-09/FinCEN%20Advisory%20CVC%20FINAL%20508_0.pdf

Why two documents? Why was one labeled “Guidance” and the other “Advisory”? The answers, in part, can be found at FinCEN’s “Regulatory Releases” page: FinCEN Regulatory Releases

According to FinCEN, it has authority to issue regulations, regulatory interpretations and guidance, advisories, and enforcement assessments/consent assessments. As explained by FinCEN:

I. Regulations

Regulations implementing the Bank Secrecy Act codified in title 31 of the Code of Federal Regulations, Chapter X (31 CFR Chapter X). Related publications include:

  • Final rules
  • Interim final rules
  • Notices of proposed rulemakings (known as “NPRM”)
  • Advance notices of proposed rulemakings (known as “ANPRM”)
  • Corrections

Final rules, interim final rules, and any subsequent corrections to these rules, are binding obligations on individuals and entities within the scope of such rules.

II. Regulatory Interpretations and Guidance

According to FinCEN, it “routinely issue[s] interpretations of BSA regulations as well as guidance to financial institutions on complying with our regulations.” There are three categories that fall into this bucket:

1. Administrative Rulings

The authority, process, and effect of Administrative Rulings is contained in subpart G of Part X of Title 31 of the code of Federal regulations – 31 CFR § 1010.710-717. Although FinCEN’s website provides that “published letter rulings often express an opinion about a new issue, apply an established theory or analysis to a set of facts that differs materially from facts or circumstances that have been previously considered, or provide a new interpretation of Title 31 of the United States Code, or any other statute granting FinCEN authority”, the regulation itself is somewhat more direct. It provides:

§1010.715 Issuing rulings – The Director, FinCEN, or his designee may issue a written ruling interpreting the relationship between this chapter and each situation for which such a ruling has been requested in conformity with § 1010.711. A ruling issued under this section shall bind FinCEN only in the event that the request describes a specifically identified actual situation. A ruling issued under this section shall have precedential value, and hence may be relied upon by others similarly situated, only if FinCEN makes it available to the public through publication on the FinCEN Web site under the heading “Administrative rulings” or other appropriate forum.”

The result? If FinCEN publishes an Administrative Ruling, it shall have precedential value and may be relied upon by financial institutions “similarly situated” as the requestor.

2. Interpretive Guidance

FinCEN provides three examples of interpretive guidance:

  • Interpretive releases, including written responses to informal inquires on the application of 31 CFR Chapter X that are not made and submitted to the Financial Crimes Enforcement Network consistent with the procedures outlined at 31 CFR § 1010.711
  • Frequently Asked Questions
  • Staff commentaries

Notably, interpretations of BSA regulations that are published on FinCEN’s public web site under the heading “Guidance” shall have persuasive precedential effect and, to that extent, may be relied upon by those financial institutions subject to the specific provision of the BSA regulation being interpreted until such interpretation is superseded, revoked, or amended.

FinCEN notes that “if written guidance is not published on FinCEN’s public web site under the heading “Guidance”, although not binding, such guidance provides useful insight into our view of the application of the Bank Secrecy Act and its implementing regulations at the time that the guidance is issued.”

3. Statements of Policy

This appears to cover guidance not published as “Guidance”, as well as “statements outlining or describing our policy with respect to specific issues arising under the Bank Secrecy Act.” According to FinCEN, “these statements provide useful insight into our view of the application of the Bank Secrecy Act and its implementing regulations at the time the statement is issued.”

III. Advisories

Advisories are published to financial institutions “concerning money laundering or terrorist financing threats and vulnerabilities for the purpose of enabling financial institutions to guard against such threats.”  If published on the FinCEN web site under the heading “Advisories” and to the extent they interpret BSA regulations , Advisories shall have persuasive precedential effect and may be relied upon by those financial institutions subject to the specific provision of the BSA regulation being interpreted until such interpretation is superseded, revoked, or amended.

And, like guidance not published under the heading “Guidance”, advisories not published under the heading “Advisory”, are not binding but provides “useful insight into [FinCEN’s] view of the application of the BSA and BSA regulations at the time that the advisory/guidance is issued.

IV. Enforcement Assessments and Consent Assessments

Public enforcement actions, often referred to as “Consent Orders” by the OCC and Federal Reserve and “Consent Assessments” by FinCEN because they are entered into with the (grudging) consent of the sanctioned entity, are binding on and apply exclusively to the sanctioned entity. However, as FinCEN notes, any “regulatory interpretations contained in such assessments shall have persuasive precedential effect and, to that extent, may be relied upon by those financial institutions subject to the specific provision of 31 CFR Chapter X being interpreted until such interpretation is superseded, revoked, or amended.”

FINRA’s list of AML Red Flags has gone from 25 to 97

FINRA Provides Guidance to Firms Regarding Suspicious Activity Monitoring and Reporting Obligations

http://www.finra.org/sites/default/files/notice_doc_file_ref/Regulatory-Notice-19-18.pdf

May 9, 2019

FINRA issued the Notice to provide guidance to member firms regarding suspicious activity monitoring and reporting obligations under FINRA Rule 3310 (Anti-Money Laundering Compliance Program). The guidance included ninety-seven (97) red flags organized into six sections:

  1. Potential Red Flags in Customer Due Diligence and Interactions With Customers (19 red flags, 10 are new)
  2. Potential Red Flags in Deposits of Securities (8 red flags, all are new)
  3. Potential Red Flags in Securities Trading (20 red flags, 18 are new)
  4. Potential Red Flags in Money Movements (31 red flags, 20 are new)
  5. Potential Red Flags in Insurance Products (5 red flags, all are new)
  6. Other Potential Red Flags (14 red flags, 10 are new)

The Notice provided that these red flags were in addition to the money laundering red flags that appeared in Notice to Members 02-21 (NTM 02-21) published in April 2002:

“Since NTM 02-21 was published [in April 2002], guidance detailing additional red flags that may be applicable to the securities industry have been published by a number of U.S. government agencies and international organizations. FINRA is issuing this Notice to provide examples of these additional money laundering red flags for firms to consider incorporating into their AML programs, as may be appropriate in implementing a risk-based approach to BSA/AML compliance.”

“This Notice is intended to assist broker-dealers in complying with their existing obligations under BSA/AML requirements and does not create any new requirements or expectations. In addition, this Notice incorporates the red flags listed in NTM 02-21 so that firms can refer to this Notice only for examples of potential red flags.”

So the twenty-five 2002 red flags are included, but not identified, within the ninety-seven 2019 red flags. To assist compliance professionals, I have gone through the 2002 red flags and inserted them into the 2019 red flags so that those professionals can more easily determine whether their current programs are covering off the “new” red flags.

2002 Red Flags

  1. The customer exhibits unusual concern regarding the firm’s compliance with government reporting requirements and the firm’s AML policies, particularly with respect to his or her identity, type of business and assets, or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspect identification or business documents.
  2. The customer wishes to engage in transactions that lack business sense or apparent investment strategy, or are inconsistent with the customer’s stated business strategy.
  3. The information provided by the customer that identifies a legitimate source for funds is false, misleading, or substantially incorrect.
  4. Upon request, the customer refuses to identify or fails to indicate any legitimate source for his or her funds and other assets.
  5. The customer (or a person publicly associated with the customer) has a questionable background or is the subject of news reports indicating possible criminal, civil, or regulatory violations.
  6. The customer exhibits a lack of concern regarding risks, commissions, or other transaction costs.
  7. The customer appears to be acting as an agent for an undisclosed principal, but declines or is reluctant, without legitimate commercial reasons, to provide information or is otherwise evasive regarding that person or entity.
  8. The customer has difficulty describing the nature of his or her business or lacks general knowledge of his or her industry.
  9. The customer attempts to make frequent or large deposits of currency, insists on dealing only in cash equivalents, or asks for exemptions from the firm’s policies relating to the deposit of cash and cash equivalents.
  10. The customer engages in transactions involving cash or cash equivalents or other monetary instruments that appear to be structured to avoid the $10,000 government reporting requirements, especially if the cash or monetary instruments are in an amount just below reporting or recording thresholds.
  11. For no apparent reason, the customer has multiple accounts under a single name or multiple names, with a large number of inter-account or third-party transfers.
  12. The customer is from, or has accounts in, a country identified as a non-cooperative country or territory by the Financial Action Task Force (FATF).
  13. The customer’s account has unexplained or sudden extensive wire activity, especially in accounts that had little or no previous activity.
  14. The customer’s account shows numerous currency or cashiers check transactions aggregating to significant sums.
  15. The customer’s account has a large number of wire transfers to unrelated third parties inconsistent with the customer’s legitimate business purpose.
  16. The customer’s account has wire transfers that have no apparent business purpose to or from a country identified as a money laundering risk or a bank secrecy haven.
  17. The customer’s account indicates large or frequent wire transfers, immediately withdrawn by check or debit card without any apparent business purpose.
  18. The customer makes a funds deposit followed by an immediate request that the money be wired out or transferred to a third party, or to another firm, without any apparent business purpose.
  19. The customer makes a funds deposit for the purpose of purchasing a long-term investment followed shortly thereafter by a request to liquidate the position and transfer of the proceeds out of the account.
  20. The customer engages in excessive journal entries between unrelated accounts without any apparent business purpose.
  21. The customer requests that a transaction be processed in such a manner to avoid the firm’s normal documentation requirements.
  22. The customer, for no apparent reason or in conjunction with other “red flags,” engages in transactions involving certain types of securities, such as penny stocks, Regulation “S” (Reg S) stocks, and bearer bonds, which although legitimate, have been used in connection with fraudulent schemes and money laundering activity. (Such transactions may warrant further due diligence to ensure the legitimacy of the customer’s activity.)
  23. The customer’s account shows an unexplained high level of account activity with very low levels of securities transactions.
  24. The customer maintains multiple accounts, or maintains accounts in the names of family members or corporate entities, for no apparent business purpose or other purpose.
  25. The customer’s account has inflows of funds or other assets well beyond the known income or resources of the customer.

2019 Red Flags (with references to 2002 red flags)

I. Potential Red Flags in Customer Due Diligence and Interactions With Customers
  1. The customer provides the firm with unusual or suspicious identification documents that cannot be readily verified or are inconsistent with other statements or documents that the customer has provided. Or, the customer provides information that is inconsistent with other available information about the customer. This indicator may apply to account openings and to interaction subsequent to account opening. (2002 red flag # 1 – The customer exhibits unusual concern regarding the firm’s compliance with government reporting requirements and the firm’s AML policies, particularly with respect to his or her identity, type of business and assets, or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspect identification or business documents.)
  2. The customer is reluctant or refuses to provide the firm with complete customer due diligence information as required by the firm’s procedures, which may include information regarding the nature and purpose of the customer’s business, prior financial relationships, anticipated account activity, business location and, if applicable, the entity’s officers and directors. (2002 red flag # 1 – The customer exhibits unusual concern regarding the firm’s compliance with government reporting requirements and the firm’s AML policies, particularly with respect to his or her identity, type of business and assets, or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspect identification or business documents.)
  3. The customer refuses to identify a legitimate source of funds or information is false, misleading or substantially incorrect. (2002 Red Flag #4 – Upon request, the customer refuses to identify or fails to indicate any legitimate source for his or her funds and other assets. Also, 2002 red flag #3 – The information provided by the customer that identifies a legitimate source for funds is false, misleading, or substantially incorrect.)
  4. The customer is domiciled in, doing business in or regularly transacting with counterparties in a jurisdiction that is known as a bank secrecy haven, tax shelter, high-risk geographic location (e.g., known as a narcotics producing jurisdiction, known to have ineffective AML/Combating the Financing of Terrorism systems) or conflict zone, including those with an established threat of terrorism.
  5. The customer has difficulty describing the nature of his or her business or lacks general knowledge of his or her industry. (2002 red flag # 8 – The customer has difficulty describing the nature of his or her business or lacks general knowledge of his or her industry.)
  6. The customer has no discernable reason for using the firm’s service or the firm’s location (e.g., the customer lacks roots to the local community or has gone out of his or her way to use the firm).
  7. The customer has been rejected or has had its relationship terminated as a customer by other financial services firms.
  8. The customer’s legal or mailing address is associated with multiple other accounts or businesses that do not appear related.
  9. The customer appears to be acting as an agent for an undisclosed principal, but is reluctant to provide information. (2002 red flag # 7 – The customer appears to be acting as an agent for an undisclosed principal, but declines or is reluctant, without legitimate commercial reasons, to provide information or is otherwise evasive regarding that person or entity.)
  10. The customer is a trust, shell company or private investment company that is reluctant to provide information on controlling parties and underlying beneficiaries.
  11. The customer is publicly known or known to the firm to have criminal, civil or regulatory proceedings against him or her for crime, corruption or misuse of public funds, or is known to associate with such persons. Sources for this information could include news items, the Internet or commercial database searches. (2002 red flag #5 – The customer (or a person publicly associated with the customer) has a questionable background or is the subject of news reports indicating possible criminal, civil, or regulatory violations.)
  12. The customer’s background is questionable or differs from expectations based on business activities.
  13. The customer maintains multiple accounts, or maintains accounts in the names of family members or corporate entities, with no apparent business or other purpose. (2002 red flag # 11 – For no apparent reason, the customer has multiple accounts under a single name or multiple names, with a large number of inter-account or third-party transfers. Also 2002 red flag #24 – The customer maintains multiple accounts, or maintains accounts in the names of family members or corporate entities, for no apparent business purpose or other purpose.)
  14. An account is opened by a politically exposed person (PEP), particularly in conjunction with one or more additional risk factors, such as the account being opened by a shell company beneficially owned or controlled by the PEP, the PEP is from a country which has been identified by FATF as having strategic AML regime deficiencies, or the PEP is from a country known to have a high level of corruption. (similar to 2002 red flag # 12 – The customer is from, or has accounts in, a country identified as a non-cooperative country or territory by the Financial Action Task Force (FATF).)
  15. An account is opened by a non-profit organization that provides services in geographic locations known to be at higher risk for being an active terrorist threat.
  16. An account is opened in the name of a legal entity that is involved in the activities of an association, organization or foundation whose aims are related to the claims or demands of a known terrorist entity.
  17. An account is opened for a purported stock loan company, which may hold the restricted securities of corporate insiders who have pledged the securities as collateral for, and then defaulted on, purported loans, after which the securities are sold on an unregistered basis.
  18. An account is opened in the name of a foreign financial institution, such as an offshore bank or broker-dealer, that sells shares of stock on an unregistered basis on behalf of customers.
  19. An account is opened for a foreign financial institution that is affiliated with a U.S. broker-dealer, bypassing its U.S. affiliate, for no apparent business purpose. An apparent business purpose could include access to products or services the U.S. affiliate does not provide.
II. Potential Red Flags in Deposits of Securities
  1. A customer opens a new account and deposits physical certificates, or delivers in shares electronically, representing a large block of thinly traded or low-priced securities.
  2. A customer has a pattern of depositing physical share certificates, or a pattern of delivering in shares electronically, immediately selling the shares and then wiring, or otherwise transferring out the proceeds of the sale(s).
  3. A customer deposits into an account physical share certificates or electronically deposits or transfers shares that:
    • were recently issued or represent a large percentage of the float for the security;
    • reference a company or customer name that has been changed or that does not match the name on the account;
    • were issued by a shell company;
    • were issued by a company that has no apparent business, revenues or products;
    • were issued by a company whose SEC filings are not current, are incomplete, or nonexistent;
    • were issued by a company that has been through several recent name changes or business combinations or recapitalizations;
    • were issued by a company that has been the subject of a prior trading suspension; or
    • were issued by a company whose officers or insiders have a history of regulatory or criminal violations, or are associated with multiple low-priced stock issuers.
  1. The lack of a restrictive legend on deposited shares seems inconsistent with the date the customer acquired the securities, the nature of the transaction in which the securities were acquired, the history of the stock or the volume of shares trading.
  2. A customer with limited or no other assets at the firm receives an electronic transfer or journal transfer of large amounts of low-priced, non-exchange-listed securities.
  3. The customer’s explanation or documents purporting to evidence how the customer acquired the shares does not make sense or changes upon questioning by the firm or other parties. Such documents could include questionable legal opinions or securities purchase agreements.
  4. The customer deposits physical securities or delivers in shares electronically, and within a short time-frame, requests to journal the shares into multiple accounts that do not appear to be related, or to sell or otherwise transfer ownership of the shares.
  5. Seemingly unrelated clients open accounts on or at about the same time, deposit the same low-priced security and subsequently liquidate the security in a manner that suggests coordination.
III. Potential Red Flags in Securities Trading
  1. The customer, for no apparent reason or in conjunction with other “red flags,” engages in transactions involving certain types of securities, such as penny stocks, Regulation “S” stocks and bearer bonds, which although legitimate, have been used in connection with fraudulent schemes and money laundering activity. (Such transactions may warrant further due diligence to ensure the legitimacy of the customer’s activity.) (2002 red flag # 22 – The customer, for no apparent reason or in conjunction with other “red flags,” engages in transactions involving certain types of securities, such as penny stocks, Regulation “S” (Reg S) stocks, and bearer bonds, which although legitimate, have been used in connection with fraudulent schemes and money laundering activity. (Such transactions may warrant further due diligence to ensure the legitimacy of the customer’s activity.)).
  2. There is a sudden spike in investor demand for, coupled with a rising price in, a thinly traded or low-priced security.
  3. The customer’s activity represents a significant proportion of the daily trading volume in a thinly traded or low-priced security.
  4. A customer buys and sells securities with no discernable purpose or circumstances that appear unusual. (2002 red flag #2 – The customer wishes to engage in transactions that lack business sense or apparent investment strategy, or are inconsistent with the customer’s stated business strategy.)
  5. Individuals known throughout the industry to be stock promoters sell securities through the broker-dealer.
  6. A customer accumulates stock in small increments throughout the trading day to increase price.
  7. A customer engages in pre-arranged or other non-competitive securities trading, including wash or cross trades, with no apparent business purpose.
  8. A customer attempts to influence the closing price of a stock by executing purchase or sale orders at or near the close of the market.
  9. A customer engages in transactions suspected to be associated with cyber breaches of customer accounts, including potentially unauthorized disbursements of funds or trades.
  10. A customer engages in a frequent pattern of placing orders on one side of the market, usually inside the existing National Best Bid or Offer (NBBO), followed by the customer entering orders on the other side of the market that execute against other market participants that joined the market at the improved NBBO (activity indicative of “spoofing”).
  11. A customer engages in a frequent pattern of placing multiple limit orders on one side of the market at various price levels, followed by the customer entering orders on the opposite side of the market that are executed and the customer cancelling the original limit orders (activity indicative of “layering”).
  12. Two or more unrelated customer accounts at the firm trade an illiquid or low priced security suddenly and simultaneously.
  13. The customer makes a large purchase or sale of a security, or option on a security, shortly before news or a significant announcement is issued that affects the price of the security.
  14. The customer is known to have friends or family who work at or for the securities issuer, which may be a red flag for potential insider trading or unlawful sales of unregistered securities.
  15. The customer’s purchase of a security does not correspond to the customer’s investment profile or history of transactions (e.g., the customer may never have invested in equity securities or may have never invested in a given industry, but does so at an opportune time) and there is no reasonable explanation for the change.
  16. The account is using a master/sub structure, which enables trading anonymity with respect to the sub-accounts’ activity, and engages in trading activity that raises red flags, such as the liquidation of microcap issuers or potentially manipulative trading activity.
  17. The firm receives regulatory inquiries or grand jury or other subpoenas concerning the firm’s customers’ trading.
  18. The customer engages in a pattern of transactions in securities indicating the customer is using securities to engage in currency conversion. For example, the customer delivers in and subsequently liquidates American Depository Receipts (ADRs) or dual currency bonds for U.S. dollar proceeds, where the securities were originally purchased in a different currency.
  19. The customer engages in mirror trades or transactions involving securities used for currency conversions, potentially through the use of offsetting trades.
  20. The customer appears to buy or sell securities based on advanced knowledge of pending customer orders.
IV. Potential Red Flags in Money Movements
  1. The customer attempts or makes frequent or large deposits of currency, insists on dealing only in cash equivalents, or asks for exemptions from the firm’s policies and procedures relating to the deposit of cash and cash equivalents. (2002 red flag # 9 – The customer attempts to make frequent or large deposits of currency, insists on dealing only in cash equivalents, or asks for exemptions from the firm’s policies relating to the deposit of cash and cash equivalents.)
  2. The customer “structures” deposits, withdrawals or purchases of monetary instruments below a certain amount to avoid reporting or recordkeeping requirements, and may state directly that they are trying to avoid triggering a reporting obligation or to evade taxing authorities. (2002 red flag # 10 – The customer engages in transactions involving cash or cash equivalents or other monetary instruments that appear to be structured to avoid the $10,000 government reporting requirements, especially if the cash or monetary instruments are in an amount just below reporting or recording thresholds.)
  3. The customer seemingly breaks funds transfers into smaller transfers to avoid raising attention to a larger funds transfer. The smaller funds transfers do not appear to be based on payroll cycles, retirement needs, or other legitimate regular deposit and withdrawal strategies.
  4. The customer’s account shows numerous currency, money order (particularly sequentially numbered money orders) or cashier’s check transactions aggregating to significant sums without any apparent business or lawful purpose. (2002 red flag # 14 – The customer’s account shows numerous currency or cashiers check transactions aggregating to significant sums.)
  5. The customer frequently changes bank account details or information for redemption proceeds, in particular when followed by redemption requests.
  6. The customer makes a funds deposit followed by an immediate request that the money be wired out or transferred to a third party, or to another firm, without any apparent business purpose. (2002 red flag # 18 – The customer makes a funds deposit followed by an immediate request that the money be wired out or transferred to a third party, or to another firm, without any apparent business purpose.)
  7. Wire transfers are made in small amounts in an apparent effort to avoid triggering identification or reporting requirements. (this is similar to 2002 red flag # 21 – The customer requests that a transaction be processed in such a manner to avoid the firm’s normal documentation requirements.)
  8. Incoming payments are made by third-party checks or checks with multiple endorsements.
  9. Outgoing checks to third parties coincide with, or are close in time to, incoming checks from other third parties.
  10. Payments are made by third party check or money transfer from a source that has no apparent connection to the customer.
  11. Wire transfers are made to or from financial secrecy havens, tax havens, high risk geographic locations or conflict zones, including those with an established presence of terrorism. (2002 red flag #16 – The customer’s account has wire transfers that have no apparent business purpose to or from a country identified as a money laundering risk or a bank secrecy haven.)
  12. Wire transfers originate from jurisdictions that have been highlighted in relation to black market peso exchange activities.
  13. The customer engages in transactions involving foreign currency exchanges that are followed within a short time by wire transfers to locations of specific concern (e.g., countries designated by national authorities, such as FATF, as non-cooperative countries and territories).
  14. The parties to the transaction (e.g., originator or beneficiary) are from countries that are known to support terrorist activities and organizations.
  15. Wire transfers or payments are made to or from unrelated third parties (foreign or domestic), or where the name or account number of the beneficiary or remitter has not been supplied. (2002 red flag # 15 – The customer’s account has a large number of wire transfers to unrelated third parties inconsistent with the customer’s legitimate business purpose.)
  16. There is wire transfer activity that is unexplained, repetitive, unusually large, shows unusual patterns or has no apparent business purpose.
  17. The securities account is used for payments or outgoing wire transfers with little or no securities activities (i.e., account appears to be used as a depository account or a conduit for transfers, which may be purported to be for business operating needs). (similar to 2002 red flag # 23 – The customer’s account shows an unexplained high level of account activity with very low levels of securities transactions.).
  18. Funds are transferred to financial or depository institutions other than those from which the funds were initially received, specifically when different countries are involved.
  19. The customer engages in excessive journal entries of funds between related or unrelated accounts without any apparent business purpose. (2002 red flag #20 – The customer engages in excessive journal entries between unrelated accounts without any apparent business purpose.)
  20. The customer uses a personal/individual account for business purposes or vice versa.
  21. A foreign import business with U.S. accounts receives payments from outside the area of its customer base.
  22. There are frequent transactions involving round or whole dollar amounts purported to involve payments for goods or services.
  23. Upon request, a customer is unable or unwilling to produce appropriate documentation (e.g., invoices) to support a transaction, or documentation appears doctored or fake (e.g., documents contain significant discrepancies between the descriptions on the transport document or bill of lading, the invoice, or other documents such as the certificate of origin or packing list).
  24. The customer requests that certain payments be routed through nostro or correspondent accounts held by the financial intermediary instead of its own accounts, for no apparent business purpose.
  25. Funds are transferred into an account and are subsequently transferred out of the account in the same or nearly the same amounts, especially when the origin and destination locations are high-risk jurisdictions.
  26. A dormant account suddenly becomes active without a plausible explanation (e.g., large deposits that are suddenly wired out). (similar to 2002 red flag # 13 – The customer’s account has unexplained or sudden extensive wire activity, especially in accounts that had little or no previous activity.)
  27. Nonprofit or charitable organizations engage in financial transactions for which there appears to be no logical economic purpose or in which there appears to be no link between the stated activity of the organization and the other parties in the transaction.
  28. There is unusually frequent domestic and international automated teller machine (ATM) activity.
  29. A person customarily uses the ATM to make several deposits into a brokerage account below a specified BSA/AML reporting threshold.
  30. Many small, incoming wire transfers or deposits are made using checks and money orders that are almost immediately withdrawn or wired out in a manner inconsistent with the customer’s business or history; the checks or money orders may reference in a memo section “investment” or “for purchase of stock.” This may be an indicator of a Ponzi scheme or potential funneling activity. (2002 red flag # 17. The customer’s account indicates large or frequent wire transfers, immediately withdrawn by check or debit card without any apparent business purpose.)
  31. Wire transfer activity, when viewed over a period of time, reveals suspicious or unusual patterns, which could include round dollar, repetitive transactions or circuitous money movements.
V. Potential Red Flags in Insurance Products
  1. The customer cancels an insurance contract and directs that the funds be sent to a third party.
  2. The customer deposits an insurance annuity check from a cancelled policy and immediately requests a withdrawal or transfer of funds.
  3. The customer cancels an annuity product within the free-look period. This could be a red flag if accompanied with suspicious indicators, such as purchasing the annuity with several sequentially numbered money orders or having a history of cancelling annuity products during the free-look period.
  4. The customer opens and closes accounts with one insurance company, then reopens a new account shortly thereafter with the same insurance company, each time with new ownership information.
  5. The customer purchases an insurance product with no concern for the investment objective or performance.
VI. Other Potential Red Flags
  1. The customer is reluctant to provide information needed to file reports to proceed with the transaction.
  2. The customer exhibits unusual concern with the firm’s compliance with government reporting requirements and the firm’s AML policies. (similar to part of 2002 red flag #1 – The customer exhibits unusual concern regarding the firm’s compliance with government reporting requirements and the firm’s AML policies, particularly with respect to his or her identity, type of business and assets, or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspect identification or business documents.)
  3. The customer tries to persuade an employee not to file required reports or not to maintain the required records.
  4. Notifications received from the broker-dealer’s clearing firm that the clearing firm had identified potentially suspicious activity in customer accounts. Such notifications can take the form of alerts or other concern regarding negative news, money movements or activity involving certain securities.
  5. Law enforcement has issued subpoenas or freeze letters regarding a customer or account at the securities firm.
  6. The customer makes high-value transactions not commensurate with the customer’s known income or financial resources. (2002 red flag #25 – The customer’s account has inflows of funds or other assets well beyond the known income or resources of the customer.)
  7. The customer wishes to engage in transactions that lack business sense or an apparent investment strategy, or are inconsistent with the customer’s stated business strategy.
  8. The stated business, occupation or financial resources of the customer are not commensurate with the type or level of activity of the customer.
  9. The customer engages in transactions that show the customer is acting on behalf of third parties with no apparent business or lawful purpose.
  10. The customer engages in transactions that show a sudden change inconsistent with normal activities of the customer.
  11. Securities transactions are unwound before maturity, absent volatile market conditions or other logical or apparent reason. (similar to 2002 red flag # 19 – The customer makes a funds deposit for the purpose of purchasing a long-term investment followed shortly thereafter by a request to liquidate the position and transfer of the proceeds out of the account.)
  12. The customer does not exhibit a concern with the cost of the transaction or fees (e.g., surrender fees, or higher than necessary commissions). (2002 red flag # 6 – The customer exhibits a lack of concern regarding risks, commissions, or other transaction costs.)
  13. A borrower defaults on a cash-secured loan or any loan that is secured by assets that are readily convertible into currency.
  14. There is an unusual use of trust funds in business transactions or other financial activity.