How AML Compliance Could Soon Change


AML-9-21-18.pngDespite major changes in compliance obligations starting with the Dodd-Frank Act through the more recent Economic Growth, Regulatory Relief, and Consumer Protection Act, requirements related to anti-money laundering (AML) compliance have remained largely unchanged.

The last major revision of AML compliance requirements was in 2001 with the U.S.A. PATRIOT Act amendments to the Bank Secrecy Act. This era may be coming to an end with the reintroduction earlier this summer of H.R. 6068, Counter Terrorism and Illicit Finance Act (CTIFA), and the convergence of market developments.

Although the reintroduced CTIFA bill removes a prior provision that would have required beneficial ownership information for new corporations to be collected and provided to FinCEN, the revised CTIFA would make a number of other significant changes to AML compliance requirements:

  • Increase the filing thresholds for currency transaction reports from $10,000 to $30,000 and for suspicious activity reports (SARs) from $5,000 to $10,000;
  • Require the Secretary of the Treasury to undertake a formal review of the information reporting requirements in the BSA to ensure the information is “of a high degree of usefulness” to law enforcement, and to propose changes to reduce regulatory burden;
  • Reduce impediments to the sharing of SAR information within a financial group, including with foreign branches, subsidiaries, and affiliates;
  • Create a process for FinCEN to issue no-action letters concerning the application of the BSA or any other AML law to specific conduct, including a statement whether FinCEN has any intention of taking an enforcement action with respect to such conduct;
  • Encourage the use of technological innovations such as artificial intelligence in AML compliance;
  • Establish an 18-month safe harbor from enforcement of FinCEN’s beneficial ownership and customer due diligence rule, which became effective in May 2018; and
  • Commission studies on the effectiveness of current beneficial ownership reporting regimes and cost-benefit analyses of AML requirements.

Although the CTIFA’s prospects for passage are uncertain, several of its provisions track market developments that are already bringing about change. First, innovative technologies such as artificial intelligence and blockchain increasingly are being leveraged for AML compliance solutions.

Artificial intelligence has the potential to transform terabytes of customer information into actionable AML insights including, for example, customizable pre-drafted suspicious activity report templates or customer risk profiles. These risk profiles update in real time in support of the new customer due diligence “pillar” of AML compliance. Blockchain and other distributed ledger technologies may be deployed to create standardized digital identities for customers to expedite and safeguard KYC and authentication processes.

Second, banks already are taking a hard look at their CTR and SAR processes to determine the ratio of meaningful information to noise that has been included in these reports. This augmented reporting will result in a direct benefit to the network of federal government agencies tasked with analyzing reports to find information with a high degree of usefulness in law enforcement investigations.

Third, banks are increasingly providing services to new types of high-risk businesses, such as marijuana-related businesses (“MRBs”) and cryptocurrency companies. FinCEN has for each of these industries been a pioneer in issuing guidance relatively early in the industry’s lifecycle to explain how AML compliance obligations apply, but this guidance requires updating. As just one example, FinCEN’s three-tiered system for filing SARs applies when a bank provides banking services directly to an MRB, but there are less clear SAR filing guidelines when a bank provides services to a customer that provides services to MRBs or owns shares of an MRB.

Banks continue to use FinCEN’s administrative ruling request process or the supervisory process to obtain guidance for high-risk customers, albeit in an ad hoc, non-public way. This request process is less effective than the no-action letter process contemplated in the CTIFA.

The CTIFA, if enacted, would significantly change AML compliances. At the same time, innovation and new business opportunities, among other market developments, are already contributing to AML compliance enhancements. Regardless of whether the legislation passes, the industry appears to be entering an era of change.

Banks Face Continuing Legal Challenge Servicing Marijuana Growers


marijuana-9-8-17.pngIn the past five years, marijuana has become big business in the United States. There are now eight states with fully legalized recreational marijuana. Couple that with the other 20-plus states with legalized medical marijuana and we have two-thirds of Americans living in states with some form of legal access to marijuana. Many of the remaining states have decriminalized possession of small amounts of marijuana. Currently, it is estimated there are approximately 200,000 full-time and part-time workers in the cannabis industry, with legal marijuana and marijuana-related businesses (MRBs) anticipated to account for revenues in the $50 billion range over the next few years.

However, marijuana remains illegal at the federal level under the Controlled Substances Act. Marijuana continues to be classified as a Schedule I narcotic, which is the highest and most dangerous drug classification. Schedule I drugs are those that have no known medicinal value and the federal government considers to be illegal in all respects. Included with marijuana in this classification are heroin, ecstasy, methaqualone and peyote.

The inconsistency between state and federal laws has caused much confusion and consternation, particularly for financial institutions. In states where marijuana is legal, financial institutions have made many requests for federal guidance on banking MRBs. In 2014, the Department of Justice and Financial Crimes Enforcement Network, or FinCen, responded to such requests with the so-called Cole Memorandum and guidance titled “BSA Expectations Regarding Marijuana-Related Businesses,” respectively. The Cole Memorandum states the federal government will not prosecute within the cannabis industry so long as companies (including banks) obey local and state laws and regulations. The FinCen guidance provided a procedure for filing Suspicious Activity Reports for known MRB bank customers.

Unfortunately, neither of these governs the three prudential federal bank regulators, particularly in the enforcement of Bank Secrecy Act and anti-money laundering rules. As a result, most banks will not touch marijuana-related deposits, make loans to marijuana businesses or permit the use of credit cards on their payment systems. Banks that do provide services to MRBs are very quiet about it. They typically limit the deposits to certain dollar amounts, and if there is any whiff of concern, the accounts are quickly closed. It is estimated that in 2016, about 300 financial institutions in this country knowingly provided deposit accounts to MRBs. Many of these institutions have long standing relationships with their MRB customers and often require them to sign confidentiality agreements to keep the relationship quiet. There has been much speculation on how many banks are unknowingly banking marijuana customers, though it is certain that many are.

All of this legal uncertainty and risk has kept most banks out of the marijuana growing industry, leaving the business almost entirely cash-based. Many MRBs must find workarounds to deal with the cash they cannot deposit and the bills and taxes they must pay. Retailers have methods for hiding cash, including the purchase of armored cars and warehouses where cash can be stored. Many in the business have created their own security forces enlisting motorcycle gangs and former police or military personnel to protect their cash. Employees also are paid in cash, so pay day is staggered in order to prevent robberies. Taxes must be paid in person and are subject to penalties for cash payment. In addition, those who pay their taxes in cash are not eligible to take deductions, so they are paying taxes on gross revenue amounts, though it is difficult to determine (or audit) what those gross amounts really are. Many states are realizing this cash-based business is ripe for organized crime involvement.

With traditional banking mostly out of the picture, many entrepreneurs are working on technical alternative payment platforms as a way around old fashioned banking relationships. Some are using or developing crypto-currency platforms like Bitcoin and, more recently, Potcoin. These are only limited solutions to not having a deposit account or the ability to accept credit card payments. Others are trying to use stored value cards, cell phone apps and other mechanisms. Currently, no alternatives have caught on with the public or the industry. Alternative lenders, including individuals, private equity firms and loan sharks also have stepped in to provide expensive financing to the industry.

The Trump administration does not seem keen on legalizing marijuana, and Attorney General Jeff Sessions appears to be leaning toward increased enforcement. There are numerous bills in Congress to legalize marijuana and permit MRBs to be banked, but it is not clear whether any of these will pass. Until then, most banks will continue facing legal issues and continue avoiding the burgeoning and lucrative marijuana industry.

New Anti-Money Laundering Rules Will Impact Banks


anti-money-laundering-6-8-16.pngFueled by the leak of the Panama Papers, the Financial Crimes Enforcement Network (FinCEN) has published a final regulation requiring banks to identify beneficial owners of their legal entity customers. Heralding the new regulation as a critical step in its effort to prevent criminals from using companies to hide their identity and launder criminal proceeds, the Treasury Department, buttressed by new Justice Department initiatives, is amplifying the momentum building within the anti-money laundering (AML) enforcement community to achieve unprecedented transparency across the corporate spectrum.

What the Regulation Does
In writing the regulation, FinCEN has built upon the customer due diligence mandated by existing Customer Identification Program (CIP) regulations, adding a provision requiring banks to identify and verify natural persons who are beneficial owners of legal entity customers together with one individual who has significant management responsibility. To give adequate time for retooling of CIP programs, compliance with the final regulation becomes mandatory by May 11, 2018. Once in force, it will apply to all new accounts, but will only apply to existing accounts when the bank detects information relevant to reevaluating a customer’s risk profile.

FinCEN defines “legal entity customer” to mean a corporation, LLC, or other entity created by filing a public document with the secretary of state or similar office. General partnerships and other entities formed under foreign laws are also covered, but most trusts are excluded.

The regulation permits, but does not require, the use of an official Certification Form. Information must be provided to the best knowledge of the person opening an account. A bank may rely on the information supplied by its legal entity customer so long as it knows no facts causing it to question its reliability.

Beneficial ownership is measured by an “ownership prong” requiring identification of individuals owning 25 percent equity in the legal entity customer and a “control prong” requiring identification of a single individual having significant management responsibility. FinCEN makes clear that only the identity—not the status—of beneficial owners must be verified, and verification procedures should address elements in a bank’s CIP. Updating of beneficial ownership information would be triggered only if normal monitoring detects heightened risk in the profile or activities of a legal entity customer.

Even More Regulations May Be Coming Down the Pike
Treasury also proposes to issue regulations targeting U.S.-based, foreign-owned, single-member limited liability companies, to require taxpayer identification numbers and eliminate exemption from U.S. reporting requirements.

Treasury also has asked Congress to pass legislation requiring a company to disclose owner names at the time it is formed. If enacted, the legislation would enable the capture of critical information when a company commences business and would give U.S. enforcement authorities access to a central registry of beneficial ownership data. Treasury officials have not indicated whether the registry would be made available to banks. Treasury is also recommending legislation requiring U.S. banks to provide foreign jurisdictions with the same information that foreign banks must provide to the IRS.

Aligning itself with Treasury, the Justice Department also is proposing legislation to combat illegal proceeds of transnational corruption. If enacted, the legislation would allow prosecutors to pursue cases directly against corrupt foreign regimes, authorize administrative subpoenas and expand substantive corruption offenses.

How to Prepare
Even though mandatory compliance with the beneficial ownership regulation is two years away, the board should have compliance personnel begin the process of amending their bank’s CIP to satisfy the requirements of the new regulation, paying particular attention to the account opening process.

With regard to account opening, banks should:

  • Determine whether and to what extent the CIP already captures beneficial ownership information.
  • Develop beneficial owner identity verification procedures for legal entity customers that meet the new regulatory definition, and determine to what extent existing CIP verification procedures should be incorporated.

With regard to account maintenance, banks should:

  • Establish criteria and “red flags” that will trigger beneficial ownership reviews and updates of legal entity customers.
  • Identify legal entity customers that meet the new regulatory definition so that the institution will be able to act when triggering events occur.
  • Consider the need, despite no regulatory requirement, for conducting standardized periodic updates of beneficial ownership information.

With two powerful agencies combining to tighten risk-based controls on money laundering and foreign corruption, it is clear that banks will need to devote increased resources to AML compliance. Board members must remain mindful that the functional regulators will continue to require the global enterprise to maintain safety and soundness by appropriately managing risk and minimizing susceptibility to illegal financial activity.

 

Bank Secrecy Act: Do Regulators Care?


Accounting fraud, terrorist attacks and economic meltdowns are the catalysts for many of today’s financial regulations. With so much focus recently on the Dodd-Frank Act, many financial institutions may be overlooking the compliance requirements for the Bank Secrecy Act (BSA), or anti-money laundering law. In this video, John ReVeal, attorney for Bryan Cave LLP, shares his insights into how BSA violations are perceived by the regulators.