In early 2020, a series of U.S. anti-money laundering/combating the financing of terrorism (AML/CFT) actions signaled that this would be a year of rising scrutiny of AML/CFT compliance, and the simultaneous Covid-19 pandemic has taken AML/CFT risks to an entirely new level.
Financial institutions—and their individual officers—must keep up with these developments and assess the pandemic’s implications for AML/CFT compliance to avoid potential liability in the future for their actions now.
AML/CFT Compliance Risks Highlighted in Early 2020
The Department of the Treasury, the Financial Crimes Enforcement Network (FinCEN), and federal and state financial regulators filled the first four months of 2020 with a series of actions that should put financial institutions and their compliance officers on notice that scrutiny of AML/CFT compliance is increasing in key areas.
Assessing the adequacy of risk assessments, the foundation of a risk-based AML/CFT compliance program, was the subject of an update to the FFIEC Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual released April 15 by the Federal Financial Institutions Examination Council (FFIEC), acting jointly with state regulatory agencies and in conjunction with FinCEN. An FFIEC statement acknowledged that the Covid-19 pandemic was creating uncertainty for financial institutions, but emphasized that the update was a project that began long before the pandemic.
Cryptocurrencies and other digital assets officially became one of the most significant AML/CFT risks in 2020. In early February, Treasury released the new 2020 National Strategy for Combating Terrorist and Other Illicit Financing, which stated for the first time that the U.S. government considers digital assets to be one of the most significant money laundering and terrorist financing vulnerabilities. Following seven years of FinCEN guidance and enforcement actions addressing the application of the BSA to digital asset businesses, the 2020 National Strategy unequivocally established AML/CFT relating to digital assets as a high priority in 2020 and beyond.
The importance of both risk assessment and digital assets was apparent in an enforcement action that the Office of the Comptroller of the Currency (OCC) concluded in late January. The OCC found that M.Y. Safra Bank had provided financial services to cryptocurrency-related businesses and failed to appropriately assess and monitor the AML/CFT risks associated with them. It was the first formal BSA enforcement action against a bank for cryptocurrency-related issues.
Compliance officers at any business subject to AML/CFT regulation also should be on notice that they are at risk of being held personally liable for decisions that they make.
FinCEN made this risk apparent in a March 4 enforcement action that imposed a $450,000 penalty on the former chief risk officer of a bank that had been punished for BSA violations in 2018. This penalty was the largest against an individual since 2014, when FinCEN penalized the former chief compliance officer of Moneygram $1 million.
AML/CFT Compliance in the Time of Covid-19
The Covid-19 pandemic entered this concerning situation and made it even worse. Nationwide and worldwide disruptions of the basic ability of staff to go to work and perform their jobs strain all operations of financial institutions, including AML/CFT compliance. At the same time, substantial opportunities for fraud and other financial crime have emerged.
FinCEN addressed both of these problems in statements that it issued March 16 and April 3. FinCEN advised March 16 that a financial institution concerned about its ability to timely file required BSA reports should contact FinCEN and its functional regulator, then announced April 3 that it had created a Covid-19-specific online contact mechanism to report compliance issues. The March 16 statement also advised financial institutions to remain alert for malicious or fraudulent transactions similar to those occurring in the wake of natural disasters, noting emerging trends in imposter scams, investment scams, product scams, insider trading, and other offenses described in its 2017 FinCEN Advisory on disaster-related fraud.
The April 3 statement emphasized that FinCEN “expects financial institutions to continue following a risk-based approach” and “diligently adhere to their BSA obligations.” It relieved financial institutions of one technical requirement, suspending implementation of FinCEN’s Feb. 6 ruling on currency transaction report (CTR) filing obligations. Generally, however, FinCEN is not relieving financial institutions of their BSA compliance obligations, although it “will continue outreach to regulatory partners and financial institutions” and “will issue additional new information as appropriate.”
The Paycheck Protection Program (PPP) with its hundreds of billions of dollars of forgivable loans to small businesses—a potential bonanza for fraud—was one of the first areas of risk that FinCEN has specifically addressed. FinCEN issued guidance on beneficial ownership information collection requirements for existing customers in its April 3 statement, and followed up with FAQs on PPP AML/CFT compliance on April 13. Additional guidance from FinCEN and the functional regulators on high risk areas and regulatory relief is likely to follow as compliance problem areas become clearer.
A Lesson From the 2007–08 Financial Crisis
Immediate needs for regulatory relief should not cause financial institutions to forget a relevant long-term lesson of the 2007–08 financial crisis: An economic downturn is a time of peril for AML/CFT compliance whose consequences may not become apparent until years later. The financial crisis exposed the massive investment scam of Bernie Madoff and led to law enforcement scrutiny of Madoff’s banking relationships. The result was $811 million in BSA enforcement penalties on JPMorgan Chase Bank in 2014, with a $461 million penalty assessed by FinCEN and an additional $350 million BSA penalty from the OCC.
Warren Buffett’s famous witticism from 1993, “Only when the tide goes out do you discover who’s been swimming naked,” has been frequently repeated as commentary on financial risks during this pandemic-induced economic downturn. It applies equally well to AML/CFT compliance.
The current economic crisis is likely to expose numerous frauds and other financial crimes. Banks, cryptocurrency exchanges, and other financial businesses handling their funds and transactions could become subject to intense scrutiny from not only their regulators but also law enforcement. Criminal and civil forfeitures and other AML/CFT enforcement penalties, far harsher than those meted out by regulators, could result. Continuing effective risk-based compliance with the BSA and other AML/CFT requirements, as FinCEN and the functional regulators are urging now, will help to ensure that costly outcomes will not result later.
If you’re reading this on the Bloomberg Terminal, please run BLAW OUT <GO> in order to access the hyperlinked content.