In remarks to the Association of Certified Anti-Money Laundering Specialists (“ACAMS”), Kenneth A. Blanco, the Director of the U.S. Treasury’s Financial Crimes Enforcement Network (“FinCEN”), covered a number of high-priority topics, including FinCEN’s response to the pandemic, the latest COVID-19 related fraud schemes, emerging cyber threats, virtual currency issues, and important regulatory updates. A theme throughout his speech was FinCEN’s commitment to increased and meaningful communication with the entities it regulates.
COVID-19 Related Fraud
Blanco began by sharing that, in response to the pandemic, FinCEN aligned its strategic efforts to assist financial institutions in preventing COVID-related fraud. In particular, the agency has responded to hundreds of inquiries relating to Bank Secrecy Act (“BSA”) obligations under the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”) and Paycheck Protection Program (“PPP”). FinCEN has also been tracking and publishing trends based on BSA data received from financial institutions. According to this data, the most common types of COVID-related fraud include medical fraud, imposter scams and money mules, and cybercrime and cyber-enabled crime. The largest share of pandemic-related suspicious activity reports (“SARs”) filed with FinCEN address fraud against federal or state COVID-19 stimulus programs, like the PPP. In these scenarios, fraudsters use illegally obtained personally identifiable information to apply for unemployment and other benefits under a victim’s name. Another common fraud involves business email compromise attacks that allow bad actors to redirect small business loan stimulus disbursements to their own bank accounts. In describing these types of fraud, Blanco emphasized that FinCEN needs the help of the impacted regulated entities in accurately and thoroughly describing the fraud in their SAR filings. Blanco noted that “[t]he more specific you are in describing the activity in your SAR, the more useful they are for our law enforcement partners, and the easier and faster it will be to get your SARs to the right investigative team.” FinCEN has established specialized teams to handle different scenarios, so the clearer and more accurate a SAR filing, the more efficiently it can be routed to the appropriate investigative unit. Blanco encouraged SAR-filers to include sufficient details in the narrative, use the numbered boxes that indicate the type of fraud, and provide specific, summary information in the “Filing Institution Note to FinCEN” field in the SAR form.
Blanco also described emerging cyber threats, including in the virtual currency space, and how FinCEN is working with regulated entities to address these issues. FinCEN continues to hold online “Innovation Hours Program” meetings where FinTech and RegTech companies can present their new and innovative products and services. FinCEN and these companies discuss the risks associated with emerging payment systems during these meetings as well. Blanco emphasized that all financial institutions must consider these risks, warning that “[t]hese are areas your examiners, and FinCEN, will ask you about when assessing the effectiveness of your AML program.”
Recent FinCEN Rulemaking
Finally, Blanco discussed two recent FinCEN rulemakings. First, on September 15, 2020, FinCEN issued a rule requiring minimum standards for AML programs at certain institutions lacking a federal functional regulator. The rule requires AML standards for state-chartered, non-depository trust companies; non-federally insured credit unions; private banks; non-federally insured state banks and savings associations; and international banking entities. You can read more about this rulemaking in our September 15th post.
Second, Blanco described the Advanced Notice of Proposed Rulemaking (“ANPRM”) issued by FinCEN on September 17, 2020. This ANPRM solicits public comment relating to potential amendments to FinCEN’s AML regulations, including whether the agency should (1) clearly define an “effective and reasonably designed” AML program; (2) require that all covered institutions conduct AML compliance risk assessments; and (3) regularly publicize national AML priorities. You can read more about the ANPRM and SPB’s analysis thereof in our recent client alert.
Blanco encouraged ACAMS to read and think about the ANPRM, which he believes is a “meaningful, public invitation” for AML professionals to weigh in with their perspectives, experience, and insights. He also invited AML professionals to think about the modernization of the AML regime in general, and provide FinCEN with that feedback, which is not specifically requested by the ANRPM. Blanco shared that FinCEN has been hard at work to address regulated entities’ concerns around developing and focusing priorities, reallocating compliance resources, modernizing and streamlining reporting, enhancing information sharing, and maximizing innovations. “We need your insight and thoughtful consideration,” Blanco implored. “I ask you to do your part and participate. Join the conversation and help us find the path toward common understanding and common ground.”