Financial Services Law

Manatt’s East Coast Team Expands

Manatt is pleased to welcome partners Joseph Passaic and Brian Korn to our Financial Services and Banking Practice as we continue to expand the scope and depth of our national practice. Joe, a resident of our D.C. office who joins us from Squire Patton Boggs, specializes in mergers and acquisitions, corporate securities, and regulatory matters for financial institutions and the underwriters that represent them. Brian is a leading corporate securities partner with experience in a broad range of public and private transactions and deep breadth in the evolving peer-to-peer lending space. He joins us from Pepper Hamilton and resides in our New York office.

back to top

NBA Doesn’t Preempt State Usury Claims Against Assignee of National Bank, Second Circuit Rules

Why it matters

In a potentially troubling ruling, the Second Circuit Court of Appeals refused to find the National Bank Act (NBA) preempted state law usury claims against an assignee of a national bank. In a putative class action against Midland Funding, a borrower alleged that the defendant violated both the Fair Debt Collection Practices Act and New York’s usury law by charging interest at a rate of 27 percent per annum, an interest rate higher than that permitted by New York’s usury law. Midland filed a motion to dismiss, arguing that because it purchased the debt from a national bank, the suit was preempted by the NBA. A federal district court judge granted the motion, but the federal appellate panel reversed, ruling that because Midland Bank was not itself a national bank—nor a subsidiary or agent of a national bank, or even otherwise acting on behalf of a national bank—the protection of the federal statute did not apply. Extending NBA preemption “to third-party debt collectors such as the defendants would be an overly broad application of the NBA” that would “create an end-run around usury laws for non-national bank entities that are not acting on behalf of a national bank,” the panel wrote. However, and aside from arguments that national bank preemption applies to an assignee of a national bank, assignees of loans generally are deemed to take subject to the rights and obligations of the loan seller including any exemption from usury limits. The absence of discussion of the general rule regarding assignment and the resulting holding have caused concern in the loan industry, in particular among peer-to-peer lenders relying on bank partnerships.

Detailed discussion

In 2005, New York resident Saliha Madden opened a credit card account with a national bank, Bank of America. One year later, the credit card program was consolidated into another national bank, FIA Card Services. In 2008, FIA sold Madden’s $5,000 debt on the account to Midland Funding, LLC, a debt purchaser. Affiliate Midland Credit Management handled collection efforts and sent Madden a letter in November 2010 seeking to collect payment on her debt and stating that an interest rate of 27 percent per year applied.

Madden filed a putative class action suit against the defendants, alleging they had engaged in abusive and unfair debt collection practices in violation of the Fair Debt Collection Practices Act (FDCPA) and charged a usurious rate of interest in violation of New York state law, which prohibits interest rates in excess of 25 percent per year.

The defendants responded with a motion for summary judgment, arguing that as an assignee of a national bank, the plaintiff’s claims against them were preempted by the NBA, which permits banks to charge interest at the rate of the state where it is located and provides the exclusive cause of action for usury claims against national banks.

Delaware—where FIA is incorporated—permits banks to charge interest above 25 percent, so the defendants’ rate was legal, they told the court.

The district court judge denied the defendants’ motion for summary judgment, ruling that genuine issues of material fact remained as to whether Madden had received a Cardholder Agreement and Change in Terms when FIA took over her account. If the defendants were able to prove she had received them, however, the judge said her claims would fail because the NBA would preempt any state law usury claims.

To appeal the ruling, the parties entered into a stipulation that Madden had received the documents and that FIA had assigned her accounts to the defendants.

A panel of the Second Circuit Court of Appeals then reversed.

“Because neither defendant is a national bank nor a subsidiary or agent of a national bank, or is otherwise acting on behalf of a national bank, and because application of the state law on which Madden’s claim relies would not significantly interfere with any national bank’s ability to exercise its powers under the NBA, we reverse the District Court’s holding that the NBA preempts Madden’s claims,” the court wrote.

Although the U.S. Supreme Court has “suggested” that NBA preemption may extend to entities beyond a national bank itself—holding that operating subsidiaries and agents of national banks can benefit from NBA preemption—the Office of the Comptroller of the Currency has made clear that third-party debt buyers are distinct from agents or subsidiaries of a national bank, the court said.

“In most cases in which NBA preemption has been applied to a non-national bank entity, the entity has exercised the powers of a national bank—i.e., has acted on behalf of a national bank in carrying out the national bank’s business,” the panel wrote. “This is not the case here. The defendants did not act on behalf of [Bank of America] or FIA in attempting to collect on Madden’s debt. The defendants acted solely on their own behalves, as the owners of the debt.”

Extension of NBA preemption to third-party debt buyers such as the defendants would be an “overly broad” application of the statute, the court added.

“Although national banks’ agents and subsidiaries exercise national banks’ powers and receive protection under the NBA when doing so, extending those protections to third parties would create an end-run around usury laws for non-national bank entities that are not acting on behalf of a national bank,” the panel said.

This conclusion will not “significantly interfere” with the exercise of a national bank power, although it might decrease the amount a national bank could charge for its consumer debt in certain states, the court acknowledged.

The court distinguished contrary rulings from the Eighth Circuit where the national bank retained ownership of the accounts at issue. Just because a national bank originated a credit, the NBA and the associated rule of conflict preemption do not automatically continue to apply to the credit even if the bank sells it and retains no further interest in it, the court explained.

As the district court applied an erroneous NBA preemption finding, the panel also reversed dismissal of Madden’s FDCPA claim and the denial of class certification, remanding the case for a choice of law analysis in the first instance: New York, where the interest rate would be illegal, or Delaware, where the rate was permissible.

Based on the opinion, it is unclear whether the defendants also argued that an assignee of a loan stands in the shoes of the assignor, whether the assignor is a national bank or otherwise. Utilizing this argument, an assignee of a national bank should be entitled to charge the same interest rate that the assignor national bank could charge based on general assignment principles. It is hoped that this argument, if not previously made, will be developed in any request for rehearing or on remand.

To read the opinion in Madden v. Midland Funding, LLC, click here.

back to top

Virtual Currency Community Disappointed by Final BitLicense Regulation

Why it matters

The New York Department of Financial Services (DFS) released the final regulations for the much-anticipated BitLicense, the first state regulatory regime designed specifically for virtual/digital currency business activities. Although the final version of the regulation contains several changes from the February 2015 proposal, the changes fell short of what the digital currency community had requested. Most important, the final version does not require virtual currency firms to file suspicious activity reports with both the DFS and the Financial Crimes Enforcement Network if they are already filing such reports with the latter. In addition, as noted by DFS Superintendent Benjamin Lawsky in his statement unveiling the final regulation, a company will not need to seek regulatory approval every time it makes a change to its business model or product offering, such as a standard software or app update. Regulatory approval will be required only for material new products, services or activities or for material changes to existing products, services or activities. Other requirements in the February proposal remained unchanged—such as capital, consumer protection and cybersecurity regulations, as well as the limited “on ramp” option for smaller startups that cannot afford the full licensing program. “This is a critical and exciting time in the broader evolution of the payments system,” Lawsky stated. “Virtual currency is a novel field for regulators, and everyone—including our office—must be willing to take a hard look at how these new rules are working when they are put into practice.”

Detailed discussion

The original version of the BitLicense proposal announced last summer by the DFS, New York’s financial services regulator, set out the first comprehensive framework developed especially for licensing and regulating virtual currencies business activities. It met a firestorm of comments from the digital currency community and was followed earlier this year with a substantially revised proposal that generated many fewer comments. The final regulation announced on June 6 contained only a handful of substantive changes, which Superintendent Lawsky characterized as not “the type of major changes that we saw in the last round.”

The regulations require a person to seek a BitLicense before engaging in any one of five different types of activities in New York or involving New York residents: (1) receiving virtual currency for transmission or transmitting virtual currency (with an exception for nonfinancial transactions involving only a nominal amount of the virtual currency); (2) storing, holding or maintaining custody or control of virtual currency on behalf of others; (3) buying or selling virtual currency as a customer business; (4) performing exchange services (including the conversion of currency or other value into virtual currency and vice versa and the conversion of one form of virtual currency into another); and (5) controlling, administering or issuing a virtual currency (excepting virtual currency miners).

Covered entities are subject to a myriad of requirements for the initial BitLicense application as well as ongoing compliance, including a robust anti-money laundering (AML) compliance program, the imposition of certain Bank Secrecy Act (BSA) reporting and recordkeeping requirements that may not otherwise be applicable, advertising and marketing requirements, a cybersecurity program, business continuity and disaster recovery planning, and a customer complaint process and consumer protections intended, among other things, to ensure that customers are provided with “clear and concise” disclosures about the risks of virtual currency.

Earlier this year, the DFS modified the original proposal based on public comments to add a two-year transitional “on ramp” for startups in the form of a conditional license. The requirements for the conditional license are more flexible than the regular requirements, with the DFS having greater discretion in applying capital and other requirements to applicants (which do not need to be just startups).

The final regulation also reflects a reduction in the reporting requirements. Licensees that file suspicious activity reports (SARs) with the Financial Crimes Enforcement Network (FinCEN) do not have to file duplicate SARs with the DFS. (Other licensees not subject to the SAR requirement will need to file SARs with the DFS.) “Our goal is to avoid duplication where possible,” Superintendent Lawsky clarified. He acknowledged that “we generally already have access to that information when we need it through information sharing arrangements with federal regulators.”

In prepared remarks at the BITS Emerging Payments Forum, Lawsky pointed out that firms are not required to obtain prior approval for each round of venture capital funding (unless the investor intends to oversee the company’s management and policies as a “control person”). He also noted that entities that want both a BitLicense and a money transmitter license need only submit a single application if they can satisfy the requirements for both.

Commenting on when a licensee would need to seek prior approval before making a material change, Lawsky said, “A good example of a material change would be if a firm that was licensed as a wallet service decided to begin offering exchange services.” He added, “We have no interest in micro-managing minor app updates. We’re not Apple.”

Software developers can also breathe easier, Lawsky added, as the DFS has no interest in regulating their business. Only financial intermediaries—those holding customer funds—must apply for a BitLicense, he said, based on “the need for heightened regulatory scrutiny to help ensure that a customer’s money does not just disappear into a black hole.”

Lawsky noted that “setting the exact contours of the new rules of the road in these areas is extraordinarily difficult,” and that regulators “are not always going to get the balance precisely right,” but “we need to begin somewhere.”

Although commentary on the final rules was mixed at best, much of it did not reflect a good understanding of how other financial intermediaries are already being regulated, at least in New York. For example, Peter Van Valkenburgh, director of research at Bitcoin advocacy organization Coin Center, in commenting on how “[t]he final BitLicense still creates a lopsided regime as between digital currency businesses and traditional money transmitters and banks,” told The Hill, “It has cybersecurity and state-level anti-money laundering requirements that will not and have never applied to the legacy payments industry.”

However, banks and money transmitters in New York and other states are already subject to full AML recordkeeping and reporting requirements like those being imposed by the DFS under the federal Bank Secrecy Act and they are all subject to increasingly demanding regulatory expectations with respect to cybersecurity efforts.

To read the final BitLicense regulations, click here.

back to top

The Next Examination Enforcement Wave— Cybersecurity Assessments?

Why it matters

The member banking agencies of the Office of the Federal Financial Institutions Examination Council (FFIEC) will soon promulgate a “Cybersecurity Assessment Tool” for use by community banks after a pilot program conducted at 500 community financial institutions in 2014 to evaluate their preparedness to mitigate cyber risks.

For years community banks had a “What? Me Worry?” attitude about their Bank Secrecy Act compliance after receiving no criticisms following several examinations. Now most have been told they were not in fact pillars of their community when it came to their anti-money laundering program. The coming rollout of the cybersecurity assessment tool has similar earmarks of establishing the next best practices standards, which have a way of trickling down to become minimum standards when applied by examiners. In recent remarks, Comptroller of the Currency Thomas J. Curry explained that the tool will allow financial institutions to not only assess their cybersecurity risks but also help them manage and protect against such risks. Curry offered, “The tool does not create an expectation by regulators of stricter compliance.” Instead, it is meant to help improve the cybersecurity of banks from cyber threats, which “are real and … unlikely to abate anytime soon. In fact, they are more likely to increase.”

One has to wonder about the comptroller’s assurances that the tool will not set higher compliance and examination requirements, considering the guidance given to the pilot participants:

The Cybersecurity Assessment supplements existing examination work planned for each institution participating in the pilot. Therefore, if examiners find issues or have concerns that require attention (e.g., practices that do not meet existing legal requirements or supervisory expectations) while conducting their normal examination work, they will inform the institution and communicate necessary corrective action.

Banks that don’t believe the cybersecurity compliance bar is rising may want to check the link to bridges for sale.

Detailed discussion

With data breaches and cyber crime on the rise, the FFIEC has made cybersecurity a top priority. The Cybersecurity Self-Assessment Tool is just one piece of the cybersecurity puzzle being considered by the FFIEC in the wake of a survey conducted last year on more than 500 institutions to assess their current data security practices. Based on those findings, the FFIEC and its member regulators are also working on incident analysis, crisis management, training and policy development with respect to cybersecurity preparedness, as well as improvements in the area of collaborations with other agencies to communicate the importance of and best practices for cybersecurity. An update of the Information Technology Examination Handbook is also in the works, the FFIEC said.

To get a baseline view of the industry, a cybersecurity assessments pilot program was conducted at more than 500 community institutions during the summer of 2014. In general observations released last November, the FFIEC said risk varies significantly across financial institutions, depending on the type, volume and complexity of operational considerations, including connection types, products and services offered, and technologies used.

For example, access points and connection types, like wireless networks or BYOD (bring your own device) programs, raise questions for banks—Do we need all these connections? How do they collectively affect the institution’s risk?—while different technologies like ATMs (presenting concerns about cash-out scams) and Internet services (possible vulnerabilities to distributed denial-of-service, or DDoS, attacks) all raise different considerations.

Based on its findings, the FFIEC emphasized that cybersecurity preparedness is essential for financial institutions, which can establish a range of cybersecurity controls from preventive to detective to corrective.

In a separate statement, the FFIEC members (the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Consumer Financial Protection Bureau, the National Credit Union Administration and the State Liaison Committee) issued a call to action urging banks to participate in the Financial Services Information Sharing and Analysis Center (FS-ISAC).

“Recent cyber attacks and widely reported pervasive vulnerabilities highlight the rapidly changing cyber risk landscape,” the FFIEC stated. “Financial institutions participating in information-sharing forums have improved their ability to identify attack tactics and successfully mitigate cyber attacks on their systems.”

Now the FFIEC has announced its priorities for the remainder of 2015.

First on the list: issuing a Cybersecurity Self-Assessment Tool “to assist institutions in evaluating their inherent cybersecurity risk and their risk management capabilities.” Possible core elements of the expected assessment? Based on previous guidance, the regulator could be looking for the existence of institutionwide cybersecurity policies and programs grounded on an evaluation of risk specific to the bank, with board oversight, participation in information-sharing forums, and consideration of third-party service providers.

Speaking recently at the BITS Emerging Payments Forum, Comptroller of the Currency Thomas J. Curry referenced the forthcoming tool, which will be released “soon.” Financial institutions will find it “useful in evaluating their inherent cybersecurity risks, including those in existing and emerging payment areas, and their risk management capabilities,” Curry said. “The results will shed light on how well cybersecurity measures already undertaken comport with the bank’s cybersecurity risks.”

He also emphasized that the assessment tool is meant “to help banks, particularly community banks, to defend against cybersecurity threats. Those threats are real and they are unlikely to abate anytime soon. In fact, they are more likely to increase. I would caution against anyone viewing this effort and the OCC’s complementary cybersecurity examination program as an unnecessary regulatory burden. The time to act is now.”

Other items on the FFIEC’s agenda: incident analysis (with enhanced processes for gathering, analyzing and sharing information with each other during cyber incidents); training (the development of programs for the staff of FFIEC members on evolving cyber threats and vulnerabilities); and collaboration with law enforcement and intelligence agencies, building on existing relationships to share information about cyber threats and response techniques.

Policy development in the cybersecurity arena will also take place this year. The FFIEC plans to update and supplement the Information Technology Examination Handbook “to reflect rapidly evolving cyber threats and vulnerabilities with a focus on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, external dependency management, and incident management and resilience.”

Members will expand their focus on technology service providers and their ability to respond to cyber threats and vulnerabilities, as well as keep an eye on crisis management by aligning, updating and testing emergency protocols to respond to systemwide cyber incidents in coordination with public-private partnerships, the FFIEC said.

To read about the FFIEC’s cybersecurity initiatives, click here.

To read Comptroller Curry’s remarks about the Cybersecurity Self-Assessment Tool, click here.

back to top

Dodd-Frank Overkill—Community Bank M&A Deals Must Not Pose a Risk to U.S. Financial Stability

Why it matters

With their recent approvals of BB&T’s acquisition of a $2 billion community bank, the Federal Reserve Board of Governors (Federal Reserve) and the Federal Deposit Insurance Corporation (FDIC) were required to consider a new factor added to the Bank Merger Act (BMA) by Dodd-Frank. In all bank mergers and related holding company applications, the “responsible agency” (the FDIC, Federal Reserve, etc.) “shall take into consideration … the risk to the stability of the United States banking or financial system.” (12 U.S.C. 1828(c)(5)). This added a review-and-approval step for the agencies that became a new application requirement that technically applies to even the smallest community bank deals. The Federal Reserve set a presumption size to exempt smaller transactions (less than $2 billion in acquired assets) in a 2012 acquisition approval (Capital One Financial Corporation, FRB Order 2012-2 (Feb. 14, 2012)) to satisfy this Dodd-Frank add-on to the required BMA approval factors. However, the Federal Reserve generally requires all applicants to address the factor by demonstrating or affirming that the proposed acquisition and bank merger would not result in a significant increase in interconnectedness, complexity, cross-border activities or other risk factors. Such factors are rarely if ever present in community bank M&A deals. By contrast, the FDIC generally considers the factor as satisfied in its community bank merger approvals without mention.

Detailed discussion

Following in the footsteps of the FDIC, the Federal Reserve granted approval for the purchase of The Bank of Kentucky by BB&T for $363 million in cash and stock. Set to close June 19, the Federal Reserve’s order approving the deal considered several relevant factors including Community Reinvestment Act (CRA) ratings, competitive considerations and financial stability. The FDIC has similarly approved the bank-to-bank merger in the deal. The Fed noted that the smaller size of The Bank of Kentucky—$1.9 billion in assets—worked in its favor. “The Board generally presumes that a proposal that involves an acquisition of less than $2 billion in assets will not pose significant risks to the financial stability of the United States absent evidence that the transaction would result in a significant increase in interconnectedness, complexity, cross-border activities, or other risks factors,” the Federal Reserve wrote in the order. Once the sale is complete, BB&T’s assets will rise to around $191 billion.

In September 2014, North Carolina-based BB&T Corporation announced its purchase of The Bank of Kentucky for $363 million. Bank of Kentucky shareholders would receive $9.40 in cash and 1.0126 shares of BB&T for each Bank of Kentucky share owned.

The FDIC gave its blessing to the deal in February, and the Federal Reserve recently followed suit.

As the 18th largest insured depository institution in the United States, BB&T controls approximately $129 billion in consolidated deposits, or approximately 1.1 percent of the total amount of deposits of insured depository institutions in the country. The Bank of Kentucky Financial Corporation ranks much lower as the 395th largest depository organization, controlling $1.6 billion in deposits, or less than 1 percent of nationwide deposits.

Consummation of the deal would leave BB&T in the 18th spot, the Federal Reserve noted, with consolidated assets of $188.7 billion and control of total deposits of approximately $130.7 billion. BB&T would rise in the ranks in the state of Kentucky, however, becoming the second-largest depository institution in the state. Because BB&T and The Bank of Kentucky do not compete directly in any banking market, the Fed said the merger “would not have a significantly adverse effect on competition or on the concentration of resources in any relevant banking market.”

Evaluating the financial and managerial supervisory concerns, the Federal Reserve considered the financial condition of the organizations (on a parent-only and subsidiary depository institution basis, as well as the organizations’ significant nonbanking operations) as well as the future prospects of the organizations in light of the business plan.

The parent and subsidiary institutions are all well managed and well capitalized, and BB&T has “a demonstrated record” of successfully integrating organizations into its operations and risk-management systems following acquisitions, the Fed noted, with positive CRA ratings.

These ratings overcame one commenter’s objection to the sale on the basis of the banks’ records of lending to low- and moderate-income neighborhoods and minority borrowers, as well as branch distribution. While Home Mortgage Disclosure Act data and Multi-State Metropolitan Statistical Area assessment areas can raise such concerns, the Fed found that BB&T’s and The Bank of Kentucky’s lending records passed muster.

The communities to be served by the combined organization would benefit from an increased number of products and services, as BB&T offers deposit products designed for youth and senior citizens, prepaid accounts with debit cards, and online loan applications, for example, that are unavailable through The Bank of Kentucky.

Finally, the Fed turned to financial stability, as required by Section 3 of the Bank Holding Company Act as amended by the Dodd-Frank Wall Street Reform and Consumer Protection Act.

“To assess the likely effect of a proposed transaction on the stability of the U.S. banking or financial system, the Board considers a variety of metrics that capture the systemic ‘footprint’ of the resulting firm and incremental effect of the transaction on the systemic footprint of the acquiring firm,” the Fed explained.

Relevant metrics include the size of the resulting firm, the interconnectedness of the resulting firm with the banking or financial system, and the extent to which the resulting firm contributes to the complexity of the financial system. Qualitative factors such as the opaqueness and complexity of an institution’s internal organization are also considered.

“The Board has considered information relevant to risks to the stability of the U.S. banking or financial system,” according to the order. “The proposal involves the acquisition of approximately $1.9 billion in total assets. Upon consummation, BB&T would have $188.7 billion in total assets and would not be likely to pose systemic risks. The Board generally presumes that a proposal that involves an acquisition of less than $2 billion in assets, or that results in a firm with less than $25 billion in consolidated assets, will not pose significant risks to the financial stability of the United States absent evidence that the transaction would result in a significant increase in interconnectedness, complexity, cross-border activities, or other risk factors. Such additional risk factors are not present in this transaction.”

Considering these factors, the Fed granted its approval.

“In light of all the facts and circumstances, this transaction would not appear to result in meaningfully greater or more concentrated risks to the stability of the U.S. banking or financial system,” the Federal Reserve concluded. “Based on these and all other facts of record, the Board determines that considerations relating to financial stability are consistent with approval.”

With the application approved, the parties set a closing date of June 19.

To read the Federal Reserve’s order approving the acquisition, click here.

back to top

AML Compliance Expectations Unabated—Fines, Enforcement Actions and a Deferred Prosecution Agreement Against Banks, Money Transmitters and Casinos Underscore Evolving Expectations

Why it matters

Three Financial Crimes Enforcement Network (FinCEN) orders, three sets of fines and asset forfeitures, a deferred prosecution agreement and one bank enforcement action demonstrate the resolve of the Department of Justice, FinCEN, and federal and state regulators to ensure that different financial institutions comply with their suspicious activity report (SAR) and currency transaction report (CTR) filings and other Bank Secrecy Act (BSA) requirements.

Detailed discussion

State Street: In the course of the most recent inspection of State Street Corporation and the examination of State Street Bank and Trust, the Federal Reserve Bank of Boston (Boston Fed) and the Commonwealth of Massachusetts Division of Banks (Division) identified deficiencies in the holding company’s firmwide compliance risk management programs with respect to compliance with BSA and anti-money laundering (AML) requirements and the bank’s compliance with BSA/AML and Office of Foreign Assets Control (OFAC) requirements, including internal controls, customer due diligence procedures, and transaction monitoring processes were all lacking, the Boston Fed and Division found.

To rectify the situation, the regulators and the two entities entered into a written agreement with a goal to establish, on a firmwide basis, the implementation of effective compliance risk management programs for BSA/AML and OFAC that are commensurate with the bank’s compliance risk profile and that the two entities operate in compliance with applicable BSA/AML and OFAC requirements.

The agreement lays out a number of steps the parties will take to “ensure that compliance risk is effectively managed … including within and across business lines, support units, and legal entities.” In addition to the usual litany of remedial actions in such agreements, the agreement provides for a revised program for suspicious activity monitoring and reporting that includes, at a minimum, policies and procedures to ensure that all necessary customer and transactional data are collected from across all business lines with the data aggregated into an appropriate transaction monitoring system.

The two entities also agreed to submit, within 45 days of the agreement, a plan for “full installation, testing, and activation of an effective automated transaction monitoring system.” Finally, the bank was required to undertake a three-month look-back of account and transaction activity for the period of April 1, 2013, through June 30, 2013. Depending on an evaluation of these results, additional review of prior such activity may be directed.

To read the agreement between State Street and the regulators, click here.

FinCEN announced three enforcement actions since the beginning of June. The first involved a small money transmitter, the second involved a casino and the third involved a West Virginia bank that was also the subject of a deferred prosecution agreement.

King Mail & Wireless/Ali Al Duais: In addition to imposing a civil money penalty of $12,000 for not filing SARs or filing late SARs, FinCEN prohibited the owner from further participation in financial services for ignoring his AML compliance obligations. The company was engaged in processing what was deemed “high risk” transactions involving millions of dollars in wires to Yemen. The owner agreed to “immediately and permanently cease serving as an employee, officer, director, or agent of any financial institution located in the United States or that conducts business within the United States.” The business has ceased operations as well.

Tinian Dynasty Hotel & Casino: For what was deemed by FinCEN as “egregious Anti-Money Laundering violations,” the casino on Northern Mariana Islands has been assessed a $75 million civil money penalty. FinCEN noted the casino operated for years without an AML compliance program (no policies, procedures or controls; no compliance officer; no training; no independent testing), failing to file more than 2,000 CTRs and willfully facilitating suspicious transactions, and “even provid[ing] helpful hints for skirting and avoiding the laws of the U.S. and overseas.” Its actions were deemed “a real threat to the financial integrity of the region and U.S. financial system.” The FinCEN press release states that when the chief auditor was ask about the unfiled CTRs, he said he “assumed that filing them was a low priority because nobody ever noticed that they were not being filed.” Undercover agents posed as casino patrons during the criminal investigation.

Bank of Mingo: Following criminal prosecution of a bank employee and bank customers, the Bank of Mingo on June 15 entered into a one-year deferred prosecution agreement with the U.S. Department of Justice and agreed to a $2.2 million asset forfeiture. The FDIC also imposed a civil money penalty of $3.5 million. And not to be left out, FinCEN imposed a $4.5 million civil money penalty, with $3.5 million effectively offset by the funds paid pursuant to the DOJ and the FDIC agreements.

These actions follow an FDIC consent order in November 2013, in which the Bank of Mingo was directed to conduct, among other things, a more than six-year look-back for suspicious activity in the deposit account and transaction activity of all high-risk customers.

The Bank of Mingo was charged by the DOJ with failing to develop, implement and maintain an effective AML program. The DOJ agreed to defer prosecution for 12 months to allow the bank to demonstrate its acceptance of responsibility and to take remedial actions for “past, wrongful conduct.” The actions at issue involved the failure to detect and report unusual and large cash transactions by agents and employees of a bank customer, which the DOJ alleged was structuring transactions to stay below the $10,000 threshold for filing CTRs.

FinCEN noted that $9 million in structured transactions were conducted and that the Bank of Mingo did not file CTRs or SARs on the transactions. FinCEN cited deficiencies in all aspects of the bank’s AML program for a 5-year period and that it failed to properly designate high-risk customers and accounts and failed to adequately monitor and detect the unusual currency transactions or suspicious activities of these customers.

The U.S. attorney prosecuting the case said, “These are not just simply technical violations. Illegal structuring enables and helps to conceal larger criminal schemes. Had Bank of Mingo maintained an effective anti-money laundering program, other criminal activity might have been nipped in the bud.”

“This bank’s failure to implement and maintain an effective AML program exposed our financial system to significant abuse,” noted FinCEN Director Jennifer Shasky Calvery. “And, when a bank insider actively promotes a culture of noncompliance, the risks are greatly increased.”

back to top