Financial Crimes Enforcement Network (FinCEN)

On February 15, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), in coordination with the Office of the Comptroller of the Currency (OCC), and the U.S. Department of Justice (DOJ), announced the assessment of a $185 million civil money penalty against U.S. Bank for willful violations of several provisions of the Bank Secrecy Act (BSA).

According to FinCEN’s press release, since 2011, U.S. Bank willfully violated the BSA’s program and reporting requirements by failing to establish and implement an adequate anti-money laundering program (AML), failing to report suspicious activity, and failing to adequately report currency transactions.

Banks are required to conduct risk-based monitoring to sift through transactions and to alert staff to potentially suspicious activity. Instead of this, U.S. Bank:

  • Capped the number of alerts its automated transaction monitoring system would generate to identify only a predetermined number of transactions for further investigation, without regard for the legitimate alerts that would be lost due to the cap.
  • Systemically and continually devoted an inadequate amount of resources to its AML program.
    • Internal testing by U.S. Bank showed that alert capping caused it to fail to investigate and report thousands of suspicious transactions.
    • It also allowed, and failed to monitor, non-customers conducting millions of dollars of risky currency transfers at its branches through a large money transmitter.
    • In addition, the bank filed over 5,000 Currency Transaction Reports (CTRs) with incomplete or inaccurate information, impeding law enforcement’s ability to identify and track potentially unlawful behavior.

U.S. Bank also had an inadequate process to handle high-risk customers. As a result:

  • Customers whom the bank identified or should have identified as high-risk were free to conduct transactions through the bank, with little or no bank oversight.
  • By not having an adequate process in place to address high-risk customers, U.S. Bank failed to appropriately analyze or report the illicit financial risks of its customer base.

FinCEN noted these failures precluded the bank from addressing the risks that such customers posed, which included not filing timely suspicious activity reports (SAR) used by law enforcement investigators to recognize and to pursue financial criminals.

On February 13, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a finding pursuant to Section 311 of the USA PATRIOT Act identifying ABLV Bank of Latvia as a “primary money laundering concern.” FinCEN also issued a notice of proposed rulemaking (NPRM) under that section which, if adopted, would prohibit financial institutions from opening or maintaining a correspondent account in the United States for, or on behalf of, ABLV. In practice, financial institutions (both U.S. and non-U.S. headquartered) often do not wait for such a rule to be finalized but instead move immediately to close out banking relationships with the designated foreign financial institution as soon as the finding and NPRM are announced.

Under Section 311, if FinCEN’s Director finds that a foreign financial institution qualifies as a “primary money laundering concern,” they may propose a rule that would impose one or more of five different “special measures” against it. The most serious special measure, and the one typically imposed, is the fifth, which prohibits U.S. banks from maintaining correspondent relationships with the named foreign financial institution. Proposed rules to impose special measures are made available for public comment and become effective once the rule is finalized.

FinCEN is proposing this action based on its finding set out in the NPRM that ABLV is a foreign bank of primary money laundering concern. In particular, the FinCEN NPRM reports that ABLV has institutionalized money laundering as a business practice and has been involved in the provision of banking services to entities designated by the United Nations – including North Korean entities.  FinCEN also found that ABLV has assisted North Korea in the procurement or export of ballistic missiles.

It should be noted that the last two instances of FinCEN’s use of its Section 311 authority were ultimately resolved in FinCEN’s favor.

  • On May 23, 2017, the United States Court of Appeals for the District of Columbia affirmed the dismissal of a challenge to the U.S. Treasury’s use of Section 311 of the USA PATRIOT Act against Andorran bank Banca Privada d’Andorra (BPA) by the bank’s majority shareholders. Please click here for Crowell’s Client Alert on the BPA case.
  • In April of 2017, the U.S. District Court for the District of Columbia upheld the Treasury Department’s use of Section 311 of the USA PATRIOT Act to impose “special measures” with respect to Tanzanian Bank FBME, Ltd. Please click here for Crowell’s Client Alert on the FBME case.

Written comments on the NPRM may be submitted within 60 days of publication.


Relying on new statutory authority contained in the sanctions legislation recently signed by President Trump, FinCEN announced on August 22 that it would expand the scope of its Geographic Targeting Orders (“GTOs”) on luxury residential real estate purchases to now cover transactions involving wire transfers.  FinCEN also expanded the geographic scope of its GTOs to include a seventh major metropolitan area, Honolulu, Hawaii.  FinCEN also has released new frequently asked questions, and new guidance that increasingly suggests that FinCEN is likely to issue new rules in the future that may impose anti-money laundering requirements on real estate brokers, escrow agents, title insurers, and other real estate professionals.

Earlier GTOs

The new orders represent a significant increase in FinCEN’s efforts in this area.  Starting in January 2016, FinCEN began to issue GTOs to require U.S. title insurance companies to, among other things, identify and report beneficial ownership information on legal entity purchasers making all-cash purchases of luxury residential real estate.  The first GTO covered only two markets—Manhattan and Miami-Dade—and was for only a six-month duration that began in March 2016.  After seeing substantial indicators of money laundering and other criminal activity from that initial trial, FinCEN expanded the order to cover all five boroughs of New York City; Miami-Dade County and two counties immediately north; Los Angeles County; the counties covering the San Francisco area; San Diego County; and the county that includes San Antonio, Texas.  FinCEN has continued to renew the requirement through September 21, 2017.  FinCEN has said that more than 30% of the transactions reported in response to the orders are the subject of independent suspicious activity reports (“SARs”) filed by financial institutions on potential criminal activity.

The New GTOs, as Expanded by CAATSA

The newly announced GTOs require title insurance companies involved in “Covered Transactions” to collect and report to FinCEN information on the identities of the purchaser, the individual primarily responsible for representing the purchaser, and the beneficial owners of the purchaser (defined as each natural person who, directly or indirectly, owns 25% or more of that legal entity).  “Covered Transactions” are defined as those in which a legal entity purchases residential real property at a price that meets or exceeds the threshold set for each of the geographic areas covered by the order (e.g., $3 million for the borough of Manhattan, $1 million for Miami-Dade and surrounding counties), provided that the purchase is made without a bank loan or similar form of external financing and that it is made, at least in part, using currency or a cashier’s check, a certified check, a traveler’s check, a money order in any form, or a funds transfer (i.e.,a wire transfer).  The new GTOs will run from September 22, 2017 to March 20, 2018.

The expansion of reporting requirements to include transactions involving wire transfers was made possible by new language in Section 275 of the “Countering America’s Adversaries Through Sanctions Act” (“CAATSA”), the sanctions legislation concerning Russia, Iran, and North Korea signed into law on August 2, 2017.  Section 275 of CAATSA amended the GTO provisions of the Bank Secrecy Act (“BSA”), which previously allowed FinCEN to impose temporary recordkeeping and reporting requirements with respect to transactions in “United States coins or currency” or “monetary instruments,” to encompass transactions in “funds,” thereby allowing FinCEN to demand information on wire transfers and addressing what some had viewed as a loophole in earlier real estate GTOs.

The Advisory, and the Likelihood of New Rulemaking

In its related advisory, FinCEN notes that it has authority under the BSA to regulate “persons involved in real estate closings and settlements” as “financial institutions,” and suggests that this term “may include real estate brokers, escrow agents, title insurers, and other real estate professionals.”  While FinCEN notes that it “currently has exempted” such persons from the broader AML obligations that apply to regulated financial institutions, including the requirement to report suspicious activity, it has taken the unusual step of encouraging these unregulated parties to file voluntary SARs, and has clarified its view that they are protected by a safe harbor from liability in the BSA for doing so.  FinCEN provides red flags of potentially suspicious activity to aid such persons in doing so, which also may be useful to regulated financial institutions.  FinCEN’s repeated references to “current” conditions, its unusual step of encouraging voluntary SAR reporting by parties not subject to AML program requirements, and its repeated expansions of the real estate GTOs and announcements of strong indications of criminal activity in this area all suggest an increased likelihood that FinCEN is considering a rulemaking in this area.  Its suggested definition of “persons involved in real estate settlements and closings” provides further indication that FinCEN is considering what a rule might look like, and provides a window into who might be covered by one.  This builds on previous statements by the agency that these GTOs are “informing future regulatory approaches” to this issue and will help the agency to “determine [its] future regulatory course.”

Meanwhile, section 243 of CAATSA specifically references FinCEN’s real estate GTOs in the context of Russian money laundering, requiring Treasury to produce an annual report to Congress describing interagency efforts to combat Russian illicit finance, including a summary of efforts by Treasury to “[e]xpand the number of real estate geographic targeting orders or other regulatory actions, as appropriate, to degrade illicit financial activity relating to the Russian Federation” in the United States.  The reporting requirement, as well as the new statutory authority relating to wire transfers, appears to indicate that Congress is actively encouraging FinCEN to continue to explore new ways to use its GTO authority in the future.

FinCEN also notes in the advisory that persons involved in real estate settlements and closings are not entirely unregulated.  Like any trade or business not subject to a separate “currency transaction report” (“CTR”) requirement, persons involved in closings and settlements must report transactions in currency and certain monetary instruments to FinCEN on a Form 8300.

The FAQs

The FAQs clarify that a reporting title insurer “may reasonably rely” on the beneficial ownership information provided to it by the purchaser.  This is a concept taken from BSA requirements on banks and other financial institutions to obtain and verify beneficial ownership information.  It means that, although title insurers normally may rely on a purchaser’s representation of who its beneficial owners are, in cases where the title insurer has information indicating that the beneficial ownership information provided by a purchaser may not be correct, it has an obligation to investigate further to determine whether the information is correct.

Separately, the FAQs confirm that a transaction must be reported under the GTOs where any part of the purchase price is paid using currency, a funds transfer, or the various types of monetary instruments described in the orders.

Practical Considerations

FinCEN notes in its FAQs that it “expects a Covered Business to implement procedures reasonably designed to ensure compliance with the terms of the GTOs, including reasonable due diligence to determine whether it (or its subsidiaries or agents) is involved in a Covered Transaction and to collect and report the required information.”  It also provides that covered businesses must keep all records relating to compliance with the GTOs for a period of five years.  Title insurers that receive the order should take these obligations seriously.  FinCEN previously has expressed its disapproval over reports of parties trying to evade reporting under previous real estate GTOs, and CAATSA also elevates the importance of the orders.  Both make enforcement of any violations of the GTOs more likely.

Separately, banks need to prepare for the fact that real estate professionals involved in closings and settlements may begin filing voluntary SARs on real estate transactions, some part of which may flow through the bank.  This is especially likely for real estate transactions that involve wire transfers.  Banks will want to avoid situations where real estate professionals are reporting suspicious activity that the banks are not, and may wish to step up their scrutiny of transactions potentially subject to the new orders.

On July 26, 2017, the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) assessed a civil money penalty of more than $110 million against BTC-e, a Russian-headquarted, internet-based virtual currency exchanger, and a $12 million penalty against its Russian owner, Alexander Vinnik. On that same day, the Department of Justice announced a 21-count indictment against Vinnik for money laundering and the operation of an unlicensed money services business (MSB). Vinnik was arrested in Greece the day before. This is the second time FinCEN has pursued enforcement against a virtual currency provider. It also represents the second largest penalty FinCEN ever has levied against an MSB.

Virtual currencies, which entered into mainstream consciousness with the advent of Bitcoin and its progeny, do not have legal tender status in any jurisdictions. However, “convertible” virtual currencies have equivalent value in real currency or act as a substitute for real currency, while often allowing users a greater degree of anonymity than real currency. BTC-e exchanged U.S. dollars, Russian Rubles, and Euros for virtual currencies Bitcoin, Litecoin, Namecoin, Novacoin, Peercoin, Ethereum, and Dash.

FinCEN has authority under the Bank Secrecy Act (BSA) to regulate MSBs, including money transmitters. In March 2013, FinCEN issued interpretative guidance identifying “exchangers” of virtual currency – defined as persons engaged as a business in the exchange of virtual currency for real currency, funds or other virtual currency – as money transmitters subject to regulation as MSBs under the BSA. The assessment against BTC-e alleges failure to register with FinCEN as an MSB as well as gross failures to maintain appropriate anti-money laundering (AML) controls and to report suspicious transactions as required by the BSA.

FinCEN’s previous enforcement action was for $700,000 for similar violations against popular virtual currency provider Ripple Labs, in 2015. The substantial difference in penalties between the two may be attributable in part to the facts that: (1) Ripple’s penalty was a negotiated settlement, as part of broader non-prosecution agreement with DOJ, whereas the assessment against BTC-e is nonconsensual; (2) BTC-e customers allegedly openly discussed their use of the exchanger to facilitate the sale of drugs and other unlawful activity without objection or further diligence from BTC-e; (3) BTC-e’s customer base allegedly consisted largely of “criminals who desired to conceal proceeds from crimes such as ransomware, fraud, identity theft, tax refund fraud schemes, public corruption, and drug trafficking”; and (4) BTC-e allegedly failed to demand or verify even basic identifying information for its customers and allowed the use of tools, such as bitcoin “mixers,” that obscured the identity of transacting parties.

Although not technically a penalty action, in June 2013 FinCEN also used Section 311 of the USA PATRIOT Act to identify another foreign virtual currency provider closely linked to criminal activity, Liberty Reserve S.A., as a ‘primary money laundering concern’ under Section 311 of the USA PATRIOT Act, and to propose special measures that would have cut off the company’s access to U.S. correspondent banking, once again in coordination with arrests and prosecution by DOJ.

FinCEN clarified by rule in 2011 that MSBs conducting business wholly or in substantial part in the United States are subject to regulation under the BSA for such activities, even if the MSBs have no physical presence there. FinCEN’s assessment against BTC-e appears to represent the first time FinCEN has taken action under this guidance against a foreign MSB with no physical presence in the U.S.

Practical Considerations

These actions, along with FinCEN’s 2013 guidance, and numerous administrative rulings since then about whether various virtual currency models qualify as MSB activity, offer several lessons. First, FinCEN appears determined to bring “legitimate” virtual currency providers under its regulation while taking strong steps to punish providers that wilfully allow the use of their systems to facilitate illegal activity, including through measures that preserve the anonymity of transacting parties. Second, FinCEN is willing to target foreign virtual currency businesses that lack any physical presence in the U.S., so long as they do substantial business there. This may occur either through civil enforcement actions or through the use of other tools such as Section 311. Third, FinCEN’s enforcement actions and various administrative rulings since its 2013 guidance suggest that determining whether a virtual currency activity is subject to regulation by FinCEN can be difficult. For example, FinCEN has issued rulings clarifying that a party renting computer systems to mine virtual currency would not be a money transmitter, but that a party that proposed to accept credit card payments on behalf of merchants and then to pay the merchants in virtual currency would be. For all of these reasons, U.S. and foreign entities considering providing virtual currency-related services should consult available FinCEN guidance and consider carefully whether their business models may qualify as MSB activity. They should use counsel as appropriate to assist them in navigating this emerging area of the law, and should consider seeking an administrative ruling from FinCEN in close cases.

Bureau of Industry and Security (BIS)

  • On July 25, BIS entered into a Settlement Agreement with Harold Rinko, doing business as Global Parts Supply of Hallstead, Pennsylvania (also known as Rinko/Global Parts Supply) to settle a charge of one alleged violation of the Export Administration Regulations (EAR). The company was assessed a $100,000 civil penalty and a denial of export privileges for ten years. Both are suspended so long as the company makes quarterly reports to BIS.
    • Between 2007 and 2011, Rinko/Global Parts conspired and/or acted in concert with others to procure U.S.-origin goods, subject to the EAR, from suppliers in the U.S. to Syria without a license. These included items specifically identified on the Commerce Control List (CCL) or designated as EAR99. For example, in 2008, the company prepared false sales invoices for a multi-gas scanner, used in the detection of chemical warfare agents, and accessories, knowing the items would be transshipped to Syria.

Financial Crimes Enforcement Network (FinCEN)

  • On July 26, Treasury took its first action against a foreign-located money service business, assessing a $110 million civil monetary penalty against BTC-e, a/k/a Canton Business Corporation for willfully violating U.S. anti-money laundering (AML) laws. One of BTC-e’s operators, Russian national Alexander Vinnik, was arrested in Greece, as well. FinCEN assessed a $12 million penalty against him for his role in the violations.
    • BTC-e exchanges fiat currency as well as different convertible virtual currencies, such as Bitcoin. It is one of the largest virtual currency exchanges by volume in the world. BTC-e facilitated transactions involving ransomware, computer hacking, identity theft, tax refund fraud schemes, public corruption, and drug trafficking.

For more information, contact: Jeff Snyder, Edward Goetz


MoneyGram’s ex-Chief Compliance Officer, Thomas Haider, on May 3 settled alleged anti-money laundering (AML) compliance violations with the U.S. Department of the Treasury’s Financial Crimes Enforcement Network for $250,000, according to announcements by FinCEN and U.S. Attorney’s Office for the Southern District of New York. It appears to be the largest penalty FinCEN ever has imposed on an individual. The settlement resolves an action that FinCEN brought in federal district court to enforce its penalty against Haider, and also Haider’s counter-claim that the Government violated the Privacy Act by leaking details of its investigation to the media. This appears to be the first time that FinCEN has sought penalties against an individual for mismanagement of an AML compliance program, and only the second time FinCEN has sued to enforce a civil penalty. Haider also agreed to be enjoined from performing compliance functions for a money transmitter for a period of three years.

The settlement comes four months after the United States District Court for the District of Minnesota denied Haider’s motion to dismiss FinCEN’s complaint, rejecting in particular his argument that the Bank Secrecy Act (BSA) did not allow penalties against individual employees of a financial institution for the institution’s willful violations of the BSA’s requirement to implement an effective AML program. FinCEN’s complaint was based on previous allegations that MoneyGram failed to file suspicious activity reports (SARs) or to discipline agents despite repeated evidence of fraud against MoneyGram customers in which those agents appear to have colluded. These allegations included events from 2003 to 2008, and ultimately led to MoneyGram entering into a deferred prosecution agreement (DPA) with the Department of Justice in 2012 and agreeing to forfeit $100 million. FinCEN brought its complaint against Haider two years later, in 2014. The complaint alleged that Haider willfully failed to ensure that MoneyGram implemented an effective AML program, in particular by failing to discipline or terminate MoneyGram agents and outlets that presented a high risk for fraud, and also that he willfully failed to ensure that MoneyGram filed SARs on reports of fraud or money laundering through these agents as required by the BSA. (See our previous alert on the complaint and the district court’s opinion here.)

The settlement amount of $250,000 is less than the $1 million FinCEN sought in its Complaint. The agreed injunction also is narrower than the government’s request in the complaint that Haider be barred from “participating, directly or indirectly, in the conduct of the affairs of any financial institution” for a period of years to be determined at trial. And FinCEN did not obtain an admission from Haider that he willfully violated the BSA, something that FinCEN has sought and obtained in recent settlements against both individuals and institutions. However, the amount is far more than reported AML settlements for individuals with other financial regulators, and appears to be the largest paid by an individual to date.

FINRA historically has been the most active regulator in assessing penalties against individual AML compliance personnel. A former global AML chief compliance officer of Brown Brothers Harriman (BBH) and a former AML compliance officer at Raymond James & Associates (RJ) each settled for $25,000 with FINRA in 2014 and 2016, respectively. For purposes of comparison, BBH paid $8 million and RJ paid $17 million to settle the related corporate enforcement actions. The SEC also has prioritized individual accountability, highlighted by an October 2016 enforcement action against the CEO of a Miami-based brokerage firm which resulted in a $50,000 individual settlement. The decision to pursue the CEO was driven by the SEC’s finding that he was ultimately responsible for its AML program and supervision of the firm’s AML officer. Haider’s $250,000 settlement with FinCEN is enough to strike fear into the hearts of AML compliance officers at all financial institutions.

That is particularly true for compliance officers at financial institutions also regulated by New York’s Department of Financial Services, which in June of 2016 adopted new AML rules requiring one or more “senior officers” (which is likely for many institutions to include their chief AML officers) to certify annually that the institution’s AML programs have various mandatory elements similar to those required under federal law, with potential penalties for “false” certifications. In cases where AML officers are deemed to have “willfully” violated BSA rules by failing to properly maintain aspects of their institution’s AML programs, they may risk accusations from the NYDFS that their certifications about the adequacy of these programs were false. (See our alert on the NYDFS rule here.)

Practical Considerations

Two aspects of the Haider settlement provide special guidance to AML compliance officers. First, the settlement notes that Haider chose not to implement a draft policy to discipline or terminate agents with high reported incidents of fraud in part because of opposition from the company’s Sales Department. Second, the fraud and money laundering activity occurring through specific MoneyGram agents was not reported to FinCEN in SARs in part because MoneyGram’s Fraud Department, also under Haider’s management, did not share information on agents that had been the subject of disproportionate reports of fraud with its AML Compliance Department. This also prevented AML Compliance Department staff from targeting audits to address such activity, a further basis for the AML program failures attributed to Haider.

The first lesson that comes from this resolution is that financial institutions need to empower their AML compliance officers to ensure that the goals of sales and other company departments do not prevent the company from making sound compliance decisions and avoiding costly fines. This is consistent with FinCEN’s 2014 guidance recommending a “culture of compliance,” which calls for such empowerment of AML compliance officers. Second, this case makes it clear that FinCEN expects AML compliance officers to stand firm in demanding compliance-related changes to address situations that put the company at risk. In cases where a decision may be overruled by concerns other than compliance, AML compliance officers should document their requests that particular actions be taken to ensure compliance, as well as the rationales for those requests. Third, financial institutions should avoid silos in the sharing and processing of internal alerts, in particular the alerts of internal fraud departments, to ensure that circumstances that merit a SAR are seen by the right people and are reported. Finally, the successful collaboration between FinCEN and the U.S. Attorney’s Office in this case is likely to embolden FinCEN to continue pursuing penalties against individuals for AML program and other violations in egregious cases. This is especially relevant following DOJ’s 2015 “Yates Memo,” which provides an incentive for financial institutions to identify individuals responsible for alleged misconduct in order to receive cooperation credit in criminal cases. In future criminal prosecutions by DOJ of financial institutions for AML program and SAR violations, it is possible to imagine more circumstances where FinCEN will collaborate with DOJ to impose civil penalties on culpable individuals (who also potentially may face prosecution by DOJ).

On February 23, the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) announced the renewal of existing Geographic Targeting Orders (GTOs or Orders) to identify purchasers of luxury real estate in six major metropolitan areas in the United States. The GTOs require title insurance companies to identify and disclose information of individuals behind shell companies used to pay “all cash” for high-end residential real estate. The Order will be effective for additional 180 days beginning on February 24, 2017, and ending on August 22, 2017.

The renewed Order requires domestic title insurance companies to report on certain covered transactions. For purposes of the GTOs, “covered transactions” include any transaction in which (i) a legal entity (ii) purchases residential property (iii) for a sales price exceeding the following thresholds for each geographic area:

  1. $500,000 or more in Bexar County, Texas, which includes San Antonio.
  2. $1,000,000 or more in Miami-Dade, Broward, and Palm Beach Counties, Florida.
  3. $1,500,000 or more in the Boroughs of Brooklyn, Queens, Bronx, and Staten Island, New York City, New York.
  4. $2,000,000 or more in San Diego, Los Angeles, San Francisco, San Mateo, and Santa Clara Counties.
  5. $3,000,000 or more in the Borough of Manhattan, New York City, New York.

Such purchases must also have been made (iv) without a bank loan or other similar form of external financing, and (v) using currency or a cashier’s check, a certified check, a traveler’s check, a personal check, a business check, or a money order in any form.

Pursuant to the GTOs, title insurance companies are required to collect and report certain identifying information about the beneficial owners behind the shell companies used to purchase residential real estate, including driver’s license, passport, or other similar identifying documentation. For purposes of the GTOs, a “Beneficial Owner” means any individual who, directly or indirectly, owns 25% or more of the equity interests of the Purchaser. Title insurance companies must retain all records relating to compliance with the GTOs for at least five years from the last day that the GTOs were effective.

Financial institutions located in these geographic areas should be aware of the obligations imposed by the GTOs. In particular, title insurance companies and any of its officers, directors, employees, and agents may be liable for civil or criminal penalties for non-compliance with the Order.

Although the six GTOs have been in place since August 2016, FinCEN had already been targeting real estate transactions for over a year. The original GTO came into effect on March 1, 2016, when FinCEN started requiring title insurance companies to identify purchasers of luxury real estate in Manhattan and Miami-Dade County. These six areas have been specifically identified by FinCEN as vulnerable to money laundering.

For further details, please see Crowell’s client alert on the GTOs issued in July 2016.

For more information, contact: Carlton Greene, Cari Stinebower, Eduardo Mathison


On August 25, the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) published a Notice of Proposed Rulemaking that would require banks that lack a federal functional regulator to establish and implement anti-money laundering (AML) programs and extend customer identification program (CIP) requirements to certain financial institutions not already subject to these obligations under the Bank Secrecy Act (BSA).

Most banks have been subject to an AML program requirement under the BSA since 2002, but others have not. FinCEN deferred this requirement for banks without a “federal functional regulator,” defined to include the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Office of Thrift Supervision, Securities and Exchange Commission, and Commodity Futures Trading Commission. The affected banks would include (1) state-chartered, non-depository trust companies; (2) non-federally insured credit unions; (3) private banks; (4) state banks and savings and loan associations that are not FDIC insured; and (5) certain international banking entities that are not FDIC insured but are authorized by Puerto Rico and the US Virgin Islands to provide banking and other services to non-resident aliens. FinCEN estimates that approximately 740 banks lack a “federal functioning regulator.”

The proposed rule would require these entities to adopt and implement an AML program that includes what are often referred to as the “four pillars” of AML programs: (1) a system of internal controls designed to assure ongoing compliance with the BSA; (2) designation of an AML compliance officer; (3) periodic employee training on AML obligations; and (4) an independent audit function to test programs. The rule also would require such institutions to incorporate a fifth AML pillar recognized by FinCEN in a recent final rulefor banks, broker-dealers, mutual funds, and futures commission merchants and introducing brokers in commodities – (5) appropriate risk-based procedures for ongoing customer due diligence. This would include (a) understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; (b) a requirement that banks without a federal functional regulator obtain beneficial ownership information from their legal entity customers – the natural persons that directly or indirectly own 25 percent or more of the equity interest in the customer, and one person who exercises control over it. The rule further would require that the AML programs be in writing and approved by the institution’s board of directors or an equivalent governing body. The proposed rule also contemplates that such institutions, as part of establishing an AML program, would conduct an overall assessment of the money laundering and terrorism financing risks that arise from their products, customers, distribution channels, and geographic locations.

FinCEN has justified the proposed rule by noting that such institutions may face the same vulnerabilities as federally regulated institutions, and that the rule would prevent regulatory arbitrage by persons seeking to avoid rigorous AML scrutiny.

FinCEN notes that, despite having been exempt from an AML program requirement, the affected institutions already must comply with a wide variety of BSA obligations. For example, they must file currency transaction reports (CTRs), suspicious activity reports (SARs), and maintain certain records, including funds transfer records. FinCEN anticipates that most institutions affected by the proposed rule already have some policy framework in place to comply with these obligations, and will be able to leverage such policies to meet the new requirements. Additionally, as with other institutions subject to an AML program requirement, affected institutions would be able to outsource some aspects of their programs to third-party service providers, while remaining responsible for the effectiveness of their programs.

The proposed extension of the CIP requirement to banks without a federal functional regulator will require these institutions, like other banks, to implement procedures for account opening that include: (1) verifying the identity of any person seeking to open an account; (2) maintaining records of the information used to verify the person’s identity; and (3) determining whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency. Notably, however, covered institutions apparently would not be able to take advantage of the safe harbor that allows most banks to rely on another financial institution to conduct CIP obligations for shared customers, because the safe harbor allows reliance only on financial institutions regulated by a federal functional regulator.

Written comments on the proposed rule were due by October 24, 2016. FinCEN requested comments on all aspects of the proposed rule, including: (1) whether certain banks without a federal functional regulator should be excluded from the rule; (2) whether there are additional bank categories that may be affected by the rule; (3) whether banks without a federal functional regulator should be subject to the beneficial ownership and other requirements of FinCEN’s new customer due diligence rule; and (4) when covered institutions should be required to implement any new requirements. We expect that FinCEN will finalize the proposed rule after reviewing and considering any comments.

Accordingly, banks not currently regulated by a federal functional regulator should begin planning to implement a comprehensive AML program along the lines of those administered by banks subject to federal functional regulators, beginning with a full risk assessment across the institution’s customers, products, distribution channels, and geographic locations, and including express CIP and CDD requirements. Banks that already have AML programs in place should consider whether their programs meet the requirements of the proposed rule. The biggest hurdle for smaller banks will be the operational challenges and costs that come with hiring compliance professionals, training employees, and testing a robust AML program.


FinCEN has looked under the hood of luxury real estate purchases in Manhattan and Miami, does not like what it sees, and now has expanded its investigation to include six major metropolitan areas.

On July 27, the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) announced new Geographic Targeting Orders (GTOs or Orders) temporarily requiring certain U.S. title insurance companies that receive the Orders to identify and report the natural-person beneficial owners of legal entities used to purchase high-end residential properties without external financing in six major metropolitan areas.

Title insurance companies that receive the GTOs also will be required to report details about the natural person that represents the legal entity making the purchase and about the legal entity itself. The new Orders take effect on August 28, 2016, and last until February 23, 2017.

They expand on GTOs FinCEN issued in January of this year for purchases of luxury real estate in Manhattan and Miami-Dade County (the January GTOs), which are set to expire on August 27, 2016. The expanded GTOs deepen FinCEN’s efforts to investigate and take action against the use of residential real estate for money laundering, and increase the likelihood that FinCEN eventually will issue new rules on real estate under the Bank Secrecy Act (BSA).

The January 2016 GTOs for Manhattan and Miami-Dade

The January GTOs require that title insurance companies receiving the Order identify the beneficial owners of legal entity purchasers in certain real estate purchases valued at more than $3 million in Manhattan and more than $1 million in Miami-Dade County. These include purchases that were made at least in part using currency, money orders, or various types of checks, and without external financing.

The Orders require affected title insurers to obtain copies of driver’s licenses or passports for beneficial owners and to report information from these documents to FinCEN. Please see Crowell & Moring’s previous analysis of those Orders here.

The Orders define beneficial owners as individuals who, directly or indirectly, own 25 percent or more of the equity interests of the entity that purchased the property. The Orders also require affected title insurance companies to obtain and report similar information on the primary representative for any legal entity purchaser and for the entity itself. The Orders require title insurers to record copies of the documents used to verify identity, to store these and other records relating to the insurer’s compliance with the GTO for five years in a reasonably accessible manner, and to make them available to FinCEN or to “any other appropriate law enforcement or regulatory agency, upon request.”

The Expanded GTOs

The new Orders expand these same reporting and recordkeeping requirements to include six major metropolitan areas, including the Boroughs of New York City; Miami-Dade County and two counties immediately north; Los Angeles County; the counties covering the San Francisco area; San Diego County; and the county that includes San Antonio, Texas. Each area has separate real estate threshold values for reporting purposes:

  1. $500,000 or more in Bexar County, Texas, which includes San Antonio.
  2. $1,000,000 or more in Miami-Dade, Broward, and Palm Beach Counties, Florida.
  3. $1,500,000 or more in the Boroughs of Brooklyn, Queens, Bronx, and Staten Island, New York City, New York.
  4. $2,000,000 or more in San Diego, Los Angeles, San Francisco, San Mateo, and Santa Clara Counties.
  5. $3,000,000 or more in the Borough of Manhattan, New York City, New York.

The Orders provide that covered entities and their officers, directors, employees and agents may be subject to civil and criminal penalties for violations of the orders.

The Possibility of New AML Rules for Real Estate

FinCEN is using the GTOs to assess the risk that “corrupt foreign officials or transnational criminals” may be purchasing premium residential real estate in the name of shell corporations as a means of investing the proceeds of criminal activity while disguising their involvement. Information reported under the GTOs is shared with law enforcement agencies. FinCEN also anticipates that the GTOs will make it more difficult for individual purchasers behind covered transactions to disguise their involvement, mitigating the key vulnerability of such “all cash” transactions.

In a press release announcing the expanded GTOs, FinCEN confirmed that the January GTOs have provided law enforcement with valuable information about possible criminal activity and about additional assets relating to existing criminal suspects, and relied on these findings as a basis for expanding the GTOs to include premium real estate in other major metropolitan areas.

FinCEN is seeking information on real estate purchases without external financing in part because its existing regulations already provide some insight into and protection against financed real estate purchases through anti-money laundering (AML) regulation of banks, housing-related government sponsored enterprises, and residential mortgage loan originators. FinCEN estimates that existing Bank Secrecy Act (BSA) regulations already cover 78 percent of real estate purchases, and is using the GTOs to investigate the remaining 22 percent of purchases that fall outside coverage because they are made without external financing.

The agency also has taken other, broader steps to increase the availability of beneficial ownership information. On May 6, 2016, FinCEN issued a rule that now explicitly requires banks, brokers or dealers in securities, mutual funds, futures commission merchants, and introducing brokers in commodities to obtain and periodically update beneficial ownership information for their legal entity customers as part of their AML program obligations under the BSA. Please see Crowell & Moring’s analysis of that rule here.

These actions on beneficial ownership come against the backdrop of media reporting that the leaked “Panama papers” documents identify the use of shell companies by persons allegedly involved in criminal activity to purchase real estate assets anonymously in Miami and elsewhere, as well as a recent $1 billion civil forfeiture complaint by the Department of Justice alleging the use of proceeds of official corruption to purchase real estate in Manhattan, Los Angeles and Beverly Hills, all locations covered by the expanded Orders.

FinCEN has hinted that its GTOs may lead to new rules imposing AML obligations with respect to real estate. In the press release announcing the expanded GTOs, FinCEN said that the January GTOs were “informing future regulatory approaches” and that the new GTOs likewise would help the agency to “determine our future regulatory course.” In a presentation to industry in April of this year, FinCEN’s Director said that data collected from the GTOs would “help us gather information while furthering our incremental, risk-based approach to regulating this industry.”

The BSA allows FinCEN to impose AML requirements on “persons involved in real estate closing and settlements” because such persons are within the Act’s broad definition of “financial institutions.” In 2003, FinCEN published an Advance Notice of Proposed Rulemaking (ANPRM) specifically to consider the imposition of AML requirements on persons involved in real estate settlements and closings. In the ANPRM, the agency recognized that real estate had been and might continue to be used for money laundering, and suggested that its definition of the term “persons involved in real estate closing and settlements” might include: “[a] real estate broker or brokers … [o]ne or more attorneys, who represent the purchaser or the seller, … [a] bank, mortgage broker, or other financing entity, … [a] title insurance company, … [a]n escrow agent, and … [a]n appraiser.” Ultimately, however, the agency never issued a rule. In her April 2016 presentation, FinCEN’s Director noted that “[w]e have more data now than in 2003 to inform our decision-making.”

Practical Considerations

In the same April 2016 speech, FinCEN’s Director also said that”[i]t was troubling to read that some legal and real estate experts mobilized immediately after the [January] GTOs were announced to provide suggestions about ways to evade the reporting requirements.” This seems a clear warning from the agency about attempts to evade the terms of the GTOs, and should be read in conjunction with provisions in the BSA that prohibit the structuring of transactions to avoid BSA reporting requirements, including GTOs. Title insurance companies should be on the lookout for transactions that appear structured so as not to trigger reporting under the GTOs; changes made after the insurer informs potential purchasers of its obligations under the GTOs are especially suspect.

Title insurance companies that receive GTOs also should consider how they will gather the required information and who will be responsible for obtaining and reporting it. FinCEN’s new beneficial ownership rule provides some guidance for reporting on beneficial ownership, including standard forms used to obtain this information that may be useful in deciding how to respond to the GTOs. Although that rule allows some reliance on representations by company officers of who the beneficial owners of a legal entity customer are, financial institutions receiving certifications of beneficial ownership still appear to be responsible for incorrect reporting where there are “facts that would reasonably call into question the reliability of such information.”

Title insurance companies should be on the lookout for instances where there is an obvious disconnect between the information provided by the legal entity or its representative and other information available to the title insurer.

Title insurers also should consider the impact of any beneficial ownership information they receive on their obligations under sanctions administered by the Treasury Department’s Office of Foreign Assets Control (OFAC).

Beneficial ownership information may reveal that sanctioned parties hold an interest in legal entity clients or in a real estate transaction, and prohibit U.S. persons from being involved.

Finally, title insurers should consider whether beneficial ownership information imparts actual or constructive knowledge that the transaction involves the proceeds of criminal activity, such that further participation in the transaction may give rise to criminal liability for money laundering.


On January 8, the United States District Court for the District of Minnesota denied a motion by Thomas Haider, MoneyGram’s former chief compliance officer, to dismiss a government complaint seeking to hold him personally liable for a $1 million civil penalty for MoneyGram’s violations of the Bank Secrecy Act (BSA).

In particular, the court upheld the government’s theory that the BSA allows individual liability for willful violations of the Act’s requirement to maintain an effective anti-money laundering (AML) program, and that such violations can occur when a compliance officer fails to prevent willful AML program violations by his financial institution.

This represents only the second time that the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has sued to enforce a civil penalty (the last was in 1994), and this decision appears to be the first to interpret FinCEN’s authority to impose individual liability for AML program violations. It will add fuel to a broader effort by FinCEN and other regulators to hold individuals accountable for AML related failures at their institutions.

MoneyGram entered into a deferred prosecution agreement in 2012 with the Department of Justice in which it admitted to willfully violating the BSA by failing to maintain an effective AML program in relation to repeated incidents of fraud conducted through MoneyGram agents.

FinCEN then assessed a $1 million individual civil penalty against Haider in December 2014, alleging that he violated the BSA’s AML program and suspicious activity reporting provisions by willfully failing to ensure that MoneyGram complied with its BSA obligations on the same facts. The United States Attorney for the Southern District of New York simultaneously brought suit on FinCEN’s behalf to obtain a judgment enforcing the assessed penalty, and also sought to bar Haider from participating in the affairs of a financial institution for a period of years to be determined at trial, the first time FinCEN has sought such an injunction.

Haider argued that he could not be held liable for violations of 31 U.S.C. § 5318(h) because it refers only to the obligation of “financial institutions” to maintain AML programs and does not specify any obligation for individuals, in contrast to other requirements that do. The court rejected this argument, reasoning that the statute’s general civil penalties provision at 31 U.S.C. § 5321(a), establishing penalties for any “domestic financial institution” or “partner, director, officer, or employee” thereof that willfully violates any provision of the BSA except for two excepted provisions, implied the availability of individual liability in non-excepted sections like § 5318(h).

The court also rejected Haider’s argument that the government’s assessment of a civil penalty against him without a prior administrative hearing before a neutral arbiter denied him due process. The court agreed with the government that the assessment itself did not deprive Haider of any property interest because the government was required under the structure of the BSA to file a civil action to enforce it, with factual issues of liability to be determined at trial on a de novo standard of review after full discovery. This holding is consistent with previous BSA actions, but represents a significant difference between enforcement under the BSA and enforcement by other financial regulators, where administrative proceedings before the assessment of a penalty result in a deferential standard of review by federal courts on a record compiled by the agency.

Although it means a harder road for FinCEN to enforce its assessments, FinCEN’s action against Haider demonstrates a willingness to pursue in court such enforcement in cases where settlement cannot be reached, and to take risks to reach individual liability.

The court further upheld the government’s use of criminal grand jury information from the MoneyGram prosecution to support its civil assessment and complaint, declining to review another court’s order permitting disclosure of the materials under 18 U.S.C. § 3322(b). Section 3322(b) allows courts to order disclosure of matters occurring before a grand jury in an investigation of a “banking law violation” (defined to include the BSA) to a “Federal or State financial institution regulatory authority” for “use in relation to any matter within the jurisdiction of such regulatory agency.” Reported cases on this section are rare, and this is the first to suggest that FinCEN may avail itself of this provision.

Banks and other financial institutions should anticipate going forward that FinCEN may use information from money laundering and other banking law grand jury investigations as a basis to bring its own civil enforcement actions under the BSA.

The court deferred ruling to allow further factual development on Haider’s arguments that: (1) the government’s claim for equitable relief is punitive in nature and therefore barred by the general statute of limitations at 28 U.S.C. § 2462 for civil penalties; and (2) alleged bias by FinCEN’s Director and alleged leaks by FinCEN personnel about the case deprived him of due process. The court also deferred ruling on whether FinCEN’s penalty determination would be reviewed on an abuse of discretion standard, as has been the practice in other BSA cases.

FinCEN’s action continues a trend toward holding individual corporate officers, and in particular compliance officers, liable for failings at financial institutions. These include: (1) the Financial Industry Regulatory Authority’s (FINRA) February 2014 penalty against Brown Brothers Harriman’s global AML compliance officer for AML violations there; (2) the DOJ’s September 2015 “Yates memo” announcing changes to DOJ policy to further leverage corporate cooperation credit in order to prosecute culpable individuals; (3) the Securities and Exchange Commission’s (SEC) April 2015 penalty against the chief compliance officer of Black Rock Advisors, LLC, for contributing to breaches of conflict of interest reporting requirements; (4) the SEC’s June 2015 settlement with the chief compliance officer of SFX Financial Advisory Management Enterprises for compliance failures that contributed to a corporate officer’s alleged misappropriation of client funds; and (5) a rule proposed in December 2015 by the New York Department of Financial Services that would impose detailed requirements for the operation of AML and sanctions-related compliance programs and require compliance officers to certify annually that programs at their institutions comply with these requirements, with criminal penalties for false or incorrect certifications.