Compliance Insights - March 2018

Compliance Insights - March 2018

 NYDFS Issues Guidance for Virtual Currency Entities

In February 2018, the New York State Department of Financial Services (NYDFS) released guidance requiring virtual currency entities to adopt measures to combat fraud and market manipulation. So-called cryptocurrencies are offered through non-bank entities using distributed ledger, or blockchain, technologies that consumers and businesses alike may use to facilitate transactions and payments, or that can be used for investment or speculative purposes.

Recently, federal regulators have expressed concerns to the U.S. Congress that cryptocurrency trading – which has increased in popularity and volume – poses risks to consumers and financial institutions and may warrant centralized oversight and investor protections beyond the current regulatory approach, whereby such entities may elect to be regulated as money-services businesses under state law.

In its guidance, the NYDFS requires virtual currency entities to implement measures to effectively detect, prevent, and respond to fraud, attempted fraud and similar wrongdoing, including:

  • Implementing effective written policies to identify and assess the full range of fraud-related and similar risk areas, including market manipulation, associated with the virtual currency. Such policies should provide effective procedures and controls that protect against identified risks, including the effective investigation of suspected or actual fraud and other wrongdoings, in particular any suspected manipulation of the market for the virtual currency. In addition, the policies should allocate responsibility for monitoring risks and provide for periodic evaluation and revision of the procedures, controls, and monitoring mechanisms to ensure continuing effectiveness and regulatory compliance.
  • Effectively investigating fraud and other wrongdoing, whether suspected or actual, including potential market manipulation.
  • Immediately reporting any market manipulation, fraud, or other wrongdoing on discovery to the NYDFS with the pertinent details known at the time of the report. Virtual currency entities are obligated also to provide further reports of any material developments related to the originally-reported event along with statements of planned or actual actions taken and changes in operations with respect to such developments.

The NYDFS has been at the forefront of enhanced regulation of virtual currencies. In 2015, it developed the BitLicense Regulatory Framework. BitLicense was the first comprehensive virtual currency regulatory regime enacted in the U.S., and the NYDFS has granted to six firms a virtual currency license or charter to date. In its latest guidance, the state agency has affirmed its vigilance towards evolving cryptocurrency market risks, particularly related to fraud and market manipulation (whether propagated by personnel or customers of virtual currency entities), as these actions pose risks to the safety and soundness of both customers and financial services institutions.

Virtual currency entities and financial institutions alike should take note of the guidance:

  • Virtual currency entities should familiarize themselves with the new guidance and assess their written policies to determine compliance. These firms should also examine their compliance management systems and technologies to ensure that effective controls are in place to capture any fraud or similar wrongdoing in virtual currency transactions and ensure that their reporting systems enable an effective flow of information from the institution to the regulator.
  • As the use of virtual currencies increases, financial institutions may find it necessary to ensure that their investigations processes are equipped to detect and investigate fraudulent activity committed through digital or virtual currency transactions. The NYDFS’s guidance is just one example of technology-related compliance requirements facing firms today. As regulatory guidance continues to evolve, firms should consider implementing tactical mitigation strategies to manage the complexities of technology risks, all while maintaining a focus on innovation and reaching new markets.

Go to top

Legislative Actions to Improve the U.S. AML/CTF Framework

In January 2018, the U.S. Senate Committee on Banking, Housing, and Urban Affairs (the Senate Banking Committee) held two hearings aimed at reforming the current U.S. anti-money laundering/counter-terrorism financing (AML/CTF) framework. The first hearing explored opportunities to reform and strengthen Bank Secrecy Act (BSA) enforcement, and the Senate Banking Committee’s perspectives on the proposals to reform the BSA were discussed at the second hearing. The topics discussed in both hearings parallel many reforms proposed in a report published by The Clearing House in February 2017.

These hearings coincide with proposed legislation in the U.S. House of Representatives, the Counter Terrorism and Illicit Finance Act (CTIFA), to reform aspects of the BSA, which is pending before the Senate Banking Committee and addresses several of the key points raised in the aforementioned congressional hearings. Key changes discussed in both hearings and drafted in this industry-supported legislation include:

  • Beneficial Ownership: Currently, there is no centralized repository for collecting and maintaining beneficial ownership information on legal entities formed within the U.S. Within the proposed bill, Congress contemplates that the Financial Crimes Enforcement Network (FinCEN) will be responsible for collecting legal entity beneficial ownership information and developing a national database of this information that would then be accessible on request by financial institutions or through subpoena by law enforcement. Although it would take significant time, implementing this recommendation would not only encourage and help improve information sharing practices among law enforcement and financial institutions, it would also help ease the burden of meeting FinCEN’s final rule on customer due diligence (CDD), effective in May 2018, and align with global leading practices.
  • Efficiency and Effectiveness of Reporting: Under the BSA, financial institutions are required to file currency transaction reports (CTRs) for transactions in cash of $10,000 or more, and to file suspicious activity reports (SARs) on, among other scenarios, transactions exceeding $5,000 when the financial institution knows or suspects that the transaction involves money laundering. The financial services industry has long debated whether these thresholds are too low, encouraging defensive filing practices and yielding a volume of reporting to law enforcement so large that it inhibits productive investigating and in turn may impede national security goals.

    The proposed legislation seeks to promote more valuable reporting and proposes to raise the minimum monetary threshold for filing CTRs from $10,000 to $30,000 and for filing SARs from $5,000 to $10,000. Further, the proposed legislation includes measures to review other reporting requirements under the BSA, including review of critical reporting fields, timeframes, and feasibility of streamlining reporting forms to help minimize inefficient and ineffective filing efforts – an often costly operational routine for financial institutions and law enforcement.

  • SAR-Related Information: Financial institutions are limited in how and to whom they disclose the existence of a SAR investigation and SAR filing. CTIFA aims to expand the confidentiality of information related to SARs, which may result in higher quality SARs and improved transaction monitoring. Further, CTIFA includes proposals to codify absolute civil immunity for SAR filing and allow financial institutions to share SAR filings with its foreign branches.
  • Voluntary Information Sharing: Currently under the BSA, voluntary information sharing among financial institutions related to subjects that may be involved in money laundering or terrorist activities is permitted. CTIFA seeks to broaden the safe harbor provision within Section 314(b) of the USA PATRIOT Act to also include “unlawful activity,” aside from just money laundering and terrorist financing, to further encourage safe and confidential communication among financial institutions.

CTIFA also includes additional proposals relating to FinCEN’s role in conducting BSA examinations, the use of technology and innovation to improve BSA compliance programs and requiring FinCEN to establish a no-action letter process. The CTIFA, if enacted, would be a significant shift in how the financial services industry, regulators and law enforcement protect against money laundering-based crimes.

While the legislation is still in early discussion stages and subject to further bi-partisan debate, financial institutions should continue to familiarize themselves with the proposed changes, be aware of the evolving landscape, and be empowered to provide feedback to their legislators where appropriate. Financial institutions should consider proactive internal discussions with their teams and senior management regarding associated emerging opportunities and risks that would have seismic impacts on their AML/CTF compliance programs if passed.

Go to top

CFPB Releases Five-Year Strategic Plan

In February 2018, the Consumer Financial Protection Bureau (CFPB) published a plan that sets forth the strategic direction for the agency, including its overall mission, vision, and goals and objectives for the upcoming five years. The release of the plan coincides with recent leadership changes for the agency, as well as the agency’s current initiative to self-assess its activities through a series of public requests for information. (Please refer to our February 2018 edition of Compliance Insights).

The finalized version of the CFPB’s strategic plan represents a departure from the direction and focus of the agency’s prior leadership and contains significant revisions from the draft version published in October 2017. Current agency leadership, which has been critical of the CFPB’s historical regulatory, supervisory and enforcement practices that were seen as pushing the envelope, have in the final plan sought to re-focus the CFPB’s mission on regulating and enforcing consumer financial products and services, while educating and empowering consumers to make better informed financial decisions, drawing directly from the Dodd-Frank Wall Street Reform and Consumer Protection Act, which established the agency in 2010. By aligning closely to that statute, leadership seeks to re-position the agency on a less aggressive footing and create a plan that provides clarity and certainty to those impacted by the agency and prevents potential misuse of its statutory authority.

Notable points in the plan include the following:

  • The plan narrows the mission of the CFPB in terms of regulating consumer financial products and services under the relevant federal consumer financial laws and regulation and de-emphasizes the focus on making rules more effective. The mission was expanded to also emphasize the agency’s focus on consumer education.
  • The vision for the agency was re-framed to include a focus on transparency, protection of the rights of all parties – consumers and financial institutions alike – by the rule of law, and consumer choice based on individual need.
  • The plan’s three primary goals, rooted in the language of the Dodd-Frank Act, include:
    • Ensuring that all consumers have access to markets for consumer financial products and services. Ensuring transparency of markets for consumer financial products and services to facilitate access and innovation is a key component of the first goal, which the CFPB intends to achieve by close monitoring of the market and consumer decisions and outcomes.

      With an eye on the technological advances dominating the financial markets, the CFPB also states that it will engage in rulemaking or other activities where appropriate to respond to emerging markets and products, changes in market conditions, or innovation.

    • Implementing and enforcing the law consistently to ensure that markets for consumer financial products and services are fair, transparent and competitive. By enhancing compliance with federal laws, the CFPB aims to ensure fair, equitable and nondiscriminatory access to credit for all and promote fair lending compliance and education.

      The agency plans to focus supervision and enforcement resources on financial institutions and their product lines that pose the greatest risk to consumers based on the nature of the product, field and market intelligence, and the size of the institution and product line. It also intends to promote the development and enhancement of technology solutions to ensure compliance with federal consumer financial laws including technology solutions for coordinating supervisory information capable of recording, storing, tracking and reporting information on its supervisory process.

    • Fostering the operational excellence of the agency through effective and efficient processes, governance, and security of resources and information (such as through cyberattacks against the agency itself). The CFPB intends to review or revise its programs, policies and processes that support and govern its internal operations to achieve its consumer protection mission and strategic goals, which includes transforming its own workforce to have the necessary experience and skills needed to realize the strategic goals. The agency will seek to become more efficient by the adoption of new technology to improve and streamline processes, by implementing an enterprise risk management program and by identifying budget savings, while safeguarding its systems and data.

These goals are in stark comparison to the previous strategic plan, which emphasized the prevention of financial harm, informing the public of its data-driven decisions on policymaking, maximizing the agency’s impact, and aiming to empower consumers’ financial lives. Notably the most recent plan does not include a focus on enforcement, which may be in response to criticism of the agency’s past approach.

The new plan also states that the CFPB will work to reduce outdated, unnecessary or burdensome regulations, again in a reversal of its previous goals.

It is clear from the CFPB’s strategic plan and other recent actions the agency and its leadership have taken that the agency intends to re-focus its efforts to regulate consumer financial products and services. Agency leadership has emphasized that the CFPB will continue to enforce compliance with federal consumer financial laws when warranted to protect consumers from unfair, deceptive or abusive acts or practices (UDAAP) and from discrimination; the plan simply lays out a more narrow approach, grounded in statutory authority and data. Financial institutions should be familiar with the agency’s priorities and approach to supervision, and should monitor developments of not just the agency (as it self-assesses its activities and regulations) but also other regulatory bodies (with which the CFPB may share supervisory and enforcement authorities and that may take actions as deemed fit to enforce compliance).

Go to top

It is important to note that this newsletter is provided for general information purposes only and is not intended to serve as legal analysis or advice. Companies should seek the advice of legal counsel or other appropriate advisers on specific questions and practices as they relate to their unique circumstances.


Ready to work with us?

Steven Stachowicz
Steven M. Stachowicz
Managing Director