4 minute read | August.20.2020
On August 18, the Financial Crimes Enforcement Network, which has overall responsibility for administering the Bank Secrecy Act, issued a short statement that, for the first time, publicly outlined its approach to BSA enforcement. Of note, FinCEN indicated that it will not base enforcement actions on an institution’s failure to comply with standards announced solely in a guidance document. Additionally, for the first time, FinCEN listed a nonexhaustive set of factors it will use to determine what enforcement steps should be taken. The statement leaves FinCEN with considerable flexibility in enforcing the BSA, and raises a number of questions for legal and compliance professionals.
The statement will be of most interest to “financial institutions,” which under the BSA include a wide swath of financial services companies, that are not subject to supervision by a federal prudential regulator authorized to enforce compliance with the BSA; most prudential regulators have their own enforcement guidelines, and the federal banking agencies recently issued a joint statement on BSA enforcement. Companies subject to FinCEN’s BSA enforcement authority, particularly those such as money services businesses without federal prudential regulators, may wish to familiarize themselves with FinCEN’s enforcement factors and tailor their compliance efforts accordingly. The statement also provides implicit guidance on what actions institutions should take upon identification of a potential violation.
Basis for BSA enforcement actions
The statement indicates that when FinCEN takes enforcement action, it will “seek to establish a violation of law.” Noncompliance with standards set out only in guidance will not qualify. FinCEN noted that its evaluation will consider the adequacy of any required anti-money-laundering program, including compliance with “pillar” requirements: training, testing, internal controls, and designation of a BSA compliance officer. Interestingly, FinCEN noted that a “pillar violation” would “include the lack” of one or more required elements of an AML program, but it did not provide further guidance on whether other circumstances, such as implementing pillars inadequately, would qualify. FinCEN also noted that it will consider compliance with specific registration, recordkeeping, and reporting requirements.
FinCEN’s policy still could be read to suggest that it does not believe it is required to determine a violation of law in fact occurred prior to taking enforcement action. FinCEN’s statement said it may take a variety of actions for “an actual or possible violation,” and only provides that it will “seek to establish” a violation of law when taking enforcement action. That could suggest that FinCEN’s approach to enforcement could result in actions based on “possible” violations of law, although possible violations could arguably be treated with more leniency under the factors described below.
Enforcement approach and factors
For the first time, FinCEN listed a nonexhaustive list of factors it will consider when determining what, if any, action to take in response to an actual or possible violation of the BSA. Although not explicitly discussed, the factors can presumably aggravate or mitigate FinCEN’s enforcement response. The statement provides that FinCEN is free to weigh any particular factor as it sees fit, based on relevant facts and circumstances. FinCEN identified these factors:
This list of factors can inform compliance efforts in a number of ways. The emphasis on financial gain suggests that BSA compliance risks and obligations should be carefully weighed against potential business opportunities. The emphasis also suggests that, consistent with FinCEN’s past practices, basing BSA compliance decisions solely on a desire to limit compliance expense will aggravate the severity of any enforcement disposition.
The factors may influence approaches to remediation of identified compliance issues. For example, institutions may wish to prioritize the remediation of items identified in internal or external audits as violations of law over items identified to support best practices. Quick and effective remediation reduces the likelihood that any particular violation will become systemic, pervasive, or include large dollar amounts.
While the statement makes clear that FinCEN will view voluntary disclosure and cooperation favorably, it is free to weigh these factors based on facts and circumstances. Absent indications of how important FinCEN views these factors or how much voluntary disclosure might mitigate any potential enforcement, it is not clear what incentives an institution might have to voluntarily disclose BSA violations to FinCEN. The guidance does not explain what FinCEN considers a voluntary disclosure, leaving decision makers without clarity about when they will receive voluntary disclosure credit.
Finally, the statement sets out a range of enforcement actions that FinCEN may take based on its evaluation of the above factors. These include no action, a supervisory warning letter, equitable remedies such as an injunction, settlements, civil money penalties, and criminal referrals. Of note, FinCEN indicated that, in all matters, it will consider whether there is a need to require compliance commitments to ensure the financial institution complies with the BSA. To date, FinCEN rarely requires remedial action as part of its public enforcement actions.
If you have any questions regarding FinCEN’s BSA enforcement approach, please visit our Anti-Money Laundering and Bank Secrecy Act practice page, or contact an Orrick attorney with whom you have worked in the past.