FinCEN Publishes Statement Setting Forth Agency’s Approach to BSA Enforcement

On August 18, 2020, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) published a statement outlining the agency’s approach to enforcement of the Bank Secrecy Act (“BSA”), including anti-money laundering (“AML”) regulations issued by FinCEN pursuant to the BSA.  As described in a press release accompanying the statement, the document “aims to provide clarity and transparency to [FinCEN’s] approach when contemplating compliance or enforcement actions against covered financial institutions that violate the BSA.” This relatively brief statement apparently represents FinCEN’s first published guidance that comprehensibly identifies the agency’s enforcement priorities and policies, and it may reflect an effort by FinCEN to place more emphasis on its enforcement function.   The statement lacks the details of enforcement guidance published by other agencies on issues of trade and financial regulation, such as Treasury’s Office of Foreign Assets Control (“OFAC”).  While many of the topics covered by the FinCEN statement will be familiar to covered financial institutions, there are also a few noteworthy clarifications in the statement. FinCEN Maintains the Authority to Bring Enforcement Action Against Individuals The statement reaffirms FinCEN’s position that it can bring enforcement cases against corporate officers and employees when a financial institution violates the BSA.  The statement notes that in addition to “imposing civil money penalties on financial institutions, nonfinancial trades or businesses, and other persons that violate the BSA,” FinCEN “in a number of instances may take enforcement actions, to include imposing civil money penalties on partners, directors, officers, or employees who participate in these violations.”  In recent years, FinCEN has placed particular emphasis on its authority to bring enforcement actions against individuals at financial institutions. Standard for Bringing Enforcement Action According to the statement, when FinCEN brings an enforcement action it will “seek to establish a violation of law based on applicable statutes and regulations.”  It adds that, “FinCEN will not treat noncompliance with a standard of conduct announced solely in a guidance document as itself a violation of law.”  This statement is potentially a helpful clarification and comports with FinCEN’s general risk-based approach to AML, whereby covered financial institutions are afforded some discretion with respect to how to implement an effective AML program, so long as the program meets certain minimum requirements laid out in FinCEN’s regulations.  With that said, it is not clear how this guidance will be applied to specific scenarios.  For example, there are certain measures not explicitly called for in the regulations, which have nonetheless become fundamental to AML compliance programs such that it may be difficult to demonstrate an effective AML program in their absence.  For example, FinCEN’s regulations do not specifically require covered financial institutions to conduct a written risk assessment, but they do require institutions generally to “maintain an effective AML program,” and a written risk assessment is considered by many to be an essential element to developing an effective risk-based compliance program.  It is possible that the failure to conduct a written risk assessment (which does not appear in the regulations) nonetheless could be the basis for a violation for failing to maintain an effective AML program. Potential Enforcement Outcomes The statement explains that FinCEN may take one or more of six potential actions when handling enforcement matters.  The potential outcomes include: (1) no action; (2) a warning letter; (3) equitable remedies (such as seeking an injunction); (4) negotiated settlements, which may include remedial undertakings or civil money penalties as part of the settlement; (5) civil money penalties; and (6) criminal referral, if warranted under the BSA. Factors Considered The statement explains that FinCEN “considers a range of factors when evaluating an appropriate disposition upon identifying actual or possible violations of the BSA.”  It then goes on to list 10 specific factors it will consider, but notes that such factors are merely illustrative and the agency may consider others.  The listed factors include:

1. Nature and seriousness of the violations, including the extent of possible harm to the public and the amounts involved.
2. Impact or harm of the violations on FinCEN’s mission to safeguard the financial system from illicit use, combat money laundering, and promote national security.
3. Pervasiveness of wrongdoing within an entity, including management’s complicity in, condoning or enabling of, or knowledge of the conduct underlying the violations.
4. History of similar violations, or misconduct in general, including prior criminal, civil, and regulatory enforcement actions.
5. Financial gain or other benefit resulting from, or attributable to, the violations.
6. Presence or absence of prompt, effective action to terminate the violations upon discovery, including self-initiated remedial measures.
7. Timely and voluntary disclosure of the violations to FinCEN.
8. Quality and extent of cooperation with FinCEN and other relevant agencies, including as to potential wrongdoing by its directors, officers, employees, agents, and counterparties.
9. Systemic nature of violations. Considerations include, but are not limited to, the number and extent of violations, failure rates (e.g., the number of violations out of total number of transactions), and duration of violations.
10. Whether another agency took enforcement action for related activity. FinCEN will consider the amount of any fine, penalty, forfeiture, and/or remedial action ordered.

The statement notes that “FinCEN strives for proportionality, consistency, and effectiveness” when bringing an enforcement action, but also adds “[t]he weight given to any factor … may change based on the relevant facts and circumstances of a case.”  While these factors are helpful, many of them are somewhat amorphous, meaning there is likely to be scenarios in which covered financial institutions and FinCEN disagree about the application of a factor to a particular factual scenario. Enforcement Action Process According to the statement, “Regulated parties will be afforded an opportunity to respond to and contest factual findings or legal conclusions underlying any FinCEN enforcement action.”  This has been true as a matter of practice and comports with general principles of federal administrative procedure.  However, the statement does not provide any further details such as the format of the response or timeline to prepare and submit a response. Voluntary Disclosures Of particular note in the FinCEN statement is factor seven, “Timely and voluntary disclosure of the violations to FinCEN,” which appears to create a voluntary disclosure regime similar to those existing in other areas of trade and financial regulatory compliance, including economic sanctions, export controls, and under the Foreign Corrupt Practices Act (“FCPA”).  (See our advisory on recent changes to the Department of Justice’s voluntary disclosure policy for sanctions and export controls here).  The press release accompanying the statement further notes that “FinCEN also encourages financial institutions to voluntarily and promptly report violations, and to candidly and completely cooperate with any investigation.” This is an important development as FinCEN previously had no announced policy for covered financial institutions to voluntarily disclose violations or for considering a voluntary disclosure as a mitigating factor in an enforcement matter.  However, the statement provides no detail regarding the process for making voluntary disclosures to FinCEN.  It does not address how FinCEN will calculate the mitigation “credit” a disclosing party might receive, what constitutes a timely or voluntary disclosure, or even how to submit such a disclosure. Coordination with the Federal Banking Agencies FinCEN’s statement was released a few days after several federal banking agencies (“FBAs”), including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency, issued their own statement on BSA enforcement updating earlier guidance issued in 2007.  These two statements were apparently designed to be released at the same time.  FinCEN’s statement affirms the agency’s longtime informal policy that it will “consider the amount of any fine, penalty, forfeiture, and/or remedial action ordered” by another agency as a factor in deciding FinCEN’s enforcement posture for related activity.  FinCEN’s affirmation of its anti “piling on” policy follows similar commitments made by the Department of Justice in 2018 and by the Commodity Futures Trading Commission in May 2020.  While the two statements do not otherwise articulate a coordinated approach to enforcement, the FBAs and FinCEN did issue a third joint statement on August 21, clarifying that FinCEN’s 2016 customer due diligence (“CDD”) Final Rule did not require banks to apply specific due diligence procedures when managing the risks posed by customers who are senior foreign political figures, often referred to as “politically exposed persons” or “PEPs.” FinCEN and the FBAs have overlapping responsibilities for BSA enforcement with respect to financial institutions supervised by each banking agency.  FinCEN also serves as the primary federal regulator for a number of financial institutions (such as money services businesses) that are not subject to the supervisory authority of another federal financial regulator.  FinCEN’s regulations provide for the imposition of civil monetary penalties for violations of the BSA, and the federal financial regulators have the authority to impose similar penalties under their general enforcement statutes.  The FBAs statement on BSA enforcement was limited to the issuance of cease and desist orders to address noncompliance – it did not address the topic of civil monetary penalties.  However, the updated Joint Statement underscored the more robust requirements for risk-based procedures applicable to conducting ongoing CDD, including information regarding the beneficial owners of legal entity customers, likely reflecting FinCEN’s own issuance of a 2016 Final Rule regarding CDD and beneficial ownership. The Path Ahead: Increased Enforcement Actions? While FinCEN’s statement and accompanying press release do not mention a specific intent to increase enforcement activity, an uptick in enforcement efforts seems like one possible explanation for the publication of this document.  FinCEN has recently made new hires to bolster its enforcement function and has sought to enhance the number of BSA examinations conducted by the agency in conjunction with applicable functional regulators or, in the case of money services businesses, FinCEN’s delegated examiner the Internal Revenue Service. In addition, while the statement and press release do not indicate any intent to issue additional guidance, it is possible FinCEN will do so in the future.  The document from FinCEN is referred to only as a statement and not as guidance.  FinCEN does issue formal guidance on a fairly regular basis and, therefore, it is possible the agency will publish a more detailed version of its statement in the future in the form of formal guidance.