The September issue of the Regulatory Compliance Digest features a summary of the latest updates including FDIC’s 2023 Risk Review, FFIEC releases Census Flat Files and updates to the BSA/AML Examination Manual, OFAC’s Web Series Launched, CFPB Filing Instructions Guide for Small Businesses and more.
The Regulatory Compliance Digest is intended to keep you informed of regulatory changes in advance of their effective date so your institution can evaluate changes or updates to necessary policies, procedures and processes in place to be compliant at the time of enactment.
Industry Trends & Insights
The FDIC Releases their 2023 Risk Review Summary
The FDIC’s 2023 Risk Review, published in mid-August, provides a comprehensive summary of key developments and risks in the U.S. banking system. One of the most interesting sections addressed operational risk as it relates to the Institution’s Bank Secrecy Act/Anti-Money Laundering BSA /AML Program.
If a bank does not know the customer with whom a bank is conducting business, the U.S. financial system is more susceptible to money laundering, terrorist financing and other illicit financial activity risks.
The United States is vulnerable to terrorist financing and other forms of illicit finance because much of the global economy is interconnected with the U.S. economy and financial system. The federal banking agencies, in conjunction with the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), are updating their Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) program regulations to address priorities identified by FinCEN. FinCEN’s AML/CFT priorities are:
- Corruption: FinCEN aims to combat corruption at all levels, including foreign and domestic public corruption, as well as private sector corruption. This also includes efforts to identify and target the financial facilitators and enablers of corruption.
- Cybercrime: With the increasing reliance on technology, cybercrime has become a significant threat to the U.S. financial system. FinCEN’s focus includes crimes like hacking, ransomware, and the theft of customer data, as well as the use of virtual currencies for illicit activities.
- Terrorist financing: Preventing the financing of terrorism remains a critical priority for FinCEN, which involves identifying and disrupting the funding sources and financial networks that support terrorist organizations.
- Fraud: FinCEN’s focus is on combating various forms of fraud, including securities and investment fraud, healthcare fraud and consumer fraud, which can undermine the integrity of the U.S. financial system.
- Transnational criminal organization (TCO) financing: TCOs are involved in a wide range of criminal activities, including human trafficking, drug trafficking, and organized crime. FinCEN aims to disrupt the financial networks that enable these organizations to operate.
- Proliferation financing: Focuses on preventing the financing of the proliferation of weapons of mass destruction and related goods, technologies, and services.
- Human trafficking and human smuggling: FinCEN is dedicated to identifying and targeting the financial networks that facilitate these heinous crimes, which often involve the exploitation of vulnerable individuals.
Beneficial Ownership. Although financial institutions have implemented BSA AML programs consisting of policies, procedures and processes to assess and mitigate the risks associated with its customers, products and services, and geographic reach, the inability to know the beneficial owner of accounts still presents a risk to financial institutions and the financial system overall.
The original Beneficial Ownership rule was enacted in 2016 (with mandatory compliance by May 11, 2018) and required financial institutions to identify and verify the legal owners of its entity customers opening new accounts. Expect ongoing changes with this rule once the Corporate Transparency Act (CTA) becomes fully implemented. This month, FinCEN published its Beneficial Ownership Compliance Guide that will require companies to disclose to FinCEN their beneficial ownership information when they are formed (or for non-U.S. companies, when they register with a state to do business in the United States). They will also be required to report changes in beneficial owners. The requirements go into effect January 1, 2024.
The changes will help facilitate law enforcement investigations and make it more difficult for illicit actors to hide behind corporate entities registered in the United States or foreign entities registered to do business in the United States.
Third Parties. Reliance on third parties to perform AML/CFT compliance tasks or act as an intermediary between the institutions and its customers is also risky for several reasons. The third parties themselves may not be subject to AML/CFT regulations. In addition, the use of third parties can also impede the institution’s knowledge of customer activity and the ability to verify the customer’s identity or beneficial ownership of an entity customer. This also impacts the institution’s Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) processes.
Sanctions. Currently, the dynamic nature of sanctions regulations increases the risk that institutions transact for sanctioned parties. That, coupled with the volatile geopolitical arena, requires a vigorous and timely change management process for the institution’s AML/CFT Program. Inadequate interdiction software implementation, ineffective supplemental processes (manual or automated), unknown gaps in sanctions screening systems and untimely updates to a bank’s interdiction software increase the risk of processing transactions for a sanctioned party.
Now is the time to start reviewing your current BSA program to identify any gaps and establish an action plan to address these risks. The good news is that financial institutions need not incorporate the priorities into their risk-based AML/CFT programs until the effective date of the final revised regulations.
FDIC Updates Equal Housing Lender (EHL) Posters
On April 23, 2023, the FDIC issued a Federal Register Notice to update and clarify the requirements for EHL posters that are required to be displayed in FDIC-supervised institutions. These changes, announced on August 31, 2023, were necessitated by a name change of the FDIC’s entity that receives complaints, from the Consumer Response Center to the National Center for Consumer and Depositor Assistance (NCDA), and the introduction of the web address of the FDIC’s web-based complaint portal.
FDIC-supervised institutions are required to update their EHL posters with the following name, address, and web address:
National Center for Consumer and Depositor Assistance
Federal Deposit Insurance Corporation
1100 Walnut Street, Box #11
Kansas City, MO 64106
The effective date for these changes was June 23, 2023.
Agency Contact Information; Technical Corrections
On March 20, 2023, the Consumer Financial Protection Bureau (Bureau or CFPB) published the “Agency Contact Information” final rule in the Federal Register. The Bureau has identified four clerical errors in that final rule. These errors are found in the Federal agency contact information that must be provided with Equal Credit Opportunity Act adverse action notices in appendix A to Regulation B, the Fair Credit Reporting Act Summary of Consumer Rights in appendix K to Regulation V, and a Bureau website address where the public may access certain APR tables referenced in comment appendix J–2 to Regulation Z. This document corrects these errors. This correction is effective on September 25, 2023.
Filing Instructions Guide for Small Business Lending Data Collected in 2024
The 2024 filing instructions guide is a set of resources to help you file small business lending data with the Consumer Financial Protection Bureau (CFPB) in 2025 covering the period from October 1, 2024, to December 31, 2024. These resources are briefly described in this section and are further detailed throughout this web page in individual sections. These resources may be useful for employees in a variety of roles, for example:
- Staff who collect, prepare, and submit data
- Technology support staff
- Compliance officers
Note: On July 31, 2023, the U.S. District Court for the Southern District of Texas ordered the CFPB not to implement or enforce the rule against plaintiffs in that case, Texas Bankers Ass’n, et al. v. CFPB, No. 7:23-cv-00144, and their members. That order stays all deadlines for compliance with the 1071 rule for plaintiffs in that case and their members.
FFIEC Census Flat Files Released
The FFIEC Census flat files are a convenient method of accessing and analyzing the FFIEC census data that are used to create the HMDA and CRA Aggregate and Disclosure Reports. They contain over 1,000 fields of census data and are updated annually to reflect changes to MSA/MD boundaries announced by the Office of Management and Budget (OMB) and CRA Distressed/Underserved Census Tracts as announced by the Federal banking regulatory agencies.
For years prior to 2019, these files are also included as part of a Windows application. The Windows application allows users to generate reports that can be exported in Excel, PDF, and text formats. From 2019 on, the user must download the flat files to generate their own reports.
For 2022, the FFIEC plans to release the various FFIEC Census products in three parts as the data become available. The first release was March 30, 2022; a second release in August updated the flat file with ACS fields; and a final release is expected in 2023 after the Demographic and Housing Characteristics (DHC) files are released by Census.
For 2023, the initial flat file release in August does not include demographic data for the four island areas. This data will be included in a second flat file release coming later in 2023.
OFAC’s “Introduction to OFAC” Web Series
Financial sanctions continue to be a vital tool to support the United States’ foreign policy goals and national security, and the private sector is a critical partner in the success of our mission. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) implements and enforces sanctions, but the private sector acts as the first line of defense. To meet the latest national security challenges, our sanctions have evolved and, in many cases, become more complex. We know this creates complexities in compliance, too. To help provide further clarity on U.S. sanctions requirements, OFAC is launching a series of short videos that provide background on our sanctions programs along with practical suggestions on how to comply effectively.
- First Episode released July 28, 2023: https://www.youtube.com/watch?v=A1QAv7eNgVo
- Second Episode release date pending
SAR Filings by Industry Trend Data Released
On August 6, 2023, FinCEN released its 2022 SAR trending data by industry. This site is interactive and a valuable tool for analysis.
Federal and State Regulators Release Updates to the BSA/AML Examination Manual
On August 2, 2023, the Federal Financial Institutions Examination Council, released updates to the following sections of the Bank Secrecy Act/Anti-Money Laundering Examination Manual:
- Special Information Sharing Procedures to Deter Money Laundering and Terrorist Activity
- Due Diligence Programs for Correspondent Accounts for Foreign Financial Institutions
- Due Diligence Programs for Private Banking Accounts
- Prohibition on Correspondent Accounts for Foreign Shell Banks; Records Concerning Owners of Foreign Banks and Agents for Service of Legal Process
- Summons or Subpoena of Foreign Bank Records; Termination of Correspondent Relationship; Records Concerning Owners of Foreign Banks and Agents for Service of Legal Process
- Reporting Obligations on Foreign Bank Relationships with Iranian-Linked Financial Institutions
The updates should not be interpreted as new instructions or increased focus on certain areas; instead, they offer further transparency into the examination process and support risk-focused examination work. Details are available at https://bsaaml.ffiec.gov.
Have Questions?
If you would like to discuss any compliance matters for your institution, please contact your Cherry Bekaert Advisor or reach out to the Firm’s Risk Advisory regulatory compliance team today.
DISCLAIMER
External links to other websites outside of www.cbh.com are being provided as a convenience and for informational purposes only. The links do not constitute an endorsement or an approval by Cherry Bekaert of any of the information, products, services, or opinions of the organization or individual. Cherry Bekaert bears no responsibility for the accuracy, legality, or content of the external websites or for that of subsequent links. Contact the external website for answers to questions regarding its content.