Notice Also Stresses New BSA Whistleblower Provisions
On July 26, the Department of Commerce, the Department of the Treasury, and the Department of Justice released a joint compliance notice (the “Compliance Notice”) updating and summarizing each agency’s position regarding the voluntary self-disclosure by businesses of potential violations of sanctions, export controls, and other national security laws.
Asserting that voluntary self-disclosure can provide many benefits to a reporting business – potentially providing for a non-prosecution agreement or a 50 percent decrease in “base penalties” – the Compliance Notice provides each entity’s current position as to voluntary self-disclosure. The Compliance Notice also references the still-evolving whistleblower program under the Bank Secrecy Act (“BSA”), which now pertains to not only potential BSA violations, but also potential violations of sanctions law.
Department of Justice
On March 1, 2023, the Department of Justice (“DOJ”) updated its voluntary self-disclosure policy covering potential criminal violations of export control and sanctions laws. Under that policy, the DOJ notes that “where a company voluntarily self-discloses potentially criminal violations, fully cooperates, and timely and appropriately remediates the violations, [the DOJ’s National Security Division] generally will not seek a guilty plea, and there will be a presumption that the company will receive a non-prosecution agreement and will not pay a fine.”
However, to avail itself of this policy, the reporting company cannot retain any unlawfully obtained gains, and aggravating factors will prevent a company from relying upon the presumption of a non-prosecution agreement. Those factors include “egregious or pervasive criminal misconduct within the company, concealment or involvement by upper management, repeated administrative and/or criminal violations of national security laws, the export of items that are particularly sensitive or to end users of heightened concern, and a significant profit to the company from the misconduct.” In such cases, the DOJ may instead seek a deferred prosecution agreement or guilty plea (or, presumably, an indictment).
Further, to take advantage of the policy’s protections, a company is required to, in part: (1) make their disclosure within a reasonably prompt time after becoming aware of the potential violation, absent any other legal obligation to disclose; (2) make the disclosure prior to an imminent threat of disclosure or government investigation; (3) must timely and appropriately remediate any violations; (4) share all relevant non-privileged facts known at the time; and (5) fully cooperate when making the disclosure. Lastly, disclosures made only to regulatory agencies such as OFAC or the Bureau of Industry and Security (“BIS”) do not qualify for the DOJ’s policy.
The DOJ’s voluntary disclosure policy regarding potential sanctions and export control violations must be read in conjunction with the more general DOJ policy regarding corporate voluntary self-disclosures, announced in early 2023. Although there are many similarities between the two policies, they are not identical, and this can create challenges for a disclosure calculation. Moreover, the DOJ announced on March 3, 2023 that companies seeking advantageous resolutions of potential criminal violations must consider steps against employees involved in the violations, including claw backs, reduction of compensation and incentives, and termination.
Department of Commerce
In June of 2022, BIS’s Office of Export Enforcement (“OEE”) implemented a dual-track system to handle voluntary self-disclosures. Minor infractions are now fast-tracked with a warning or no-action letter, while potentially more serious violations will garner a review to determine if an enforcement action is warranted.
Although the OEE states that a company will receive “significant credit for coming forward voluntarily,” it also will provide additional relief from potential penalties by way of a mitigating factor, if that company previously has submitted a tip to OEE regarding a third-party having potentially violating the Export Administration Regulations. In contrast, a nondisclosure of a significant possible violation of the Export Administration Regulations will be considered by the OEE as an aggravating factor under BIS penalty guidelines.
Interestingly, the Compliance Notice stresses the important of internal investigations:
Additionally, companies cannot sidestep the “should we voluntarily self-disclose or not” decision by self-blinding and choosing not to do an internal investigation in the first place. The existence, nature, and adequacy of a company’s compliance program, including its success at self-identifying and rectifying compliance gaps, is itself considered a factor under the settlement guidelines.
One of the practical effects of the above language is that companies which do perform an internal investigation then presumably will feel pressured to disclose the results of any investigation which identifies a potential “compliance gap,” thereby creating a potentially circular decision-making process: i.e., an investigation to determine whether to disclose may increase the pressure to disclose, simply because the government will punish the company if it later learns of the non-disclosure. Of course, internal investigations can vary in quality, and “compliance gaps” can be arguable.
OFAC
The Office of Foreign Assets Control (“OFAC”) considers voluntary self-disclosure to be a mitigating factor under its guidelines, resulting in up to a 50 percent reduction in the base amount of a proposed civil penalty. In its review, OFAC will also consider other circumstances surrounding the apparent violation, such as “the existence, nature, and adequacy of the subject’s compliance program at the time of the apparent violation and the corrective actions taken in response to an apparent violation.”
However, OFAC lists several items that will prevent a disclosure from being deemed a voluntary self-disclosure, including: (1) Failing to disclose prior to or simultaneous with, the discovery by OFAC or another government agency of the apparent violation; (2) a third party is required to report the violation and/or the disclosure is not self-initiated; (3) the disclosure is false or misleading; and (4) the disclosure is materially incomplete.
BSA Whistleblower Program
The Compliance Notice also referenced the whistleblower program under the BSA, which has been previously covered in this blog (see here, here, here, here, here and here). The Anti-Money Laundering Act of 2020 (“the AMLA”) amended the BSA to expand whistleblower incentives and strengthen whistleblower protections. In part, the AMLA amended 31 U.S.C. § 5323 to provide that if the government recovers more than $1 million through an AML enforcement action, any qualifying whistleblower will receive a mandatory reward of up to 30% of the collected amount. However, there amendment did not provide a guaranteed monetary floor for an award (i.e., it could be zero to 30%), and Congress had not allocated funding for any awards. Congress addressed these perceived deficiencies by passing the “Anti-Money Laundering Whistleblower Improvement Act,” which was signed into law on December 29, 2022, and created both a “Financial Integrity Fund” to pay for whistleblower awards and a 10% floor when monetary sanctions were collection in amounts exceeding $1 million. It also expanded the BSA whistleblower provisions to apply to reports of potential violations of laws upon which U.S. economic sanctions are based, including the International Economic Emergency Powers Act, certain provisions of the Trading With the Enemy Act, and the Foreign Narcotics Kingpin Designation Act.
Under the Compliance Notice, the Financial Crimes Enforcement Network (“FinCEN”) appears to expand the breadth the whistleblower program by stating that it also may pay awards to whistleblowers whose information leads to the successful enforcement of a “related action.” Specifically, the Compliance Notice makes clear this includes the payment of awards stemming from enforcement actions taken under statutory authority such as the Export Control Reform Act. However, FinCEN notes that this will only apply in “certain circumstances,” so it is still unclear how this may apply in practice. FinCEN still needs to issue related proposed regulations.
Courtesy of John Georgievski, Ballard Spahr, MoneyLaunderingNews.com
(Nov. 24, 2021) Known or suspected environmental crime is an important part of a financial institution’s compliance with the Bank Secrecy Act (BSA), according to a notice issued late last week by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN).
The FinCEN notice highlighted five specific types of environmental crime: wildlife trafficking, illegal logging, illegal fishing, illegal mining, and waste and hazardous substances trafficking. Instructions for reporting such activity on a suspicious activity report (SAR) are provided in the FinCEN notice.
An “upward trend” in environmental crimes and associated illicit financial activity is occurring, the notice indicated. The financial crime unit said it was highlighting the trend because of:
- its strong association with corruption and transnational criminal organizations, two priorities for the agency in its efforts to combat national anti-money laundering and counter financing of terrorism (AML/CFT, or anti-money laundering/countering the financing of terrorism);
- a need to enhance reporting and analysis of related illicit financial flows; and
- environmental crimes’ contribution to the climate crisis, including threatening ecosystems, decreasing biodiversity, and increasing carbon dioxide in the atmosphere.
The agency said credit unions and banks may consider using the authority provided under the BSA’s section 314(b), which gives a safe harbor from liability for certain information sharing undertaken voluntarily to better identify and report activities that may involve money laundering or terrorist activities. A footnote in the notice states this safe harbor “may apply in certain situations to the sharing of cyber-related information, such as IP addresses.”
LINK:
FinCEN Calls Attention to Environmental Crimes and Related Financial Activity
(Jan. 8, 2021) Two new summaries – of an NCUA proposal on exemptions for suspicious activity reports (SARs) and exemption thresholds for consumer reporting requirements – have been published by NASCUS.
Both are available to members only.
Late last month, the NCUA Board proposed modifying requirements for federally insured credit unions to file SARs under Bank Secrecy Act (BSA) requirements that would exempt some credit unions which develop “innovative solutions” to meet BSA requirements, when requested.
In its proposal, NCUA suggested that innovative approaches and technological developments in the areas of SAR monitoring, investigation and filings may involve a variety of techniques, including automated form population, automated or limited investigation processes and enhanced monitoring processes
The agency said requests for exemptive relief pertaining to innovation or other matters may involve, among other things, for SARs: expanded investigations and timing issues, disclosures and sharing, continued filings for ongoing activity, outsourcing of responsibilities and practices, as well as the role of agents of FICUs, the use of shared utilities and shared data, and the use and sharing of de-identified data. “The NCUA expects that new technologies will continue to prompt additional innovative approaches related to SAR filing and monitoring,” the agency said.
However, NCUA added, any exemptions it grants would not relieve a credit union from its obligation to comply with Treasury’s Financial Crimes Enforcement Network (FinCEN) SARs regulations, where appropriate.
The second summary looks at a regulatory alert issued by NCUA, also late last month, on annual adjustments for exemption thresholds for 2021 under the Truth in Lending Act (Regulation Z) and the Consumer Leasing Act (Regulation M). The new thresholds (which took effect Jan. 1) are the same as the 2020 thresholds, specifically: for higher price mortgage loans exemption, $27,200; for consumer credit and consumer lease exemptions, $58,300.
LINKS:
NASCUS Summary: NCUA Proposed Rule BSA Part 748
(Dec. 4, 2020) NASCUS supports making some changes to recordkeeping and travel rule regulations under rules implementing the Bank Secrecy Act (BSA) to promote calibrating the value of anti-money laundering measures with operational, compliance and expense considerations of credit unions and other institutions, NASCUS wrote in a comment letter filed Nov. 27.
In a letter to the Federal Reserve Board, NASCUS responded to a joint request for comments from the Fed and the Financial Crimes Enforcement Network (FinCEN). When the comment request was issued Oct. 23, the two agencies said they were issuing the portion of the rule concerning recordkeeping jointly because of their shared authority; the portion on travel was issued singly by FinCEN as it has sole authority over that area.
Under current rules, financial institutions must collect, retain, and transmit certain information related to funds transfers and transmittals of funds greater than $3,000, the agencies stated. Under the proposal, the applicable threshold for international transactions would drop to $250; the threshold for domestic transactions would remain the same ($3,000).
NASCUS, in its letter, wrote that lowering the threshold for fund transmittals beginning or ending outside of the U.S. will come with a cost for credit unions and other financial institutions. “For some institutions, the increased data storage requirements of capturing and preserving required information could be a significant burden, particularly as credit unions manage the economic dislocation resulting from the ongoing pandemic,” NASCUS wrote.
The association stated that the agencies should also consider that while the lower threshold applies only to transactions beginning or ending outside of the United States, for many institutions the best practice is to set data collection policies to the “lowest requirement” to ensure consistent compliance. The agencies’s proposal, NASCUS wrote, “would result in the capture and retention of significant amounts of data even for those credit unions doing only infrequent international funds transmittals,” NASCUS wrote.
In other comments, NASCUS also:
- Wrote that it supports including a specific standard for “reason to know” in the rule to mitigate the potential for confusion and uncertainty as to the standard to be met. “We would also recommend clear guidance on the obligations of all financial institutions in the chain of a funds transmission with respect to identifying cross-border transactions and compliance with the final rules,” NASCUS wrote. Under the proposal, funds transfer or transmittal of funds would be considered to begin or end outside the U.S. if a financial institution knows or has reason to know that the transmittor, transmittor’s financial institution, recipient, or recipient’s financial institution is located in, is ordinarily resident in, or is organized under the laws of a jurisdiction other than the United States or a jurisdiction within the United States.
- Urged FinCEN to continue to evaluate the BSA framework to eliminate redundant monitoring, reporting or recordkeeping requirements. “Reducing compliance burden in ‘other’ areas of the BSA would allow credit unions to reallocate resources to those areas where enhanced diligence, or more granular reporting might be needed by law enforcement,” NASCUS wrote.