Kenneth A. Blanco
Financial Crimes Enforcement Network
American Bankers Association/American Bar Association
Financial Crimes Enforcement Conference
December 10, 2020
Thank you, Rob, for that kind and generous introduction. Good morning, everyone. I am delighted to be joining you all again for the ABA/ABA’s annual Financial Crimes Enforcement Conference. While so much has changed since last year, I am grateful to be able to join you virtually. One thing I will certainly miss is being on stage with Rob Rowe, something we have done together for the past several years.
I think it is always important to remind all of you that the work you do every day protects our national security; it keeps us, our families, and our communities safe from harm—especially the most vulnerable in our society. To be clear, this has never been more true than it is now in the face of this global pandemic—where we see so many bad actors taking advantage of (or trying to take advantage of) this world crisis—just shameful and despicable.
I know you all have been working tirelessly to serve your customers and keep your workforce safe in this unprecedented environment. We are doing the same at FinCEN. So today, I would like to discuss our COVID-19 response, as well as the ANPRM on effectiveness, and touch on some other important work FinCEN has accomplished this year, all of which impacts you in your important work.
But before I do that, I would like to announce some important guidance that FinCEN is issuing today which represents much needed clarity regarding how financial institutions may fully utilize FinCEN’s 314(b) information sharing program.
Information sharing among financial institutions through 314(b) is critical to identifying, reporting, and preventing crime and bad acts. It is an important part of how we protect our national security. It can also help financial institutions enhance compliance with their AML/CFT requirements.
Frankly, many have been calling for clarity in this area for a long time—I have been one of those most vocal about this needed change. In fact, I have spoken directly to several of you in attendance today and your perspectives have informed our work quite a bit. Thank you for your contributions to this effort.
The guidance we are announcing today, in a new 314(b) Fact Sheet, is the result of the feedback provided by financial institutions and through our own experiences at FinCEN. It is intended to clarify in greater detail the circumstances where 314(b) applies, with the hope of enhancing participation and utility of the 314(b) program.
The main themes of today’s 314(b) Fact Sheet are as follows:
- Financial institutions may share under Section 314(b) information relating to activities that they suspect may involve possible terrorist financing or money laundering. This includes, but is not limited to, information about activities they suspect involve the proceeds of a specified unlawful activity (SUA). Importantly, our guidance clarifies that:
- Financial institutions do not need to have specific information that these activities directly relate to proceeds of an SUA, or to have identified specific proceeds of an SUA being laundered.
- Financial institutions do not need to have made a conclusive determination that the activity is suspicious.
- Financial institutions may share information about activities as described, even if such activities do not constitute a “transaction.” This includes, for example, an attempted transaction, or an attempt to induce others to engage in a transaction. This clarification is significant and addresses some uncertainty with sharing incidents involving possible fraud, cybercrime, and other predicate offenses when financial institutions suspect those offenses may involve terrorist acts or money laundering activities.
- In addition, the guidance notes that there is no limitation under Section 314(b) on the sharing of personally identifiable information, or the type or medium of information that can be shared (to include sharing information verbally).
We also offer some important clarification regarding who may register as an association of financial institutions and under what terms. This includes:
- An entity that is not itself a financial institution may form and operate an association of financial institutions whose members can use 314(b). Notably, this includes compliance service providers; and
- An unincorporated association of financial institutions, governed by a contract between its financial institutions’ members, may engage in information sharing under Section 314(b).
We are incredibly excited about this guidance and we hope you all see it as a noteworthy example of FinCEN finding ways to work directly with industry to make our regulatory framework more efficient and effective.
When it comes to protecting our communities and preventing crimes and bad acts, we are all partners in the fight. FinCEN is committed to seeking ways to make that fight more effective and efficient for us all. I hope you view today’s announcement as making good on that commitment.
The new 314(b) Fact Sheet is available on FinCEN’s website. I ask that all financial institutions take the time to review the Fact Sheet, and let us know if they have any questions. And, of course, FinCEN strongly encourages financial institutions to participate in the 314(b) program.
Advance Notice of Proposed Rulemaking (ANPRM)
Now, let us turn to FinCEN’s ANPRM on effectiveness, which represents a significant achievement in our collective anti-money laundering/counter-financing of terrorism (AML/CFT) efforts over the past year. The ANPRM, issued on September 17, is the result of some really important work done by the Bank Secrecy Act Advisory Group’s (BSAAG’s) Anti-Money-Laundering Effectiveness Working Group.
This group worked collaboratively—really long hours (10 hour days, sometimes back to back), many commuting to DC from across the country—throughout 2019 and 2020—to identify regulatory initiatives that would allow financial institutions to reallocate resources to better focus on national AML priorities set by government authorities, increase information sharing and public-private partnerships, and leverage new technologies and risk-management techniques—and thus increase the effectiveness and efficiency of the nation’s AML regime.
The ANPRM is an outgrowth of their recommendations and was a meaningful, public invitation to all of you to weigh in, provide your perspectives, your experience, and your insights on questions such as:
How do we achieve, measure, and examine for, effectiveness in our AML regime? How do we work together to adequately provide the flexibility industry needs to allocate resources according to risk and priorities to help government authorities with actionable information? How do we communicate our needs and information to each other and feel confident that something will come of it?
And on a tactical level with respect to the ANPRM, does it help our collective mission if we provide an explicit definition of effectiveness? We know many of you already conduct risk assessments on a regular basis—but is it significant if we make it an explicit requirement? Will it help you if FinCEN provides you with strategic AML priorities? Will strategic AML priorities help you allocate your resources most effectively and efficiently? What considerations are specific to your institution or your industry?
But beyond these formal questions at the end of the ANPRM, we also invited you to think about the modernization of the AML regime in general and provide us with that feedback too. There is a lot of ongoing work, and this ANPRM is but one component. We talk about developing and focusing on priorities, reallocating compliance resources, modernizing and streamlining monitoring and reporting practices, enhancing information sharing, and advancing and maximizing regulatory and technological innovations.
The effectiveness ANPRM is just the beginning. Much more work needs to be done and we all know that it will be challenging. These things are not easy. But we need your insight and thoughtful consideration. Since the comment period closed on November 16, FinCEN has been busy going through the 108 comments received.
I would now like to turn to FinCEN’s COVID-19 response. As the pandemic began to unfold, we all had to pivot, and quickly. As many of you know, FinCEN has an incredibly important mission—one that profoundly impacts people’s lives, and we cannot stop in the face of crisis or challenges.
We remain laser-focused on the effects COVID-19 has had on a range of illicit threats across the world. With businesses and individuals in our country and across the globe facing new and challenging circumstances, the entire AML community has had to adapt in real time.
FinCEN immediately aligned several strategic efforts to assist financial institutions and others impacted by the pandemic.
Expansion of Rapid Response Program
FinCEN quickly expanded its Rapid Response Program. Under the program, when U.S. law enforcement receives a business email compromise (BEC) complaint from either a victim or an interested third party like a financial institution, the relevant information is forwarded to FinCEN, where we move quickly to track and make contact with foreign jurisdictions to assist in recovering the funds.
Our efforts now support law enforcement and financial institutions in the recovery of funds stolen via fraud and other crimes related to COVID-19. Since the beginning of the pandemic, FinCEN has supported several requests from federal, state, and even international law enforcement agencies, and our contributions have aided in the successful recovery of almost $325 million stolen in COVID-19 related fraud.
The work we are doing together with our law enforcement authorities in real-time is making a difference. In one publicized case, authorities of a foreign government were defrauded into purchasing COVID-19 related personal protective equipment from a small medical company for over $300 million.
Financial institutions became suspicious of the account activity and alerted the United States Secret Service, who began its investigation. Working together with FinCEN and foreign law enforcement authorities, the investigation revealed that the company never had any masks to sell and that the deal was fraudulent.
Due to the quick actions by all involved, there was a 100% recovery of the total amount of the wired funds.
Guidance to Financial Institutions
FinCEN also issued Notices to financial institutions—one on March 16, one on April 3, and another on May 18—advising them to remain alert to fraudulent, COVID-19 related transactions, and providing instructions on BSA filing requirements.
FinCEN worked hard on the Coronavirus Aid, Relief, and Economic Security (CARES) Act with other Treasury components as it relates to our area, the BSA, and we are committed to promoting the success of the CARES Act, including the need to facilitate expeditious disbursal of CARES Act funds.
The mission for all of us in the financial space is to get funds to the intended recipients—many who badly need it for their financial survival—not to criminals and fraudsters.
FinCEN’s Regulatory Support Section has responded to more than 550 inquiries relating to BSA obligations during COVID-19 and the Paycheck Protection Program (PPP) under the CARES Act.
More specifically, these inquiries included notifications from institutions on delays in filing of BSA reports; requests for additional clarification on the SAR filing expectations in accordance with FinCEN’s COVID-19 advisories; and questions on how to return relief funds to the issuing government agencies after determining the funds were obtained fraudulently.
In addition, immediately after the PPP was established, FinCEN received many inquiries from institutions seeking clarification on their Customer Due Diligence - Beneficial Ownership requirements for new accounts.
In response, FinCEN issued FAQs to answer these questions, which greatly reduced the number of inquiries on this topic.
FinCEN immediately started tracking and publishing trends on COVID-19 fraud and financial crime based on BSA data, while working with our law enforcement partners.
Since May, we have published multiple advisories related to COVID-19 medical fraud, imposter scams, cyber-enabled crime, and defrauding of the unemployment insurance system that has been such a lifeline to so many over the past eight months. Let me mention them briefly, as they are very important.
Medical Fraud: Our first advisory, issued May 18, described medical fraud in the wake of the pandemic—criminals selling fake vaccines and cures, price gouging on medical equipment, and the fraudulent collection of medical donations that criminals divert to their personal use, among other typologies.
For instance, non-delivery scams, where a customer pays a company for goods the customer will never receive, became prevalent. In these schemes, fraudulent companies advertise test kits, masks, drugs, and other goods they never intend to deliver, and sometimes never possess at all. Victims can include unsuspecting companies, hospitals, governments, and consumers. These fraudulent transactions occur through websites, robocalls, or on the Darknet.
Imposter Scams and Money Mules: On July 7, FinCEN issued its second advisory, alerting financial institutions to financial red flags of imposter scams and money mules.
In imposter scams, individuals pose as officials or representatives from government agencies or non-profit groups, like the Internal Revenue Service, the Centers for Disease Control and Prevention, or the World Health Organization to try to elicit personal information to defraud victims.
In money mule schemes, victims can be wittingly or unwittingly recruited to be “money mules” through romance, good-Samaritan, work-from-home, and unemployment insurance schemes. For instance, recruiters from a seemingly legitimate charity approach victims with an offer of work-from-home employment. Once “employed,” the money mule is asked to solicit donations for the charity, and send and receive funds from personal accounts to a fraudulent organization.
In other variations, criminals seek out individuals who are not looking for employment, but are tricked into becoming a money mule through romance scams or helping someone overseas, such as a U.S. service member, a U.S. citizen living abroad, or a U.S. citizen who cannot return to the United States because of COVID-19 travel restrictions. In these schemes, the scammers ask targets to send or receive money on the scammer’s behalf.
Cybercrime and Cyber-Enabled Crime: On July 30, FinCEN issued a third advisory to help financial institutions identify cybercrime and cyber-enabled crime exploiting the COVID pandemic.
FinCEN and its law enforcement partners have seen thousands of reports of cybercrimes exploiting COVID-19, oftentimes targeting vulnerable individuals, such as the elderly, as well as companies. Leveraging COVID-19 lures, cyber-criminals and malicious state actors are using wide-scale phishing campaigns, malware, extortion, BEC, and other exploits against remote platforms to steal credentials, conduct fraud, and spread disinformation.
FinCEN also has observed ransomware incidents likely exploiting the significant transition to remote operations across organizations providing critical services, which have been growing in scope and severity since even before the pandemic. These risks are growing and becoming more prevalent during the pandemic. For example, fraudsters are advertising services instructing individuals on how to apply for unemployment insurance, the PPP, and the Small Business Administration’s Economic Injury Disaster Loan (EIDL) program on social media platforms often for a fee.
Dark web vendors are selling similar data, instructions, and complete packages of personally identifiable information (PII) to apply for PPP and EIDL funds. Cyber threat actors also are leveraging BEC attacks to defraud businesses and redirect small business loan stimulus disbursements to bank accounts belonging to the attackers.
We also see an increase in cybercriminals’ targeting of vulnerabilities in remote applications and functions—including virtual private networks (VPNs) and remote desktop protocol (RDP) exploits—to steal sensitive information, compromise transactions, and more.
We highlighted for financial institutions to remain vigilant against attacks that target their onboarding and authentication processes, including “deepfakes” that manipulate digital images or videos, or account takeovers that are facilitated by credential stuffing attacks. We see criminal activity seeking to undermine critical parts of the AML/CFT framework, including the regulatory obligations generally referred to as the “know your customer” process, especially in increasingly remote work environments.
We also see illicit actors using virtual currency to launder proceeds and buy and sell cyber tools and services on Darknet marketplaces, such as exploit kits or hacking services. Cybercriminals also have advertised illicit wares for virtual currency on the dark web, such as fraudulent COVID-19 cures, and live virus samples.
Unemployment Insurance Fraud: On October 13, FinCEN issued its advisory on pandemic-related unemployment insurance (UI) fraud, which contains financial red flag indicators and information on reporting suspicious activity.
FinCEN is observing numerous forms of UI fraud, including applicants falsely claiming that they work for a legitimate company or creating fictitious companies and then submitting UI claims, or applicants misrepresenting their income or claiming UI payments while receiving unreported wages. In identity fraud, fraudsters often use the dark web to execute their plans. They coordinate plans against various state unemployment programs on dark web forums, and discuss direct attacks on states with weaker controls.
Fraudsters also use dark web forums to sell previously hacked PII and share instructions on how to use the data to obtain unemployment and other benefits. Law enforcement also has noted fake websites that appear legitimate to trick victims into making fraudulent donations or entering PII and confidential banking data. Fraud actors harvest and exploit this data to apply for unemployment benefits under the victims’ names.
I encourage you to read these advisories. All of our advisories and guidance related to COVID-19 are housed prominently on a dedicated page on FinCEN’s website.
Charities Fact Sheet
On November 19, FinCEN and the Federal Banking Agencies issued a joint fact sheet to provide clarity to banks on how to apply a risk-based approach to charities and other non-profit organizations consistent with customer due diligence requirements.
The joint fact sheet highlights the importance of ensuring that legitimate charities have access to financial services and can transmit funds through legitimate and transparent channels, especially during the COVID-19 pandemic.
Banks are encouraged to manage customer relationships and mitigate risks on a case-by-case basis rather than declining to provide banking services to entire categories of customers. The joint fact sheet also reminds banks that the U.S. government does not view the charitable sector as a whole as presenting a uniform or unacceptably high risk of being used or exploited for money laundering, terrorist financing, or sanctions violations.
COVID-related SAR Filings
I do want to take a few moments to provide feedback on some of what we are seeing in your SAR reporting related to COVID-19 and the stimulus programs.
Your reporting is making a difference and has been incredibly helpful to us at FinCEN and to law enforcement working to combat the criminals trying to exploit this pandemic. Many of the trends below relate to the advisories I have already mentioned. We use SAR reporting as one way to identify prevalent typologies of illicit activity and ensure that information is broadly disseminated among financial institutions.
From February 1 to November 30, financial institutions have filed with FinCEN over 147,000 SARs referencing COVID-19 and the stimulus programs. Breaking this figure down by financial industry:
- Depository Institutions (Banks): almost 102,000 (69 percent)
- Credit Unions: 21,000 (about 14 percent)
- Money Services Businesses: almost 9,000 SARs (6 percent)
- Securities/Futures industry: 2,000 SARs (1 percent)
- Casino/Card Clubs: almost 750 SARs (less than 1 percent)
Different law enforcement teams are investigating fraud in the different government programs, and vague references to “stimulus” or “CARES Act” or “benefit” in SARs hinder our ability to get the information into the hands of the right team. The more specific you are in describing the suspicious activity you see in SARs that you submit to FinCEN, the more useful they are for our law enforcement partners, and the easier and faster it will be to get your SARs to the right investigative team. For example:
- If the suspicious activity is related to an ACH payment from a state unemployment insurance program, please clearly mention COVID19 UNEMPLOYMENT INSURANCE FRAUD in field 2 of the SAR (Filing Institution Note to FinCEN) as well as in the narrative. This will make it much easier for your SAR to get to law enforcement teams working with the states on unemployment fraud.
- Or if the activity involves a counterfeit check or ACH payment for the EIDL program, please clearly mention COVID19 EIDL FUNDS FRAUD in field 2 of the SAR and state this in the narrative, as there are specific prosecutorial teams working on EIDL fraud.
I want to thank each of you and encourage you to keep up the great work with your reporting. Your efforts are not going unnoticed and they are helping to keep our nation, communities, and families safe from harm.
I know I have already covered a great deal of ground today, but I wanted to briefly mention a few additional rulemakings that were issued this year.
Gap Rule: FinCEN published its Final Rule on September 15, requiring minimum standards for banks lacking a federal functional regulator. Known as the “Gap rule,” this rulemaking closes a regulatory gap in AML coverage that presented a vulnerability to the U.S. financial system that could be exploited by bad actors.
The rulemaking requires AML standards for state-chartered, non-depository trust companies; non-federally insured credit unions; private banks; non-federally insured state banks and savings associations; and international banking entities. This rulemaking will help reduce the temptation for criminals to seek out and exploit banks subject to less rigorous AML requirements and will help keep our nation, communities, and families safe from harm.
Travel Rule NPRM: FinCEN and the Federal Reserve Board jointly issued a Notice of Proposed Rulemaking on October 27 that proposes to amend the recordkeeping threshold and travel rule regulations under the BSA.
Under the current recordkeeping and travel rule regulations, financial institutions must collect, retain, and transmit certain information related to transmittals of funds over $3,000, such as the name and address of the transmitter, any payment instructions received from the transmitter with the transmittal order, the identity of the recipient’s financial institution, and, if provided, the name and address of the recipient.
The proposed rule lowers the applicable threshold from $3,000 to $250 for transactions that begin or end outside the United States. The threshold for domestic transactions remains unchanged at $3,000. The proposed rule also further clarifies that those regulations apply to transactions above the applicable threshold involving convertible virtual currencies, as well as transactions involving digital assets with legal tender status, by clarifying the meaning of “money” as used in certain defined terms.
As described in the NPRM, criminals are using smaller value transfers and CVC to facilitate terrorist financing, narcotics trafficking, and other illicit activities. Defining the term money to explicitly cover CVC and lowering recordkeeping and reporting thresholds for international transactions will help law enforcement and national security authorities safeguard our financial system and protect our communities from harm.
The proposed definitional changes in this NPRM are consistent with existing FinCEN guidance, which makes clear that the regulations requiring the retention and transmittal of records related to transmittals of funds apply to transactions in CVC.
The comment period closed on November 27. FinCEN and our partners at the Federal Reserve Board are reviewing the roughly 2,900 comments received. We appreciate the very thoughtful and comprehensive feedback that industry and members of the public have submitted in response to this NPRM.
Despite the pandemic, FinCEN continued its ongoing engagement with its stakeholders. FinCEN convened a virtual FinCEN Exchange on November 12 with representatives from financial institutions, technology firms, third-party service providers, and federal government agencies to discuss growing concerns regarding ransomware, as well as the efforts to curtail it. Topics discussed included ransomware detection and reporting, emerging trends and typologies, and recovery of victims’ funds.
And on October 1, FinCEN issued an advisory, entitled Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments, providing information on the role of financial intermediaries in payments, ransomware trends and typologies, and related financial red flags. It also provides information on effectively reporting and sharing information related to ransomware attacks. Most ransomware payments and associated laundering involve varieties of financial institutions, so you all are well-positioned to help us detect this activity.
The advisory provides useful information on specific types of technical indicators that are useful to investigators for financial institutions to include in their SAR reporting. Let me remind you that you are required to provide all relevant information available related to the suspicious activity, and that would include reporting any relevant technical cyber indicators related to a ransomware incident in the structured cyber indicator event fields on the SAR form.
FinCEN has observed underreporting of ransomware incidents, though we hope this advisory and our engagement with industry will improve that reporting and our investigations into this debilitating activity.
In addition, FinCEN’s Innovation Hours marked its one-year milestone in July.
We have met with 43 different firms over the course of monthly sessions and another baker’s dozen at a regional event held in New York City in partnership with the Office of the Comptroller of the Currency’s Innovation Office. These firms have shared their solutions for:
- Tracing and analyzing virtual currency activity and solutions for meeting Funds Transfer and Travel Rule requirements;
- Detecting and responding to cyber incidents;
- Applying artificial intelligence and machine learning;
- Identifying suspicious transactions and activity;
- Creating confidential and secure digital identity solutions, corporate entity resolution, beneficial ownership solutions, and identifying synthetic identities; and
- Using anonymization technology to support the greater use of USA PATRIOT Act Section 314(b) information sharing authorities among banks and other financial institutions.
These are but a few examples of our ongoing efforts. At the end of the day, we all want the same thing: to be effective, to be efficient, to confront and address risk, to prioritize, to protect our national security, and to protect our families and communities from harm.
On a personal note, I hope you and your families have been safe and healthy during this time. Thank you for joining me today.