FinCEN–CFPB MOU and Overview of AML Enforcement Tools

In June 2011, FinCEN entered into an MOU with the Consumer Financial Protection Bureau (CFPB), which provides the CFPB direct electronic access to BSA information and analytical materials (e.g., analytical tools, BSA information reviews, etc.) as required and appropriate for the exercise of the CFPB's regulatory authority. In return, the CFPB, upon request, will provide reports on the results of its investigations or examinations and statistical information related to any inquiries to assist FinCEN in understanding and analyzing the value of BSA information. Enforcement Actions 27. What types of enforcement actions are available to regulators for addressing AML Compliance Program deficiencies and violations? Regulators have a range of enforcement tools available to address AML Compliance Program deficiencies and violations of AML laws and regulations. While enforcement actions against nonbanks have increased in recent years, the number of enforcement actions issued by bank regulators continues to outnumber those of other agencies, at least in the United States. Examples of enforcement actions available to U.S. bank regulators in order of severity are: e Commitment Letter: A Commitment Letter is an agreement between a bank's board of directors and a bank regulator in which the board, on behalf of a bank, agrees to take certain actions to address issues or concerns surfaced by the regulator. A Commitment Letter is not legally binding, but the failure of a bank to live up to the terms of the Commitment Letter may subject the bank to more formal regulatory action. e Memorandum of Understanding: A Memorandum of Understanding (MOU) is an agreement between a bank's board of directors and one or more regulatory agencies. The content of an MOU may be similar or identical to more formal enforcement actions, but MOUs are nonpublic documents and, similar to Commitment Letters, not legally binding. e Formal Agreements: A Formal Agreement is an agreement between a bank's board of directors and one or more regulatory agencies. While the contents of a Formal Agreement may mirror those of an MOU, violations of a Formal Agreement can provide the legal basis for assessing civil money penalties (CMPs) against directors, officers and other institution-affiliated parties. e Consent Order or Order to Cease and Desist (C&D): Consent Orders and Orders to Cease and Desist are agreements between a bank's board of directors and one or more regulatory agencies. Violations of a Formal Agreement can provide the legal basis for assessing civil money penalties (CMPs) against directors, officers and other institution-affiliated parties. The regulator's decision to issue a Consent Order or Order to Cease and Desist rather than a formal agreement is based on its assessment of the severity of the bank’s problems. * Civil Money Penalties (CMPs): Civil money penalties are financial penalties that may be imposed by a regulator against a bank or an individual(s) for a violation of law or regulation or noncompliance with a formal enforcement action. e “Death Penalty”: Under the Annunzio-Wiley Act of 1992, bank regulators have the option — in fact, are obligated to consider — whether the license/charter of a depository institution that is found guilty or pleads guilty to money laundering charges should be revoked. The revocation of a license/charter is known as the “Death Penalty.” Unlike the formal enforcement actions issued by bank regulators, which are usually very prescriptive as to the actions that must be taken to address the identified deficiencies, the enforcement actions taken by securities and futures/commodities regulators generally report findings that detail the nature of the deficiency, but do not prescribe specific corrective action (and accompanying fines have been modest compared to those levied against banks). 28. Does FinCEN have enforcement authority? FinCEN does have enforcement action authority, which it often uses in conjunction with a financial institution's functional regulators. 29. Beyond the actions and penalties that may be imposed by regulators, are U.S. companies subject to any other potential actions? Yes. Other actions, such as Deferred Prosecution Agreements (DPA), may result from legal actions. protiviti | 20 HOUSE_OVERSIGHT_024126