Top Story Security Related

The Department of the Treasury announced yesterday that OFAC has designated three individuals, Yunhe Wang, Jingping Liu, and Yanni Zheng, for their activities associated with the malicious botnet tied to the residential proxy service known as 911 S5. OFAC also sanctioned three entities—Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited—for being owned or controlled by Yunhe Wang.

For identity information on the designated individuals and entities, see the BankersOnline May 28, 2024, OFAC Update.

The Office of Foreign Assets Control (OFAC) has amended the Cuban Assets Control Regulations, 31 C.F.R. Part 515 (CACR) to further implement portions of the president’s foreign policy toward Cuba. Among other things, these amendments increase support for internet freedom for the Cuban people and independent Cuban private sector entrepreneurs by expanding authorizations for internet-based services and a range of financial transactions. The rule was published in the Federal Register and became effective today.

OFAC also issued six new, Cuba-related Frequently Asked Questions (FAQs 1174-1179) and amended eight Cuba-related Frequently Asked Questions (FAQs 732, 736, 745, 748, 757, 769, 770, and 785).

Acting Comptroller of the Currency Michael J. Hsu discussed recovery planning via livestream in remarks May 27 at the Entrepreneurship, Markets and Technology: Regulation's Challenges in a Changing World Conference in Zurich, Switzerland.

In his remarks, Mr. Hsu discussed the importance of recovery planning and how it can mitigate the too-big-to-fail problem. He highlighted the importance of recovery planning at large banks in the context of the bank failures in March 2023 and offered thoughts on expanding recovery planning guidelines to apply to banks with at least $100 billion in assets.

The Federal Housing Administration's Mortgagee Letter 2024-10, issued yesterday, requires FHA-approved mortgagees to notify HUD when a cyber incident occurs. The letter, effective immediately, applies to all FHA insurance programs.

The mortgagee letter adds a new section, Significant Cybersecurity Incident, which requires FHA-approved mortgagees to report cyber incidents to HUD within 12 hours of detection. Reports will be made to HUD's FHA Resource Center and to HUDs Security Operations Center.

The OCC yesterday reported recent enforcement actions against two national banks and five institution-affiliated parties to OCC-supervised institutions.

• A formal agreement with Comerica Bank & Trust, National Association, Ann Arbor, Michigan, for unsafe or unsound practices, including those relating to the bank’s risk governance framework and internal controls
• A formal agreement with Lemont National Bank, Lemont, Illinois, for unsafe or unsound practices, including those relating to capital planning, strategic planning, succession planning, and liquidity risk management
• An order of prohibition against Stanley Acosta, a former senior specialist relationship banker at a Dartmouth, Massachusetts, branch of Santander Bank, N.A., Wilmington, Delaware, for stealing approximately $27,449 from cash deposit bags that customers provided to the bank via the night deposit vault
• An order of prohibition against Bahtia Greene, a former associate operations processor at the Philadelphia, Pennsylvania, lockbox facility for Wells Fargo Bank, N.A., Sioux Falls, South Dakota, for misappropriating confidential information of bank customers and selling the information to a third party, resulting in fraudulent transactions and a loss to the bank of approximately $688,000
• An order of prohibition against Sabina Prince, former teller at a Mountain Brook, Alabama, branch of PNC Bank, National Association, Wilmington, Delaware, for taking $15,000 in cash from the bank and manipulating cash shipment processing receipts to hide her actions
• An order of prohibition against Stephanie Sanders, former relationship banker at NBT Bank, N.A., Norwich, New York, for misappropriating approximately $30,650 from the bank by crediting her checking and savings accounts over 100 times
• A notice of charges for Gerald E. Milligan, II, a former teller at a Royal Palm, Florida, branch of PNC Bank, N.A., Wilmington, Delaware. The Notice of Charges alleges, among other things, that Milligan knowingly made false attestations and provided false supporting documentation for a Paycheck Protection Plan (PPP) loan application, received PPP loan proceeds in the amount of $141,530, and used the funds for personal gain.

The FDIC yesterday published its 2024 Risk Review, which provides an overview of banking conditions in 2023 in five broad categories: market risks, credit risks, operational risks, crypto-asset risks, and climate-related financial risks. The market risks areas discussed are liquidity, deposits and funding, and net interest margins and interest rate risk. The credit risks areas discussed are commercial real estate, residential real estate, consumer, agriculture, small business, corporate debt and leveraged lending, nonbanks, and energy.

The discussion of operational risks examines the potential negative impact to banks from cyber threats and illicit activity. The crypto-asset risks section discusses the FDIC’s approach to understanding and evaluating crypto-asset-related markets and activities. The discussion of climate-related financial risks focuses on the physical risk of severe weather and climate events to the banking system.

Monitoring these risks is among the FDIC's top priorities.

The Securities and Exchange Commission this morning announced that The Intercontinental Exchange, Inc. (ICE) agreed to pay a $10 million penalty to settle charges that it caused the failure of nine wholly-owned subsidiaries, including the New York Stock Exchange, to timely inform the SEC of a cyber intrusion as required by Regulation Systems Compliance and Integrity (Regulation SCI).

According to the SEC's Order, in April 2021, a third party informed ICE that ICE was potentially impacted by a system intrusion involving a previously unknown vulnerability in ICE’s virtual private network (VPN). ICE investigated and was immediately able to determine that a threat actor had inserted malicious code into a VPN device used to remotely access ICE’s corporate network. However, the SEC’s order finds that ICE personnel did not notify the legal and compliance officials at ICE’s subsidiaries of the intrusion for several days in violation of ICE’s own internal cyber incident reporting procedures. As a result of ICE’s failures, those subsidiaries did not properly assess the intrusion to fulfill their independent regulatory disclosure obligations under Regulation SCI, which required them to immediately contact SEC staff about the intrusion and provide an update within 24 hours unless they immediately concluded or reasonably estimated that the intrusion had or would have no or a de minimis impact on their operations or on market participants.

On Monday, as part of the Treasury Department's Counter Fentanyl Strike Force, FinCEN, in partnership with the IRS Criminal Investigation (CI), announced a new initiative to combat the illicit trafficking of fentanyl into the United States. The “Promoting Regional Outreach to Educate Communities on the Threat of Fentanyl” (or PROTECT) series of FinCEN Exchange sessions will be held through the remainder of 2024 in U.S. cities that are highly impacted by the opioid epidemic.

The series is specifically designed to work with regional and local banks who are deeply connected to their communities and offer unique perspectives on the opioid crisis, and will focus on how law enforcement can best support their efforts to monitor activity that may be tied to the illicit trafficking of fentanyl. At these exchanges, federal officials brief on information critical to tracking these illicit financial flows, including typologies and red-flag indicators of fentanyl-related activity, and discuss what types of information are particularly valuable when financial institutions report suspicious activity.

The PROTECT series is being launched in collaboration with other government partners, including the Drug Enforcement Administration, Homeland Security Investigations, Customs and Border Protection, the U.S. Secret Service, the Federal Bureau of Investigation, the Department of Justice Money Laundering and Asset Recovery Section, various U.S. Attorney’s Offices, and local law enforcement agencies.

The Boston event in the PROTECT series was conducted on Monday, bringing federal agencies and law enforcement authorities from the Boston area together with representatives from the financial industry for a discussion on ways to deepen collaboration and enhance the value of suspicious activity reporting to counter illicit fentanyl trafficking. FinCEN and law enforcement representatives highlighted the significant value that Suspicious Activity Reports contribute to law enforcement efforts to combat fentanyl trafficking, and financial institutions shared their observations on money laundering flows and tactics used by narcotraffickers and their enablers.

The OCC has posted a list and schedule of workshops designed to meet the needs of new directors, experienced directors, and senior management of national community banks and federal savings associations wishing to review fundamentals or get critical updates. Two series of workshops have been scheduled throughout the year:

• Basic Series, which includes Building Blocks (1.5 days in person or 3 hour virtual workshop)
• Risk Management Series, which comprises:
  • Risk Governance (1 day in person or 3 hours virtually)
  • Credit Risk (1 day in person or 3 hours virtually)
  • Operational Risk (1 day in person or 3 hours virtually)
  • Compliance Risk (1 day in person or 3 hours virtually)
  • Capital Markets (1/2 day in person)

The schedule of the workshops and online registration are available on the OCC's website.

The Treasury Department has announced that OFAC has imposed sanctions on two Russian individuals and three Russia-based entities for facilitating weapons transfers between Russia and the Democratic People’s Republic of Korea (DPRK) to promote U.S. government objectives to disrupt and expose arms transfers between the DPRK and Russia and to build upon sanctions imposed by the Department of the Treasury and the Department of State related to DPRK-Russia arms transfers, including the transfer and testing of DPRK-origin ballistic missiles for Russia’s use against Ukraine.

For identification information on the designated individuals and entities, see BankersOnline’s May 16, 2024, OFAC Update.