Top Story Security Related

The NCUA has announced its barring of three individuals from participating in the affairs of any federally insured depository institution.

• Tracy Mikulencak, a former employee of A+ Federal Credit Union, Austin, Texas, agreed to the issuance of a prohibition order following a finding that she fraudulently took funds out of her own teller drawer, the Georgetown branch’s vault, and member accounts, defrauding the credit union and its members of $325,708.
• Javier DeJesus Narciso, a former employee of Merced School Employees Federal Credit Union, Merced, California, was issued a prohibition notice based on his conviction on one count of grad theft and embezzlement in connection with his employment
• Philip Brian Topping, a former employee of New Pilgrim Federal Credit Union, Birmingham, Alabama, was issued a prohibition notice based on his conviction on on one count of theft and embezzlement in connection with his employment

On Monday, the Treasury Department reported that OFAC has sanctioned a Mexico-based money launderer and China-based members of a money laundering organization with criminal links to the Sinaloa Cartel as part of ongoing efforts to disrupt the flow of illicit narcotics into the United States.

For the names and identification information of the three individuals, see the July 1, 2024, BankersOnline OFAC Update.

On Friday, FinCEN announced a proposed rule to strengthen and modernize financial institutions’ anti-money laundering and countering the financing of terrorism (AML/CFT) programs. While financial institutions have long maintained AML/CFT programs under existing regulations, this proposed rule would amend those regulations to explicitly require that such programs be effective, risk-based, and reasonably designed, enabling financial institutions to focus their resources and attention in a manner consistent with their risk profiles. Effective, risk-based, and reasonably designed AML/CFT programs are critical for protecting national security and the integrity of the U.S. financial system. The proposed amendments are based on changes to the Bank Secrecy Act (BSA) as enacted by the Anti-Money Laundering Act of 2020 (AML Act) and are a key component of Treasury’s objective of building a more effective and risk-based AML/CFT regulatory and supervisory regime.

This proposed rule would:

• amend the existing program rules to explicitly require financial institutions to establish, implement, and maintain effective, risk-based, and reasonably designed AML/CFT programs with certain minimum components, including a mandatory risk assessment process
• require financial institutions to review government-wide AML/CFT priorities and incorporate them, as appropriate, into risk-based programs, as well as provide for certain technical changes to program requirements
• promote clarity and consistency across FinCEN’s program rules for different types of financial institutions

The proposal also articulates certain broader considerations for an effective and risk-based AML/CFT framework as envisioned by the AML Act. For example, through its emphasis on risk-based AML/CFT programs, the proposed rule seeks to avoid one-size-fits-all approaches to customer risk that can lead to financial institutions declining to provide financial services to entire categories of customers. Friday’s proposal is consistent with a key recommendation in Treasury’s De-risking Strategy, which recommended proposing regulations to require financial institutions to have reasonably designed and risk-based AML/CFT programs supervised on a risk basis and taking into consideration the effects of financial inclusion. Finally, the proposed rule would encourage financial institutions to modernize their AML/CFT programs where appropriate to responsibly innovate, while still managing illicit finance risks.

FinCEN's proposal was prepared in consultation with the Federal Reserve Board, the OCC, the FDIC, and the NCUA in order to collectively issue proposed amendments to their respective BSA compliance program rules for the institutions they supervise.

Written comments on FinCEN’s proposed rule must be received on or before 60 days following its publication in the Federal Register.

• Proposed Rule
• Fact Sheet
• Publication update: Published on 7/3/2024 at 89 FR 55428 with a comment period ending on 9/3/2024

OFAC has announced a $538,000 settlement with Mondo TV, S.p.a., an Italy-based animation company. Mondo has agreed to settle its potential civil liability for 18 apparent violations of the North Korea Sanctions Regulations.

Between May 2019 and November 2021, Mondo caused U.S. financial institutions to process approximately $537,939 in payments for animation work Mondo outsourced to a Government of North Korea-owned animation studio. This settlement amount reflects OFAC's determination that Mondo's conduct was non-egregious but not voluntarily disclosed.

FinCEN has reported it has issued a final rule under section 311 of the USA PATRIOT Act (section 311) that severs Al-Huda Bank from the United States financial system by prohibiting domestic financial institutions and agencies from opening or maintaining a correspondent account for or on behalf of Al-Huda Bank, an Iraqi bank that serves as a conduit for terrorist financing.

On January 31, 2024, FinCEN issued a finding and notice of proposed rulemaking (NPRM) that identified Al-Huda Bank as a foreign financial institution of primary money laundering concern. As described in the finding, Al-Huda Bank has for years exploited its access to U.S. dollars to support designated foreign terrorist organizations, including Iran’s Islamic Revolutionary Guard Corps (IRGC) and IRGC-Quds Force, as well as Iran-aligned Iraqi militias Kata’ib Hizballah and Asa’ib Ahl al-Haq. Moreover, the chairman of Al-Huda Bank is complicit in Al-Huda Bank’s illicit financial activities, including money laundering through front companies that conceal the true nature of and parties involved in illicit transactions, ultimately enabling the financing of terrorism.

FinCEN is taking this section 311 action to protect the United States financial system from Al-Huda Bank’s illicit activity. Pursuant to this final rule, covered financial institutions are now prohibited from opening or maintaining correspondent accounts for or on behalf of Al-Huda Bank, and are required to take reasonable steps not to process transactions for the correspondent account of a foreign banking institution in the United States if such a transaction involves Al-Huda Bank, preventing indirect access by Al-Huda Bank to the United States financial system. This final rule also requires covered financial institutions to apply special due diligence to their foreign correspondent accounts that is reasonably designed to guard against their use to process transactions involving Al-Huda Bank.

The rule adds section 663 to 31 CFR Part 1010, effective upon publication in the Federal Register. BankersOnline has added section 663 to its 31 CFR Part 1010 pages.

The National Credit Union Administration released today its annual Cybersecurity and Credit Union System Resilience Report. The report summarizes the current cybersecurity threat landscape, highlights the agency’s key cybersecurity initiatives, and outlines the agency’s ongoing efforts to enhance cybersecurity preparedness and resilience within the credit union industry.

The Treasury Department yesterday reported that OFAC had sanctioned nearly 50 entities and individuals that constitute multiple branches of a sprawling “shadow banking” network used by Iran’s Ministry of Defense and Armed Forces Logistics (MODAFL) and Islamic Revolutionary Guard Corps (IRGC) to gain illicit access to the international financial system and process the equivalent of billions of dollars since 2020. MODAFL and the IRGC engage in several commercial revenue-generating activities, most notably the sale of Iranian oil and petrochemicals.

Networks of Iranian exchange houses and dozens of foreign cover companies under their control enable MODAFL and the IRGC to disguise the revenue they generate abroad that is then available to use for a range of MODAFL and IRGC activities, including the procurement and development of advanced weapons systems such as unmanned aerial vehicles. This revenue also supports the provision of weapons and funding to Iran’s regional proxy groups, including Yemen’s Houthis, who continue a campaign of reckless attacks on global shipping, as well as the transfer of UAVs to Russia for use in its war of aggression against Ukraine.

For the names and identification information of the designated parties, see the June 25, 2024, BankersOnline OFAC Update.

The Securities and Exchange Commission has announced it has updated its list of unregistered entities that use misleading information to solicit primarily non-U.S. investors, adding 24 soliciting entities, six impersonators of genuine firms, and four bogus regulators.

The SEC’s list of soliciting entities that have been the subject of investor complaints, known as the Public Alert: Unregistered Soliciting Entities (PAUSE) list, enables investors to better inform themselves and avoid being victims of fraud. The latest additions are firms that SEC staff found were providing inaccurate information about their affiliation, location, or registration. Under U.S. securities laws, firms that solicit investors generally are required to register with the SEC and meet minimum financial standards and disclosure, reporting, and recordkeeping requirements.

In addition to alerting investors to firms falsely claiming to be registered, the PAUSE list flags those impersonating registered securities firms and bogus regulators who falsely claim to be government agencies or affiliates. Inclusion on the PAUSE list does not mean the SEC has found violations of U.S. federal securities laws or made a judgment about the merits of any securities being offered.

The OCC has requested comment on a proposal to revise its recovery planning guidelines for certain large insured national banks, federal savings associations, and federal branches (banks).

The proposed rulemaking is part of the OCC’s effort to ensure that large banks are adequately prepared and have developed a plan to respond to the financial effects of severe stress, particularly in light of the contagion effects and systemic risks they may pose.

The proposal would:

• Expand recovery planning guidelines to apply to banks with at least $100 billion in assets
• Incorporate a testing standard for recovery plans
• Clarify the role of non-financial risk (including operational and strategic risk) in recovery planning

Comments from the public will be accepted for 30 days following publication of the proposed in the Federal Register.
Publication and comment period update: Published 7/3/2024 at 89 FR 55114. The comment period will close 8/2/2024.

The Treasury Department reported on Friday that OFAC has designated twelve individuals in leadership roles at AO Kapersky Lab.

On Thursday, the Department of Commerce issued a final determination under Executive Order 13873 prohibiting Kaspersky Lab, Inc., its affiliates, subsidiaries and parent companies directly or indirectly from providing anti-virus software and cybersecurity products or services in the United States or to U.S. persons. Commerce reached this determination after an investigation found transactions involving the products and services of Kaspersky Lab, Inc. and its corporate family pose unacceptable risk to U.S. national security or the safety and security of U.S. persons, as outlined in E.O. 13873.

In addition, the Department of Commerce has designated AO Kaspersky Lab and OOO Kaspersky Group (Russia), and Kaspersky Labs Limited (United Kingdom) on the Entity List for their cooperation with Russian military and intelligence authorities in support of the Russian government’s cyber intelligence objectives. These activities are contrary to U.S. national security and foreign policy interests.

For the names and identification information of the designated parties, see the June 21, 2024, BankersOnline OFAC Update.