Top Story Security Related

The Department of the Treasury yesterday reported that OFAC had sanctioned two entities and two individuals for their role in developing and procuring components for sensitive navigational systems for the Iranian military. Concurrent with this action, the U.S. Department of State designated one individual and two entities involved in Iranian UAV and missile development.

Treasury also reported that OFAC had designated three individuals and four entities in Bosnia and Herzegovina (BiH) that form part of U.S.-designated Republika Srpska (RS) President Milorad Dodik’s (Dodik) financial network and enable the Dodik family’s continued attempts to evade sanctions. OFAC's action also targets a BiH politician who serves as a key enabler of Dodik’s corruption and destabilizing political agenda. OFAC also designated Viktor Pavlovich Perevalov for operating or having operated in the construction sector of the Russian Federation economy.

For the names and identification information of the designated parties, see yesterday's BankersOnline OFAC Update.

The Office of the Comptroller of the Currency yesterday announced it had issued a comprehensive cease-and-desist order against USAA Federal Savings Bank to require the bank to correct a range of deficiencies. This order replaces prior cease-and-desist orders issued against the bank in 2019 and 2022.

The OCC reported it took this action based on unsafe or unsound practices relating to management, earnings, information technology, consumer compliance, and internal audit and suspicious activity reporting violations. The bank also was not in compliance with OCC’s Heightened Standards requirements for large banks detailed at 12 CFR Part 30, Appendix D.

The order incorporates articles from the 2019 and 2022 orders that remain in noncompliance and requires the bank to take comprehensive corrective actions to enhance its risk governance, compliance risk management, information technology management, fraud risk management, and third-party, affiliate, and shared services risk management. The order also imposes limitations on the bank’s ability to add certain new products and services, as well as expanding its membership criteria.

The Treasury Department yesterday reported that OFAC has sanctioned two individuals and one entity involved in a network that launders millions of dollars of illicit funds generated by the Democratic People’s Republic of Korea (DPRK) information technology (IT) workers and cybercrime to support the DPRK Government. Based in the United Arab Emirates (UAE), Lu Huaying and Zhang Jian worked through a UAE-based front company to facilitate money laundering and cryptocurrency conversion services that funneled the illicit proceeds back to Pyongyang. This network is led by OFAC-sanctioned Sim Hyon Sop (Sim), a PRC-based banking representative for the DPRK who orchestrates money laundering schemes to fund the regime.

Treasury also reported OFAC action against 12 individuals and eight entities, located across seven countries, who are linked to the global illicit drug trade. These sanctions are the result of strong collaboration with the Drug Enforcement Administration and a range of international law enforcement partners, including in Colombia, Lithuania, and New Zealand. This action was also enabled with support from Treasury’s Financial Crimes Enforcement Network and reporting from financial institutions under the Bank Secrecy Act, and was coordinated closely with various foreign Financial Intelligence Units.

For the names and identification information of the designated parties, see yesterday's BankersOnline OFAC Update.

The Office of the Comptroller of the Currency has reported the key issues facing the federal banking system in its Semiannual Risk Perspective for Fall 2024.

The OCC highlighted credit, operational, compliance, and market risks, as the key risk themes in the report. Highlights from the report include:

• Commercial credit risk remains moderate and shows signs of stabilizing as risks are better identified, monitored, and controlled.
• Overall retail credit risk is stable. Delinquency and loss rates on residential real estate-secured loans held by banks remain historically low but are increasing. Delinquencies in other retail asset classes, namely credit cards and auto loans, reflect an increasing trend.
• Operational risk is elevated. Banks continue to respond to an evolving and increasingly complex operating environment. Evolving cyber threats by sophisticated malicious actors target the financial services industry and their key service providers.
• From a compliance risk perspective, banks continue to operate in a dynamic banking environment as customers’ needs and preferences related to products, services, and delivery channels evolve.
• Community Reinvestment Act (CRA) related risks remain stable as the OCC continues to assess banks’ CRA performance under the 1995/2021 regulatory framework.
• Regarding market risk, banks net interest margin (NIM) performance has varied across bank asset sizes.

A special topic in the report focuses on the increasing trend in external fraud activity targeting consumers and the federal banking system. The frequency of both traditional and novel, more sophisticated fraud activities targeting customers and banks continues to increase. Banks should maintain sound fraud risk management practices through prudent controls and appropriate fraud monitoring capabilities to identify, investigate, mitigate, and report fraudulent activity. Banks can also support their customers by providing educational information about trending fraud activities and ways to protect themselves.

The Department of the Treasury has reported that OFAC has sanctioned nine individuals and seven entities that have provided financial and military support to the Democratic People’s Republic of Korea (DPRK). Also, the U.S. Department of State sanctioned three targets related to the DPRK’s ballistic missile program. These actions reflect the DPRK’s escalating provocation and hostile military posturing that exacerbate global tensions and destabilize regional peace and security.

For the names and identification information of the designated parties, see yesterday's BankersOnline OFAC Update.

The Treasury Department's Office of Foreign Assets Control (OFAC) has announced a $257,690 settlement with C.H. Robinson International Inc. (CHR). CHR agreed to settle its potential civil liability for 82 apparent violations by five of its non-U.S. subsidiaries, which provided freight brokerage or transportation services for shipments in apparent violation of OFAC sanctions on Cuba and Iran. The settlement amount reflects OFAC's determination that the apparent violations were voluntarily self-disclosed and were not egregious.

CHR is a Minnesota-based global transportation and logistics company. Following a series of overseas acquisitions by CHR of freight and logistics firms, between November 2018 and February 2022 five of CHR’s foreign subsidiaries provided freight brokerage or transportation services for 82 shipments, to or from Iran (in two instances), of Iranian- or Cuban-origin goods, or by dealing with an Iranian airline. The vast majority of the apparent violations appear to have occurred because the subsidiaries’ brokerage management systems had not yet been incorporated into CHR’s system or otherwise updated to include the latest sanctions compliance controls and did not screen for potentially violative transactions.

Further details can be found in OFAC's Enforcement Release.

The FDIC has published [89 FR 101014] a "Sunshine Act" notice of its next Board of Directors meeting, scheduled for 10:00 a.m. EST on Tuesday, December 17, 2024. The meeting will be open to public observation only by webcast. Matters on the agenda for consideration include:

• Proposed 2025 FDIC Operating Budget
• Discussion Draft relating to FDIC Policy regarding the Annunzio-Wylie Anti-Money Laundering Act
• Discussion Draft relating to FDIC Policy on Bank Capital Distributions in Unusual and Exigent Circumstances

The OCC, Federal Reserve Board, and FDIC this morning published [89 FR 99751] a request for comments to inform their review under the Economic Growth and Regulatory Paperwork Reduction Act of 1996 (EGRPRA) of agency regulations to identify outdated or otherwise unnecessary regulatory requirements on insured depository institutions and their holding companies.

This is the third of four such requests for comment on multiple categories of regulations. Today's request seeks comment on regulations in the categories of Rules of Procedure; Safety and Soundness; and Securities. Written comments will be accepted through March 11, 2025.

The Department of the Treasury has reported that the EU-U.S. Joint Financial Regulatory Forum took place December 4–5, 2024, with participants exchanging views on topics of mutual interest as part of their regular financial regulatory dialogue. The dialogue was co-chaired by the U.S. Department of the Treasury and the European Commission.

The Forum emphasized close, ongoing U.S. and EU cooperation in a range of areas and focused on seven themes: (1) market developments and financial stability; (2) operational resilience and digital finance; (3) the sharing and financial reporting of financial data; (4) anti-money laundering and countering the financing of terrorism (AML/CFT); (5) sustainable finance; (6) banking and insurance; and (7) capital markets.

The Treasury Department has reported that OFAC has sanctioned cybersecurity company Sichuan Silence Information Technology Company, Limited, and one of its employees, Guan Tianfeng, both based in the People’s Republic of China, for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide. Many of the victims were U.S. critical infrastructure companies.

For identification information on Sichuan Silence and Guan, see yesterday's BankersOnline OFAC Update.