News

A unique, if not unprecedented, enforcement action against a New York lender whose dealings with cryptocurrency sometimes violated federal anti-money laundering rules serves as a warning to other banks onboarding firms from the industry, sources told ACAMS moneylaundering.com.

In a 30-page cease and desist order published Feb. 20, the Office of the Comptroller of the Currency ordered M.Y. Safra Bank to revamp its AML program after examiners last year found inadequate scrutiny of transactions to and from high-risk jurisdictions, including an unspecified number of payments from “digital asset customers,” or DACs.

Those customers included exchanges, cryptocurrency ATMs and “crypto arbitrage trading accounts” that together drove the volume of domestic wires, international wires and cross-border ACH [Automated Clearing House] transactions upward.

The activity significantly deviated from M.Y. Safra’s “previous business plan” in 2013, according to the OCC, which also accused the bank of having “failed to designate a qualified BSA officer with adequate staffing and resources.”

As a result, M.Y. Safra must now review all medium- and high-risk transactions that it processed between Jan. 1 and Nov. 15, 2019, for signs of illicit finance, as well as all accounts held by high-risk clients. The bank must also conduct a new risk assessment and audit, ensure adequate training of compliance employees and overhaul its due-diligence policies.

Banks have only recently begun to grasp their AML obligations vis-a-vis cryptocurrency firms, and the order confirms that those companies require enhanced due diligence, said Frank Mayer, a former senior attorney for the Federal Deposit Insurance Corp.

“This may be considered a teaching moment to the industry,” said Mayer, now an attorney with Stevens & Lee in Philadelphia. “The OCC may have felt this was an opportunity until they issue clear supervisory expectations.”

The Treasury Department’s Financial Crimes Enforcement Network, or FinCEN, has required firms “accepting and transmitting” cryptocurrency to register as money services businesses and adopt AML programs since at least 2013, and clarified in 30 pages of guidance in May of last year that registration requirements extend to mixers and peer-to-peer platforms.

A separate advisory issued last year—which lists several red flags of suspicious activity specific to cryptocurrency, such as use of anonymized browsing software and links to dark web marketplaces—primarily targets firms within the industry rather than those seeking to bank them, said Peter Hardy, a former federal prosecutor in Philadelphia.

Only a handful of U.S. financial institutions hold accounts for cryptocurrency-related businesses and entities. In light of the order, they should now assume that those firms trigger enhanced due diligence, including reviews of their AML programs, said Hardy, now an attorney with Ballard Spahr in Philadelphia. Others can now cite M.Y. Safra as a cautionary tale and reason to avoid the industry altogether, he said.

“The most obvious and concrete takeaway is: if you’re going to do this … you need to let the regulators know and try and get their buy-in,” Hardy said.

M.Y. Safra’s budding ties to the cryptocurrency industry had already drawn attention before last month’s enforcement action.

In May 2019, SFOX disclosed plans to partner with the New York lender to offer federally insured accounts. In a now-deleted blog post, the San Francisco-based cryptocurrency trading platform described the arrangement as the first of its kind.

M.Y. Safra’s apparent eagerness to pursue public ventures with cryptocurrency firms such as SFOX may have intensified regulatory scrutiny over the lender’s alleged AML weaknesses, according to a compliance officer for a midsized lender on the East Coast.

“While the consent order is relatively unique in that it is one of the first that has really penalized a bank for its program around cryptos, this is really the age-old story of a bank launching new product sets or getting into new business types without conducting an appropriate risk assessment,” the compliance officer said on condition of anonymity.

SFOX did not respond to a request for comment.

An M.Y. Safra spokesperson emphasized in an emailed statement to moneylaundering.com that the bank has already taken steps to address the issues that led to the OCC’s enforcement action. “At the same time, we are disappointed that we did not meet the high standards we set for ourselves and know that work remains to be done,” the spokesperson wrote in the email.

Contact Daniel Bethencourt at dbethencourt@acams.org