Top Story Security Related

On Friday, the Financial Crimes Enforcement Network (FinCEN) published its first set of guidance materials to aid the public, and in particular the small business community, in understanding upcoming beneficial ownership information (BOI) reporting requirements taking effect on January 1, 2024. The new regulations require many corporations, limited liability companies, and other entities created in or registered to do business in the United States to report information about their beneficial owners—the persons who ultimately own or control the company—to FinCEN.

The following materials are now available on FinCEN’s beneficial ownership information reporting webpage, www.fincen.gov/boi:

• Answers to Frequently Asked Questions about the reporting requirement.
• One Pagers on Key Filing Dates and Key Questions.
• An Introductory Video and more detailed Informational Video about the reporting requirement.

Additional guidance will be published at www.fincen.gov/boi in the coming months, to include a Small Entity Compliance Guide. Please check back often for more information.

FinCEN will not be accepting any beneficial ownership information before January 1, 2024. Information on how to submit beneficial ownership information to FinCEN will be forthcoming.

• FinCEN press release

The Internal Revenue Service yesterday warned taxpayers to watch out for scammers who try to sell or offer help setting up an online account on IRS.gov that puts their tax and financial information at risk of identity theft.

The IRS Online Account provides valuable tax information for people. But this information in the wrong hands can provide important information to help an identity thief try to submit a fraudulent tax return in the person's name in hopes of getting a big refund. People should watch out for these scam artists offering to help set up these accounts because these are identity theft attempts to run off with the taxpayer's personal or financial information.

The Federal Trade Commission announced yesterday that its staff are seeking information on the business practices of cloud computing providers including issues related to the market power of these companies, impact on competition, and potential security risks.

In a Request for Information, FTC staff are seeking information about the competitive dynamics of cloud computing, the extent to which certain segments of the economy are reliant on cloud service providers, and the security risks associated with the industry’s business practices. In addition to the potential impact on competition and data security, FTC staff are also interested in the impact of cloud computing on specific industries including healthcare, finance, transportation, e-commerce, and defense.

Comments will be accepted through May 22, 2023.

The OCC has released a list of enforcement actions taken in February and March. Among the actions listed was a consent order of prohibition issued to Jamie Lee Coyle, formerly a teller at the Nicholasville, Kentucky, location of First Southern National Bank, Lancaster, Kentucky, after a finding that, in 2018, Coyle misappropriated approximately $13,000 in multiple unauthorized withdrawals from the bank's charitable giving account.

Secretary of Homeland Security Alejandro N. Mayorkas convened a meeting of the Homeland Security Advisory Council (“the Council”) at the White House on Thursday to discuss how the Department can enhance supply chain security, improve efforts of intelligence and information sharing capabilities, promote greater transparency, improve customer service, and expand on its Homeland Security Technology and Innovation Network. During the meeting, Former Secretary of Homeland Security Michael Chertoff, who led DHS from 2005 to 2009, spoke about how the Department’s development over 20 years reflected the evolution in the threat landscape. Secretary Chertoff emphasized that the Department is fit for purpose for the threats of today and tomorrow.

During the meeting, Former Secretary of Homeland Security Michael Chertoff, who led DHS from 2005 to 2009, spoke about how the Department’s development over 20 years reflected the evolution in the threat landscape. Secretary Chertoff emphasized that the Department is fit for the purpose of preparing for the threats of today and tomorrow.

National Security Advisor Jake Sullivan also addressed the Council, discussing the convergence of homeland security with national security. He recognized the Department’s 20th Anniversary and echoed the message that President Biden delivered to the workforce on March 1, 2023, highlighting the dedication and resolve of the DHS workforce over the past 20 years.

• DHS press release

The Office of the Comptroller of the Currency on Wednesday announced it has issued a prohibition order and a $17 million civil money penalty by consent against Carrie Tolstedt, former head of Wells Fargo Bank, N.A.'s Community Bank, for her role in systemic sales practices misconduct at the bank.

The settlement resolves the administrative enforcement action against Ms. Tolstedt that began when the OCC filed a notice of charges against her on January 23, 2020. The notice alleged that Ms. Tolstedt was significantly responsible for the systemic sales practices misconduct at the bank. The Notice further alleged that the bank’s business model imposed unreasonable sales goals on its employees, along with unreasonable pressure to meet such goals.

The settlement the OCC announced today is in addition to the settlements with seven other former Wells Fargo senior bank executives announced on January 23 and September 21, 2020, and January 15, 2021.

It appears that settlements have not yet been reached with former Community Bank Group risk officer Claudia Russ Anderson, former executive audit director Paul McLinko, and former chief auditor David Julian.

Yesterday, Treasury reported that OFAC has designated three individuals in Bosnia and Herzegovina (BiH) pursuant to Executive Orders 14033 or 14059:

• Osman "Osmica" Mehmedagic
• Dragan Stankovic
• Edin Gacanin

For identification information on these individuals, see this BankersOnline OFAC Update.

A recent Nacha news release is a reminder that Phase 2 of Nacha's "Micro-Entries" rule becomes effective tomorrow, March 17, 2023.

The Micro-Entry Rule was adopted in early 2022. Phase 1 has been in effect since September 16, 2022. It defines Micro-Entries as ACH credits of less than $1, and any offsetting ACH debits, used for account verification. Additionally, it requires the use of the “ACCTVERIFY” description.

Phase 2 requires that originators of these entries must use commercially reasonable fraud detection. At a minimum, that includes monitoring forward and return volumes of Micro-Entries.

The Financial Action Task Force (FATF), an independent inter-governmental body that develops and promotes policies to protect the global financial system against money laundering, terrorist financing and the financing of proliferation of weapons of mass destruction, has revised its Guidance on Beneficial Ownership for Legal Persons, also known as FATF Recommendation 24.

The revisions respond to the significant misuse of legal persons for money laundering, terrorist financing, and also for proliferation financing in a number of jurisdictions, and to the outcomes of FATF Mutual Evaluations which show a generally insufficient level of effectiveness in combating the misuse of legal persons for money laundering and terrorist financing globally.

The revised Recommendation 24 explicitly requires countries9 to use a multi-pronged approach, i.e., to use a combination of different mechanisms, for collection of beneficial ownership information to ensure that adequate, accurate and up-to-date information on the beneficial ownership of legal persons is available and can be accessed by the competent authorities in a timely manner.

Yesterday, FinCEN announced that the Financial Action Task Force (FATF) issued a public statement on February 24 at the conclusion of its plenary meeting announcing its suspension of the Russian Federation’s membership in FATF. The statement notes that “the Russian Federation’s actions unacceptably run counter to the FATF core principles aiming to promote security, safety, and the integrity of the global financial system.” The FATF further urged “all jurisdictions to remain vigilant of threats to the integrity, safety and security of the international financial system arising from the Russian Federation’s war against Ukraine.” The FATF also reiterated “…that all jurisdictions should be alert to possible emerging risks from the circumvention of measures taken in order to protect the international financial system and take the necessary measures to mitigate these risks.”

The FATF also updated its lists of jurisdictions with strategic AML/CFT/CPF deficiencies. U.S. financial institutions should consider the FATF’s stance toward these jurisdictions when reviewing their obligations and risk-based policies, procedures, and practices.

On February 24, 2023, the FATF removed Cambodia and Morocco from its list of Jurisdictions under Increased Monitoring and added South Africa and Nigeria to the list.

The FATF’s list of High-Risk Jurisdictions Subject to a Call for Action remains the same, with Iran and the Democratic People’s Republic of Korea (DPRK) still subject to FATF’s countermeasures. Burma remains on the list of High-Risk Jurisdictions Subject to a Call for Action and is still subject to enhanced due diligence, not countermeasures.