Top Story Security Related

The NCUA has announced it has issued a notice of prohibition under Section 205(d) of the National Credit Union Act (12 U.S.C. 1785(d)) to a former employee of Southern Mississippi Federal Credit Union in Hattiesburg, Mississippi, who had pleaded guilty to a charge of embezzlement.

The Federal Reserve Board has released nineteen Section 19 letters issued in July, August and September 2016. A Section 19 letter prohibits the named individual from becoming or continuing as an institution-affiliated party with respect to any insured depository institution, and is issued when a regulator is made aware that the individual has been convicted of a crime involving dishonesty or breach of trust or money laundering, or has agreed to enter into a pretrial diversion or similar program in connection with a prosecution for such an offense. The prohibition requirement is found in Section 19 of the Federal Deposit Insurance Act, 12 U.S.C. 1829, and is mirrored for insured credit unions in Section 205(d) of the National Credit Union Act, 12 U.S.C. 1785(d).

The Board of Governors of the Federal Reserve System issued a Cease and Desist Order to BB&T Corporation, Winston-Salem, North Carolina (BB&T), a registered bank holding company that owns and controls Branch Banking and Trust Company, Winston-Salem, North Carolina, a state-chartered bank. The most recent inspection of BB&T conducted by the Federal Reserve Bank of Richmond identified significant deficiencies in BB&T’s firm-wide compliance program with respect to compliance with the BSA/AML requirements.

The Federal Reserve System has released a progress report outlining accomplishments and anticipated steps moving forward related to the ongoing initiatives to enhance the speed, efficiency and security of the U.S. payment system. The report highlights collaborative efforts in support of five strategies outlined in the January 2015 publication of Strategies for Improving the U.S. Payment System.

Nonghyup Bank, Seoul, Korea, and its New York City branch have executed a written agreement with the Federal Reserve Bank of New York. A recent examination of the branch identified deficiencies relating to the branch’s risk management and compliance with applicable federal and state laws, rules, and regulations relating to anti-money laundering compliance, including the Bank Secrecy Act rules and regulations.

The Federal Trade Commission will mark Tax Identity Theft Week, January 30 – February 3, with a series of events to alert consumers and businesses about ways they can minimize their risk of tax identity theft, and recover if it happens. The week will feature special events for consumers, tax professionals, small businesses and veterans. The Commission will join with the IRS, the Department of Veterans Affairs, the AARP Fraud Watch Network and others to discuss tax identity theft, IRS imposter scams, cybersecurity and identity theft recovery.

The Federal Trade Commission has announced that the Western Union Company, a global money services business headquartered in Englewood, Colorado, has agreed to forfeit $586 million and enter into agreements with the Federal Trade Commission, the Justice Department, and the U.S. Attorneys’ Offices of the Middle District of Pennsylvania, the Central District of California, the Eastern District of Pennsylvania and the Southern District of Florida. In its agreement with the Justice Department, Western Union admits to criminal violations including willfully failing to maintain an effective anti-money laundering program and aiding and abetting wire fraud. The forfeited money will fund restitution payments to consumers who were harmed by the company's unlawful actions.

In a related action, FinCEN announced it has issued a consent assessment of a civil money penalty of $184 million against Western Union Financial Services, Inc. (WUFSI). WUFSI consented to FinCEN’s determination that prior to 2012, WUFSI willfully violated the Bank Secrecy Act’s anti-money laundering (AML) requirements by failing to implement and maintain an effective, risk-based AML program and by failing to file timely suspicious activity reports (SARs). FinCEN’s penalty is in conjunction with the actions by the U.S. Department of Justice (DOJ) and the U.S. Federal Trade Commission (FTC), and will be satisfied by Western Union's forfeiture to the U.S. Treasury.

For further details on this story, see "Western Union forfeits $586M for AML violations and consumer fraud," in our Penalties pages.

OFAC has designated Milorad Dodik, President of Republika Srpska, one of two entities that make up Bosnia and Herzegovina. Specifically, Dodik was designated for his role in defying the Constitutional Court of Bosnia and Herzegovina in violation of the rule of law, thereby actively obstructing the Dayton Accords; he was also designated for conduct that poses a significant risk of actively obstructing the same. See our OFAC Update for additional information.

The Federal Reserve, FDIC and OCC have announced the extension through February 17, 2017, of the comment period for their advance notice of proposed rulemaking on enhanced cyber risk management standards for large and interconnected entities under their supervision and those entities’ service providers. The agencies are considering five categories of cyber standards: cyber risk governance, cyber risk management, internal dependency management, external dependency management, and incident response, cyber resilience, and situational awareness. This announcement extends the comment period by one month.

OFAC has announced that Toronto-Dominion Bank (“TD Bank”), a financial institution headquartered in Toronto, Ontario, has agreed to remit $516,105 to settle its potential civil liability for 167 apparent violations of the Cuban Assets Control Regulations (CACR), and of the Iranian Transactions Sanctions Regulations (ITSR). OFAC also has issued a Finding of Violation to TD Bank, the parent company of wholly owned subsidiaries Internaxx Bank SA and TD Waterhouse Investment Services for 3,491 violations of the CACR and ITSR.