Top Story Security Related

The Treasury Department yesterday reported that OFAC has targeted a network of three individuals associated with the expanded activities of the Islamic State of Iraq and Syria (ISIS) on the African continent. These individuals serve as key financiers and trusted operatives, enabling the activities of ISIS and its leaders across Central, Eastern, and Southern Africa. They also serve as critical links between far-flung ISIS operations, including ISIS affiliates in the Democratic Republic of the Congo (DRC), Mozambique, Somalia, and ISIS cells in South Africa, allowing ISIS leadership to leverage each affiliate’s capabilities to conduct terrorist attacks that undermine peace and security in the region.

Treasury also reported that OFAC has sanctioned two Mexican members of Cartel de Jalisco Nueva Generacion (CJNG) and two Mexican companies.

For the names and identification information of the designated individuals and entities, see this July 23, 2024, BankersOnline OFAC Update.

Yesterday, OFAC released Guidance on Extension of Statute of Limitations to address questions raised by recent legislation that extended the statute of limitations for violations of certain sanctions that the agency administers. As explained in the guidance, OFAC may now commence an enforcement action for civil violations of International Emergency Economic Powers Act- or Trading with Enemy Act-based sanctions prohibitions within 10 years of the latest date of the violation if such date was after April 24, 2019.

The Financial Stability Board (FSB), an international body that monitors and makes recommendations about the global financial system, reports that FSB Chair Klaas Knot has written to G20 finance ministers and central bank governors, ahead of a G20 meeting set for July 25–26, 2024. In his letter, Chair Knot highlights high debt levels and vulnerabilities in non-bank financial intermediation (NBFI) as key risks to financial stability. He also cites uneven progress in implementation of agreed NBFI policies and notes a need to timely finalize them.

The letter covers two reports the FSB is delivering to the G20 — a stocktake on regulatory and supervisory initiatives related to the identification and assessment of nature-related financial risks, which was published last week; and the FSB’s annual progress report on its work to enhance resilience in NBFI, delivered together with the letter.

The Treasury Department, on behalf of the Financial Crimes Enforcement Network (FinCEN) has published [89 FR 59805] in today's Federal Register a request for public comment on an information collection associated with requests made to FinCEN by certain persons for beneficial ownership information. Written comments on the proposed information collection are due within 30 days (by August 22, 2024).

The 30-day notice seeks comment on the information to be collected from certain authorized recipients requesting access to beneficial ownership information, consistent with the requirements of the Beneficial Ownership Information Access and Safeguards Rule published on December 22, 2023, and effective since February 20, 2024. The Corporate Transparency Act authorizes government agencies as well as financial institutions and their regulators to obtain beneficial ownership information under certain specified circumstances for national security and law enforcement purposes.

This 30-day notice gives the public an opportunity to comment on: (1) the information to be collected from certain persons requesting beneficial ownership information from FinCEN; and (2) FinCEN’s estimate of the burden involved in the information collection. Comments must be submitted by August 22, 2024.

FinCEN is setting the stage for financial institutions and certain government agencies to have access to Beneficial Ownership Information reported by entities subject to Beneficial Ownership Information Reporting requirements, which is expected to be finalized early in 2025.

The FDIC, Federal Reserve Board, NCUA, and OCC have jointly announced they are requesting comment on a proposal to update their requirements for supervised institutions to establish, implement, and maintain effective, risk-based, and reasonably designed anti-money laundering and countering the financing of terrorism (AML/CFT) programs. The amendments are intended to align with changes concurrently proposed by the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), most of which result from the Anti-Money Laundering Act of 2020 (AML Act).

The proposed amendments would require supervised institutions to identify, evaluate, and document the regulated institution’s money laundering, terrorist financing, and other illicit finance activity risks, as well as consider, as appropriate, FinCEN’s published national AML/CFT priorities. Additionally, and consistent with the AML Act, the proposal would mandate that the duty to establish, maintain, and enforce the AML/CFT program remain the responsibility of, and be performed by, persons in the United States who are accessible to, and subject to the oversight and supervision by, the relevant agency. The proposal also supports institutions’ consideration of innovative approaches to meet compliance obligations.

Comments on the proposal are due 60 days after the date of publication in the Federal Register.

• Interagency Statement on the Issuance of the AML/CFT Program Notices of Proposed Rulemaking
• FDIC FIL-42-2024
• OCC Bulletin 2024-19

The Treasury Department on Friday reported that OFAC has exposed the identity of two members of a Russian government-related hacktivist group, and imposed sanctions on them. OFAC designated Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for their roles in cyber operations against U.S. critical infrastructure. These two individuals are the group’s leader and a primary hacker, respectively.

For identification information on Pankratova and Degtyarenko, see BankersOnline’s July 19, 2024, OFAC Update.

The Treasury Department yesterday reported that OFAC has designated and identified as blocked property a dozen persons and vessels, respectively, that have played a critical role in financing the Houthis’ destabilizing regional activities as part of the network of Sa’id al-Jamal.

Treasury also reported that OFAC sanctioned the Abdul Karim Conteh Human Smuggling Organization (Karim HSO), a transnational criminal organization (TCO) based in Tijuana, Mexico.

For the names and identification information of the designated parties and blocked vessels, see this July 18, 2024, BankersOnline OFAC Update.

The OCC has released a list of 11 enforcement actions taken against national banks and federal savings associations and individuals currently and formerly affiliated with OCC-supervised financial institutions.

• The amended cease and desist order previously announced against Citibank, N.A., Sioux Falls, South Dakota.
• A cease and desist order against CNB Bank & Trust, N.A., Carlinville, Illinois, for violations of 12 CFR 21.21 (BSA/AML compliance program), 31 CFR 1020.210 (Customer Due Diligence), and 1020.220 (Customer Identification Program) as well as unsafe or unsound practices relating to the bank’s BSA/AML compliance, and failure to correct previously reported BSA/AML compliance problems.
• A formal agreement with Lincoln FSB of Nebraska, Lincoln, Nebraska, for unsafe or unsound practices, including those relating to strategic planning, liquidity risk management, contingency funding planning, interest rate risk management, and board oversight and corporate governance.
• A cease and desist order against Summit National Bank, Hulett, Wyoming, for unsafe or unsound practices including those related to capital and strategic planning, liquidity risk management, transactions with affiliates, and the bank’s BSA/AML compliance program, and violations including of 12 CFR 21.21 (BSA/AML compliance program).
• Orders of prohibition against the following individuals:
  • Cindy M. Flores, former branch operations associate manager at a Fargo, North Dakota, branch of Wells Fargo Bank, N.A., Sioux Falls, South Dakota, for misappropriating at least $47,600 by diverting funds from customer deposit accounts
  • Randall David Ditzer, former banking center team lead relationship banker at a Prairie Village, Kansas, branch of BOKF, N.A., Tulsa, Oklahoma, for making unauthorized withdrawals from the accounts of an elderly bank customer and depositing the funds into his own accounts.
  • Aaliyah Shaheed, former digital banking representative for Varo Bank N.A., Draper, Utah, who worked remotely from Charlotte, North Carolina, for improperly accessing and modifying customer account information, which resulted in approximately $21,700 of fraudulent transfers.
  • Kathryn Thomure (now known as Kathryn Makler), former business banking specialist at a Farmington, Missouri, branch of U.S. Bank, N.A., Cincinnati, Ohio, for making false representations on two Paycheck Protection Program loan applications to the U.S. Small Business Administration and receiving a loan for approximately $29,300.
  • Valeria Martinez Vazquez, former branch relationship banker at Zions Bancorporation, N.A., Salt Lake City, Utah, for misappropriating approximately $11,100 from a customer’s account.
  • Andre Jackson, former relationship banker at a Kenmore, New York, branch of Bank of America N.A., Charlotte, North Carolina, for misappropriating at least $8,000 in cash from the bank.
  • Cordia Shedde McDonald, former associate banker at a New Rochelle, New York, branch of JPMorgan Chase Bank, N.A., Columbus, Ohio, for misappropriating at least $10,000 in cash from the bank.

Yesterday, the Department of the Treasury announced that the Financial Services Sector Coordinating Council (FSSCC) and Treasury have published a suite of resources to share with financial services institutions on effective practices for their secure cloud adoption journey. These deliverables are the result of a year-long public-private partnership of the Financial and Banking Information Infrastructure Committee (FBIIC) and the FSSCC.

To provide leadership support for this joint effort the U.S. Department of the Treasury established the Cloud Executive Steering Group (CESG) in May 2023 at the direction of the Financial Stability Oversight Council (FSOC), to help close the gaps identified in Treasury's landmark report on the Financial Services Sector’s Adoption of Cloud Services. The documents published yesterday are intended to arm financial institutions of all sizes with effective practices for secure cloud adoption and operations, and to establish a continuing effort and partnership to begin to address the gaps identified in Treasury’s report, which include:

• Establishing a common lexicon that may be used by financial institutions and regulators in discussions regarding cloud.
• Enhancing information sharing and coordination for examination of cloud service providers.
• Assessing existing authorities for cloud service provider (CSP) oversight.
• Establishing best practices for third-party risk associated with cloud service providers, outsourcing, and due diligence processes to increase transparency.
• Providing a roadmap for institutions considering comprehensive or hybrid cloud adoption strategies including an update to the Financial Sector’s Cloud Profile.
• Improving transparency and monitoring of cloud services for better “security by design.”

Clear explanations for the utility and application of the documents can be found on the U.S. Treasury website. The website also includes links to the FSSCC-led outputs so that financial institutions can consult them at any part of their cloud services adoption journey and risk management process.

The U.S. Treasury Department yesterday announced that OFAC has sanctioned three Mexican accountants and four Mexican companies linked, directly or indirectly, to timeshare fraud led by the Cartel de Jalisco Nueva Generacion (CJNG). Concurrently, the Financial Crimes Enforcement Network (FinCEN) issued a Notice, jointly with OFAC and FBI, to financial institutions that provides an overview of timeshare fraud schemes in Mexico associated with CJNG and other Mexico-based transnational criminal organizations.

For the names and identification information of the designated parties, see this July 16, 2024, BankersOnline OFAC Update.