I am concerned when I am at conferences and professional meetings and I hear presenters telling the attendees, from any industry, that there is really nothing that they need to do to address the requirements of the USA PATRIOT Act, and I’ve heard this communicated several times since the law was enacted in 2001. Here is a good example that yes, indeed, doing nothing can come back to haunt you…and negatively impact your business with penalties and bad press.
It is rare that you see the USA PATRIOT Act, the follow-up for which is the USA PATRIOT Improvement and Reauthorization Act of 2005, being referenced as being part of actions taken by law enforcement for surveillance, or by regulators as part of the basis for fines. However, I just ran across a story on the government’s FinCEN site that talks about how noncompliance with the USA PATRIOT Act was used in determining a $600,000 penalty against Liberty Bank of New York…I need to check that site more often, don’t I?
In brief, the Financial Crimes Enforcement Network (FinCEN), Federal Deposit Insurance Corporation (FDIC), and New York State Banking Department (NYSBD) assessed a $600,000 penalty against Liberty Bank of New York for violations of federal and state anti-money laundering laws and regulations. Liberty Bank consented to payment of the civil money penalties without admitting or denying the allegations (this is pretty common with regulatory noncompliance situations).
What did Liberty Bank do…or not do? FinCEN, FDIC, and NYSBD found they:
- Failed to implement an adequate Bank Secrecy Act/anti-money laundering program with internal controls and appropriate measures to detect and report money laundering and other suspicious activity in a timely manner.
- Did not have an anti-money laundering program that complied with information sharing requests from law enforcement under section 314(a) of the USA PATRIOT Act.
I anticipate seeing more, and probably more aggressive/costly, actions taking place with regard to the USA PATRIOT Acts as time goes on…companies need to take notice and be aware; not only for section 314(a), but for all the sections, some of which apply to more businesses than just those considered by the law as a financial institution.
Wonder what section 314(a) is all about? Here you go:
"SEC. 314. COOPERATIVE EFFORTS TO DETER MONEY LAUNDERING.
(a) COOPERATION AMONG FINANCIAL INSTITUTIONS, REGULATORY AUTHORITIES, AND LAW ENFORCEMENT AUTHORITIES-
(1) REGULATIONS- The Secretary shall, within 120 days after the date of enactment of this Act , adopt regulations to encourage further cooperation among financial institutions, their regulatory authorities, and law enforcement authorities, with the specific purpose of encouraging regulatory authorities and law enforcement authorities to share with financial institutions information regarding individuals, entities, and organizations engaged in or reasonably suspected based on credible evidence of engaging in terrorist acts or money laundering activities.
(2) COOPERATION AND INFORMATION SHARING PROCEDURES- The regulations adopted under paragraph (1) may include or create procedures for cooperation and information sharing focusing on–
(A) matters specifically related to the finances of terrorist groups, the means by which terrorist groups transfer funds around the world and within the United States, including through the use of charitable organizations, nonprofit organizations, and nongovernmental organizations, and the extent to which financial institutions in the United States are unwittingly involved in such finances and the extent to which such institutions are at risk as a result;
(B) the relationship, particularly the financial relationship, between international narcotics traffickers and foreign terrorist organizations, the extent to which their memberships overlap and engage in joint activities, and the extent to which they cooperate with each other in raising and transferring funds for their respective purposes; and
(C) means of facilitating the identification of accounts and transactions involving terrorist groups and facilitating the exchange of information concerning such accounts and transactions between financial institutions and law enforcement organizations.
(3) CONTENTS- The regulations adopted pursuant to paragraph (1) may–
(A) require that each financial institution designate 1 or more persons to receive information concerning, and to monitor accounts of individuals, entities, and organizations identified, pursuant to paragraph (1); and
(B) further establish procedures for the protection of the shared information, consistent with the capacity, size, and nature of the institution to which the particular procedures apply.
(4) RULE OF CONSTRUCTION- The receipt of information by a financial institution pursuant to this section shall not relieve or otherwise modify the obligations of the financial institution with respect to any other person or account.
(5) USE OF INFORMATION- Information received by a financial institution pursuant to this section shall not be used for any purpose other than identifying and reporting on activities that may involve terrorist acts or money laundering activities."
Technorati Tags
information security
IT compliance
corporate governance
Patriot Act
government
awareness and training
privacy