On August 18, 2020, the Financial Crimes Enforcement Network (FinCEN) issued a statement on its approach to enforcing the Bank Secrecy Act (BSA), to provide clarity on its approach to bringing compliance or enforcement actions due to potential or actual BSA violations. Most BSA requirements apply only to financial institutions; however, in certain circumstances, the BSA applies to business and individuals engaged in transactions who are not financial institutions. FinCEN also is able to impose civil monetary penalties on those who violate the BSA – and may be able to do so on partners, directors, officers, or employees who participatein the violations. Critically, FinCEN’s statement declares it seeks to establish violations of law based on statutes and regulations, instead of simply noncompliance with standards in a guidance document.

The recent guidance means companies and individuals need to be even more alert and attentive to potential risks. Given FinCEN’s statement and clarification, everyone should take this opportunity to review and enhance their compliance policies and reiterate their importance to their employees. And, consider completing random spot checks to ensure compliance systems are working properly.

FinCEN uses a variety of factors to determine the appropriate response to an actual or possible violation of the BSA. These factors include but are not limited to:

1. Nature and seriousness of the violations, including the extent of possible harm to the public and the amounts involved.
2. Impact or harm of the violations on FinCEN’s mission to safeguard the financial system from illicit use, combat money laundering, and promote national security.
3. Pervasiveness of wrongdoing within an entity, including management’s complicity in, condoning or enabling of, or knowledge of the conduct underlying the violations.
4. History of similar violations, or misconduct in general, including prior criminal, civil, and regulatory enforcement actions.
5. Financial gain or other benefit resulting from, or attributable to, the violations.
6. Presence or absence of prompt, effective action to terminate the violations upon discovery, including self-initiated remedial measures.
7. Timely and voluntary disclosure of the violations to FinCEN.
8. Quality and extent of cooperation with FinCEN and other relevant agencies, including as to potential wrongdoing by its directors, officers, employees, agents, and counterparties.
9. Systemic nature of violations. Considerations include the number and extent of violations, failure rates, and duration of violations.
10. Whether another agency took enforcement action for related activity. FinCEN will consider the amount of any fine, penalty, forfeiture, and/or remedial action ordered.

In its statement, FinCEN made clear it has the authority to take the following actions in an enforcement action: (1) take no action, (2) issue a warning letter, (3) seek an injunction or other equitable relief, (4) seek a settlement, (5) impose civil monetary penalties, and/or (6) refer the matter criminally. The regulated parties will have an opportunity to respond and contest both facts and conclusions of law in any FinCEN enforcement action.

FinCEN’s statement is an additional reminder to ensure your company’s compliance policies are appropriately tailored to your risk profile – and being closely followed. This statement follows closely behind two other FinCEN guidances¹ demonstrating FinCEN’s continued presence and commitment to enforcing legal regimes like the BSA.

¹ See Foley Client Alerts: FinCEN Issues Advisory on Cybercrime and Cyber-Enabled Crime Exploiting COVID-19 and FinCEN Issues Updated Guidance for Due Diligence of Hemp Businesses.