On October 5, 2011, the Financial Crimes Enforcement Network at the U.S. Department of the Treasury (FinCEN) released final regulations to implement Section 104(e) of CISADA that contain compliance obligations specific to banks in the United States, including U.S. offices of foreign banks. FinCEN opted for imposing a reporting obligation, which is arguably the least onerous of a range of alternative obligations authorized by Section 104(e) of CISADA. The new reporting obligation will impose compliance burdens on banks in the United States. It also will require foreign banks outside the United States to share business or transactional information that is not subject to U.S. jurisdiction with U.S. authorities under an implicit threat of sanctions if they do not cooperate. However, FinCEN demonstrated some flexibility in the detailed requirements of the final rulemaking.
The final rule also contains an Appendix A, which is a model certification form for use by foreign banks in connection with the reporting requirements. The certification form also has to be signed by the requesting U.S. bank.
The final rule will become effective upon publication in the Federal Register, which should occur Tuesday, October 11. FinCEN expects to issue reporting requests to banks pursuant to the final rule immediately thereafter.
In brief, the final rule requires a U.S. bank, upon request from FinCEN, to inquire of a specified foreign bank for which the U.S. bank maintains any correspondent account, and report to the Department of the Treasury on whether the specified foreign bank:
- maintains a correspondent account for an Iranian-linked financial institution designated under the International Emergency Economic Powers Act (IEEPA);
- has processed one or more transfers of funds within the preceding 90 calendar days for or on behalf of an Iranian-linked financial institution designated under IEEPA, other than through a correspondent account; or
- has processed one or more transfers of funds within the preceding 90 calendar days for or on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC) or any of its agents or affiliates designated under IEEPA.
It is expected that as soon as the regulation takes effect, FinCEN will issue a number of information requests to U.S. banks regarding certain foreign banks that Treasury has reason to believe may be engaged in sanctionable activities under other sections of CISADA.
The Reporting Requirement
Highlights of the final rule include the following points:
- In finalizing the reporting requirement, FinCEN opted not to require other, potentially more onerous obligations contained in Section 104(e) of CISADA, including audits of activities by foreign financial institutions, certifications that the foreign financial institution is not knowingly engaging in prohibited activity and more detailed due diligence policies, procedures and controls. FinCEN determined that the reporting obligation is “the most useful vehicle for affecting the intent of Section 104(e) at this time.”
- The final rule focuses the reporting requirement on the provision of information relating to correspondent accounts for, and funds transfers to, designated foreign financial institutions connected with Iran’s proliferation activities or support for international terrorism. In addition, the reporting requirement focuses on the provision of information relating to transfers of funds by foreign financial institutions in support of the IRGC.
- Specifically, the final rule requires a bank, upon receiving a written request from FinCEN, to inquire of a specified foreign bank for which it maintains a correspondent account (and report to FinCEN) with respect to the following:
- whether the foreign bank maintains a correspondent account for an Iranian-linked financial institution designated under IEEPA;
- whether the foreign bank has processed one or more transfers of funds within the preceding 90 calendar days for or on behalf of, directly or indirectly, an Iranian-linked financial institution designated under IEEPA, other than through a correspondent account; and
- whether the foreign bank has processed one or more transfers of funds within the preceding 90 calendar days for or on behalf of, directly or indirectly, an IRGC-linked person designated under IEEPA.
- In addition, one of the most far-reaching provisions of the rule requires the U.S. bank to request that the foreign bank agree to notify it within 30 days if the foreign bank subsequently establishes a new correspondent account for an Iranian-linked financial institution designated under IEEPA at any time within 365 calendar days from the date of the foreign bank’s initial response. The U.S. bank would in turn report such information to FinCEN.
- FinCEN rejected criticism by some commenters that the 365-day notification requirement was too onerous. FinCEN took the position that an easily checked list of financial institutions that meet the criteria of Iranian-linked financial institutions designated under IEEPA is available on OFAC’s website at http://www.treasury.gov/resource-center/sanctions/Programs/Documents/irgc_ifsr.pdf.
- The final rule also requires a bank to report to FinCEN instances in which the bank does not maintain a correspondent account for a foreign bank specified in a written request from FinCEN.
- FinCEN expressly reserved an option to extend the rule at a later date to other types of financial institutions in addition to banks.
Non-Cooperating Foreign Banks
The final rule recognizes that CISADA does not compel foreign banks to respond to the requesting U.S. bank or to notify it under the 365-day rule, but it also contains implicit sanctions for banks that do not cooperate.
A number of commenters on the proposed rule upon which the final rule is based argued that privacy laws in certain jurisdictions may prohibit foreign banks from providing the requested information. FinCEN acknowledges in the introduction to the final rule that some foreign banks may choose not to respond or may not be able to respond because of home country privacy laws. FinCEN included an option for U.S. banks to report to FinCEN if they have not received a response from a foreign bank (FinCEN acknowledges that foreign banks “are not necessarily required to respond” under CISADA). FinCEN notes that such foreign banks “may feel compelled” to respond in order to maintain “good relationships” with the U.S. banks with which they maintain correspondent accounts. FinCEN also notes that “consultations” could be held by FinCEN with such foreign banks, as well as sanctions imposed under Section 104(c) of CISADA, if a foreign bank is unwilling to respond to inquiries. The implicit threat is that if a foreign bank fails to respond or provides incorrect information, it may be investigated and potentially sanctioned under Section 104(c) of CISADA. Those sanctions include being denied access to the U.S. financial system and U.S. dollar clearing.
In response to a comment that a foreign bank may conduct legitimate business with Iran under its home country laws (through licensing or otherwise), FinCEN notes the foreign bank may provide such an explanation in the certification form and that it “may be” taken into account in determining if “further action” is appropriate under Section 104(c) of CISADA.
- The final rule clarifies that a bank is not required to take any additional action based solely upon the fact that it has received a request for information under the regulation, has received a response from the foreign bank or has not received a response from the foreign bank. If a foreign bank does not respond to an inquiry made by a bank under the rule, the bank will be in compliance with the reporting requirements, provided it reports to FinCEN in a timely fashion that the foreign bank did not respond to the bank’s inquiry.
- The certification form for use by the foreign bank contains a “to its knowledge” certification as to processing of funds transfers within the preceding 90 calendar days for an IEEPA-designated financial institution or an IRGC-linked person. However, there is no “to its knowledge” standard for the certification that it does not maintain a correspondent account for an Iranian-linked financial institution designated under IEEPA.
- FinCEN declined to set a minimum dollar threshold for reporting on transfers of funds or on correspondent accounts.
- However, FinCEN did extend the response time for replying to FinCEN’s written request from 30 calendar days to 45 calendar days (although it rejected a 90-day response time frame).
- The certification form, as originally proposed, also had to be validated as to its accuracy and signed by the requesting U.S. bank. In response to significant criticism of this approach, FinCEN modified the validation by the U.S. bank to state that the bank “has no information that is inconsistent with” the certification by the foreign bank.
- FinCEN also clarified that its expectation with regard to “knowledge” is limited to the knowledge a U.S. bank would have based on the monitoring it already conducts to comply with OFAC and Bank Secrecy Act requirements regarding due diligence over foreign correspondent accounts. FinCEN also clarifies that it does not expect a U.S. bank to verify independently the information provided by a foreign bank, although it does expect a bank to report if it has information that is inconsistent with the foreign bank’s certification.
- The final rule contains a five-year recordkeeping requirement.
In conclusion, the final rule from FinCEN implementing Section 104(e) of CISADA will require close analysis and implementation by affected banks in the United States. The likelihood that requests will soon issue from FinCEN means that banks in the United States should review the final rule as a matter of priority. Although the compliance obligation under Section 104(e) of CISADA could have been more onerous under the other options contained in that section, the specific reporting obligations imposed on U.S. banks that receive a request from FinCEN under the final rule could be significant and could cause difficulties with foreign banks that do not wish to, or are unable to, cooperate in providing the requested information.