The Office of the Comptroller of the Currency (OCC) published two notices last week, on June 7 and 8, seeking comment on the agency’s plans to gather more information from banks and other institutions on crypto assets and red flags. of identity theft.
The money laundering risk associated with cryptocurrencies has been a constant concern for regulators for the past few years. Last week, US lawmakers held two separate hearings on Capitol Hill on the role of cryptocurrencies in ransomware attacks and on the illicit financing of terrorist activities.
One of the recommendations by Senator Gary Peters, chairman of the Senate Homeland Security and Governmental Affairs Committee, in a recent report on this topic, was that US agencies should have more data to combat these crimes.
Just days after this recommendation, the OCC published a notice in the Federal Register announcing that it is making changes to the Bank Secrecy Act/Money Laundering Risk Assessment, also known as the Money Laundering Risk Assessment (MLR) System. , to collect more information. .
The MLR system enhances the ability of bank examiners and management to identify and assess Bank Secrecy Act/Money Laundering and Office of Foreign Assets Control (OFAC) sanctions risks associated with products, services, customers and bank locations. Consequently, the MLR risk assessment is an important tool for OFAC and OCC Bank Secrecy/Anti-Money Laundering Act oversight activities because it allows the agency to better identify those institutions and areas within institutions that may present a higher risk.
According to the agency, banks will also benefit from the MLR data report as it will aid in the management of banks’ BSA/AML programs and provide a starting point for banks to develop their risk assessments.
The OCC now proposes to collect new MLR information in its annual Risk Summary Form (RSF). By 2022, RSF will include three new products and services in crypto assets: custody, stablecoin issuance, and stablecoin payments. The OCC is also adding three new types of customers in the money transmitter category: customers who accept or transmit cryptocurrencies; crypto ATM operators; and crypto asset exchanges.
The OCC will collect this data for trust and community banks supervised by the regulator. Collection will be fully automated, making data entry quick and efficient and providing electronic records for all parties, the agency said in the notice. The agency is seeking comments on this proposal through August 8.
Read more: US Lawmakers Take on Crypto Ransom Payments
Identity Theft Red Flags
The second initiative published by the OCC is on identity theft. Under the Fair and Accurate Credit Transactions Act of 2033 (FACT Act), different agencies, including the OCC, are required to issue guidelines to financial institutions and creditors regarding identity theft regarding their account holders and clients and update them as often as necessary. .
The FACT Act also requires the OCC and other agencies to identify patterns, practices, and specific forms of activity that indicate the potential existence of identity theft. Banks and financial institutions also have obligations. For example, OCC-regulated financial institutions are required to establish an Identity Theft Prevention Program designed to detect, prevent, and mitigate account-related identity theft. Financial institutions are also encouraged to consider these guidelines when developing their identity theft prevention programs, especially since the program must first be approved by the institutions’ board of directors.
While the identity theft red flag guidelines were first published in 2007, the agencies are seeking public comment through July 7 to determine whether the information collected for these purposes is adequate. This is the second time the OCC has issued a notice for comment on this issue since the first notice, published in March, was closed without receiving any comments.