The Office of the Comptroller of the Currency (OCC) published last week, on June 7 and 8, two notices seeking comments about the agency’s plans to collect more information from banks and other institutions on crypto assets and identity theft red flags.
The risk of money laundering associated with cryptocurrencies has been a constant concern for regulators for the last few years. Just last week, U.S. policymakers held two different hearings in Capitol Hill about the role of cryptocurrencies in ransomware attacks and about illicit finance of terrorist activities.
One of the recommendations from Sen. Gary Peters, chairman of the Senate Committee on Homeland Security and Government Affairs, in a recent report on this issue was that U.S. agencies should have more data to fight these crimes.
Just a few days after this recommendation, the OCC published a notice in the Federal Register announcing that it is introducing changes to the Bank Secrecy Act/Money Laundering Risk Assessment, also known as the Money Laundering Risk (MLR) System, to collect more information.
The MLR System enhances the ability of examiners and bank management to identify and evaluate Bank Secrecy Act/Money Laundering and Office of Foreign Asset Control (OFAC) sanctions risks associated with banks’ products, services, customers, and locations. Consequently, the MLR risk assessment is an important tool for the OCC’s Bank Secrecy Act/Anti-Money Laundering and OFAC supervision activities because it allows the agency to better identify those institutions, and areas within institutions, that may pose heightened risk.
According to the agency, banks will also benefit from the reporting of MLR data as it will assist in the managing of the banks’ BSA/AML programs and provide a starting point for banks to develop their risk assessments.
The OCC is now proposing to collect new MLR information in its annual Risk Summary Form (RSF). For 2022, the RSF will include three new products and services in crypto assets: custody, stablecoin issuance and stablecoin payments. The OCC is also adding three new customer types under the money transmitters category: customers that accept or transmit cryptocurrency; crypto ATM operators; and crypto asset exchanges.
The OCC will collect this data for community and trust banks supervised by the regulator. The collection will be fully automated, making data entry quick and efficient and providing electronic records for all parties, the agency said in the notice. The agency is seeking comments on this proposal until Aug. 8.
Read more: US Lawmakers Take on Crypto Ransom Payments
Identity Theft Red Flags
The second initiative published by the OCC is on identity theft. According to the Fair and Accurate Credit Transactions Act of 2033 (FACT Act) different agencies, including the OCC, are required to issue guidelines for financial institutions and creditors regarding identity theft with respect to their account holders and customers and update these as often as necessary.
The FACT Act also requires the OCC and other agencies to identify patterns, practices and specific forms of activity that indicate the possible existence of identity theft. Banks and financial institutions also have obligations. For instance, OCC-regulated financial institutions need to establish an Identity Theft Prevention Program designed to detect, prevent, and mitigate identity theft in connection with accounts. Financial institutions are also encouraged to consider these guidelines when developing their Identity Theft Prevention programs, especially given that the first program must be approved by the institutions’ board of directors.
While the guidelines on identity theft red flags were first published in 2007, the agencies are seeking feedback from the public until July 7 to determine whether the information collected for these purposes is adequate. This is the second time the OCC has issued a notice for comments on this topic as the first notice, published in March, was closed without receiving any comments.