Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« VA posts data security information...some good security info/references for everyone | Main | Discount Offered for Workshop That Provides Tools for Helping Privacy and Information Security Officers to Work Most Effectively on Their Common Goals »

Example of a Noncompliance Action for the USA PATRIOT Act: $600,000 Fine

I am concerned when I am at conferences and professional meetings and I hear presenters telling the attendees, from any industry, that there is really nothing that they need to do to address the requirements of the USA PATRIOT Act, and I've heard this communicated several times since the law was enacted in 2001.  Here is a good example that yes, indeed, doing nothing can come back to haunt you...and negatively impact your business with penalties and bad press.

It is rare that you see the USA PATRIOT Act, the follow-up for which is the USA PATRIOT Improvement and Reauthorization Act of 2005, being referenced as being part of actions taken by law enforcement for surveillance, or by regulators as part of the basis for fines.  However, I just ran across a story on the government's FinCEN site that talks about how noncompliance with the USA PATRIOT Act was used in determining a $600,000 penalty against Liberty Bank of New York...I need to check that site more often, don't I?

In brief, the Financial Crimes Enforcement Network (FinCEN), Federal Deposit Insurance Corporation (FDIC), and New York State Banking Department (NYSBD) assessed a $600,000 penalty against Liberty Bank of New York for violations of federal and state anti-money laundering laws and regulations. Liberty Bank consented to payment of the civil money penalties without admitting or denying the allegations (this is pretty common with regulatory noncompliance situations).

What did Liberty Bank do...or not do?  FinCEN, FDIC, and NYSBD found they:

  • Failed to implement an adequate Bank Secrecy Act/anti-money laundering program with internal controls and appropriate measures to detect and report money laundering and other suspicious activity in a timely manner.
  • Did not have an anti-money laundering program that complied with information sharing requests from law enforcement under section 314(a) of the USA PATRIOT Act.

I anticipate seeing more, and probably more aggressive/costly, actions taking place with regard to the USA PATRIOT Acts as time goes on...companies need to take notice and be aware; not only for section 314(a), but for all the sections, some of which apply to more businesses than just those considered by the law as a financial institution.

Wonder what section 314(a) is all about?  Here you go:

"SEC. 314. COOPERATIVE EFFORTS TO DETER MONEY LAUNDERING.

(a) COOPERATION AMONG FINANCIAL INSTITUTIONS, REGULATORY AUTHORITIES, AND LAW ENFORCEMENT AUTHORITIES-

(1) REGULATIONS- The Secretary shall, within 120 days after the date of enactment of this Act , adopt regulations to encourage further cooperation among financial institutions, their regulatory authorities, and law enforcement authorities, with the specific purpose of encouraging regulatory authorities and law enforcement authorities to share with financial institutions information regarding individuals, entities, and organizations engaged in or reasonably suspected based on credible evidence of engaging in terrorist acts or money laundering activities.

(2) COOPERATION AND INFORMATION SHARING PROCEDURES- The regulations adopted under paragraph (1) may include or create procedures for cooperation and information sharing focusing on--

(A) matters specifically related to the finances of terrorist groups, the means by which terrorist groups transfer funds around the world and within the United States, including through the use of charitable organizations, nonprofit organizations, and nongovernmental organizations, and the extent to which financial institutions in the United States are unwittingly involved in such finances and the extent to which such institutions are at risk as a result;

(B) the relationship, particularly the financial relationship, between international narcotics traffickers and foreign terrorist organizations, the extent to which their memberships overlap and engage in joint activities, and the extent to which they cooperate with each other in raising and transferring funds for their respective purposes; and

(C) means of facilitating the identification of accounts and transactions involving terrorist groups and facilitating the exchange of information concerning such accounts and transactions between financial institutions and law enforcement organizations.

(3) CONTENTS- The regulations adopted pursuant to paragraph (1) may--

(A) require that each financial institution designate 1 or more persons to receive information concerning, and to monitor accounts of individuals, entities, and organizations identified, pursuant to paragraph (1); and

(B) further establish procedures for the protection of the shared information, consistent with the capacity, size, and nature of the institution to which the particular procedures apply.

(4) RULE OF CONSTRUCTION- The receipt of information by a financial institution pursuant to this section shall not relieve or otherwise modify the obligations of the financial institution with respect to any other person or account.

(5) USE OF INFORMATION- Information received by a financial institution pursuant to this section shall not be used for any purpose other than identifying and reporting on activities that may involve terrorist acts or money laundering activities."

Technorati Tags






 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on May 30, 2006 3:27 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/99

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.