On April 26, 2023, the Financial Crimes Enforcement Network (“FinCEN”) assessed a $1.5 million civil money penalty on The Kingdom Trust Company (“Kingdom Trust”) for violations of the Bank Secrecy Act of 1970 and its implementing regulations (hereinafter collectively known as “BSA”).[1] Kingdom Trust is the first trust company to receive an enforcement action from FinCEN.[2] The fine is noteworthy not only because it is the bank regulators – not FinCEN – that typically impose fines, but also because trust companies usually do not offer services that easily facilitate financial crime. Given the current trend in digital asset firms relying upon state-chartered trust company licenses to engage in custody and other digital asset services, the fine underscores that FinCEN is ready to take actions to ensure that these entities abide by the BSA.

Kingdom Trust is a South Dakota-chartered trust company that represents itself as a custody solution for individual investors, investment sponsors, family offices, advisory firms, and broker-dealers. The Consent Order agreed upon by Kingdom Trust states that between February 15, 2016 and March 15, 2021 (hereinafter the “Relevant Time Period”), Kingdom Trust provided non-conventional trust services such as account and payment processing services (through correspondent banks) to foreign securities and investment firms as well as other businesses (including money services businesses) located in Latin America.[3] During the Relevant Time Period, Kingdom Trust filed only four suspicious activity reports (“SAR”), whereas a lookback later conducted by FinCEN identified over 600 incidents of suspicious activity that merited reporting.[4]

When announcing the Consent Order, FinCEN’s Acting Director Himamauli Das stated that Kingdom Trust had “virtually no process to identify and report suspicious transactions,” which resulted in it processing more than $4 billion in international wires with “essentially no controls.”[5] Das further added that this enforcement action demonstrates that FinCEN “will not tolerate trust companies with weak compliance programs” who fail to report suspicious activities.

Timeline of Events

The timeline of events set forth in the Consent Order is important to understanding the basis for FinCEN’s actions and broader related compliance considerations. Highlighted below are important events set forth in the Consent Order that relate to Kingdom Trust’s offering of non-conventional trust services to foreign firms, and help provide context as to how findings set forth in the Consent Order can be used to inform compliance programs at other institutions.

• 2014:[6] Kingdom Trust worked with a Consulting Group that connected them with foreign broker-dealers located in Argentina and Uruguay. The Consulting Group stated these firms would use Kingdom Trust accounts to custody fixed-income securities and to hold cash. Kingdom Trust proceeded with this new line of business and opened accounts for customers referred to it by the Consulting Group.
• Late 2016 to 2018:[7]
  • Kingdom Trust processed over 400 suspicious transactions, with an aggregate value of roughly $63 million, on behalf of a British Virgin Islands-organized entity that purported to be a private mutual fund.
  • Kingdom Trust processed over 80 suspicious transactions, with an aggregate value of roughly $8.9 million, on behalf of two customers who appeared to have used their Kingdom Trust accounts to perpetuate securities fraud.
  • Kingdom Trust processed nearly 200 suspicious transactions, with an aggregate value of roughly $16 million, on behalf of a customer that purported to provide tourism services.
• During the Relevant Time Period:[8]
  • Kingdom Trust’s correspondents closed at least 11 of Kingdom Trust’s bank accounts held for the benefit of the customers obtained through the Consulting Group.
  • After these financial institutions began closing the above-mentioned accounts, Kingdom Trust engaged a third party to conduct a BSA/anti-money laundering (“AML”) audit, including its foreign-owned accounts. The audit specifically cited deficiencies related to Kingdom Trust’s high-risk customers and their transactions, although it did not link identified issues to specific customers or transactions. Despite the results of the audit, Kingdom Trust did not exit the high-risk Latin American customers, make changes to its controls, or file any SARs related to this business line.

Kingdom Trust’s BSA Violations

As the timeline above demonstrates, FinCEN concluded that Kingdom Trust had a severely underdeveloped and ad hoc process for identifying and reporting potentially suspicious activity during the Relevant Time Period.[9] While Kingdom Trust’s manual monitoring program might be sufficient for a typical custody business with minimal transactions and no payment activity, Kingdom Trust’s move into high-risk products and clients were not accompanied by incremental controls viewed as commensurately sufficient by FinCEN to monitor for potentially suspicious activity. As a result, FinCEN found that Kingdom Trust failed to timely and accurately identify and report hundreds of suspicious transactions,[10] including transactions with connections to a trade-based money laundering scheme and multiple securities fraud schemes that were the subject of both criminal and civil actions.[11]

Specifically, FinCEN found that Kingdom Trust relied on a manual review of daily transactions by a single employee to identify potentially suspicious transactions and activity throughout the Relevant Time Period,[12] had limited staff with little to no BSA/AML compliance experience,[13] and offered new products and services to customers that had elevated risks of money laundering.[14] It was not until July 2020 that Kingdom Trust hired a Compliance Officer with AML experience.[15] Before that, it formerly had staff with no prior AML experience.[16] Also, according to the Consent Order, Kingdom Trust only began the process of closing the accounts referred by the Consulting Group after receiving inquiries from law enforcement about the accounts.[17] Even then, Kingdom Trust apparently made no effort to file SARs based on the customers or activity.[18]

What Makes This Civil Money Penalty Unique

Although this is a novel enforcement action in that it is FinCEN’s first action against a trust company, other characteristics of this enforcement action make it significant. Each of these characteristics brings about important considerations for trust companies and firms that rely upon them to provide financial services.

Violations Were Not Related to Typical Trust Activity

Throughout the Relevant Time Period, Kingdom Trust maintained correspondent bank accounts at other financial institutions for the benefit of its customers.[19] Trust companies typically only hold assets for their customers and do not offer their customers correspondent banking services.

Compliance Considerations: To promote compliance with the BSA, a trust company should maintain a BSA compliance program that is commensurate with its risk profile. This would include proper due diligence of customers (and custodied assets) and a customer risk rating methodology that is applied at the time of onboarding and subject to periodic refresh to appropriately identify high-risk customers warranting tighter controls. Trust companies should also have processes to identify and investigate customer activity that deviates from expectations and raises red flags.

FinCEN Examination is Uncommon

State-licensed trust companies which do not accept deposits (or Federal Deposit Insurance Corporation deposit insurance), such as Kington Trust, which offered the payment services vis-à-vis its own accounts at other financial institutions,[20] are typically not subject to supervision and examination by federal authorities such as FinCEN. While FinCEN has authority for enforcement of BSA across financial institutions in the U.S., the bureau typically relies on federal or state bank regulators to identify and sanction breaches of the law. This case is obviously the exception, likely prompted by investigations initiated by the Department of Justice and/or the Federal Bureau of Investigation. Therefore, while this is the first enforcement action by FinCEN against a trust company, it is not necessarily emblematic of any rise in risk related to typical trust services; instead, this case is a notable instance of a financial institution conducting high-risk business without regard for their responsibility to identify and report potential financial crimes.

Compliance Considerations: To establish confidence with U.S. regulators, U.S. trust companies and analogous financial institutions should maintain BSA compliance programs that are sufficient to manage risks associated with a firm’s business activities by promoting compliance with applicable laws, rules, and regulations. This consideration is particularly important for digital asset companies with trust company affiliates, which could be targeted by FinCEN, given the increasing federal regulatory scrutiny of non-bank financial companies involved in digital assets. It is possible that although FinCEN examination is uncommon, that current leadership at the U.S. Department of the Treasury, and more specifically, FinCEN, begin to increasingly scrutinize BSA/AML programs at state-chartered trust companies, particularly if those trust companies are involved in digital assets or another financial activity being scrutinized by regulators.

Put Patomak’s Expertise to Work

Patomak has deep experience in helping banks and other financial institutions identify and manage compliance risks and respond to developments in banking regulation and supervision. Patomak can work with boards and management to proactively assess their governance and internal risk and control functions to ensure they exceed supervisory expectations and support their business objectives. Contact us to learn how Patomak can help you navigate these challenges and help you meet your business goals.

Links

FinCEN News Release: FinCEN Assesses $1.5 Million Civil Money Penalty Against Kingdom Trust Company for Violations of the Bank Secrecy Act (April 26, 2023)

FinCEN Consent Order: Consent Order Imposing Civil Money Penalty

[1] FinCEN Assesses $1.5 Million Civil Money Penalty Against Kingdom Trust Company for Violations of the Bank Secrecy Act, FinCEN.gov (Apr. 26, 2023), https://www.fincen.gov/news/news-releases/fincen-assesses-15-million-civil-money-penalty-against-kingdom-trust-company (hereinafter the “Kingdom Trust FinCEN Announcement”).

[2] Id.

[3] FinCEN – CONSENT ORDER IMPOSING CIVIL MONEY PENALTY 3 (Apr. 26, 2023), https://www.fincen.gov/sites/default/files/shared/FinCEN_KTC_Consent%20Order_FINAL_508_042523.pdf (hereinafter the “Consent Order”).

[4] Id. at 5, 10-12.

[5] Kingdom Trust FinCEN Announcement, supra note 1.

[6] Consent Order, supra note 3, at 7-8.

[7] Id. at 8, 10-12.

[8] Id. at 9.

[9] Id. at 4.

[10] Id. at 6.

[11] Id. at 18.

[12] Id. at 5.

[13] Id.

[14] Id.

[15] Id.

[16] Id.

[17] Id. at 10.

[18] Id.

[19] Id. at 9.

[20] Id. at 8.