The Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has proposed a rule to counter money laundering and the financing of terrorism that would add significant compliance requirements for financial institutions if adopted.
The proposed rule would require covered institutions to maintain “effective, risk-based” anti-money laundering and countering the financing of terrorism (AML/CFT) programs. The proposal is part of FinCEN’s broader initiative to strengthen, modernize and improve the AML/CFT regime, as required by the Anti-Money Laundering Act of 2020.
Federal bank supervisory agencies also proposed rules to align their respective Bank Secrecy Act (BSA) compliance program requirements for banks and credit unions with FinCEN’s proposed rule. Those regulators include the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation and the National Credit Union Administration. Following the proposals, FinCEN and the agencies issued an interagency statement.
Who Would the Rule Affect?
The proposed rule would cover financial institutions that are subject to an AML compliance program regulation. That includes banks, casinos and card clubs (casinos), money services businesses, brokers or dealers in securities (broker-dealers), mutual funds, insurance companies, futures commission merchants and introducing brokers in commodities, operators of credit card systems, loan or finance companies, housing government sponsored enterprises and dealers in precious metals, precious stones, or jewels.
Substantial Changes and Key Takeaways
-
The proposal would create an explicit uniform requirement for financial institutions to establish, implement, and maintain effective, risk-based, and reasonably designed AML/CFT programs.
- Current rules already require most financial institutions to maintain an AML/CFT program reasonably designed to comply with the BSA.
- The proposed rule, in an attempt to achieve standardization and uniformity, would add an effectiveness standard. It would uniformly require the maintenance of an effective, risk-based and reasonably designed AML/CFT program for financial institutions.
- Whether adding an effectiveness standard will materially raise the bar for financial institutions to maintain a compliant program will likely depend in significant part on how examiners view any new requirement.
-
A mandatory risk assessment process would serve as the basis for AML/CFT programs.
The proposed rule would add a new, or at least explicit, requirement for financial institutions to incorporate a risk assessment into their AML/CTF programs. The risk assessment process would be based on:
- AML/CFT Priorities, which FinCEN issues at least every four years.
-
The money laundering and terrorist financing risk profile of the financial institution, considering its business activities, distribution channels, customers, intermediaries and geographic locations.
- The term “intermediaries” is designed to capture a variety of risk-relevant relationships outside of customers, including other financial institutions that serve as payment intermediaries as well as service providers, vendors and other third parties that facilitate financial transactions, services, and customer-facing activities.
- A review of suspicious activity reports, currency transaction reports and other reports filed by financial institutions pursuant to FinCEN regulations for threat patterns and, presumably, other information that these reports reveal about the volume or nature of potential money laundering or terrorist financing activity detected at the financial institution.
FinCEN expects the risk assessment to be based on current, accurate and complete information and a documented methodology. FinCEN also expects the risk assessment to be subject to oversight and governance. According to FinCEN, if a financial institution’s risk assessment process meets these criteria, this would support the conclusion that its AML/CTF program is effective, risk based, and reasonably designed.
-
AML/CFT programs would have to be administered by persons in the United States.
- The proposed rule would implement a requirement of the AML Act that the duty to establish, maintain and enforce a financial institution’s AML/CFT program must rest with persons in the United States who are accessible to and subject to oversight and supervision by FinCEN and the financial institution’s federal functional regulator.
- FinCEN has solicited comment on many aspects of this requirement, including how to define “persons in the United States,” and how this requirement would impact financial institutions’ non-U.S. operations, presumably in recognition that many global financial institutions use shared services outside the United States to help meet their compliance obligations.
- The proposed rule would also require an institution to document its AML/CFT program and make that documentation available to FinCEN.
-
An institution’s AML/CFT program would be subject to board approval and oversight.
-
Encouraging Innovative Approaches.
- The interagency statement notes that the AML Act encourages technological innovation and that FinCEN and the agencies have long recognized that responsible innovation may enhance the effectiveness and efficiency of financial institutions’ AML/CFT programs.
- In support of these goals, the proposed rule would permit a financial institution’s AML/CFT program to “include consideration and evaluation of innovative approaches” to meet BSA compliance obligations.
Anticipated Impact
- The proposed new requirement for a risk assessment is likely to result in additional spending on compliance efforts for some financial institutions. It also may require additional spending to align internal controls to an expanded risk assessment. Unless other initiatives required by the AML Act, such as FinCEN’s review of recordkeeping and reporting requirements, result in a rollback of other requirements, the overall AML/CTF compliance burden on financial institutions appears likely to increase.
- The higher “effectiveness” standard to evaluate AML/CTF programs may increase enforcement risk and regulatory uncertainty, particularly if FinCEN does not provide clear guidance on its expectations for the assessment of effectiveness, the application of resources to high-risk areas and corresponding reduction of resources applied to low-risk areas.
- FinCEN anticipates that enhanced flexibility in evaluating money laundering and terrorist financing risks will allow financial institutions to extend financial services to individuals and companies historically subject to barriers in accessing financial services. An increase in compliance spending, however, could result in diminished access to financial services by underserved communities as financial institutions further de-risk.
What’s Next?
The interagency statement described the proposed rule as a “critical foundation” for a multi-step, muti-year process to implement the AML Act and modernize the AML/CFT regime. These future steps will determine how FinCEN and other regulators will balance the AML Act’s competing priorities of promoting innovation and efficiency with improving law enforcement and national security objectives, and further safeguarding the financial system from illicit activity.
FinCEN is accepting written comments on its proposed rule until September 3, 2024.