Mark Taylor
Senior Editorial Manager
US regulators are proposing an update to money laundering regulations that experts say will “add significant compliance requirements for financial institutions” if adopted.
This article breaks down the new obligations and what they mean for covered entities.
Which regulators are involved and what are they proposing?
The Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has drafted a new anti-money laundering and counter-terrorism financing (AML/CTF) rule that would require regulated entities to maintain an “effective, risk-based” approach.
It is part of a broader initiative to bolster, modernise and improve the US AML/CFT regime, as required by the Anti-Money Laundering Act of 2020.
Federal bank supervisory agencies have also floated rules to synchronise their respective Bank Secrecy Act (BSA) compliance program requirements for banks and credit unions with FinCEN’s proposals.
The Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation and the National Credit Union Administration all greenlit the update.
Following the proposals, an interagency statement was issued.
Who is impacted by FinCEN’s new AML rule?
Financial institutions that are currently subject to an AML compliance program regulation will be covered.
Banks, money services businesses, broker-dealers, mutual funds, insurance companies, and futures commission merchants will all have to make changes to their compliance management systems.
Also expected to take action for the first time are brokers in commodities, credit card systems operators, loan and financing businesses, amongst other entities.
Inside businesses, one of the biggest changes concerns the location of senior compliance executives.
Firms who outsource or otherwise operate all or part of their AML operations from outside the US must bring oversight of the program in house; it must be performed by persons in the US who are accessible to, and subject to FinCEN oversight and supervision.
Whether aspects of this provision require only that the persons responsible for the AML/CFT program be based in the US, and not that all persons who carry out any duties relating to AML/CFT program compliance must be based in the United States, is not clear.
“A broad interpretation of this provision could cause a significant disruption to many financial institutions’ current practices with respect to global AML/CFT programs,” said Tyler Emory, financial services lawyer at Cooley.
What aspects of compliance does the rule change?
Regulators want to create an explicit uniform requirement for financial institutions to establish, implement, and maintain “effective, risk-based, and reasonably designed” AML/CFT programs.
In short, they want to iron out inconsistencies in the sector-wide approach to stamping out illicit flows of dirty money, adding a level of standardisation and consistency to compliance across the financial ecosystem.
“Current rules already require most financial institutions to maintain an AML/CFT program reasonably designed to comply with the Bank Secrecy Act (BSA),” said Magda Gathani, financial services expert at Orrick, Herrington & Sutcliffe LLP. “The proposed rule, in an attempt to achieve standardisation and uniformity, would add an effectiveness standard. It would uniformly require the maintenance of an effective, risk-based and reasonably designed AML/CFT program for financial institutions.”
She said it may “materially raise the bar for financial institutions to maintain a compliant program” should examiners find weaknesses in existing programs.
“The biggest change is that financial institutions must now have programs that are ‘effective’ in addition to being risk-based and reasonably designed,” said Michael Leotta, partner at WilmerHale. “This new emphasis on prevention, rather than mere detection and reporting of suspicious activity, could raise supervision and enforcement agencies’ expectations for private industry participants.”
How are AML risk assessments evolving?
The proposals would “add a new, or at least explicit, requirement” for financial institutions to incorporate a risk assessment into their AML/CTF programs, Gathani said.
The risk assessment process would be based on current, accurate and complete information and require a documented methodology, and under the new rule, be subject to further oversight and governance than currently required.
How firms review suspicious activity reports, currency transaction reports and other reports filed to regulators on threats will gain focus in the risk assessment. Regulators will look closer at the information within the reports regarding the volume or nature of potential money laundering or terrorist financing activity detected, lawyers said.
Another aspect of the proposals is ensuring boards and other senior stakeholders have oversight and approval of an institution’s AML/CTF program.
Extra oversight measures, such as governance mechanisms, escalation and reporting lines, may also be added to ensure that boards understand the effectiveness of the program operates as effective, risk-based and reasonably designed.
“The current rules regarding board approval and oversight vary depending on the type of financial institution and lack specificity on oversight requirements,” said Gathani.
“The proposed new requirement for a risk assessment is likely to result in additional spending on compliance efforts for some financial institutions,” she said. “It also may require additional spending to align internal controls to an expanded risk assessment.”
Unless other initiatives under FinCEN’s review of recordkeeping and reporting requirements result in a rollback of other requirements, she said, “the overall AML/CTF compliance burden on financial institutions appears likely to increase”.
Key takeaways for financial institutions
The proposed rule has been billed as a “critical foundation” for a multi-step, multi-year process to implement the AML Act and modernise the AML/CFT regime.
“These future steps will determine how FinCEN and other regulators will balance the AML Act’s competing priorities of promoting innovation and efficiency with improving law enforcement and national security objectives, and further safeguarding the financial system from illicit activity,” said Gathani.
The heightened risk standards focus is putting increased regulatory pressure on financial institutions in the management of financial crime risks, said Amy Matsuo, KPMG compliance expert. Firms should expect continued supervisory intensity, and enforcement activity in these areas, she said.
Continuously assessing risk, implementing risk-based compliance programs, maintaining, and increasing needed talent and skillsets, tooling and automation, and investments including in such areas as AML/CFT programs, fraud, and SAR identification/filing are a must, Matsuo added.
CUBE Comment
FinCEN has made no secret of its intent to improve, enhance and modernise AML regulations, and the recent proposals are a sweeping set of changes that impact one of the largest cohorts of regulated entities in rulemaking history.
What is being proposed touches on every aspect of AML compliance, from the operation of the function itself to the individuals within the team.
Moreover, the interagency guidance notes that both FinCEN and the Agencies will “continue to explore various regulatory processes to encourage and facilitate … use of technology or innovative approaches to meet BSA compliance obligations”.
Regulators are increasingly keen for firms to use advanced technology to manage the regulatory change process; Automated Regulatory Intelligence (ARI) can significantly enhance compliance systems and controls, reducing risk and helping the function gain efficiencies.
Additionally, leveraging intelligent tools helps ensure timely and consistent adherence to evolving regulatory requirements, fostering a more stable financial system.
Talk to CUBE today to learn more about how ARI can help your business meet the broadening expectations of FinCEN and other regulators.
