Revisions to BSA Will Inform Regulatory Examinations for Years to Come
Third Post in an Extended Series on Legislative Changes to BSA/AML Regulatory Regime
As we have blogged, the Anti-Money Laundering Act of 2020 (“AMLA”), contains major changes to the Bank Secrecy Act (“BSA”), coupled with other changes relating to money laundering, anti-money laundering (“AML”), counter-terrorism financing (“CTF”) and protecting the U.S. financial system against illicit foreign actors. In this post, we focus on some fundamental changes set forth in the AMLA’s very first provision, entitled “Establishment of national exam and supervision priorities.”
This new provision sets forth broad language affecting basic principles underlying the BSA and AML/CTF compliance. Specifically, it revises and expands the stated purpose of the BSA; enumerates specific factors for regulators to consider when examining financial institutions’ AML program compliance; requires the Secretary of the Treasury to establish public priorities for AML/CTF policy; and expands the duties and powers (and responsibilities) of the Financial Crime Enforcement Network (“FinCEN”). We discuss each of these changes in turn.
As always, future regulations will determine how these abstract statements of principle will be applied in practice. Ultimately, however, these AMLA amendments acknowledge the reality that AML/CTF compliance has become much more complex and nuanced since the early days of the BSA, and is a critical component of the soundness of the global financial system.
What’s the Point?
Previously, the “declaration of purpose” of the BSA was limited. Outlined in 31 U.S.C. § 5311, it focused on reporting and record keeping, stating that the BSA sought to “require certain reports or records where they have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism.” The AMLA expands considerably that declaration of purpose to set forth a much broader and holistic set of goals that aligns more closely with the current realities of an AML/CTF compliance and enforcement regime that has matured greatly and become more sophisticated over the decades. Now, the purpose of the BSA is to:
(1) Require certain reports or records that are highly useful in—
(A) Criminal, tax, or regulatory investigations, risk assessments, or proceedings; or
(B) Intelligence or counterintelligence activities, including analysis, to protect against terrorism;
(2) Prevent the laundering of money and the financing of terrorism through the establishment by financial institutions of reasonably designed risk-based programs to combat money laundering and the financing of terrorism;
(3) Facilitate the tracking of money that has been sourced through criminal activity or is intended to promote criminal or terrorist activity;
(4) Assess the money laundering, terrorism finance, tax evasion, and fraud risks to financial institutions, products, or services to—
(A) Protect the financial system of the United States from criminal abuse; and
(B) Safeguard the national security of the United States; and
(5) Establish appropriate frameworks for information sharing among financial institutions, their agents and service providers, their regulatory authorities, associations of financial institutions, the Department of the Treasury, and law enforcement authorities to identify, stop, and apprehend money launderers and those who finance terrorists.
These goals makes the issue of information sharing (among financial institutions, and between financial institutions and the government), which has been the subject of BSA/AML reform discussions for years, a priority to be addressed. Further, by referring to “reasonably designed risk-based” AML compliance programs, these goals tie directly to the new factors established by the AMLA for regulators to consider when examining financial institutions, as discussed below.
New Factors for Regulators Supervising and Examining AML Compliance
The AMLA also amends 31 U.S.C. § 5318(h), entitled “Anti-Money Laundering Programs,” to include several factors for regulators to consider when “supervising and examining” compliance with AML program requirements. Section 5318(h)(1) is deceptively simple, and states merely that financial institutions required to have AML programs must do the following, subject to implementing regulations prescribing “minimum standards” for such programs:
(1) In general.—In order to guard against money laundering and the financing of terrorism through financial institutions, each financial institution shall establish anti-money laundering programs and countering the financing of terrorism, including, at a minimum—
(A) the development of internal policies, procedures, and controls;
(B) the designation of a compliance officer;
(C) an ongoing employee training program; and
(D) an independent audit function to test programs.
Over time, these general statutory principles have birthed detailed and complicated standards for financial institutions, their advisors and auditors, regulators, and enforcement personnel regarding the day-to-day execution of these principles in practice. Likewise, they have produced multi-million and multi-billion enforcement actions based on alleged AML/CTF program deficiencies.
The AMLA revises Section 5318(h)(2) to list four specific factors for regulators to consider when examining compliance with the broad principles set forth above.
First, regulators should consider the fact that “[f]inancial institutions are spending private compliance funds for a public and private benefit, including protecting the United States financial system from illicit finance risks.” This addition acknowledges the considerable compliance costs associated with the AML/CFT programs, and the fact that the federal government, through the BSA, has in effect “deputized” financial institutions as the front line defense against money laundering and the financing of terrorism. Financial institutions presumably will stress this factor heavily when responding to notices for comment regarding any future regulations proposed by FinCEN. It will be interesting to see how seriously FinCEN applies this factor, in practice.
The second factor is that a key policy goal for the U.S. is “the extension of financial services to the underbanked and the facilitation of financial transactions, including remittances, coming from the United States and abroad in ways that simultaneously prevent criminal persons from abusing formal or informal financial services networks.” This factor emphasizes the issue of de-risking, which is the practice of limiting certain services or ending relationships with customers to avoid perceived regulatory concerns about facilitating money laundering or other criminal activity. De-risking is a significant ongoing issue in AML-related enforcement. As we have blogged, the U.S. Treasury Department previously attempted to allay the fears driving the phenomenon of de-risking by (i) suggesting that U.S. banks have overreacted to concerns over AML/BSA enforcement by unnecessarily terminating correspondent banking relationships with foreign banks; (ii) noting that these relationships are crucial to the global economy; and (iii) stating that reflexive de-risking could destabilize or disrupt access to U.S. financing, hinder international trade, cross-border business, charitable activities, and make claim remittances harder to effectuate.
The third factor highlights the significance of law enforcement efforts: “Effective anti-money laundering and countering the financing of terrorism programs safeguard national security and generate significant public benefits by preventing the flow of illicit funds in the financial system.” The inclusion of this factor is not surprising, and presumably will be stressed by regulators.
Finally, AML/CFT programs should be “reasonably designed to assure and monitor compliance” and “risk-based, including ensuring that more attention and resources of financial institutions should be directed toward higher-risk customers and activities, consistent with the risk profile of a financial institution, rather than toward lower-risk customers and activities.” This language presumably seeks to provide financial institutions with some flexibility so that they can target compliance resources. However, this goal can be easy to articulate but hard to attain in practice, and financial institutions already seek to implement “risk based” AML programs.
This language strongly resembles verbiage in FinCEN’s September 2020 Advance Notice of Proposed Rulemaking (“ANPRM”), in which FinCEN proposed a potential regulatory amendment that would provide a “clear” definition of “effectiveness” for the purposes of an “effective and reasonably designed” AML program. Likewise, this language strongly resembles verbiage in last year’s updates to the FFIEC BSA/AML Examination Manual, which emphasize that examiners should take a “risk-focused” approach to tailor the review of a regulated institution’s BSA/AML compliance program – meaning that the examination should be tailored to the risk profile of that specific institution. Importantly, the updated Manual reminds examiners that banks have flexibility in the design of their BSA/AML compliance programs, and that minor weaknesses, deficiencies, and technical violations alone do not indicate an inadequate program.
Public AML/CTF Priorities
The AMLA requires the Secretary of the Treasury, in consultation with the Attorney General, the Federal functional regulators, state financial regulators, and national security agencies to create public priorities for AML/CTF policy, to be updated at least every four years. FinCEN has 180 days to promulgate regulations once Treasury establishes the priorities.
The concept of Treasury setting national AML/CTF priorities was raised in the ANPRM, which stated that “FinCEN is considering whether the Director of FinCEN should issue national AML priorities, to be called its ‘Strategic Anti-Money Laundering Priorities,’ every two years (or more frequently as appropriate to inform the public and private sector of new priorities).” Under the ANPRM, these priorities in turn will require financial institutions to “effectively” act on them.
Importantly, the AMLA states that “[t]he review by a financial institution of the priorities . . . and the incorporation of those priorities, as appropriate, into the risk-based programs established by the financial institution to meet [its] obligations . . . and other anti-money laundering and countering the financing of terrorism laws and regulations shall be included as a measure on which a financial institution is supervised and examined for compliance with those obligations.” Simplified, the public priorities will be important because regulators will examine financial institutions in part according to how their AML/CTF compliance program furthers these priorities. Boards of directors of financial institutions should take note, as regulators and examiners regard board members as ultimately responsible for an institution’s AML/CTF compliance.
Simplified, the public priorities will be important because regulators will examine financial institutions in part according to how their AML/CTF compliance program furthers these priorities. Boards of directors of financial institutions should take note, as regulators and examiners regard board members as ultimately responsible for an institution’s AML/CTF compliance.
Additional FinCEN Duties
Finally, the new provision adds five additional subsections to 31 U.S.C. § 310(b)(2), which sets forth the “duties and powers” of the Director of FinCEN. These new subsections relate directly to several issues discussed above: public priorities, information sharing, law enforcement efforts, and technological innovation. Specifically, FinCEN must:
- Promulgate regulations to implement the new AML/CTF public priorities;
- “Communicate regularly” with financial institutions and their federal functional regulators to explain those priorities;
- Give and receive feedback to and from financial institutions and State bank and credit union supervisors regarding BSA compliance;
- Maintain investigative financial experts “capable of identifying, tracking, and analyzing financial crime networks and identifying emerging threats to support Federal civil and criminal investigations;” and
- “Maintain emerging technology experts to encourage the development of and identify emerging technologies that can assist the United States Government or financial institutions in countering money laundering and the financing of terrorism.”