Eighth Blog Post in an Extended Series on Legislative Changes to the BSA/AML Regulatory Regime
As we have blogged, the Anti-Money Laundering Act of 2020 (“AMLA”) contains major changes to the Bank Secrecy Act (“BSA”), coupled with other changes relating to money laundering, anti-money laundering (“AML”), counter-terrorism financing (“CTF”) and protecting the U.S. financial system against illicit foreign actors. In this post, we review several provisions of the AMLA section entitled “Modernizing the Anti-Money Laundering and Countering the Financing of Terrorism System.” These provisions signal potentially significant changes in the BSA reporting regime for suspicious activity and currency transactions – albeit in the future, after the performance of studies and reports which Congress has required regarding the effectiveness of Suspicious Activity Report (“SAR”) and Currency Transaction Report (“CTR”) filings.
These provisions of the AMLA require the Treasury Secretary to acquire a fuller picture of the reporting regime as it currently functions in regards to SAR and CTR filings. We repeatedly have blogged about the ongoing debate regarding the utility of SARs and other BSA reports versus the onus the system places on financial institutions (see, for example, here, here, here and here). The AMLA now creates the opportunity for the government to respond to that debate with a data-driven approach. The theme of these AMLA provisions is feedback – both internal and external – regarding how (and whether) SARs work. Notably, they also address the issue of whether the monetary filing thresholds for SARs (generally, $5,000) and CTRs ($10,000) should be increased.
Annual Reporting on SARs
The AMLA imposes an annual reporting requirement on the Department of Justice regarding its use of data from SARs. The Attorney General is now required to provide an annual report to the Treasury Secretary containing information on the “use of data derived from financial institutions reporting under the Bank Secrecy Act.” The contours of this report are carefully delineated by the Act. The report must include:
- The frequency with which the reported data leads to either (A) law enforcement or (B) intelligence (i.e. national security) actions;
- Calculations of how long it took between the report and (A) a subpoena or warrant or (B) some other action;
- Analyses of the transactions in the data, including the types of account holders and any discernible trends in “cross-border transactions to certain countries”;
- The number of account holder individuals and entities involved;
- Information on the extent to which the reported data led to specific benchmark outcomes (arrests, indictments, convictions, pleas, forfeitures, or actions by intelligence or national security services); and
- Other information on investigations carried out at the state and federal levels stemming from the reported data.
The Act further requires that the annual report include “a description of retrospective trends and emerging patterns and threats in money laundering and the financing of terrorism, including national and regional trends, patterns, and threats.” Additionally, it mandates that every five years the report must also contain a section reviewing the previous half-decade and “includ[ing] a description of long-term trends and the use of long-term statistics, metrics, and other information.”
The aim of this report, as specified by the statute, is threefold:
- “to help assess the usefulness” of SARs and CTRs to (A) law enforcement, (B) the national security establishment, and (C) federal regulators;
- “to enhance feedback and communications” with reporting institutions; and
- “to assist FinCEN in considering revisions to the reporting requirements”.
Having broached the topic of revision, the AMLA then expands upon it in the following section, which adds to 31 U.S.C. Section 5318(g), a subsection (5) entitled “Considerations in imposing reporting requirements”. Three items in this section are worthy of note.
First, it emphasizes that SAR reporting requirements cannot exist in a vacuum; they must reflect consideration of national priorities and fuller purpose of the BSA. We have blogged in more detail here on how AMLA has expanded the stated purpose of the BSA and required public national AML priorities to be established.
Second, it requires the Treasury Secretary to do a cost/benefit analysis of “the means by or form in which” SARs are submitted, considering the “burdens imposed” on reporters, the “efficiency of the means or form,” and the “benefits derived” by federal law enforcement and the intelligence community in their AML and anti-terrorism efforts.
Building on this section, the AMLA requires FinCEN to establish “streamlined, including automated, processes to, as appropriate, permit the filing of noncomplex categories of reports” that reduce the earlier-referenced burdens on reporters without “diminish[ing] the usefulness of the reporting” to law enforcement and government intelligence. While the term is not mentioned in the body of the statute, subsection (D) is titled “Streamlined data and real-time reporting”. This caption conjures the image of a type of “automated process . . . (for) noncomplex categories of reports” in which a trigger event (e.g. a transaction over a certain threshold amount) would generate a contemporaneous report directly to FinCEN, rather than to the financial institution’s internal AML regime. This has the potential to both reduce the possibility of human error (and consequent liability) in financial institution AML programs, and to free up those programs to do more in-depth KYC analysis (a potential future which we allude to again below.)
Feedback from Industry and Law Enforcement
The AMLA also approaches refinement of the SAR process from a different angle – improving the quality of reporting by providing more information about the SAR process to reporting institutions. The law requires FinCEN to meet with designated individuals from “financial institutions representing a cross-section of the reporting industry” in order to “solicit feedback.” These “feedback” sessions consist of a review of the SARs those financial institutions filed and a discussion of the suspicious activity trends FinCEN is observing. It further requires FinCEN to then provide any information gleaned from these feedback sessions regarding a specific institution to the appropriate federal regulator or state supervisor during that institution’s regularly scheduled examination. Perhaps most significantly, it requires that FinCEN provide disclosures to financial institutions (albeit in summary form) regarding SARs filed that assisted law enforcement, which must include information from DOJ regarding its use of the institution’s SAR data and any suspicious activity trends the Department has noticed. (This clause is accompanied by a massive loophole, though, as it explicitly exempts FinCEN from disclosing any information “that relates to an ongoing or closed investigation or implicates” national security.)
The Act also instructs FinCEN to publish semiannually “threat pattern and trend information”, including “data that can be adapted in algorithms”, in a further effort to emphasize the benefit of information sharing between law enforcement and reporting institutions – not the content of individual SARs, but information about those reports – the “SAR metadata”, as it were. This section is also clearly drafted with an eye toward encouraging financial institutions to develop and hone their own automated screening processes that could one day integrate with a real-time FinCEN reporting system.
The emphasis in the AMLA on sharing the aforementioned “SAR metadata” extends further still. Via an amendment to 31 U.S.C. 5318(g), the AMLA directs the Treasury Secretary to set up, within the next year, a three-year pilot program which would permit financial institutions to share information regarding SARs (including the fact that one has been filed) with their foreign branches and affiliates, with the stated aim of “combating illicit finance risks.” This pilot program will not be global: it must exclude foreign branches or affiliates operating in mainland China, Russia, any other countries whose governments are considered state sponsors of terrorism or are subject to U.S. sanctions, and other locations where the Treasury Secretary determines SAR-related information cannot be protected adequately. The Treasury Secretary is authorized, however, to make “case-by-case” exceptions for financial institutions in China or Russia if she determines that such an exception is in the interest of national security and so informs the appropriate Congressional committees. (Please see our post here for a more in-depth view of the information sharing aspects of the AMLA.)
Wading into the Filing Threshold Debate – Though Perhaps Not Too Deeply
Perhaps the most notable potential changes on the horizon are to the thresholds for SARs and CTRs. The AMLA requires the Treasury Secretary (in consultation with, inter alia, the Attorney General and the Secretary of Homeland Security) to “undertake a formal review of reporting requirements . . . and propose changes to reduce any unnecessarily burdensome regulatory requirements.” Significantly, this review specifically includes an analysis of “whether different thresholds should apply to different categories of activities[.]” As a reminder, those thresholds currently stand at $5,000 for SARs not involving an insider, and $10,000 for CTRs.
And just in case the Secretary didn’t get the message, the AMLA goes on to explicitly require her to “review and determine whether the dollar thresholds, including aggregate thresholds, under sections 5313, 5318(g), and 5331 of title 31, United States Code, including regulations issued under those sections, should be adjusted.” Such determinations require that she “rely substantially” on information from FinCEN’s BSA Data Value Analysis Project and the Comptroller General’s Currency Transaction Report analyses. She is also required to consider: the effects an adjustment of thresholds would have on law enforcement and the intelligence community; costs “likely to be incurred or saved” by reporting institutions; whether an adjustment would bring the United States into closer alignment with international AML and anti-terrorism standards; and whether CTR thresholds specifically should be keyed to inflation or some other factor consistent with the BSA’s purposes. This is to be a one-year review process culminating in a published report and proposed rulemakings, with a re-evaluation at least every five years.
In the same vein, though with a less aggressive timeline (i.e. by January 1, 2025), the AMLA directs the Comptroller General to conduct a study of CTRs, including a review of “the effectiveness of the currency transaction reporting regime”, an analysis of the value of CTRs to law enforcement, and an analysis of the effects of raising the CTR threshold. The CG must submit to Congress and the Treasury Secretary a report containing its findings and recommendations for improving the CTR regime by no later than the end of 2025.
We have blogged before about the debate over the filing thresholds, which have not been revised since their implementation in 1970 (for CTRs) and 1996 (for SARs) despite inflation and other factors. Raising the thresholds would be an industry-friendly adjustment, as it would alleviate to a degree the burden on AML programs at financial institutions, creating the potential for more thorough KYC processes and SARs. Retaining the current levels would be preferable for law enforcement, as it allows them to hoover up a vast amount of transaction data, which only becomes more valuable as investigators increasingly use artificial intelligence to discern patterns in financial activity records. It obviously remains to be seen whether anything will come of this, or whether these studies are a way to kick the reform debate down the road for a few more years.
Finally, the Act calls for a general housekeeping review of all regulations related to the BSA, including solicitation of public comment and culminating in a report to Congress to be submitted next year. While this may seem redundant given the focused reviews the AMLA has already mandated, the public comment provision gives other stakeholders in the field – including industry groups, academics, and even lawyers – an opportunity to weigh in on the intricacies and efficacy of the BSA, fifty-odd years into its existence.