FinCEN Proposes Rule To Strengthen US Anti-Money Laundering and Countering the Financing of Terrorism Programs | Insights

The Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has proposed a rule (the Proposed Rule) to implement certain aspects of the Anti-Money Laundering Act of 2020 (the AML Act), which updated the Bank Secrecy Act (BSA) to strengthen and modernize the U.S. anti-money laundering and countering the financing of terrorism (AML/CFT) regime by focusing regulatory scrutiny on the most significant national security and illicit financing threats.

FinCEN’s stated goals in issuing the June 28, 2024, Proposed Rule are to:

Reinforce the risk-based approach FinCEN already expects of AML/CFT programs.
Make these programs more dynamic and responsive to evolving risks.
Render them more effective in achieving the purposes of the BSA.
Refocus them toward a more risk-based, innovative and outcomes-oriented approach, as opposed to mere “technical compliance” with BSA requirements.

The Proposed Rule thus includes an express requirement that regulated financial institutions (FIs) maintain an AML/CFT compliance program that is “effective, risk-based, and reasonably designed” to help FIs focus resources and attention in a manner consistent with their risk profiles. (See sidebar below.)

The Proposed Rule also aims to harmonize AML/CFT program requirements across all types of FIs, including:

Banks (regardless of whether the bank is supervised by a federal functional regulator).
Broker-dealers regulated by the Securities and Exchange Commission (SEC).
Futures commission merchants.
Introducing brokers in commodities regulated by the Commodity Futures Trading Commission (CFTC).
Money services businesses.¹

FinCEN acknowledges that certain of the requirements that the Proposed Rule would codify are already well-established expectations — for instance, that certain FIs will maintain risk-based policies and undertake periodic risk assessments — and that it is seeking to standardize these requirements across FIs, where appropriate.

Accordingly, while the impact of the Proposed Rule changes could vary depending on the type of institution and the nature and sophistication of its existing AML/CFT compliance program, we do not expect the Proposed Rule, if it becomes final, to impose significantly new or onerous obligations on regulated FIs.

Written comments on the Proposed Rule are due by September 3, 2024.

Key Elements of the Proposed Rule

1. The Proposed Rule would require all FIs to conduct periodic risk assessments that consider several factors to measure AML/CFT risks, including the AML/CFT National Priorities.

FinCEN and other U.S. banking and financial industry regulators have long expected most FIs to undertake periodic AML/CFT risk assessments. The Proposed Rule would codify and standardize this expectation. It details three factors that FIs would need to consider when assessing their AML/CFT risk profiles:

The current AML/CFT National Priorities (first issued by FinCEN on June 30, 2021).
The FI’s business activities, including products, services, distribution channels, customers, intermediaries and geographic locations.
Reports filed pursuant to the Code of Federal Regulations (31 CFR Chapter X), such as suspicious activity reports, and currency transaction reports and reports of cash receipts (IRS Form 8300).

The Proposed Rule would not mandate a particular frequency with which organizations must conduct AML/CFT risk assessments. Rather, it would require that they be updated frequently enough “to ensure the risk assessment process accurately reflects” the AML/CFT risks that the organization’s business presents.

However, the Proposed Rule would require that FIs at a minimum update their risk assessments following “material changes” to the organization’s risk profile. Many FIs already update their existing risk assessments following material changes to their risk profiles, but now such updating would be mandatory.

2. The Proposed Rule would require all FIs to designate a qualified AML/CFT officer, conduct independent testing and provide ongoing employee training.

While most FIs are currently expected to designate an AML compliance officer, the Proposed Rule would require FIs to designate at least one qualified individual with responsibility for coordinating and monitoring day-to-day compliance with BSA and FinCEN regulations.

A qualified AML/CFT officer would need to have the expertise and experience to adequately perform the duties of the position, including having sufficient knowledge and understanding of the FI’s risk profile, as informed by its risk assessment; AML/CFT laws and regulations; and how those laws and regulations apply to the FI and its activities.

The Proposed Rule would also codify and broaden requirements around testing and training by requiring FIs to implement periodic testing of the AML/CFT program by an independent internal or external party, and institute an ongoing employee training program (the focus and frequency of which would be informed by the organization’s risk assessment).

3. The Proposed Rule would expand requirements related to the establishment and oversight of an FI’s AML/CFT program.

The Proposed Rule would also require, consistent with the AML Act, that an FI’s AML/CFT program be established, maintained and enforced by persons in the United States who are accessible to, and subject to oversight and supervision by, the secretary of the Treasury and the appropriate federal functional regulator.

FinCEN acknowledges that FIs may have AML/CFT staff and operations outside of the United States, or contract out or delegate parts of their AML/CFT operations to third-party providers outside of the United States, and therefore has requested that FIs weigh in on the impact of this requirement.

FIs would need to ensure that the AML/CFT program is approved by, and is subject to oversight of, the FI’s board of directors or equivalent body. This is a new requirement for certain FIs, such as money service businesses and casinos, and would require, for instance, governance mechanisms and escalation and reporting lines.

4. The Proposed Rule would eliminate the distinction between AML/CFT requirements that relate to banks that have a federal functional regulator and those that do not.

FinCEN regulations previously distinguished between banks that have a federal functional regulator (e.g., the Federal Reserve, the Office of the Comptroller of the Currency or the Federal Deposit Insurance Corporation) and those that do not (e.g., private banks, non-federally insured credit unions and certain trust companies).

FinCEN is proposing eliminating the distinction between these types of banks to streamline and make more consistent the requirements among banking institutions. However, the substantive requirements applicable to both types of institutions would not materially change.

The Proposed Rule would update FinCEN regulations to include the following statement as to the purpose of the AML/CFT program requirement: “The purposes of this section is to ensure that a financial institution implements an effective, risk-based, and reasonably designed AML/CFT program to identify, manage, and mitigate illicit finance activity risks that: complies with the BSA and the requirements and prohibitions of FinCEN’s implementing regulations; focuses attention and resources in a manner consistent with the risk profile of the financial institution; may include consideration and evaluation of innovative approaches to meet its AML/CFT compliance obligations; provides highly useful reports or records to relevant government authorities; protects the financial system of the United States from criminal abuse; and safeguards the national security of the United States, including by preventing the flow of illicit funds in the financial system.” 31 §CFR 1010.210 (a) (as proposed).

The Proposed Rule would update FinCEN regulations to include the following statement as to the purpose of the AML/CFT program requirement:

“The purposes of this section is to ensure that a financial institution implements an effective, risk-based, and reasonably designed AML/CFT program to identify, manage, and mitigate illicit finance activity risks that: complies with the BSA and the requirements and prohibitions of FinCEN’s implementing regulations; focuses attention and resources in a manner consistent with the risk profile of the financial institution; may include consideration and evaluation of innovative approaches to meet its AML/CFT compliance obligations; provides highly useful reports or records to relevant government authorities; protects the financial system of the United States from criminal abuse; and safeguards the national security of the United States, including by preventing the flow of illicit funds in the financial system.” 31 §CFR 1010.210 (a) (as proposed).

Summer associate Matthew Urfirer contributed to this client alert.

_______________

1 FIs subject to the Proposed Rule are: banks; casinos and card clubs (casinos); money services businesses (MSBs); brokers or dealers in securities (broker-dealers); mutual funds; insurance companies; futures commission merchants and introducing brokers in commodities; dealers in precious metals, precious stones or jewels; operators of credit card systems; loan or finance companies; and housing government-sponsored enterprises.