Prudential Regulators Propose Rules Amending Anti-Money Laundering Requirements: Is Your Financial Institution Ready?

On July 14, the Financial Crimes Enforcement Network (FinCEN) joined the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively, the “Agencies”) in issuing an interagency statement concerning the notice of proposed rulemaking (NPRM) that would amend anti-money laundering/countering the financing of terrorism (AML/CFT) program requirements for all financial institutions subject to the Bank Secrecy Act (BSA) with AML/CFT program obligations. While FinCEN and the Agencies acknowledge that banks already have BSA compliance programs, the proposed NPRM would amend existing requirements. The proposed amendments are based on changes to the Bank Secrecy Act as enacted by the Anti-Money Laundering Act of 2020 (the “AML Act”) and focused on the Treasury’s objective of building a more effective and risk-based AML/CFT regulatory and supervisory program, as well as encouraging technological innovation to counter money laundering and the financing of terrorism.

Key Proposed Changes

a. Purpose Statement

The AML/CFT Program NPRM includes a new purpose statement for AML/CFT program requirements. The new statement is to ensure that a financial institution implements an effective, risk-based, and reasonably designed AML/CFT program to identify, manage, and mitigate illicit finance activity risks that: (i) complies with the BSA and the requirements and prohibitions of its implementing regulations; (ii) focuses attention and resources in a manner consistent with the risk profile of the financial institution; (iii) includes consideration and evaluation of innovative approaches to meet its AML/CFT compliance obligations; (iv) provides highly useful reports or records to relevant government authorities; (v) protects the financial system of the United States from criminal abuse; and (vi) safeguards the national security of the United States, including by preventing the flow of illicit funds in the financial system.

b. Effectiveness Requirement

Existing AML/CFT programs were only required to be “reasonably designed.” FinCEN and the Agencies have acknowledged that many AML/CFT programs met that standard. Now, the NPRM  proposes to add heightened expectations of “effectiveness,” along with a “risk-based” standard, which will result in an inquiry into the quality of an AML/CFT program. AML/CFT programs will need to be tailored to their own unique profile for that financial institution to identify, mitigate, and manage higher-risk threats.

c. Risk Assessment Process

The NPRM would require financial institutions to establish a risk assessment process to provide the basis for the AML/CFT program. In particular, the proposed rule would require a financial institution’s risk assessment process to identify, evaluate, and document the financial institution’s money laundering, terrorist financing, and other illicit finance activity (“ML/TF”) risks, including consideration of: (1) the AML/CFT Priorities issued by FinCEN, as appropriate; (2) the ML/TF risks of the financial institution based on the financial institution’s business activities, including products, services, distribution channels, customers, intermediaries, and geographic locations; and (3) the reports filed by the financial institution pursuant to 31 CFR chapter X. Additionally, the proposed rule would require financial institutions to periodically update their risk assessments using the process proposed in the NPRM, including, at a minimum, when there are material changes to a financial institution’s ML/TF risks.

d. Innovation in BSA Compliance

In an effort to encourage technological innovation, the proposed rule includes a provision that a financial institution’s internal policies, procedures, and controls may provide for a financial institution’s consideration, evaluation, and, as warranted by the institution’s risk profile and AML/CFT program, implementation of innovative approaches to meet BSA compliance obligations.

e. Domestic Presence

The NPRM would require financial institutions to have a presence in the United States, specifying that the duty to establish, maintain, and enforce the AML/CFT program must remain the responsibility of, and be performed by, persons in the United States who are accessible to, and subject to oversight and supervision by, FinCEN and the appropriate Federal functional regulator.

f. Customer Due Diligence (CDD)

The proposed rule would add CDD as a required component of the AML/CFT program in order to align with existing CDD requirements under FinCEN’s AML program.

Conclusion

The NPRM marks the first significant step in implementing the AML Act and updating the existing AML/CFT framework. Such will require financial institutions to assess their AML/CFT programs, or if applicable, adopt one that prioritizes risk-assessment and technological innovation. The NPRM has a 60-day comment period ending on Sept. 3. With the U.S. Supreme Court’s recent decision to overturn Chevron deference, courts now have the authority to interpret statutes without deferring to agency opinion.

For instance, the NPRM includes an extensive and detailed section on estimated costs and compliance burdens. At a high level, it appears that FinCEN is significantly underestimating the potential costs of the proposed action. Given the end of Chevron, FinCEN’s responses to the numerous comments it is expected to receive will be crucial. A key area for comment is the estimated cost burdens, especially since financial institutions (FIs) may argue that compliance costs, particularly those involving technology are not within the scope of the organization.

Similarly, the proposed “U.S. presence” requirements present heightened unintended consequences. While many financial institutions outsource or operate all or part of their AML/CFT operations from outside the U.S., this proposed rule could cause significant disruption to their existing practices. Therefore, it is crucial that financial institutions confirm this rule only applies to persons responsible for the AML/CFT program, as opposed to all persons who carry out any duties relating to the compliance of the AML/CFT. Assuming that FinCEN and the Agencies appropriately address these concerns, the new rules proposed will ultimately protect the interests of consumers and financial institutions alike. Financial institutions should reach out to their legal counsel to prepare for this new rule and ensure they are in the best position to roll out new programs that align with regulatory expectations.

Clark Hill’s Financial Services Regulatory & Compliance group is a national leader in the field of financial services law. We help clients navigate this rapidly evolving regulatory environment. Our exceptional team of lawyers and government and regulatory advisors has extensive experience and knowledge of the laws and regulations governing financial products and services. We can assist clients in developing and implementing compliance programs. For more information, please contact Joann Needleman, jneedleman@clarkhill.com .

This publication is intended for general informational purposes only and does not constitute legal advice or a solicitation to provide legal services. The information in this publication is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this information without seeking professional legal counsel. The views and opinions expressed herein represent those of the individual author only and are not necessarily the views of Clark Hill PLC. Although we attempt to ensure that postings on our website are complete, accurate, and up to date, we assume no responsibility for their completeness, accuracy, or timeliness.