On September 16, 2020, the Financial Crimes Enforcement Network (FinCEN) solicited public comment through an Advance Notice of Proposed Rulemaking (ANPRM) regarding extensive potential changes to its Bank Secrecy Act (BSA) regulations. The result of this ANPRM could have far-reaching consequences for all financial institutions required to have an anti-money laundering (AML) program, and the ANPRM should be read carefully. Among 11 key groups of questions under the ANPRM, notably the ANPRM seeks comments on
- AML program standards
- mandated institutional risk assessments
- effective and streamlined approaches to reporting obligations
- establishing criteria for independent testing
I. AML Program Standards – Alignment of the Effective and Reasonably Designed Standard for Financial Institutions
The ANPRM seeks to clarify the scope and content of the requirement that financial institutions implement an “effective and reasonably designed” AML program, with the stated aim of enhancing the effectiveness and efficiency of AML programs.1 This ANPRM offers industry participants and interested parties a rare opportunity to provide input on a definition of an “effective and reasonably designed” AML program that would make the resource commitment to AML compliance more appropriately tailored to the goals of the BSA. Indeed, the ANPRM seeks comments not only on how best to identify what an effective and reasonably designed AML program should be but also on whether the effective and reasonably designed standard should be applied to all financial institutions or whether standards should differ depending on the financial institutions size and scope of operations.
The ANPRM sets forth the following core elements and objectives under a new regulatory scheme:
- identifies, assesses, and reasonably mitigates the risks resulting from illicit financial activity, in accordance with the institution’s risk profile and the risks communicated by relevant government authorities as national AML priorities (to be issued by FinCEN, consistent with the proposed amendments)
- assures and monitors compliance with BSA’s recordkeeping and reporting requirements
- provides information higher degree of usefulness to government authorities consistent with both the institution’s risk assessment and the national AML priorities
II. Proposed Mandate For Institutional Risk Assessments
While many financial institutions already make risk assessments within their AML programs, the rules have never explicitly required the risk assessment. The ANPRM now proposes to formalize the requirement that covered financial institutions perform a risk assessment to set the baseline for their AML programs.
Under the ANPRM, the institutional risk assessment should include a review both of the individualized risk factors that specific institutions may face based on their business activities, products, services, customers, and geographic locations in which they do business and of a better-articulated formal set of national AML priorities.
In addition, FinCEN is considering what more, if anything, it can do to inform financial institutions of AML priorities as well as identify risks for financial institutions to consider as part of its risk assessments. As a result, the ANPRM seeks comments on a proposal that the director of FinCEN issue a list of national AML priorities, to be called FinCEN’s Strategic AML Priorities, every two years (or more frequently, as appropriate to inform the public and private sector of new priorities) to help inform institutions’ own risk assessments. The ANPRM is careful to caution that the Strategic AML Priorities would not be comprehensive, however, and that the Strategic AML Priorities and other risks may have different importance for different institutions.
Implementation of an AML program would then focus on reasonably managing and mitigating the identified risks. Importantly, the risk assessment could be used to more appropriately tailor the expenditure of resources: “FinCEN understands that institutions may reallocate resources from other lower-priority risks or practices to manage and mitigate higher-priority risks, including any identified as Strategic AML Priorities.”2 However, FinCEN also cautions that “AML resources should not merely be reduced as a result of such regulatory amendments, but rather should, as appropriate, be reallocated to higher priority areas.”3
Given the potential impact to AML program requirements, financial institutions should carefully consider the import of mandated risk assessments and the use of a potential Strategic AML Priorities list issued by FinCEN.
III. Providing Information Useful to Government Authorities
The ANPRM emphasizes a focus on the need for AML programs to produce information “with a high degree of usefulness to governmental authorities.” The ANPRM therefore seeks input on the possibility of automating certain types of routine reporting while giving special recognition to institutions that engage in collaborative efforts with government to produce information with a high degree of usefulness, thereby reallocating resources to the types of activities that will be most effective in enabling law enforcement and other governmental entities to address the highest-priority threats to the U.S. financial system. Given the number of filings made to FinCEN, automation and more streamlined approaches may be aspects of this proposal that financial institutions would want to explore as potentially effective and efficient ways to make appropriate filings with FinCEN.
IV. Testing Criteria
Financial institutions now have further opportunity under the ANPRM to provide FinCEN with meaningful insight into what the testing component of an AML program should look like. The ANPRM specifically seeks comment from financial institutions on how to “articulate objective criteria and/or a rubric for independent testing of how financial institutions would conduct their risk-assessment processes and report in accordance with those assessments.”
Over the years, regulators have emphasized the importance of the testing programs used by financial institutions under their AML program but to date have applied no universal or published standards. The ANPRM is a unique opportunity for financial institutions to provide input to FinCEN that may better inform and shape testing components and requirements.
In light of the holistic reassessment of AML program standards reflected in the ANPRM, financial institutions with AML program requirements are strongly encouraged to offer comments on the entirety of the AML program enterprise.
1 85 Fed. Reg. 58023 (Sept. 17, 2020).
2 85 Fed. Reg. at 58027.
3 85 Fed. Reg. at 58029.
Sidley Austin LLP provides this information as a service to clients and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship. Readers should not act upon this information without seeking advice from professional advisers.
Attorney Advertising—Sidley Austin LLP, One South Dearborn, Chicago, IL 60603. +1 312 853 7000. Sidley and Sidley Austin refer to Sidley Austin LLP and affiliated partnerships, as explained at www.sidley.com/disclaimer.
© Sidley Austin LLP