The Financial Crimes Enforcement Network (FinCEN) recently issued its government-wide anti-money laundering (AML) and countering the financing of terrorism (CFT) priorities (AML/CFT priorities). FinCEN issued the AML/CFT priorities pursuant to the Anti-Money Laundering Act of 2020 (AMLA 2020), which was signed into law earlier this year as part of the National Defense Authorization Act. The AML/CFT priorities demonstrate that the Biden administration considers enhanced AML requirements, regulations and enforcement to be key components of its criminal and civil enforcement efforts, and important tools to address many of the broader issues confronting the United States and the international community, such as corruption and cybercrime.
Although the AML/CFT priorities and subsequent regulations will most directly impact covered financial institutions, all companies should heed the government’s concerns about the threat that money laundering and illicit finance pose. Companies should take appropriate measures to reduce the risk of money laundering and other financial crimes in their own business operations by constantly improving compliance programs and taking other appropriate actions.
THE AML/CFT PRIORITIES
FinCEN’s AML/CFT priorities are as follows:
Cybercrime, including cybersecurity and virtual currency
Foreign and domestic terrorist financing
Transnational criminal organization activity
Drug trafficking organization activity
Human trafficking and smuggling
Consistent with its statutory obligations, FinCEN consulted with a variety of stakeholders, including other federal agencies, in developing the AML/CFT priorities. FinCEN focused specifically on threats to the US financial system and national security in crafting the priorities. The AML/CFT priorities cover both longstanding threats, such as fraud and corruption, and evolving threats, such as “ransomware and other cybercrime.” FinCEN’s acting director described the AML/CFT priorities as “a significant milestone in FinCEN’s efforts to improve the efficiency and effectiveness of the nation’s AML/CFT regime and to foster greater public-private partnerships.”
WHAT COMES NEXT?
At this point, the AML/CFT priorities are largely just a preview of what is to come. The priorities do not create an immediate change to the Bank Secrecy Act (BSA) or impose any additional requirements on banks or non-bank financial institutions. Rather, AMLA 2020 requires FinCEN to, as necessary, promulgate additional regulations regarding the AML/CFT priorities within 180 days of their publication. Covered financial institutions are not required to incorporate the AML/CFT priorities into their AML compliance programs until such regulations are finalized.
Once the final regulations are implemented, however, covered financial institutions will be required to incorporate the AML/CFT priorities into their risk-based AML and BSA compliance programs. The AML/CFT priorities were, at least in part, designed to help covered financial institutions prepare for these new regulatory requirements by considering how to incorporate the priorities and “assessing the potential related risks associated with the products and services they offer, the customers they serve, and the geographic areas in which they operate.” Companies should heed FinCEN’s advice and start evaluating these issues now.
Similarly, FinCEN is in the process of issuing regulations in connection with the Corporate Transparency Act (CTA), which was passed in conjunction with AMLA 2020. The CTA requires certain companies to report detailed information about their beneficial owners. The new beneficial ownership reporting requirements are designed to “better enable critical national security, intelligence, and law enforcement efforts to counter money laundering, the financing of terrorism, and other illicit activity.” Under the CTA, the US Department of the Treasury and FinCEN are required to issue implementing regulations by January 1, 2022.
In light of these developments, financial institutions and all companies doing business in the United States are likely to face significant AML and BSA regulatory changes within the next six to nine months.
WHAT PRACTICAL IMPACT WILL THE AML/CFT PRIORITIES HAVE ON COMPANIES?
The AML/CFT priorities and forthcoming regulations will have the most direct impact on covered financial institutions, because they will eventually be required to incorporate the priorities into their existing BSA compliance programs. And given the Biden administration’s commitment to using enhanced BSA and AML regulations to disrupt the use of the financial system to facilitate illicit activity, such as corruption, one can expect that federal enforcement agencies will aggressively pursue financial institutions that allow dirty money to flow through their coffers by failing to implement appropriate BSA and AML controls.
But the AML/CFT priorities will also significantly impact all companies doing business in the United States. The ultimate purpose of the AML/CFT priorities and forthcoming regulatory changes is to require financial institutions to provide FinCEN with additional data, which law enforcement and regulatory agencies can then use to investigate illicit activity.
We anticipate that the administration’s increased focus on AML compliance will have the most significant impact on corporate enforcement actions relating to the following AML/CFT priorities:
Corruption:The AML/CFT priorities focus heavily on corruption, noting that “[c]orrupt actors and their financial facilitators may seek to take advantage of vulnerabilities in the U.S. financial system to launder their assets and obscure the proceeds of crime.” The Biden administration has already identified countering corruption as a “core United States national security interest.” The AML/CFT priorities explicitly state that “[a]dressing the money laundering risks associated with such corruption will bolster efforts to counter corruption.”
Cybercrime: FinCEN identifies cybercrime as a “significant illicit finance threat.” Cybercrime includes common cybersecurity threats, cyber-enabled fraud and ransomware. Responding to ever-evolving cybercrime threats is a “top priority” for FinCEN and the federal government as whole. The AML/CFT priorities take into account that covered financial institutions are “uniquely positioned” to detect and report cybercrime activities to federal agencies.
Virtual Currency: The AML/CFT priorities highlight the increased use of virtual currency to facilitate and conceal criminal activity. The Treasury Department has already proposed enhanced financial reporting requirements relating to virtual currency. On July 6, 2021, FinCEN also announced that it hired its first-ever chief digital currency advisor, who will be responsible for developing “strategic and innovative solutions to prevent and mitigate illicit financial practice” involving virtual currency.
Fraud:FinCEN reiterated the importance of AML and BSA enforcement to detect fraud, including bank, healthcare, securities and tax fraud, as well as internet-based fraud, such as identity theft and business email compromise schemes. Such fraudulent conduct is “believed to generate the largest share of illicit proceeds in the United States.” FinCEN’s analysis of financial data collected under the BSA regulations will continue to guide these enforcement efforts. For example, the AML/CFT priorities note that COVID-19-related fraud is a continuing enforcement priority for FinCEN and other federal agencies. Recent COVID-19-related fraud prosecutions provide compelling examples of how the government is increasingly using financial data collected under current BSA regulations to detect fraudulent conduct. FinCEN recently noted that “BSA data played an integral role in identifying numerous leads” in connection with fraudulent Paycheck Protection Program loans and was used to “identify the flow of fraudulent funds.” Companies can expect FinCEN and the US Department of Justice (DOJ) to aggressively use AML and BSA reporting requirements in many fraud investigations going forward.
WHAT SHOULD COMPANIES DO IN RESPONSE TO THE AML/CFT PRIORITIES?
Increased AML and BSA regulation and enforcement activity pose risks to all companies doing business in the United States, but these risks can be mitigated. Covered financial institutions and other companies should take proactive steps now and begin updating their existing compliance programs to take into account the AML/CFT priorities.
First, financial institutions should ensure they have flexible compliance programs that appropriately address and incorporate any AML/CFT priorities that are relevant to their businesses. Doing so will allow companies to stay one step ahead of the game and respond to the coming regulatory changes much more efficiently and effectively. By carefully preparing for these regulatory changes now, companies can significantly limit any disruptions to their ongoing business activities, and reduce or spread out the associated compliance costs.
Second, although enhanced BSA and AML regulations are unlikely to take effect until 2022 at the earliest, the risk of enforcement actions associated with the AML/CFT priorities exists right now. Federal agencies will likely pursue enforcement actions relating to the AML/CFT priorities immediately. And federal agencies are already using BSA- and AML-related data to guide such enforcement actions. Companies can avoid being ensnared in these costly government investigations by taking appropriate measures now to reduce the risks of money laundering and illicit finance in their business operations.
Third,should a company find itself facing a government enforcement action, time spent addressing the AML/CFT priorities could prove invaluable. For example, when conducting corporate investigations, the DOJ is required to consider, among other things, the “adequacy and effectiveness of the corporation’s compliance program.” Any steps a company takes to proactively implement the AML/CFT priorities into its compliance program would help the company and its leadership establish that it has acted in good faith. Such efforts could thus be the difference between resolving a government investigation quietly and quickly, and paying a multimillion dollar fine in connection with a corporate prosecution.
Finally, companies should continue to incorporate data analytics into their audit and compliance programs to better monitor the risk areas identified in the AML/CFT priorities. As new AML and BSA regulations are implemented, the federal government will gain access to substantial amounts of additional financial and other data. Companies should understand what data is available to federal agencies and ensure that they are analyzing similar data sources as part of their compliance programs.
Increased AML regulatory and enforcement activity is coming, and it is coming soon. Investing the necessary resources to address the AML/CFT priorities now could prevent larger—and much more costly—problems down the road.