What is an Effective and Reasonably Designed AML Program?
A Review of Recent and Upcoming BSA/AML Reform
It seems financial institutions are inundated these days by headlines and news related to anti-money laundering and combating the financing of terrorism (AML/CFT). The U.S. is applying a multi-layered approach to implement changes to compliance requirements and supervisory and enforcement strategies of AML programs within regulated institutions, by using both legislative and regulatory means. Legislatively, the National Defense Authorization Act (NDAA) of 2021 was signed into law on January 2, 2021. Alongside the NDAA, the Financial Crimes Enforcement Network (FinCEN) issued an Advanced Notice to Proposed Rulemaking in September 2020 to seek comment from stakeholders regarding a variety of proposed regulatory amendments. The broad goal of these reforms is to strengthen the effectiveness of AML/CFT compliance and supervisory programs with a focus on efficient and risk-based processes. Updates to laws and regulations are intended address the evolving use of technology to fight financial crime and to allow financial institutions to evaluate the risk within their organizations to determine the best use of resources.
The NDAA Amends the BSA
The NDAA contains provisions that call for the most significant amendments to the Bank Secrecy Act in 20 years. Among many substantial changes, the NDAA contains a provision to modify the stated purpose of the BSA. Specifically, 31 USC section 5311(2) cites, “It is the purpose of the BSA to …prevent the laundering of money and the financing of terrorism through the establishment by financial institutions of reasonably designed risk-based programs to combat money laundering and the financing of terrorism…”
Furthermore, 31 USC section 5318(h)(2) of the BSA was revised to give the Treasury Department (e.g., FinCEN) new powers to create various “minimum standards”. Factors to consider when developing these standards include, among other things:
“… (iv) AML and CFT programs should be (I) “reasonably designed to assure and monitor compliance with the requirements of this subchapter and regulations promulgated under this subchapter; and (II) risk-based, including that more attention and resources of financial institutions should be directed toward higher-risk customers and activities, consistent with the risk profile of a financial institution, rather than toward lower-risk customers and activities.”
With these changes, many are asking, what is considered an “effective and reasonably designed” AML/CFT program, and how can organizations apply risk-based compliance management practices? For answers, we turn to the ANPRM for more details about FinCEN’s proposed regulatory changes, which describe and clarify new supervisory priorities and expectations.
AMLE WG Recommendations
The second section of the ANPRM describes the background and history of the BSA, including Recent Efforts to Modernize the National AML Regime, with an overview of the Anti-Money Laundering Effectiveness Working Group (AMLE WG), which was established in 2019 to offer advice and recommendations to the Treasury for strengthening the national AML regime by increasing its effectiveness and efficiency. The recommendations that were derived from the AMLE WG are categorized into the following broad areas:
Developing and Focusing on AML Priorities
The AMLE WG proposes that FinCEN clarify what it means to have an effective AML program, given nationally communicated AML priorities and guidance.
Reallocation of Compliance Resources
The AMLE WG recommends that regulatory and supervisory agencies clarify expectations to ensure that institutions maintain an effective use of compliance resources. Common elements of AML programs, such as risk assessments, negative media searches, customer risk categories and customer due diligence are mentioned as areas where additional clarification is needed with respect to expectations. It was also recommended that existing guidance and regulations be revised with respect to Politically Exposed Persons and Model Risk Management.
Monitoring and Reporting
Risk management practices related to AML monitoring, investigations and reporting are also in need of clarification, according to the AMLE WG. Practices for keep-open letters, SARs reporting, and monitoring based on grand jury subpoenas, and negative media were specifically identified, along with a need for more automation and streamlined reporting processes.
Enhancing Information Sharing
Emphasis was placed on information sharing to allow for better coordination amount federal and foreign regulatory bodies and law enforcement.
Advance Regulatory Innovations
The AMLE WG calls for more support for innovative technologies both within the supervision of financial institutions and with compliance programs
Elements of and “Effective and Reasonably Designed” AML Program
Applying the AMLE WG recommendations, the ANPRM proposes a regulatory amendment that would define an “effective and reasonably designed AML program” as one that:
- Identifies, assesses, and reasonably mitigates the risks resulting from illicit financial activity, including terrorist financing, money laundering, and other related financial crimes, consistent with both the institution’s risk profile and the risks communicated by relevant government authorities as national AML priorities;
- Assures and monitors compliance with the recordkeeping and reporting requirements of the BSA; and
- Provides information with a high degree of usefulness to government authorities consistent with both the institution’s risk assessment and the risks communicated by relevant government authorities as national AML priorities.
While this definition provides a broad understanding of what is required, regulatory agencies and supervisory guidance will need to offer more clarity to allow financial institutions to practically apply such changes to their AML/CFT programs.
Updated Regulatory Focus
With consideration of the NDAA’s revised stated purpose of the BSA and the recommendations and proposed rules within the ANPRM, there are two major components to FinCEN’s changing regulatory strategies, with respect to “effective and reasonably designed” AML programs:
1. Setting National Strategic AML Priorities
With the passage of the NDAA, the Treasury Department is now responsible for establishing national AML/CFT priorities. These priorities will be aligned with national security objectives and it will be expected that financial institutions incorporate them throughout their AML programs, from the risk assessment process to risk monitoring procedures. Supervisory initiatives and regulatory examination strategies will also be aligned with the priorities, which are to be updated every 4 years. It will be critical that financial institutions are familiar with the Strategic AML priorities, as communicated by the Treasury and fully incorporate them into their AML/CFT programs as applicable.
2. Focusing on a Risk and a High Degree of Usefulness
While most financial institutions regularly perform BSA risk assessments, the ANPRM proposes that a risk assessment process be required as part of all AML/CFT programs, likely with an obligation to incorporate national strategic AML priorities into the process. Once overall risk exposure is measured, with a consideration of established risk mitigants, other elements of an AML program can be tailored to focus on a risk-based process that results in effective use of compliance resources. This includes monitoring, reporting and recordkeeping obligations. Ideally, this strategy will allow financial institutions to have greater influence over the management and direction of their AML/CFT programs, provided that they accurately measure and monitor risk exposure, have adequate risk mitigants in place, and maintain support for various decision-making processes. Furthermore, a more risk-focused, efficient program will ultimately lead to the production of records and reporting that create a high degree of usefulness for government authorities and law enforcement in detecting financial crime and terrorist activity.
With a significant shift in U.S. AML legislation and regulations on the horizon, the practical outcomes of forthcoming changes remain to be seen. Nevertheless, financial institutions should not lose focus of the end goal of these reforms, which is to modernize supervision and enforcement of financial institutions to allow for more efficient AML/CFT programs that are effectively preventing and detecting financial crime in a way that is commensurate with the size, complexity, and risk exposure of the organization.