For the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), criticism from financial institutions over anti-money laundering compliance burdens is a constant. But the agency is pushing ahead with proposals that speak the industry’s language.
With a key rulemaking notice last June, reflecting amendments to the Bank Secrecy Act (BSA) in the Anti-Money Laundering Act of 2020, FinCEN sought to ensure that AML and CFT (countering the financing of terrorism) programs – which include requirements for submitting suspicious activity reports (SARs) by the millions – are “effective, risk-based, and reasonably designed, enabling financial institutions to focus their resources and attention in a manner consistent with their risk profiles.”
It specified “a mandatory risk assessment process” by financial institutions; and that they review and incorporate into their risk-based programs government-wide AML/CFT priorities.
FinCEN director Andrea Gacki called it “a significant milestone in FinCEN’s efforts to implement the AML Act. The proposed rule is a critical part of our efforts to ensure that the AML/CFT regime is working to protect our financial system from long-standing threats like corruption, fraud and international terrorism, as well as rapidly evolving and acute threats such as domestic terrorism, and ransomware and other cybercrime.” (Gacki was appointed by then Treasury Secretary Janet Yellen in July 2023, having previously headed the Office of Foreign Assets Control.)
Jim Vivenzio of Perkins Cole
“This initiative strengthens the responsiveness of AML/CFT programs to emerging threats and helps to facilitate efficient resource allocation to high-risk areas,” Tracy Moore, director of thought leadership and regulatory affairs at Fenergo, said of FinCEN’s release. “In addition, the rule suggests that institutions maintain current policies and procedures tailored to address their specific risks. Ultimately, this proactive risk assessment has the ability to be a game changer for the fight against financial crime.”
Perkins Coie senior counsel Jim Vivenzio notes that the AML Act of 2020 came out of the first Trump administration with intentions of both substantive reform and easing of compliance. However, provisions related to risk assessments, intermediary or third-party risk management, and consideration of law-enforcement priorities are new.
Vivenzio, who worked on BSA/AML matters while in previous roles with the Office of the Comptroller of the Currency, points out that FinCEN has not revised SAR requirements or indicated how they might be adapted to be “risk-based.”
William Odom, president and CEO of insurance agency Deerfield Advisors, sees the proposed rules as “more dynamic and demanding,” signifying “further resource allocation to ensure we meet the stipulated effectiveness, risk-based design, and program implementation.
“The amendment encourages, on one hand, prioritization and systemization of our compliance workflow. On the other hand, it signals increased pressure towards keeping abreast of and integrating swiftly the government-wide AML/CFT priorities into our risk programs.”
David Stewart, director of financial services in the Risk, Fraud and Compliance Solutions division of SAS, says that the risk assessment requirement is a weighty one.
David Stewart of SAS
“While most large U.S. institutions have conducted such risk assessments for years, the [rulemaking notice] references the national priorities, which increases emphasis on complex risks, including kleptocracy, cyber events, convertible virtual currencies (crypto), human trafficking and fraud,” Stewart explains. “The emphasis on things like fraud and the nexus with cyberattack vectors are represented by significant increases in fraud SAR filings.
“Essentially, firms will broaden their coverage of risks based on the priorities, and they will be held to a higher standard of documenting and updating their risk assessments when they experience material changes to their risks.”
Vivenzio delves into a change in terminology: FinCEN calls for an “effective, risk-based and reasonably designed AML/CFT program,” as compared to one that is merely “reasonably designed.”
Yet there is a lack of clarity around how examiners will determine “effectiveness,” the Washington-based attorney says.
“In addition to being effective,” Vivenzio goes on, “the AML program must focus attention and resources in a manner consistent with the bank’s risk profile that takes into account higher-risk and lower-risk customers and activities.'’ He wonders if a bank can reduce resources devoted to lower-risk activities “or reduce AML resources at all, even in situations where a bank integrates technological solutions and artificial intelligence into their programs. This statutory language provided FinCEN with the opportunity to reduce burdens, but they failed to address it.”
Regarding integration of risk assessment processes and a customer due diligence rule to which banks, broker-dealers, mutual funds, futures commission merchants and commodity introducing brokers are subjected, “The internal controls pillar must be commensurate with risks, and financial institutions will be expected to consider the level and nature of human, technological and financial resources," Vivenzio says.
“Allocation of resources to the most serious risks as part of an effective program," as described by SAS’s Stewart, will run up against operational pressures to do more with less.
“Given that firms are being asked to mitigate a broader coverage of financial-crimes risks during a period of cost containment,” he says, “it's logical that firms are looking at artificial intelligence and machine learning to automate manual tasks such that human intelligence can be focused on more serious activities.”
Treasury Secretary Scott Bessent
He recommends that firms look at Office of the Comptroller of the Currency (OCC) consent orders in the months following the FinCEN announcement “as a guide for regulatory expectations. It's clear the agencies expect a higher level of governance for the larger firms, which will eventually trickle down to smaller firms. Meeting these higher expectations will increase the cost of compliance for many institutions.”
The new administration in Washington, with Secretary of the Treasury Scott Bessent leading the government department that includes FinCEN (and the OCC), signaled continued anti-crime vigilance in a March 11 Geographic Targeting Order (GTO) on transactions along the border with Mexico. The GTO “underscores our deep concern with the significant risk to the U.S. financial system of the cartels, drug traffickers and other criminal actors along the Southwest border,” Bessent said in a statement.
“As part of a whole-of-government approach to combating the threat,” Bessent continued, “Treasury remains focused on leveraging all our available tools and authorities to better identify and counter these criminal activities.”
Gary Hemming, one of the owners of finance broker ABC Finance in the U.K., is wary of higher compliance costs falling on smaller firms.
“Regulated firms will face increased administrative and strategic challenges under these amendments,” Hemming says. “The mandatory risk assessment process requires a dynamic, ongoing evaluation of risks, which demands additional resources and expertise.”
Integrating government-wide AML/CFT priorities requires “constant updates to policies,” he adds. “Smaller firms may struggle with the costs of building and maintaining such systems, while larger firms may need to restructure existing processes to meet the revised standards.”
What has not changed, Hemming recognizes, is that non-compliance “exposes firms to hefty fines, reputational damage and increased regulatory scrutiny. Additionally, money laundering and terrorism financing pose a systemic threat to global financial stability, making robust and proactive measures indispensable for institutions of all sizes.”