Risk & Compliance Magazine Expert Forum
In an expert forum Q&A for Risk & Compliance Magazine, Guidehouse's Ellen Zimiles and Alma Angotti discuss the new Anti Money Laundering Act 2020 with Seward & Kissel's Valentino Vasi and Jack Yoskowitz.
Zimiles: The last significant enhancement to anti-money laundering (AML) laws was the USA PATRIOT Act of 2001. Since then, we have seen changes in domestic and international financial crimes, changes in financial products and services, and the emergence of new technologies, including cryptocurrency, machine learning (ML) and artificial intelligence (AI). As a result, the AML regime was ripe for modernization. Part of the statute requires a complete review of the Bank Secrecy Act (BSA). In addition, the Anti-Money Laundering Act (AMLA) commissions several studies that focus on how financial services and money laundering have changed since its initial passage, such as whether to amend currency transaction report (CTR) and suspicious activity report (SAR) thresholds, the impact of financial technology on financial crimes compliance and financial services de-risking. In addition, the private sector spends significant resources on AML and sanctions. As a result, they have lobbied for relief to reduce compliance obligations and to focus more on real risk. That said, the AMLA does not provide immediate relief to the private sector and will largely depend on the results of these studies.
Angotti: The ability to form anonymous shell companies in the US is a significant risk factor for money laundering and has been a subject of proposed legislation for decades. US government reports and the ‘2016 Financial Action Task Force Mutual Evaluation Report’ identified the ability to form legal entities in the US without disclosing beneficial ownership as a key vulnerability to the US financial system. The implementation of the Customer Due Diligence (CDD) Rule helped narrow this gap, but it did not close it entirely. This was likely a driver for the passage of the Corporate Transparency Act (CTA) provisions of AMLA. The CTA will require certain entities to register their beneficial ownership information with the Financial Crimes Enforcement Network (FinCEN). Similar registries exist in other countries, such as Companies House in the UK, albeit that is a public registrar, whereas the CTA beneficial ownership registry will be nonpublic.
Angotti: Of the AMLA provisions that are effective immediately, the expanded subpoena power may have the most significant impact. Under section 6308, secretary of the US Treasury or the attorney general may issue a subpoena to any foreign bank that maintains a US correspondent account to request records on any account at the foreign bank, including records maintained outside of the US. Importantly, if the foreign bank does not comply with the subpoena, then the US financial institution (FI) may be required to close the correspondent account of the foreign bank. It is doubtful that this authority will be used in routine investigations, but it is another powerful tool in the US government’s AML arsenal. In addition, AMLA provisions for increased penalties for repeat BSA violators, the barring of certain BSA violators from serving on the board of a FI, and increased incentives and protections for whistleblowers were effective immediately. Accordingly, financial institutions should ensure employees throughout the organization are aware of these provisions and update training materials where necessary.
Zimiles: Most AMLA provisions require the US Treasury to issue implementing regulations. As part of the AMLA, for example, reporting companies will be required to report beneficial ownership information directly to FinCEN. FinCEN, however, is responsible for not only developing and maintaining the registry, but also implementing rules that govern access to the information, and the specific information that reporting companies need to provide and how often. Another important future development is that the US Treasury will specify standards for testing financial institutions’ compliance technology. FIs often apply existing model risk management guidance to AML systems, which may not be appropriate for less sophisticated AML systems or those that do not meet the definition of a model.
Angotti: The AMLA appears to strengthen the US AML apparatus, but by how much is hard to say. There is clear emphasis on information sharing, through the establishment of the FinCEN Exchange, semiannual report on threat patterns and trends, feedback on SARs and sharing of national AML priorities. In addition, expanded subpoena power and the establishment of the beneficial ownership registry should help law enforcement investigate and prosecute financial crime. The extent to which these measures strengthen the US AML apparatus will depend on factors such as the resulting protocols and implementing regulations promulgated to implement AMLA provisions; the outcomes, recommendations and proposed rulemakings resulting from the mandated AMLA studies; and how effectively FIs can incorporate the information that the government provides into their AML programs.
Zimiles: I see two key differences in the AMLA when comparing it to the USA PATRIOT Act. First, the AMLA requires the government to share information with FIs, while the existing AML regime generally requires financial institutions to provide information to law enforcement upon request. Second, the AMLA requires reporting entities to provide beneficial ownership information directly to law enforcement. Previous legislation, such as section 312 and the CDD Rule, require covered financial institutions to collect beneficial ownership information on certain types of customers. Specifically, section 312 requires covered FIs to obtain beneficial ownership information on certain foreign banks, and the CDD Rule requires covered FIs to identify and verify beneficial ownership information of legal entity customers. Criminals can effectively circumvent these due diligence requirements by opening shell companies to acquire US-based assets. In other words, FinCEN is going straight to the source of the information.
Angotti: Although section 314a of the AMLA was supposed to be a mechanism for information sharing between the government and financial institutions, in practice it became a method for the government to request information from financial institutions. The AMLA establishes several communication channels between the government and FIs, with the focus on the government providing information and feedback to FIs. For example, the AMLA requires FinCEN to issue semi-annual reports on threat patterns and trends, share feedback on SARs and regulators must share their exam priorities with FIs. If the government arms FIs with the right information, hopefully FI AML programs become more effective in detecting and reporting financial crime.
Zimiles: AML ‘red flags’ are too often outdated. As we know, criminals modernize their methods, which is why access to current trend and threat information is so valuable. FIs, however, will have to do their part and use the information that the government provides. It will be incumbent upon them to incorporate it, as appropriate, into their risk assessment and program. If the government goes through the trouble of producing these reports and providing feedback, but the FI does not use it, then they will miss opportunities to increase effectiveness. The AMLA also includes provisions to strengthen communication with international partners. The attaché program, for example, seeks to build relationships with the Treasury’s foreign counterparts and conduct outreach with foreign FIs. The AMLA also establishes foreign financial intelligence unit liaisons, which will focus on public and private sector outreach abroad.
Angotti: Most AMLA provisions require implementing regulations before they become effective for covered FIs. That said, there are a few provisions that are effective immediately, such as the new long-arm subpoena power under section 6308, which allows the US government to issue subpoenas to a foreign bank with US correspondent accounts about any information, including records maintained outside the US. As such, US FIs with foreign correspondent relationships may need to update their terms and conditions with these relationships to comply with this AMLA provision. Covered FIs that operate globally should also consider assessing whether they are identifying foreign correspondent accounts properly. Even if a FI does not offer USD clearing services, it may still have foreign correspondent relationships with foreign banks subject to this provision.
Zimiles: Other provisions that are effective immediately are increased penalties for repeat BSA violators, greater incentives and protections for whistleblowers, and barring certain individuals from serving on boards of FIs. As such, covered FIs should review their policies and procedures affected by these currently effective AMLA provisions. FIs should also closely monitor regulatory communications regarding new rules and reports, such as rules for testing compliance technology and semi-annual reports on threat patterns and trends, to determine the extent to which these communications and proposed rules impact their program. I do not believe the AMLA significantly changes the current BSA obligations of covered FIs. Therefore, a full program review focused on AMLA provisions does not seem practical at this point.
Zimiles: The AMLA does not materially change the current BSA obligations of covered FIs, except in limited circumstances. Even businesses “engaged in the exchange of value that substitutes for currency or funds” and antiquities dealers, which are now covered FIs under the BSA, require the Treasury to promulgate implementing regulations before their BSA obligations are enforceable. “Businesses engaged in the exchange of value” may allow FinCEN to issue regulations to cover not only cryptocurrency exchanges but also decentralized finance and nonfungible tokens. Treasury will have to request public comment on how to implement these provisions. This process has already started in certain areas, such as the advance notice of proposed rulemaking on beneficial ownership registry requirements and interagency statements on model risk management guidance. Companies should closely monitor and participate, as appropriate, in regulatory communications that request comment on implementing AMLA provisions.
Angotti: The statute requires the government to conduct studies and issue findings for a broad spectrum of issues. FinCEN and the banking regulators will issue exam priorities and information about threats and financial crime typologies. The one thing we know is that if the government provides you with information, you must use it. FIs should closely monitor these studies and reports to determine how they can use this information to increase the effectiveness of their AML program, and should have a governance process to incorporate the information, as appropriate, into their risk assessments and transaction monitoring scenarios, or investigations. Covered FIs should consider using technologies such as AI, ML and robotics to meet their BSA obligations. It is, however, important that FIs should not only focus on gaining efficiencies with these technologies, but also on effectiveness. FIs should also be transparent about how their AML systems operate and clearly document their rationale.
Zimiles: The AMLA increases the fines for repeat BSA violators and bars individuals with significant historical BSA violations from serving on a FIs board. That said, these provisions are specific to individuals, not institutions. While the AMLA does not impose a significant number of new requirements on FIs, it does not relieve them of any BSA obligations. FIs should continue to update and enhance their AML and sanctions programs as part of ‘business as usual’, especially in cases when there are changes to their business, products, and customers. If FIs do not meet their current BSA obligations, they should expect similar enforcement actions and fines as we have seen over the past several years.
Angotti: In the short term, FIs should continue to focus on their current BSA obligations and make updates in response to the few provisions that are effective immediately, as applicable. In the long term, AML risk management may improve as FIs receive information from the government, such as the reports on patterns and emerging trends, and feedback on SARs. I also anticipate regulators to continue to expect the first line to own risk issues, including a strong tone at the top and culture of compliance. This is not directly tied to AMLA, but increased penalties for repeat BSA violators, focus on penalties for the board of directors, and increased incentives and penalties for whistleblowers, indicates an emphasis on compliance and ethics throughout all levels of the organization.
Angotti: It is hard to tell what the long term impact will be, as many of the regulations required by AMLA are still in development. Based on the tone and the provisions in AMLA, we anticipate more transparency from regulators and FinCEN, which will hopefully mean more effective AML programs, which should mean better information for law enforcement. We also anticipate more collaboration between private and public sectors, and more international cooperation, including helping to enhance AML regimes in other countries. The beneficial ownership registry is intended to be a ‘game-changer’, but there is still a lot unknown about how it will work in practice. The AMLA excludes several types of entities from the definition of a “reporting company,” and it will be interesting to see if criminals begin to form those types of companies to avoid reporting beneficial ownership.
Zimiles: Money laundering is a global problem, which is why there is so much focus in the AMLA on domestic and foreign cooperation in both the public and private sector. The US cannot solve its money laundering problems without international cooperation. There are more questions than answers about the beneficial ownership registry at this point and we do not know whether the required studies will lead to any changes in AML laws. Certainly, the focus on innovation and technology is important, as we need to leverage new technologies, such as ML and AI to help fight financial crime. Importantly, the AMLA requires the government to conduct a formal review of the regulations implementing the BSA and related guidance. The purpose of the review is to ensure provisions that produce highly useful information remain, and to identify regulations and guidance that may be outdated or redundant. This study will hopefully lead to a more effective US AML regime in the long term, but it may not result in significant changes. We will have to wait and see.
Special thanks to contributing authors Gene Bolton, Anuka Kakkasseril and Ji Kang.