The Financial Crimes Enforcement Network (FinCEN) issued a notice of proposed rulemaking (NPRM) last week related to the Anti Money Laundering Act of 2020 (AML Act). The NPRM focuses on amending the regulations to expressly require programs be effective, risk-based, and reasonably designed to the financial institution‘s (FI) risk profile.

Review highlights from FinCEN’s NPRM on AML/CFT Programs

• Inserting “countering the financing of terrorism” (CFT) for describing the AML program requirements. (Read more in our prior blog.)
• AML/CFT programs should be risk-based. Many FIs state they do not have “high risk customers,” instead only considering those as high risk to be money service businesses, independent ATM owners, etc. FIs should look at their customers and determine those with a higher risk than most. This proposed rule states resources should be directed at higher-risk customers and activities, consistent with the risk profile of a financial institution, rather than toward lower-risk customers and activities.
• FinCEN issued the AML/CFT priorities on June 30, 2021; this proposed rulemaking incorporates them into the program rules.
• Use the risk assessment to prioritize risk, “identify, manage, and mitigate illicit finance activity risks,” within the FI and allocate resources accordingly.
• Risk assessment content and process. Specifically to “identify, evaluate and document the FI’s risks” considering the 1) AML/CFT priorities, 2) money laundering and terrorist financing (ML/TF) risk based on a periodic risk evaluation, 3) including reports filed by the FI, i.e. currency transaction reports (CTRs) and suspicious activity reports (SARs)

The proposed rule also addresses FinCEN’s regulations to direct an FI’s obligations to implement an effective, risk-based, and reasonably designed AML/CFT program. The proposed rulemaking also references there will be various other technical revisions to the existing requirements — many technical in nature — to modernize various program rules and provide clarity and consistency.

Additionally, the proposed rule addresses de-risking directed at the FIs have a “one-size-fits-all” approach to risk rating customers and subsequently not allowing higher/elevated risk customers to bank at the FI.

Steps financial institutions should take now related to the new anti-money laundering act rule

• Take a few minutes to read through the proposed rulemaking. These proposed edits have been highly anticipated since FinCEN issued the AML/CFT priorities on June 30, 2021 and FIs started hearing examiners use the term AML/CFT instead of BSA (Bank Secrecy Act)/AML.
• There’s no timeline illustrated in the proposed rule, however, the next steps section indicate a general multi-step, multi-year implementation of the AML Act.
• Challenge yourself to address your AML/CFT risk assessment and identify customers who may have the “potential” to become high-risk customers — thus “higher risk” customers. It can be daunting to stamp a customer “high-risk” so many FIs don’t.
• An FI’s efforts and processes need to allow for a review of those “potentially high-risk customers, or higher risk customers.” Otherwise, the appearance and actual process is more of a check-the-box effort which can open FIs up to scrutiny — or worse be late to the game identifying an issue and be reactive rather than proactive.

How we can help

An AML/CFT evaluation should be completed every 12-18 months by compliance professionals who understand testing criteria and not those that just “check the box.” CLA’s professionals have more than two decades of direct experience in completing independent tests, risk assessments and remediation resources for FIs. Contact us for assistance.

Learn more in FinCEN’s fact sheet.