On June 28, 2024, The U.S. Treasury’s Financial Crimes Enforcement Network (“FinCEN”) released a notice of proposed rulemaking (the “Proposed Rule”) that would amend FinCEN’s anti-money laundering (“AML”) program rules for financial institutions. The federal banking agencies also released a proposed rule that would harmonize those agencies’ AML program rules with FinCEN’s proposed regulations.
The proposed amendments formalize and harmonize existing regulatory expectations under the Bank Secrecy Act (“BSA”), and implement portions of the Anti-Money Laundering Act of 2020 (“AMLA”). Some financial institutions would need to make only limited changes to comply with the proposed rule; others, and non-banks in particular, may need to make more significant adjustments.
Key changes under the Proposed Rule include:
- Specific reference to countering the financing of terrorism (“CFT”). Consistent with AMLA’s reference in Section 6101 to “countering the financing of terrorism,” the Proposed Rule adds a new defined term, “AML/CFT Program,” and uses it throughout the Proposed Rule to describe a financial institution’s compliance program to counter illicit finance.
- A new statement of purpose for AML/CFT programs. Under the Proposed Rule, the purpose of FinCEN’s regulations is to ensure that financial institutions’ AML/CFT programs are “effective, risk-based, and reasonably designed.” A financial institution’s AML/CFT program is expected to comply with the BSA and focus attention and resources according to the financial institution’s risk profile. Notably for financial institutions evaluating artificial intelligence and other innovative compliance technologies, the Proposed Rule formalizes portions of earlier FinCEN guidance on innovation. The Proposed Rule states that a financial institution “may include consideration and evaluation of innovative approaches to meet its AML/CFT compliance obligations.”
- An express requirement that financial institutions conduct a risk assessment. Under the Proposed Rule, financial institutions would be expected to use the findings of a periodic risk assessment to develop risk-based policies, procedures, and controls to identify and mitigate risks, and to provide “highly useful” information to government authorities. The Proposed Rule would require the risk assessment to identify, evaluate, and document the financial institution’s risks, including consideration of (1) the AML/CFT Priorities contemplated under AMLA, (2) the money laundering and terrorist financing risks of the financial institution based on its products, services, channels, customers, intermediaries, and geographic locations, and (3) reports financial institutions file pursuant to 31 C.F.R. Chapter X, including suspicious activity reports.
- A requirement that AML/CFT compliance remain onshore. The Proposed Rule states that the duty to establish, maintain, and enforce a financial institution’s AML/CFT program shall remain the responsibility of, and performed by, persons in the United States.
The Proposed Rule includes a number of specific questions for financial institutions, including:
- Whether financial institutions should be required to update their risk assessment at a regular, specified interval (such as annually or every two years) or based on triggers such as a material change to products, services, distribution channels, customer categories, intermediaries, or geographies.
- Whether a new comprehensive risk assessment should be required where a material change affects only a portion of a financial institution’s business, or whether updating only portions of the risk assessment would be appropriate.
- The reasons financial institutions have AML/CFT staff and operations located outside the United States.
- Whether the onshore requirement would necessitate changes to a financial institution’s operations outside the United States.
Financial institutions are encouraged to provide comments to FinCEN and the federal functional regulators by September 3, 2024.