- There is broad support among Congress, law enforcement, and the financial services industry for reforms to strengthen and update the BSA/AML/CFT regulatory framework.
- The AML changes are significant, widespread, and extremely detailed; key changes include expansion of the BSA mission to include national security, increased emphasis on risk-based strategies, new frameworks for reporting and sharing information including feedback loops, a mandatory whistleblower reward program, and creation of beneficial ownership reporting requirements and data repositories.
- Numerous studies required by the law may generate additional changes and new regulatory requirements or legislation going forward.
The National Defense Authorization Act for Fiscal Year 2021 (NDAA), which became law on January 1, 2021, contains provisions that comprehensively update the Bank Secrecy Act (BSA) and the current Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) regulatory framework. The provisions, contained in Division F of the NDAA and collectively referred to as the Anti-Money Laundering Act of 2020, appear to broaden the mission and purpose of the BSA to include safeguarding national security and also require more routine and systemic coordination, communication, and feedback among financial institutions, regulators, law enforcement, and the international community in the fight against financial crime and terrorist financing. Key provisions of the NDAA include enhancements to the system for filing Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs), reporting of beneficial ownership information, and the promotion of innovation and new technology. The beneficial ownership provisions are part of the Corporate Transparency Act (CTA), which is included under Title LXIV below. The timing of these changes will be largely dictated by the Financial Crimes Enforcement Network (FinCEN) implementing regulations, many of which are to be issued within one year. For beneficial ownership, existing entities required to report will have two years for reporting while new entities will be required to report immediately.
An outline of highlights in the five sections of the NDAA’s Division F follow.
Title LXI – Strengthening Treasury Financial Intelligence, Anti-Money Laundering, and Countering the Financing of Terrorism Programs
- Treasury will, within 180 days of enactment, establish and make public priorities for anti-money laundering and countering the financing of terrorism policy; the priorities will apply government-wide and be updated every four years. Financial institutions must incorporate the priorities into their BSA/AML/CFT compliance programs. FinCEN will promulgate implementing regulations within 180 days of Treasury’s announced priorities. It is expected that covered Financial Institutions and other parties will then be afforded an implementation period, to be determined.
- BSA coverage is expanded to recognize virtual currencies and the definition of “financial institutions” is expanded to cover dealers in antiquities.
- A FinCEN Exchange is established to facilitate a voluntary public-private information sharing partnership among law enforcement agencies, national security agencies, financial institutions and FinCEN, to protect the financial system from illicit behavior and promote national security, including by promoting innovation and technological advances in reporting.
- To allow for a broader reach in its AML/CFT activities, a new Treasury Attache Program is created and will be located abroad (generally in U.S. embassies); FinCEN is required to appoint at least six Foreign Financial Intelligence Unit Liaisons, also located abroad, to work with foreign counterparts; and Treasury is required to work bilaterally with international organizations such as the Financial Action Task Force (FATF) and the International Monetary Fund (IMF) to promote global AML frameworks.
Title LXII – Modernizing the Anti-Money Laundering and Countering the Financing of Terrorism System
- Covered federal regulators and agencies must submit annual reports to Treasury on the information and data derived from financial institutions reporting under the BSA, including an analysis of whether the information was actionable, the actions taken in response, and any trends or patterns.
- Suspicious Activity Reports and Currency Transaction Reports:
- SARs filed are to be consistent with national priorities established by Treasury and should be “highly useful” to law enforcement and national security efforts.
- FinCEN is directed to establish streamlined, including automated, filing processes for non-complex categories of reports.
- FinCEN will publish, at least semiannually, threat pattern and trend information for SARs.
- FinCEN will periodically disclose to all financial institutions, information on SARs filed that proved useful to law enforcement agencies.
- Treasury will issue regulations within one year of enactment to create a pilot program allowing financial institutions to share SARs and SAR information with their foreign branches, subsidiaries, and affiliates, except those located in China, Russia, or certain other jurisdictions.
- Treasury will conduct a formal review of financial institution reporting requirements for SARs and CTRs, including the use of automation, adjustments to reporting thresholds, and potential for integration between financial institution systems and the electronic filing system, and propose regulations based on the findings.
- Focus on technology:
- Creation of two new subcommittees to the Bank Secrecy Act Advisory Group, each with 5-year terms: the Subcommittee on Innovation and Technology and the Subcommittee on Information Security and Confidentiality. A new FinCEN Innovation Officer will report directly to the Director of FinCEN, and each Federal agency, the Internal Revenue Service, and FinCEN will be required to appoint a BSA Information Security Officer.
- Establishment of a new “tech symposium” where Treasury will convene international and domestic regulators, financial institutions, law enforcement, and technology companies to demonstrate and test new innovations to combat financial crime and other illicit activity.
- Treasury will issue new requirements to establish standards financial institutions should follow to test technology and related processes to comply with the new framework, including an emphasis on innovative approaches (e.g., machine learning, enhanced data analytics), risk-based testing and oversight, data privacy and information security, and disclosure of system configurations and algorithms to their Federal regulator and FinCEN upon request.
- FinCEN is to prepare a report to Congress on the use and effectiveness of, and need for enhancements to, emerging technologies, including artificial intelligence, digital identity technologies, distributed ledger technologies, and other innovative technologies used to analyze and disseminate information related to BSA/AML/CFT.
Title LXIII – Improving Anti-Money Laundering and Countering the Financing of Terrorism Communication, Oversight, and Processes
- FinCEN will serve as an Analytical Hub comprised of financial experts capable of identifying, tracking, and tracing money laundering and terrorist-financing networks in order to conduct and support civil and criminal AML and CFT investigations.
- FinCEN will conduct an assessment of whether to establish a process for the issuance of no-action letters in response to inquiries concerning the application of BSA or AML/CFT laws or regulations.
- A safe harbor will be available to financial institutions that maintain a customer account or customer transaction after receiving a “keep open request” from a Federal law enforcement agency, that has first notified and obtained concurrence from FinCEN.
- Treasury or the Department of Justice may subpoena any foreign bank that maintains a correspondent account in the U.S. and request any records relating to the correspondent account or any account at the foreign bank, including records maintained outside of the U.S., that are the subject of a U.S. criminal investigation, a civil forfeiture action, or an investigation under 31 USC Section 5318A, involving special measures for matters of primary money laundering concern.
- A new prohibition will penalize any person that attempts to or knowingly conceals, falsifies, or misrepresents, from or to a financial institution, i) a material fact concerning the ownership or control of assets involved in a monetary transaction (as defined in the law) if the person who owns or controls the assets is a senior foreign political figure and the involved assets have an aggregate value of $1 million or more, or ii) a material fact concerning the source of funds in a monetary transaction that involves an entity found to be a primary money laundering concern under 31 USC Section 5318A and violates the prohibitions or conditions in 31 USC 5318A(b)(5).
- A new whistleblower program will reward whistleblowers whose tips lead to monetary penalties that exceed $1 million and allow whistleblowers to receive up to 30 percent of the monetary penalties assessed.
Title LXIV – Establishing Beneficial Ownership Information Reporting Requirements, or Corporate Transparency Act
It is the perspective of Congress that:
- Most or all States do not require information about beneficial owners of the corporations, limited liability companies (LLCs), or other similar entities formed under State laws; it is estimated more than 2 million corporations and LLCs are formed by States annually.
- Federal legislation requiring the collection of beneficial ownership information is needed to set a clear Federal standard, protect national security, enable law enforcement AML/CFT efforts, and bring the U.S. into alignment with international AML/CFT standards.
- Such information will be available only to authorized government authorities, maintained in a secure, non-public database.
Beneficial ownership information reporting requirements:
- A “beneficial owner” is defined as an individual who directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, exercises substantial control (not defined in the law) over an entity or owns or controls at least 25 percent of the ownership interest in the entity.
- A “reporting company” means a corporation, LLC, or other similar entity created by filing with a State or Indian Tribe, or formed under the law of a foreign country and is registered to do business in the U.S. by filing with a State or Indian Tribe.
- A range of companies are exempt from the definition of “reporting company” including public companies, companies meeting certain employee and revenue thresholds, and financial institutions (as defined).
- Implementing regulations governing beneficial ownership information reporting will be promulgated not later than one year after enactment of the law.
- New reporting companies must submit a report to FinCEN at the time of formation or registration; reporting companies in existence at the time the regulations become effective have two years to submit a report to FinCEN. Reporting companies must notify FinCEN of ownership changes within one year of the change.
- A report must identify each beneficial owner by legal name, date of birth, current address, unique identifying number from an acceptable identification document (e.g., passport, drivers’ license) or a FinCEN identifier (available by request).
- Regulations governing this report must be promulgated no later than one year after the date of enactment.
- Retention and Disclosure:
- FinCEN shall retain the beneficial ownership information for not fewer than five years after the date on which the reporting company terminates.
- Beneficial ownership information is confidential and may not be disclosed by any officer or employee of the U.S., a State or Tribal agency, or a financial institution or regulatory agency.
- FinCEN may disclose beneficial ownership information upon request by i) a federal agency engaged in national security, intelligence, or law enforcement, or a State or Tribal enforcement agency authorized by a court; ii) a Federal agency on behalf of a foreign law enforcement agency, iii) a financial institution for purposes of complying with customer due diligence requirements with the consent of the reporting company, and iv) a federal functional regulator or other regulatory agency.
- Federal functional regulators, as appropriate, must have “appropriate protocols” that include standards and procedures to protect the security and confidentiality of the beneficial owners’ information, and to which the head of the agency certifies are in compliance with the law.
- Rules governing Customer Due Diligence Requirements for Financial Institutions must be revised to be in conformance with this law not later than one year after the effective date of the implementing regulations.
Title LXV – Miscellaneous
Required studies include:
- A General Accountability Office (GAO) and Treasury study on the effectiveness of the NDAA, Division F to provide national security, intelligence, and law enforcement with prompt access to reliable, useful, and complete beneficial owner information, and to strengthen U.S. capability to combat, detect, prevent, and prosecute money laundering, financing of terrorism, proliferation finance, tax fraud, and other crimes.
- Separate GAO studies on feedback loops, CTRs, trafficking, and de-risking.
- Treasury studies on trade-based money laundering, money laundering by the Peoples’ Republic of China, and jointly with the Department of Justice on the efforts of authoritarian regimes to exploit the financial system.
Recent BSA/AML developments
- On December 10, 2020, FinCEN issued a Section 314(b) Fact Sheet, to stress the criticality of information sharing among financial institutions, and to clarify some key elements of the provision, which provides a safe harbor to financial institutions sharing information relating to activities that they suspect may involve possible terrorist financing or money laundering. Among other things, the Fact Sheet notes that financial institutions can avail themselves of the safe harbor even if they are not able to connect the behavior to a specified unlawful activity, or to a specific transaction.
- In September 2020, FinCEN published an ANPR seeking input on regulatory initiatives that would allow financial institutions to reallocate resources to better focus on national AML priorities set by government authorities, increase information sharing and public-private partnerships, and leverage new technologies and risk-management techniques, for the purpose of increasing the effectiveness and efficiency of the nation’s AML framework. The comment period closed November 17.
- The Department of Justice and eight other federal law enforcement partners announced the completion of the third annual Money Mule Initiative, a coordinated operation to disrupt the networks through which transnational fraudsters move the proceeds of their crimes. The Initiative resulted in approximately 2300 actions against money mules, including warning letters, asset seizures, civil injunctive actions, criminal charges, and arrests.
For related regulatory insight, please see KPMG Regulatory Insights’ Ten Key Regulatory Challenges of 2021 which includes insight and “what’s next” tangible actions for Fraud and Financial Crime.