Anti-Money Laundering Rule Revisions ‘Empower’ Banks at a Cost

The Treasury’s Financial Crimes Enforcement Network and other banking regulators last month announced proposed updates to financial institutions’ anti-money laundering and counterterrorism financing program obligations. If these are finalized, institutions can leverage a refined risk assessment to streamline their approach to compliance, as long as regulators continue to improve program requirements and examiner training.

The changes aim to create effective, risk-based, and reasonable programs that identify, manage, and mitigate illicit finance risks. The notice of proposed rulemaking signals an intent to continue implementing the Anti-Money Laundering Act of 2020 and make enforcement stronger on all levels. But the requirements could complicate intended outcomes and increase costs for financial institutions.

Key shifts in AML/CFT program obligations include risk-based practices to codified and consolidated requirements, effective programs for illicit finance risks, and effective supervisory oversight based on the purpose of the Bank Secrecy Act—not “check the box” or inconsistent examinations among multiple supervisors.

FinCEN and banking agencies say this “approach is expected to empower [financial institutions] to be more responsive to evolving illicit finance activity or equally responsive at lower cost.” Those cost savings presumably come from using more effective, risk-based assessments to reduce resources spent on compliance-focused spending, refocus those resources on higher priority or higher risk services or customers, and innovate toward more efficient processes.

However, to truly give institutions necessary flexibility, including for developing digital identification solutions, FinCEN and the agencies will need to modify other more prescriptive AML/CFT requirements, such as customer identification.

The revised rules’ renewed emphasis on innovation, and their requirement that financial institutions ensure their operational program requirements are US-based, also carry potential impact. To drive innovation and effective programmatic changes and reduce regulatory hindsight, banks and other financial institutions should consider several steps.

Develop data-driven measurements for risk over qualitative ones.

Institutions should focus more on data and quantifiable inputs to support the analysis in their risk assessments.

Quantifiable assessments will be less subject to challenge by regulators and examiners. As part of their data-driven models, institutions also must include an assessment of their FinCEN filings. They should consider developing methods to store suspicious activity and currency transaction reports in more readily analyzable formats.

Ensure risk assessments focus on illicit finance outcomes.

The proposed rules explicitly require institutions assess risks that national AML/CFT priorities present for illicit finance. In addition to determining risk of non-compliance, financial institutions should understand the methods illicit actors use to launder related proceeds and susceptibility to such methods.

For example, understanding that fraud rings’ reliance on gift and prepaid cards may factor in determining a financial institution’s susceptibility to fraud via its own products.

Include assessments of financial technology partnerships.

FinCEN’s preamble states that financial institutions must consider the risks of distribution channels, including partners and intermediaries to customers. Fintech companies should notice that agencies are focusing on banking partnerships.

While more effective AML/CFT programs are the focus of the rules, they also require that program establishment, maintenance, and enforcement must be performed in the US. This likely will result in increased costs and risks of supervisory actions.

Global financial institutions and foreign-located money services businesses, such as crypto exchanges, often rely on foreign-located resources to perform their AML/CFT functions.

If finalized, the proposed rule could create inefficiencies from redirecting AML resources to the US, although FinCEN didn’t quantify such potential impact. FinCEN is seeking comment on the extent to which these US-centric provisions should apply.

Based on the language in the proposed rules, it appears some functions could still be performed abroad, but all decision-making would need to be overseen in the US.

If imposed rigidly, global financial institutions could see increased costs and less reliance on offshore centers to conduct initial reviews of suspicious activity alerts.

The proposed rules are based on the premise that financial institutions are empowered to develop programs that fit their risks and create an opportunity to retool compliance toward producing the best information for law enforcement. But this won’t necessarily result in more efficient resource allocation.

The agencies’ establishment of new expectations also could easily become the tip of the spear for an enforcement action or negative supervisory findings.

FinCEN and agencies must therefore follow through on increasing the effectiveness of Bank Secrecy Act examinations, examiner expertise on the Bank Secrecy Act, feedback to financial institutions, and the reasonableness of program and innovation review.

This necessitates that regulators and examiners focus on the reasonableness of an institution’s practice at the time it was developed and not apply regulatory hindsight just because unforeseen circumstances led to a negative outcome. The proposed rules are important, but they’re only one step in a multiyear-long process to overhaul the AML/CFT framework.

*Reproduced with permission. Published August 2, 2024. Copyright 2024 Bloomberg Industry Group 800-372-1033. For further use please visit https://www.bloombergindustry.com/copyright-and-usage-guidelines-copyright/