[Federal Register Volume 85, Number 181 (Thursday, September 17, 2020)]
[Proposed Rules]
[Pages 58023-58029]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-20527]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Financial Crimes Enforcement Network
31 CFR Chapter X
[Docket No. FinCEN-2020-0011]
RIN 1506-AB44
Anti-Money Laundering Program Effectiveness
AGENCY: Financial Crimes Enforcement Network (FinCEN), Treasury.
ACTION: Advance notice of proposed rulemaking (ANPRM).
-----------------------------------------------------------------------
SUMMARY: This document seeks public comment on potential regulatory
amendments to establish that all covered financial institutions subject
to an anti-money laundering program requirement must maintain an
``effective and reasonably designed'' anti-money laundering program.
Any such amendments would be expected to further clarify that such a
program assesses and manages risk as informed by a financial
institution's risk assessment, including consideration of anti-money
laundering priorities to be issued by FinCEN consistent with the
proposed amendments; provides for compliance with Bank Secrecy Act
requirements; and provides for the reporting of information with a high
degree of usefulness to government authorities. The regulatory
amendments under consideration are intended to modernize the regulatory
regime to address the evolving threats of illicit finance, and provide
financial institutions with greater flexibility in the allocation of
resources, resulting in the enhanced effectiveness and efficiency of
anti-money laundering programs.
DATES: Written comments are welcome, and must be received on or before
November 16, 2020.
ADDRESSES: Comments may be submitted, identified by Regulatory
Identification Number (RIN) 1506-AB44, by any of the following methods:
Federal E-rulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments. Include RIN 1506-AB44
in the submission. Refer to Docket Number FINCEN-2020-0011.
Mail: Financial Crimes Enforcement Network, P.O. Box 39,
Vienna, VA 22183. Include 1506-AB44 in the body of the text. Refer to
Docket Number FINCEN-2020-0011.
Please submit comments by one method only. All comments submitted
in response to this ANPRM will become a matter of public record.
Therefore, you should submit only information that you wish to make
publicly available.
FOR FURTHER INFORMATION CONTACT: The FinCEN Regulatory Support Section
at 1-800-767-2825 or electronically at [email protected].
SUPPLEMENTARY INFORMATION:
I. Scope of ANPRM
The scope of program rules under consideration for amendment in
this ANPRM includes those applicable to all of the industries that have
anti-money laundering (AML) program requirements under FinCEN's
regulations, including banks (which includes credit unions and other
depository institutions, as defined in 31 CFR 1010.100(d)); casinos and
card clubs; money services businesses; brokers or dealers in
securities; mutual funds; insurance companies; futures commission
merchants and introducing brokers in commodities; dealers in precious
metals, precious stones, or jewels; operators of credit card systems;
loan or finance companies; and housing government sponsored
enterprises.\1\ FinCEN particularly requests comment regarding any
industry-specific considerations that FinCEN should evaluate with
regard to the scope of possible rulemaking described in this ANPRM.
---------------------------------------------------------------------------
\1\ See 31 CFR 1020.210 (banks); 31 CFR 1021.210 (casinos and
card clubs); 31 CFR 1022.210 (money services businesses); 31 CFR
1023.210 (brokers or dealers in securities); 31 CFR 1024.210 (mutual
funds); 31 CFR 1025.210 (insurance companies); 31 CFR 1026.210
(futures commission merchants and introducing brokers in
commodities); 31 CFR 1027.210 (dealers in precious metals, precious
stones, or jewels); 31 CFR 1028.210 (operators of credit card
systems); 31 CFR 1029.210 (loan or finance companies); and 31 CFR
1030.210 (housing government sponsored enterprises).
---------------------------------------------------------------------------
II. Background
A. History of the Bank Secrecy Act (BSA)
The Currency and Foreign Transactions Reporting Act of 1970,
generally referred to as the BSA,\2\ authorizes the Secretary of the
U.S. Department of the Treasury (Secretary) to require financial
institutions to keep records and file reports that ``have a high degree
of usefulness in criminal, tax, or regulatory investigations or
proceedings, or in the conduct of intelligence or counterintelligence
[[Page 58024]]
activities, including analysis to protect against international
terrorism.'' \3\ The Secretary has delegated to the Director of FinCEN
the authority to implement, administer, and enforce compliance with the
BSA and its related authorities.\4\ As a result, FinCEN may require
financial institutions to maintain procedures to ensure compliance with
the BSA and its related regulations and to guard against money
laundering, including AML program requirements.\5\
---------------------------------------------------------------------------
\2\ 12 U.S.C. 1829b, 12 U.S.C. 1951-1959, and 31 U.S.C. 5311-
5314; 5316-5332.
\3\ 31 U.S.C. 5311.
\4\ Treasury Order 180-01 (Jan. 14, 2020).
\5\ 31 U.S.C. 5318(a)(2), (h)(2).
---------------------------------------------------------------------------
The Money Laundering Control Act of 1986 (MLCA) \6\ made money
laundering a Federal crime. It also amended the BSA, underscoring the
importance of reporting information with a high degree of usefulness to
government authorities. For example, Section 1359 of the MLCA amended
section 8 of the Federal Deposit Insurance Act \7\ and section 206 of
the Federal Credit Union Act,\8\ among other similar statutes, to
require the Federal Banking Agencies \9\ to issue regulations for
covered financial institutions to ``establish and maintain procedures
reasonably designed to assure and monitor the compliance'' of such
institutions with the reporting and some recordkeeping requirements of
the BSA.
---------------------------------------------------------------------------
\6\ Public Law 99-570, 100 Stat. 3207 (Oct. 27, 1986).
\7\ 12 U.S.C. 1818.
\8\ 12 U.S.C. 1786.
\9\ The Federal Banking Agencies include the Board of Governors
of the Federal Reserve System, the Federal Deposit Insurance
Corporation (FDIC), the National Credit Union Administration, and
the Office of the Comptroller of the Currency.
---------------------------------------------------------------------------
The Annunzio-Wylie Anti-Money Laundering Act of 1992 (Annunzio-
Wylie) amended the BSA \10\ by strengthening the sanctions for BSA
violations and Treasury's role.\11\ Annunzio-Wylie authorized Treasury
to issue regulations requiring all financial institutions, as defined
in BSA regulations, to maintain ``minimum standards'' of an AML
program.\12\ The minimum standards set forth in the statute were
substantially similar to the standards set forth by the Federal Banking
Agencies in their BSA compliance program regulations, which required
depository institutions under their supervision to establish and
maintain procedures ``reasonably designed'' to assure and monitor
compliance with the requirements of the BSA.\13\
---------------------------------------------------------------------------
\10\ Title XV of Public Law 102-550, 106 Stat. 3672 (Oct. 28,
1992).
\11\ See Title XV, sec. 1503 (authorizing the termination of
FDIC insurance of insured depository institutions convicted of a
criminal violation of the BSA), sec. 1504 (authorizing the removal
officers or directors of such institutions found to have violated a
BSA requirement), and sec. 1517 (authorizing Treasury to require the
reporting of suspicious transactions) of Public Law 102-550.
\12\ Title XV, sec. 1517 of Public Law 102-550.
\13\ The minimum standards for an AML program set forth in
Annunzio-Wylie, and codified at 31 U.S.C. 5318(h), include: ``(A)
the development of internal policies, procedures, and controls, (B)
the designation of a compliance officer, (C) an ongoing employee
training program, and (D) an independent audit function to test
programs.''
---------------------------------------------------------------------------
The Uniting and Strengthening America by Providing Appropriate
Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA
PATRIOT Act) further amended the BSA, reinforcing the framework
established earlier by Annunzio-Wylie, to require, among other things,
customer identification requirements and Treasury's further expansion
of AML program rules to cover certain other industries.\14\ In 2003,
FinCEN and the Federal Banking Agencies issued a joint final rule on
customer identification program (CIP) requirements.\15\ The USA PATRIOT
Act also ushered in an expanded role for AML and other financial and
economic measures in countering threats to U.S. national security and
protecting the U.S. financial system. The range of authorities and
measures introduced in Title III were intended to, among other
purposes, ``increase the strength of United States measures to prevent,
detect, and prosecute international money laundering and the financing
of terrorism.'' \16\
---------------------------------------------------------------------------
\14\ Public Law 107-56, 115 Stat. 272 (Oct. 26, 2001). FinCEN
issued interim final AML program rules for financial institutions
regulated by a Federal functional regulator, money services
businesses, mutual funds, and operators of credit card systems. 67
FR 21113 (Apr. 29, 2002). FinCEN's rule originally cross-referenced
the regulations of the Federal functional regulator and provided
that satisfaction of the Federal functional regulator's AML program
rule requirements would be deemed to satisfy the requirements of
Treasury's rule.
\15\ 68 FR 25090 (May 9, 2003). FinCEN issued joint CIP rules
separately with the U.S. Securities and Exchange Commission, 68 FR
25113 (May 9, 2003) (brokers or dealers in securities) and 68 FR
25131 (May 9, 2003) (mutual funds), and the U.S. Commodity Futures
Trading Commission, 68 FR 25149 (May 9, 2003) (futures commission
merchants and introducing brokers).
\16\ Title III, sec. 302(b)(1) of Public Law 107-56.
---------------------------------------------------------------------------
FinCEN's most recent significant change to BSA regulations was the
implementation of customer due diligence and beneficial ownership
requirements in 2016. These rules resulted in: (i) The expansion of
FinCEN's AML program rules for financial institutions regulated by a
Federal functional regulator to expressly incorporate the minimum
statutory elements of an AML program prescribed by 31 U.S.C.
5318(h)(1); and (ii) the incorporation of minimum standards for
customer due diligence and the collection of beneficial ownership
information for depository institutions, broker-dealers, mutual funds,
and futures commission merchants and introducing brokers in
commodities.\17\
---------------------------------------------------------------------------
\17\ 81 FR 29398 (May 11, 2016).
---------------------------------------------------------------------------
B. Recent Efforts To Modernize the National AML Regime
Over the past several years, there have been significant
innovations in the financial sector and the development of new business
models, products, and services, fueled in part by rapid technological
change. As a result, financial institutions have confronted new
opportunities and challenges in meeting BSA compliance obligations and
providing information with a high degree of usefulness to government
authorities in an efficient manner. FinCEN seeks to ensure that the
BSA's AML regime adapts to address the evolving threats of illicit
finance, such as money laundering, terrorist financing, and related
crimes--some of which have changed considerably in scope, nature, and
impact since the initial passage of the BSA--while simultaneously
providing financial institutions with additional flexibility in
addressing these threats. FinCEN, in collaboration with supervisory
partners, law enforcement, and, where appropriate, the financial
industry, has undertaken recent initiatives that collectively re-
examine the BSA regulatory framework and the broader national AML
regime. The overall goal of these initiatives is to upgrade and
modernize the national AML regime, where appropriate, and to facilitate
the ability of the financial industry and corresponding supervisory
authorities to leverage new technologies and risk-management
techniques, share information, discard inefficient and unnecessary
practices, and focus resources on fulfilling the BSA's stated purpose
of providing information with a high degree of usefulness to government
authorities. This ANPRM is intended to further these efforts.
1. The Bank Secrecy Act Advisory Group's AML Effectiveness Working
Group and Recommendations
Annunzio-Wylie required the Secretary to establish a Bank Secrecy
Act Advisory Group (BSAAG).\18\ The statutory purposes of the BSAAG are
to keep private sector representatives informed on a regular basis of
the ways in which BSA reports filed by financial institutions,
including suspicious
[[Page 58025]]
activity reports (SARs), are being used, and to receive advice
regarding the modification of those reporting requirements to enhance
the ability of law enforcement agencies to use the information provided
for law enforcement purposes. The Director of FinCEN chairs the BSAAG,
and its membership includes representatives from financial
institutions, Federal and state regulatory and law enforcement
agencies, and trade groups whose members are subject to the
requirements of the BSA and its regulations, or Section 6050I of the
Internal Revenue Code of 1986. The purposes and membership of the BSAAG
make it an important forum for understanding stakeholder views in
efforts to reform and modernize the national AML regime.
---------------------------------------------------------------------------
\18\ Title XV, sec. 1564 of Public Law 102-550.
---------------------------------------------------------------------------
The BSAAG created an Anti-Money-Laundering Effectiveness Working
Group (AMLE WG) in June 2019 to develop recommendations for
strengthening the national AML regime by increasing its effectiveness
and efficiency. Member stakeholders worked collaboratively throughout
2019 and into 2020 to identify regulatory initiatives that would allow
financial institutions to reallocate resources to better focus on
national AML priorities set by government authorities, increase
information sharing and public-private partnerships, and leverage new
technologies and risk-management techniques--and thus increase the
efficiency and effectiveness of the nation's AML regime.
The resulting recommendations, summarized below in broad
categories, are a collective set of complementary efforts.\19\ The
October 2019 BSAAG plenary received and endorsed the recommendations
from the AMLE WG. This ANPRM is a result of FinCEN's evaluation of
those recommendations and a step toward considering their
implementation. FinCEN anticipates taking additional steps, such as
issuing guidance where appropriate, as FinCEN continues to evaluate the
full set of BSAAG recommendations.
---------------------------------------------------------------------------
\19\ The subsections which follow summarize recommendations
issued by the BSAAG and do not necessarily reflect current
regulatory initiatives, nor do they imply endorsement of, nor
commitment by, the relevant government agencies to implement these
recommendations.
---------------------------------------------------------------------------
a. Developing and Focusing on AML Priorities
The AMLE WG recommended that stakeholders refocus the national AML
regime to place greater emphasis on providing information with a high
degree of usefulness to government authorities based on national AML
priorities, in order to promote effective outputs over auditable
processes and to ensure clearer standards for measuring effectiveness
in evaluating AML programs. The AMLE WG recommended that the relevant
government agencies consider:
Publishing a regulatory definition of AML program
effectiveness;
Developing and communicating national AML priorities as
set by government authorities; and
Issuing clarifying guidance for financial institutions on
the elements of an effective AML program.
b. Reallocation of Compliance Resources
The AMLE WG recommended that stakeholders facilitate BSA compliance
resource reallocation by reducing or eliminating activities that are
not required by law or regulation, make limited contributions to
meeting risk-management objectives, and supply less useful information
to government authorities. Resources freed from these activities could
be reallocated to address areas of risk and national AML priorities.
The AMLE WG recommended that the relevant government agencies consider:
Clarifying current requirements and supervisory
expectations with respect to risk assessments, negative media searches,
customer risk categories, and initial and ongoing customer due
diligence; and
Revising existing guidance or regulations in areas such as
Politically Exposed Persons and the application of existing model-risk-
management guidance to AML systems, in order to improve clarity,
effectiveness, and compliance.
c. Monitoring and Reporting
The AMLE WG recommended that AML monitoring and reporting practices
be modernized and streamlined to maximize efficiency, quality, and
speed of providing data to government authorities with due
consideration for privacy and data security. The AMLE WG recommended
that the relevant government agencies consider:
Clarifying expectations and updating practices for keep-
open letters and suspicious activity monitoring, investigation, and
reporting, including SARs based on grand jury subpoenas or negative
media; and
Supporting potential automation opportunities for high-
frequency/low-complexity SARs and currency transaction reports (CTRs),
and exploring the possibility of streamlined SARs on continuing
activity.
d. Enhancing Information Sharing
Information sharing among financial institutions, regulators, and
law enforcement through partnerships and other existing mechanisms is a
key component of an effective BSA/AML regime. The AMLE WG recommended
steps for enhancing information sharing mechanisms to communicate
national AML priorities, related typologies, and emerging threats, such
as:
Forming a BSAAG-established working group with members
from law enforcement agencies, regulators, and financial institutions
to identify, prioritize, and recommend national AML priorities and
advise on opportunities to communicate typologies, red flags, and other
information related to national AML priorities;
Leveraging existing information-sharing initiatives
between the public and private sectors, including enhanced use of the
BSA's information sharing provisions, sections 314(a) and (b) of the
USA PATRIOT Act, and sharing with foreign affiliates and global
institutions, as appropriate; and
Assessing options for FinCEN and law enforcement agencies
to provide more feedback to financial institutions related to the use
and utility of BSA reports.
e. Advance Regulatory Innovations
The AMLE WG recommended the continued enhancement of the national
AML regime to promote the use of responsible innovations to address new
and emerging money laundering and terrorist financing risks and the
evolving industry landscape, as well as to encourage financial
institutions to pursue more effective and efficient BSA compliance
practices. Measures recommended include steps that financial
institutions could take to better use responsible innovation in meeting
CIP requirements--such as third-party software and service providers--
and studying the impact of financial technology and other emerging non-
bank financial service providers on the AML regime.
III. Elements of an ``Effective and Reasonably Designed'' AML Program
FinCEN, after consulting with the staffs of various supervisory
agencies, and having considered the BSAAG recommendations and other BSA
modernization efforts, is publishing this ANPRM seeking comment on
whether it is appropriate to clearly define a requirement for an
``effective and reasonably designed'' AML program in BSA regulations.
Increasing the
[[Page 58026]]
``effectiveness'' of the national AML regime is a core objective of
recent AML modernization efforts. This term often refers to the
implementation and maintenance of a compliant AML program, but has no
specific, consistent definition in existing regulation. FinCEN believes
that incorporating an ``effective and reasonably designed'' AML program
requirement with a clear definition of ``effectiveness'' \20\ would
allow financial institutions to more efficiently allocate resources and
would impose minimal additional burden on existing AML programs that
already comply under the existing supervisory approach. This
requirement would also seek to implement a common understanding between
supervisory agencies and their supervised financial institutions on the
necessary AML program elements.
---------------------------------------------------------------------------
\20\ There is some variance in the specific AML program
requirements for different types of financial institutions, but
current AML program regulations for most financial institutions
subject to such requirements contain a requirement that either the
AML program as a whole, or the implementation of internal controls,
is ``reasonably designed.'' In addition, current AML program
requirements vary as to whether a financial institution must
implement an AML program that is ``reasonably designed'' to achieve
compliance with the BSA, ``reasonably designed'' to prevent money
laundering or terrorist financing, or both.
---------------------------------------------------------------------------
Specifically, FinCEN is considering regulatory amendments that
would explicitly define an ``effective and reasonably designed'' AML
program as one that:
Identifies, assesses, and reasonably mitigates the risks
resulting from illicit financial activity--including terrorist
financing, money laundering, and other related financial crimes--
consistent with both the institution's risk profile and the risks
communicated by relevant government authorities as national AML
priorities;
Assures and monitors compliance with the recordkeeping and
reporting requirements of the BSA; and
Provides information with a high degree of usefulness to
government authorities consistent with both the institution's risk
assessment and the risks communicated by relevant government
authorities as national AML priorities.
As explained in more detail in the sections that follow, this ANPRM
also seeks comment on whether the AML program regulations \21\ should
be amended to establish an explicit requirement for a risk-assessment
process, as well as whether the Director of FinCEN should issue every
two years a list of national AML priorities, to be called FinCEN's
``Strategic Anti-Money Laundering Priorities.''
---------------------------------------------------------------------------
\21\ See supra note 1.
---------------------------------------------------------------------------
A. Identifying and Assessing Risks
The current AML program rules generally require each financial
institution to implement a system of internal controls to ``assure
ongoing compliance'' \22\ with the BSA. This system of internal
controls includes the policies, procedures, and processes that not only
mitigate the risks associated with the products and services the
financial institution offers and the customers it serves, but also
ensures the financial institution meets regulatory requirements under
the BSA. Under current practice for most financial institutions, the
design of an AML program is based on the risks identified and assessed
by the financial institution through a risk-assessment process. FinCEN
and other supervisory agencies have traditionally viewed a risk
assessment as a critical element of a reasonably designed program,
because a program cannot be considered reasonably designed to achieve
compliance with the recordkeeping and reporting requirements of the BSA
unless the institution understands its risk profile.
---------------------------------------------------------------------------
\22\ See, e.g., 31 CFR 1020.210(b)(1).
---------------------------------------------------------------------------
Even though a financial institution's risk-assessment process is
key to ensuring an effective AML program, it is not an explicit
regulatory requirement for all types of institutions. Given the
importance of the risk-assessment process to establishing an
``effective and reasonably designed'' AML program, FinCEN believes that
it warrants explicit incorporation. FinCEN is considering whether its
AML program regulations should be amended to require the establishment
of a risk-assessment process that includes the identification and
analysis of money laundering, terrorist financing, and other illicit
financial activity risks faced by the financial institution based on an
evaluation of various factors, including its business activities,
products, services, customers, and geographic locations in which the
financial institution does business or services customers.
FinCEN and the Federal Banking Agencies issued a Joint Statement on
Risk-Focused Bank Secrecy Act/Anti-Money Laundering Supervision in 2019
that underscored the importance of a risk-based approach. The statement
clarifies that these agencies' long-standing supervisory approach to
examining for compliance with the BSA considers a financial
institution's risk profile and notes that ``[a] risk-based [AML]
compliance program enables a bank to allocate compliance resources
commensurate with its risk.'' \23\ It further clarifies that a well-
developed risk-assessment process assists examiners in understanding a
bank's risk profile and evaluating the adequacy of its AML program. The
statement also explains that, as part of their risk-focused approach,
examiners review a bank's risk-management practices to evaluate whether
a bank has developed and implemented a reasonable and effective process
to identify, measure, monitor, and control risks. Recognizing that many
financial institutions are conducting risk assessments, FinCEN seeks
comment on the effect to financial institutions' efforts to comply with
AML program requirements of adding a regulatory requirement to conduct
a risk assessment, and the effect, if any, on burden to financial
institutions' processes for complying with AML program requirements.
---------------------------------------------------------------------------
\23\ See Board of Governors of the Federal Reserve System,
Federal Deposit Insurance Corporation, Financial Crimes Enforcement
Network, National Credit Union Administration, and Office of the
Comptroller of the Currency, Joint Statement on Risk-Focused Bank
Secrecy Act/Anti-Money Laundering Supervision (July 22, 2019),
available at https://www.fincen.gov/sites/default/files/2019-10/Joint%20Statement%20on%20Risk-Focused%20Bank%20Secrecy%20Act-Anti-Money%20Laundering%20Supervision%20FINAL1.pdf.
---------------------------------------------------------------------------
B. Consideration of the Strategic AML Priorities in the Risk-Assessment
Process
This ANPRM also seeks comment on whether regulatory amendments
should be made so that an ``effective and reasonably designed'' AML
program would require financial institutions to consider and integrate
national AML priorities into their risk-assessment processes, as
appropriate. FinCEN is considering whether the Director of FinCEN
should issue national AML priorities, to be called its ``Strategic
Anti-Money Laundering Priorities,'' every two years (or more frequently
as appropriate to inform the public and private sector of new
priorities). This ANPRM also seeks comment on whether these priorities
should be considered, among other information, in a financial
institution's risk assessment.
FinCEN does not expect that its Strategic AML Priorities would
capture the universe of all AML priorities, nor would they be intended
to serve as the only priorities informing a risk-assessment process.
Rather, they would seek to articulate FinCEN's existing AML priorities,
informed by a wide range of government and private sector stakeholders,
leveraging the broader priorities established by the National
[[Page 58027]]
Illicit Finance Strategy as determined by the Secretary of the
Treasury--in consultation with the Departments of Justice, State, and
Homeland Security, the Office of the Director of National Intelligence,
the Office of Management and Budget, and the staffs of the Federal
functional regulators--to better aid U.S. institutions in effectively
complying with BSA obligations. Other relevant information that the
Director of FinCEN may consider in determining Strategic AML Priorities
includes, for example, FinCEN Advisories to financial institutions,
which identify emerging risks and provide red flags and typologies that
assist financial institutions in identifying and reporting suspicious
activity; other relevant Treasury Department communications, including
the National Risk Assessments; and information from law enforcement and
other government agencies, and others.
C. Risk Management and Mitigation Informed by Strategic AML Priorities
Building upon the prior two concepts--an explicit risk-assessment
requirement and the publication of Strategic AML Priorities--this ANPRM
also seeks comment as to whether an ``effective and reasonably
designed'' AML program should require that financial institutions
reasonably manage and mitigate the risks identified in the risk-
assessment process by taking into consideration the Strategic AML
Priorities, as appropriate and among other relevant information. FinCEN
believes that the vast majority of financial institutions are
effectively and reasonably managing and mitigating the risks that they
have identified. Under any proposal to incorporate a requirement for an
``effective and reasonably designed'' AML program, FinCEN understands
that institutions may reallocate resources from other lower-priority
risks or practices to manage and mitigate higher-priority risks,
including any identified as Strategic AML Priorities.
Financial institutions may consider how FinCEN's Strategic AML
Priorities impact and inform the risk assessment based on the
institution's size, complexity, business activities, products,
services, customers, and geographic locations in which the financial
institution does business or services customers. This might enhance the
financial institution's engagement with law enforcement and FinCEN to
provide information with a high degree of usefulness to government
authorities. In addition, a financial institution may be better able to
engage with the appropriate level of Federal, state, or local law
enforcement and other government officials to better understand and
address risks within that jurisdiction. This might improve information
sharing, to include requests from FinCEN or other government
authorities, as well as participation in public-private information
sharing forums.
FinCEN recognizes that financial institutions may utilize different
means to demonstrate effectiveness and anticipates that some financial
institutions may determine that their AML programs already sufficiently
assess and mitigate the risks identified as Strategic AML Priorities.
FinCEN also anticipates that many financial institutions may determine
that their business models and risk profiles reflect limited exposure
to risks posed by the threats identified as Strategic AML Priorities,
but may reflect greater exposure to significant and legitimate risks
that may not be identified as Strategic AML Priorities. FinCEN
recognizes and appreciates financial institutions must continue to
identify, reasonably manage, and mitigate these risks consistent with
financial institutions' risk-management processes.
D. Assuring and Monitoring Compliance With the Recordkeeping and
Reporting Requirements of the BSA
FinCEN does not expect that any regulatory changes made in response
to this ANPRM would alter the recordkeeping and reporting requirements
contained in existing BSA regulations. However, this ANPRM seeks
comment as to whether financial institutions' AML program obligations
should be based on the risks identified by the financial institution,
to include consideration of Strategic AML Priorities, where appropriate
and among other information. For example, a financial institution's
process for the implementation of certain requirements, such as
monitoring for suspicious activity, is based on risk. Making clear that
compliance with this aspect of the AML program requirement is risk-
based is consistent with the objectives of increasing effectiveness and
efficiency. It also reflects long-standing supervisory approaches and
expectations.
E. Providing Information With a High Degree of Usefulness
FinCEN believes that the proposed regulatory approach in this ANPRM
furthers the statutory BSA purpose of providing information with a high
degree of usefulness to government authorities. These regulatory
amendments would explicitly define as a goal of the AML program that
financial institutions provide information with a high degree of
usefulness to government authorities consistent with the financial
institution's risk assessment and Strategic AML Priorities, among other
relevant information. FinCEN recognizes that many financial
institutions have developed specialized units that focus on complex
investigations. In addition, financial institutions of all sizes may
collaborate with Federal, state, and local law enforcement, receive
outreach from the government's SAR Review Teams, and often be willing
to engage on relevant issues in their community. FinCEN expects that
any future regulatory amendments to incorporate a requirement for an
``effective and reasonably designed'' AML program would seek to provide
a framework to recognize that these and other collaborative efforts may
provide information with a high degree of usefulness to government
authorities. This recognition, in turn, may provide further incentive
for financial institutions to undertake and apply resources towards
these important initiatives to combat money laundering, terrorist
financing, and other related illicit financial crime. Such an approach
has the potential to increase the overall effectiveness of the national
AML regime by better enabling law enforcement and other users of BSA
reporting to address priority threats to the U.S. financial system.
IV. Issues for Comment
Based on the foregoing, FinCEN is seeking comment from the public,
including industry, law enforcement, regulators, other consumers of BSA
data, and any other interested parties, concerning a potential
rulemaking to incorporate a requirement for an ``effective and
reasonably designed'' AML program into AML program regulations and to
provide clarity on its application. Specifically, FinCEN requests
public comment on the following:
Question 1: Does this ANPRM make clear the concept that FinCEN is
considering for an ``effective and reasonably designed'' AML program
through regulatory amendments to the AML program rules? If not, how
should the concept be modified to provide greater clarity?
Question 2: Are this ANPRM's three proposed core elements and
objectives of an ``effective and reasonably designed'' AML program
appropriate? Should FinCEN make any changes to the three proposed
elements of an ``effective and reasonably designed''
[[Page 58028]]
AML program in a future notice of proposed rulemaking?
As described above, FinCEN is considering regulatory amendments
that would define an ``effective and reasonably designed'' program as
one that:
Identifies, assesses, and reasonably mitigates the risks
resulting from illicit financial activity, including terrorist
financing, money laundering, and other related financial crimes,
consistent with both the institution's risk profile and the risks
communicated by relevant government authorities as national AML
priorities;
Assures and monitors compliance with the recordkeeping and
reporting requirements of the BSA; and
Provides information with a high degree of usefulness to
government authorities consistent with both the institution's risk
assessment and the risks communicated by relevant government
authorities as national AML priorities.
Question 3: Are the changes to the AML regulations under
consideration in this ANPRM an appropriate mechanism to achieve the
objective of increasing the effectiveness of AML programs? If not, what
different or additional mechanisms should FinCEN consider?
Question 4: Should regulatory amendments to incorporate the
requirement for an ``effective and reasonably designed'' AML program be
proposed for all financial institutions currently subject to AML
program rules? Are there any industry-specific issues that FinCEN
should consider in a future notice of proposed rulemaking to further
define an ``effective and reasonably designed'' AML program?
FinCEN notes that, as regulations for different segments of the
financial industry have been promulgated at different times in the
past, such AML program regulations have evolved and, consequently,
contain provisions that differ among the various industries subject to
AML program requirements. For example, the AML program requirement for
money services businesses (31 CFR 1022.210(a)) already contains an
effectiveness component.\24\ FinCEN invites comments from all covered
industries subject to AML program regulations as to how a requirement
for an ``effective and reasonably designed'' AML program would impact
their industry. Furthermore, FinCEN invites comment as to whether any
industry-specific modifications would be appropriate to consider in
future rulemaking.
---------------------------------------------------------------------------
\24\ Specifically it provides that each money services business,
as defined by Sec. 1010.100(ff), shall develop, implement, and
maintain an effective anti-money laundering program. An effective
anti-money laundering program is one that is reasonably designed to
prevent the money services business from being used to facilitate
money laundering and the financing of terrorist activities.
---------------------------------------------------------------------------
Question 5: Would it be appropriate to impose an explicit
requirement for a risk-assessment process that identifies, assesses,
and reasonably mitigates risks in order to achieve an ``effective and
reasonably designed'' AML program? If not, why? Are there other
alternatives that FinCEN should consider? Are there factors unique to
how certain institutions or industries develop and apply a risk
assessment that FinCEN should consider? Should there be carve-outs or
waivers to this requirement, and if so, what factors should FinCEN
evaluate to determine the application thereof?
Question 6: Should FinCEN issue Strategic AML Priorities, and
should it do so every two years or at a different interval? Is an
explicit requirement that risk assessments consider the Strategic AML
Priorities appropriate? If not, why? Are there alternatives that FinCEN
should consider?
Question 7: Aside from policies and procedures related to the risk-
assessment process, what additional changes to AML program policies,
procedures, or processes would financial institutions need to implement
if FinCEN implemented regulatory changes to incorporate the requirement
for an ``effective and reasonably designed'' AML program, as described
in this ANPRM? Overall, how long of a period should FinCEN provide for
implementing such changes?
FinCEN seeks comment on specific programmatic changes. For example,
how might the allocation of personnel change because of the possible
regulatory amendments discussed in this ANPRM, and what processes would
be required to reallocate AML compliance resources for different
responsibilities? How long would such programmatic changes take to
conceive, test, and implement? Would this vary by size of institution
or across industry segments? If so, how? In addition to due diligence
and monitoring processes, what other methods to mitigate risks are
financial institutions engaged in? Should FinCEN add via future
regulation more specific risk-mitigation requirements to ensure that
controls are commensurate with the risks undertaken, and how might
these risk-mitigation requirements vary by industry?
Question 8: As financial institutions vary widely in business
models and risk profiles, even within the same category of financial
institution, should FinCEN consider any regulatory changes to
appropriately reflect such differences in risk profile? For example,
should regulatory amendments to incorporate the requirement for an
``effective and reasonably designed'' AML program be proposed for all
financial institutions within each industry type, or should this
requirement differ based on the size or operational complexity of these
financial institutions, or some other factors? Should smaller, less
complex financial institutions, or institutions that already maintain
effective BSA compliance programs with risk assessments that
sufficiently manage and mitigate the risks identified as Strategic AML
Priorities, have the ability to ``opt in'' to making changes to AML
programs as described in this ANPRM?
FinCEN appreciates that financial institutions vary considerably in
size and complexity, and even well-intentioned regulatory actions that
impact such a diverse collection of financial institutions can result
in unintended consequences. Accordingly, FinCEN specifically requests
comment on how the practical impact of the regulatory proposals
described in this ANPRM could vary in implementation for institutions
of differing size and complexity, and whether changes in approach--such
as an opt-in decision--would be advisable. If greater flexibility is
recommended, FinCEN requests comments as to whether any resultant
divergence in AML program implementation might present financial crime
vulnerabilities, and if so, how such vulnerabilities could be
mitigated. If different requirements are recommended based on the size
and/or operational complexity of financial institutions, please
describe what thresholds and parameters might be appropriate, and why.
Question 9: Are there ways to articulate objective criteria and/or
a rubric for examination of how financial institutions would conduct
their risk-assessment processes and report in accordance with those
assessments, based on the regulatory proposals under consideration in
this ANPRM?
FinCEN appreciates that, in order for the regulatory proposals as
described in this ANPRM to achieve the objective of increased
effectiveness of the overall U.S. AML regime, the supervisory process
must support and reinforce this objective. Indeed, FinCEN has consulted
with the staffs of various Federal supervisory agencies in developing
this ANPRM, and FinCEN requests comments on how the supervisory regime
could best support the objectives as identified in this ANPRM.
[[Page 58029]]
Question 10: Are there ways to articulate objective criteria and/or
a rubric for independent testing of how financial institutions would
conduct their risk-assessment processes and report in accordance with
those assessments, based on the regulatory proposals under
consideration in this ANPRM?
FinCEN appreciates that the regulatory proposals described in this
ANPRM may require changes in the implementation of independent testing
by financial institutions in order to achieve the objectives as
described in this ANPRM. Therefore, FinCEN also seeks comments on how a
future rulemaking could best facilitate effective independent testing
of risk assessments and other financial institution processes, as may
be revised consistent with the proposals set forth in this ANPRM.
Question 11: A core objective of the incorporation of a requirement
for an ``effective and reasonably designed'' AML program would be to
provide financial institutions with greater flexibility to reallocate
resources towards Strategic AML Priorities, as appropriate. FinCEN
seeks comment on whether such regulatory changes would increase or
decrease the regulatory burden on financial institutions. How can
FinCEN, through future rulemaking or any other mechanisms, best ensure
a clear and shared understanding in the financial industry that AML
resources should not merely be reduced as a result of such regulatory
amendments, but rather should, as appropriate, be reallocated to higher
priority areas?
FinCEN specifically encourages commenters to provide quantifiable
data, if available, that supports any views on whether the regulatory
proposals under consideration would impact financial institutions'
regulatory burden. FinCEN also invites comment with regard to how
FinCEN and other supervisory authorities could best reinforce the
importance of maintaining an appropriate level of BSA compliance
resources if regulatory amendments are promulgated as described in this
ANPRM.
V. Conclusion
With this ANPRM, FinCEN is seeking input on the questions set forth
above. FinCEN is soliciting comments on the impact to the public,
including industry, law enforcement, regulators, other consumers of BSA
data, and any other interested parties, and welcomes comments on all
aspects of the ANPRM. All interested parties are encouraged to provide
their views.
VI. Special Analysis
This advance notice of proposed rulemaking is a significant
regulatory action under Executive Order 12866 and has been reviewed by
the Office of Management and Budget.
Dated: September 14, 2020.
Michael Mosier,
Deputy Director, Financial Crimes Enforcement Network.
[FR Doc. 2020-20527 Filed 9-16-20; 8:45 am]
BILLING CODE 4810-02-P