Alerts
FinCEN Issues Proposed Rule to Strengthen and Modernize AML/CFT Programs for Financial Institutions
August 16, 2024
On June 28, 2024, the US Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) issued a notice of proposed rulemaking that would amend existing anti-money laundering/countering the financing of terrorism (“AML/CFT”) program[1] regulations to require that financial institutions establish, implement and maintain effective, risk-based and reasonably designed AML/CFT programs with certain minimum components, including a mandatory risk assessment process (hereinafter, “Proposed Rule”).[2] For purposes of the Proposed Rule, “financial institutions” include: banks; broker dealers; mutual funds; futures commission merchants (“FCMs”) and introducing brokers in commodities (“IB-Cs”); insurance companies; money services businesses (“MSBs”); casinos and card clubs; dealers in precious metals, precious stones or jewels; operators of credit card systems; loan or finance companies; and housing government sponsored enterprises.[3] In addition to establishing minimum risk assessment requirements for these AML/CFT programs, the Proposed Rule would require that financial institutions document each component of their AML/CFT programs and make this documentation available to FinCEN or its designee, which can include the appropriate agency to which FinCEN has delegated examination authority,[4] or the appropriate SRO.[5] The Proposed Rule would also require that these AML/CFT programs be approved and overseen by the financial institution’s board of directors or, if the financial institution does not have a board of directors, an equivalent governing body.
Additionally, on August 9, 2024, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration and the Office of the Comptroller of the Currency (collectively, the “Agencies”) issued a joint notice of proposed rulemaking that proposes amendments to their respective AML/CFT program rules to align those rules with the Proposed Rule.[6] The intent of the Agencies is to have their AML/CFT program requirements for banks remain consistent with those imposed by FinCEN.[7]
The public comment period for the Proposed Rule will remain open until Sept. 1, 2024. FinCEN proposed that the final rule be effective six months from the date of the issuance of the final rule. The public comment period for the Agencies’ Proposed Rule will remain open until Oct. 8, 2024.
Background for Proposed AML/CFT Program Enhancements
In order to more fully understand the purpose of the Proposed Rule, it must be read in the context of various other steps taken by FinCEN to enhance AML/CFT programs, including prior FinCEN rulemaking activity and passage of the Anti-Money Laundering Act of 2020 (“AML Act”). For example, prior to the enactment of the AML Act, FinCEN published an advanced notice of proposed rulemaking seeking public comment on potential regulatory amendments to increase the effectiveness of the existing AML program rules (“Effectiveness ANPRM”).[8] Specifically, the Effectiveness ANPRM proposed amending the Bank Secrecy Act (“BSA”) to explicitly define an “effective and reasonably designed” AML/CFT program as one that (i) identifies, assesses and reasonably mitigates the risks resulting from illicit activity consistent with the institution’s risk profile and the risks communicated by relevant government authorities as national AML/CFT priorities; (ii) assures and monitors compliance with the recordkeeping and reporting requirements of the BSA; and (iii) provides information with a high degree of usefulness to government authorities consistent with both the institution’s risk assessment and the risks communicated by relevant government authorities as national AML/CFT priorities.[9] The Effectiveness ANPRM signaled FinCEN’s intention for AML program rules to provide financial institutions with greater flexibility in the allocation of resources and better align AML priorities across industry and government. It also sought comment on whether FinCEN should amend its regulations to explicitly require financial institutions to implement risk assessment processes and whether FinCEN should publish AML priorities that financial institutions would incorporate into their risk assessments. There was broad agreement among commenters that the rulemaking was an important opportunity to modernize AML programs in order to manage money laundering/terrorist financing (“ML/TF”)[10] risks more effectively and efficiently.[11]
In the preamble to the Proposed Rule, FinCEN expressed its intent that the Proposed Rule work in concert with the AML Act to promote critical feedback loops among FinCEN, law enforcement, financial institutions and financial regulators.[12] Several provisions of the AML Act advance this goal of promoting feedback loops, including: (i) the establishment of a public-private information sharing partnership among law enforcement agencies, national security agencies, financial institutions and FinCEN;[13] (ii) the establishment of an Office of Domestic Liaison with liaisons located across the country to facilitate information sharing between financial institutions and FinCEN, as well as their federal functional regulators, state bank supervisors and state credit union supervisors;[14] (iii) the establishment of a supervisory team of relevant federal agencies, private sector experts and other stakeholders to examine strategies to increase cooperation between the public and private sectors;[15] (iv) the requirement that FinCEN periodically publish threat pattern and trend information regarding the preparation, use and value of Suspicious Activity Reports (“SARs”) filed by financial institutions;[16] (v) the requirement that the Attorney General provide an annual report on the use of BSA data derived from financial institutions’ BSA reporting;[17] and (vi) the requirement that FinCEN, to the extent practicable, provide particularized feedback to financial institutions on their SARs.[18]
FinCEN also views the Proposed Rule as an important component in furtherance of the Department of the Treasury’s April 2023 De-Risking Strategy (“De-Risking Strategy”) issued pursuant to the AML Act.[19] De-risking refers to the phenomenon whereby financial institutions – rather than taking reasonable steps toward risk mitigation – opt to terminate or restrict business relationships with particular clients or categories of clients in an effort to avoid risk or liability associated with AML/CFT compliance obligations. The De-Risking Strategy identified the customer categories most impacted by de-risking as small- and medium-sized MSBs, non-profit organizations operating abroad in high-risk jurisdictions and foreign financial institutions with low correspondent banking transaction volumes, particularly where there are high ML/TF risks.[20]
FinCEN notes that the effectiveness of implementation of the Proposed Rule by financial institutions would largely depend on the strength of their cultures of compliance.[21] As described in FinCEN’s 2014 culture of compliance advisory (“2014 Advisory”), a culture of compliance involves demonstrable support and visible commitment from leadership, the dedication of adequate resources to AML/CFT compliance, effective information sharing throughout the financial institution, qualified and independent testing, and an understanding across leadership and staff levels of the importance of BSA reports.[22] In a broader effort to modernize the AML/CFT regime, FinCEN is reviewing its 2014 Advisory and welcomes comment on whether additional guidance on promoting a culture of compliance within financial institutions is needed.
Proposed Components of an Effective, Risk-Based and Reasonably Designed AML/CFT Program
The AML Act notes that “effective” AML/CFT programs safeguard national security and generate significant public benefits by (i) preventing the flow of illicit funds into the US financial system and (ii) assisting law enforcement and national security agencies with the identification and prosecution of persons attempting to launder money and undertake other illicit finance activity through the US financial system.[23] The AML Act further provides that AML/CFT programs are to be risk-based and reasonably designed to assure and monitor compliance with the requirements of the BSA.[24] The Proposed Rule would implement these statutory provisions of the AML Act by explicitly requiring financial institutions to establish, implement and maintain effective, risk-based and reasonably designed AML/CFT programs. The current program rules use inconsistent terms across financial institutions to describe AML/CFT requirements.[25] To improve consistency, the Proposed Rule would apply the same set of terms to describe establishing, implementing and maintaining AML/CFT programs.[26] Importantly, FinCEN does not intend for these changes to substantively change current regulatory expectations.[27]
Under the Proposed Rule, an effective, risk-based and reasonably designed AML/CFT program would need to include, at a minimum:
- A risk assessment process that serves as the basis for the financial institution’s AML/CFT program;
- Internal policies, procedures and controls that are commensurate with the financial institutions’ ML/TF risks and ensure ongoing compliance with the BSA and its implementing regulations;
- A qualified AML/CFT officer who is accessible to, and subject to oversight and supervision by, FinCEN and the appropriate Federal functional regulator;
- An ongoing employee training program;
- Independent, periodic testing conducted by qualified personnel of the financial institution or by a qualified outside party; and
- Other requirements depending on the type of institution, such as customer due diligence (“CDD").
FinCEN expects that these components do not function in isolation, but rather complement each other. This holistic approach extends to the collection and use of information to identify and mitigate ML/TF risks, the consideration of resources, and the ongoing calibration of the AML/CFT program consistent with the financial institution’s risk assessment process.
1. Risk Assessment Process
The AML/CFT Program Proposed Rule would impose a new obligation on financial institutions to establish internal risk assessment processes that identify, evaluate and document the financial institution’s ML/TF risks, including consideration of: (i) the AML/CFT priorities issued by FinCEN, as appropriate; (ii) the ML/TF risks of the financial institution’s business activities, including products, services, distribution channels, customers, intermediaries, geographic locations and information obtained pursuant to section 314(b); and (iii) reports filed by the financial institution with FinCEN, such as SARs and Currency Transaction Reports (“CTRs”), Forms 8300, and other relevant BSA reports and advisories.[28]
i. AML/CFT Priorities
FinCEN proposes to add a new definition of “AML/CFT Priorities” that would refer to the most recent statement of AML/CFT Priorities FinCEN published on June 30, 2021.[29] Under the Proposed Rule, financial institutions would have to ensure that their risk assessment processes take into account changes to the AML/CFT Priorities as they become available.[30] FinCEN would be required to update these Priorities not less frequently than once every four years, and financial institutions would only be required to incorporate the most up-to-date set of AML Priorities into their risk-based AML/CFT programs.[31]
ii. Identifying and Evaluating ML/TF and Other Illicit Finance Activity Risks
In addition to the AML/CFT Priorities, the Proposed Rule would require a risk assessment process to incorporate other illicit finance activity risks based on the financial institution’s business activities, including products, services, distribution channels, customers, intermediaries and geographic locations.[32]
“Distribution channels” refer to the methods and tools through which a financial institution opens accounts and provides products or services, including, for example, through the use of remote or other non-face-to-face means.[33]
“Intermediaries” broadly include financial relationships other than customer relationships that allow financial activities by, at or through a financial institution.[34] An intermediary can include brokers, agents and suppliers that facilitate the introduction or processing of financial transactions, financial products and services, and customer-related financial activities.[35] One example of an intermediary is where a broker-dealer establishes an omnibus account for a financial intermediary (such as an investment adviser) that, in turn, establishes a sub-account for the intermediary’s clients, whose information may or not be disclosed to the broker-dealer.[36] FinCEN notes that an intermediary may have its own independent obligations to comply with the BSA if it meets the definition of a financial institution subject to the BSA and FinCEN’s implementing obligations.[37]
FinCEN encourages financial institutions to also consider information identified from responding to section 314(a) requests and information obtained from other financial institutions, such as emerging risks and typologies identified through section 314(b) information sharing.
FinCEN requests comment as to whether: (a) additional explanation of “distribution channels” and “intermediaries” is required; (b) any other factors should be considered in determining the ML/TF risks of financial institutions’ business activities; and (c) further clarity is needed regarding the timeliness, completeness and accuracy of the information, analysis and documentation required as part of the risk assessment process.
iii. Review of Reports, Including SARs, CTRs and Forms 8300
The Proposed Rule would require financial institutions to review and evaluate reports filed by the financial institution with FinCEN pursuant to 31 C.F.R. chapter X, including SARs, CTRs and Forms 8300.[38] FinCEN notes that while many financial institutions already incorporate a review of SARs and CTRs into their AML/CFT programs, FinCEN included the review requirement in the Proposed Rule because such reports can provide financial institutions with a more complete understanding of their customers' and their own ML/TF risk profiles, in addition to signaling areas of emerging risk as their products and services evolve and change.[39] FinCEN requests comment on the benefits and burdens that reviewing reports filed by the financial institution may present.
iv. Frequency of Updates to Financial Institutions’ Risk Assessments
Under the Proposed Rule, financial institutions would be required to update their risk assessments on a periodic basis, including, at a minimum, when there are material changes in their risk profile. For example, a financial institution would be required to update its risk assessment when new products, services and customer types are introduced, when existing products, services and customer types undergo material changes, or when the financial institution as a whole expands or contracts through mergers, acquisitions, sell-offs, dissolutions and liquidations.[40] FinCEN requests comment on whether additional clarity is needed with respect to the frequency financial institutions would be required to update their risk assessments and the material changes that would warrant such updates. FinCEN also requests comment on whether additional clarity is needed regarding the similarities and differences between a risk assessment process and a risk assessment, particularly with respect to the frequency and material changes requiring financial institutions to update their risk assessment using the process proposed in this rule.[41]
2. Internal Policies, Procedures and Controls
While the BSA already requires that financial institutions have internal controls as part of their AML/CFT programs, the Proposed Rule would impose a new obligation on financial institutions to take the steps necessary to ensure their internal policies, procedures and controls are commensurate with their specific ML/TF risks.[42] In particular, the Proposed Rule would require financial institutions to reasonably manage and mitigate risks using internal policies, procedures and controls that are adjusted to their institution-specific ML/TF risks using the required risk assessment process.[43] Importantly, the Proposed Rule would provide financial institutions with the regulatory flexibility to consider innovative approaches to complying with BSA, including determining not only the total amount of resources but also the nature of those resources in addressing the financial institution’s ML/TF risks.[44]
FinCEN requests comment on several questions related to innovative approaches to BSA compliance, including whether there are aspects of the Proposed Rule that may be considered barriers to innovation and what, if any, innovative approaches and technology financial institutions currently use, or are considering using, such as artificial intelligence and machine learning.
3. AML/CFT Officer
The BSA already requires financial institutions that are obligated to have an AML/CFT program to have a designated AML/CFT officer, and there are slight variations in the existing AML/CFT officer requirements for different types of financial institutions.[45] The Proposed Rule would provide technical changes to this provision to promote clarity and consistency across all financial institutions. Specifically, the Proposed Rule would require AML/CFT programs to designate one or more qualified individuals to be responsible for coordinating and monitoring day-to-day compliance with the requirements and prohibitions of the BSA and FinCEN’s implementing regulations.[46]
Under the Proposed Rule, whether an individual is sufficiently qualified as an AML/CFT officer will depend, in part, on the financial institution’s ML/TF risk profile, as informed by the results of the financial institution’s risk assessment process.[47] Among other criteria, a qualified AML/CFT officer would have the expertise and experience to adequately perform the duties of the position, including having sufficient knowledge and understanding of the financial institution as informed by the financial institution’s risk assessment process, US AML/CFT laws and regulations, and how those laws and regulations apply to the financial institution and its activities.[48] FinCEN notes that the actual title of the individual responsible for day-to-day AML/CFT compliance is not determinative and the person need not be an “officer” of the financial institution, but that the individual’s authority, independence and access to resources within the financial institution are critical. Relevant resources include: adequate compliance funds and staffing with the skills and expertise appropriate to the financial institution’s risk profile, size and complexity; an organizational structure that supports compliance and effectiveness; and sufficient technology and systems to support the timely identification, measurement, monitoring, reporting and management of the financial institution’s ML/TF and other illicit finance activity risks.[49] Importantly, FinCEN notes that an AML/CFT officer who has multiple additional job duties or conflicting responsibilities that adversely impact the officer’s ability to effectively coordinate and monitor day-to-day AML/CFT compliance would generally not fulfill the access-to-resources requirement.[50]
While the AML/CFT officer provisions of the Proposed Rule would not impose new obligations on financial institutions, any changes in costs or burdens associated with these provisions would be based on how the financial institution’s risk assessment process impacts its specific ML/TF risk profile.
4. Training
The BSA already requires financial institutions to incorporate an ongoing employee training program into their AML/CFT program.[51] The Proposed Rule would amend these requirements to provide that, to be effective, risk-based and reasonably designed, an AML/CFT program must include an ongoing employee training program that is also risk-based. Specifically, the Proposed Rule would require financial institutions to focus their training programs on areas of risk as identified by the risk assessment process and base the periodic nature of their employee training programs on their specific ML/TF risk profile.[52] The Proposed Rule would also require financial institutions’ employee training programs to incorporate current developments and changes to AML/CFT regulatory requirements, in addition to other new information that is made available to them in connection with their AML/CFT program requirements.[53]
5. Independent Testing
The BSA already requires financial institutions to include independent testing in their AML/CFT programs.[54] The Proposed Rule would standardize the existing AML program rules to require that all financial institutions’ AML/CFT Programs include independent, periodic testing to be conducted by qualified personnel of the financial institution or by a qualified outside party.[55] While the independent testing component of the Proposed Rule does not add new obligations, any additional costs or burdens associated with this component would be based on how the financial institution’s risk assessment process impacts its specific ML/TF risk profile. Importantly, the Proposed Rule does not specify the frequency with which periodic independent testing is to be conducted. Rather, FinCEN expects the frequency of periodic independent testing to vary based on each financial institution’s risk profile and material changes to the financial institution’s risk profile and overall risk management strategy as informed by the financial institution’s risk assessment process.[56] FinCEN invites comment on whether and how the Proposed Rule’s addition of “periodic” to the independent testing component of the existing AML program rules will change this component of financial institutions’ AML/CFT programs.
6. Other Components of an Effective, Risk-based and Reasonably Designed AML/CFT Program
The Proposed Rule would retain existing additional AML/CFT program rule requirements with minimal conforming changes. For example, the existing AML program CDD requirements, the use of automated systems, suspicious activity reporting, recordkeeping and the role of agents and brokers, would remain substantively unchanged.[57] However, the Proposed Rule would amend and add new obligations to the existing AML program rules to make these rules consistent across financial institutions. Such amended and revised requirements include the documentation of AML/CFT programs, AML/CFT program approval and oversight, and the AML/CFT program US person requirement.
i. CDD Requirements
The Proposed Rule would retain the existing CDD provisions for banks, broker-dealers, mutual funds, FCMs and IB-Cs.[58] However, the Corporate Transparency Act (“CTA”) requires FinCEN to revise the CDD Rule no later than one year after the effective date of the beneficial ownership information reporting regulations, which was Jan. 1, 2024.[59] FinCEN notes that the substance of the CDD Rule, and therefore the obligations of financial institutions, may change as a result of FinCEN’s revision to the CDD Rule.[60] FinCEN does not plan to propose changes to financial institutions’ CDD requirements until the revisions to the CDD Rule are completed.
ii. Availability Requirement
While the AML Act already requires that financial institutions have written AML/CFT programs, there is some variation in the specific language used for different types of financial institutions. The Proposed Rule would provide a consistent standard by requiring that an AML/CFT program and each of its components be documented, and that such documentation be made available to FinCEN or its designee, which can include the appropriate agency to which FinCEN has delegated examination authority or the appropriate SRO.[61] While the Proposed Rule would not establish a new obligation with respect to AML/CFT program documentation, any additional compliance costs or burdens would be based on the financial institution’s risk assessment process and its impact on the financial institution’s AML/CFT program and underlying components.
iii. Proposed AML/CFT Program Staff and Operations US Person Requirement
The Proposed Rule would incorporate the existing AML Act requirement that the duty to establish, maintain and enforce the AML/CFT program must remain the responsibility of, and be performed by, persons in the US who are accessible to, and subject to oversight and supervision by, FinCEN and the financial institution’s federal functional regulator, if applicable.[62] FinCEN recognizes that many financial institutions have AML/CFT operations and staff outside of the US, or contract or delegate parts of their AML/CFT operations to third-party providers located outside of the US.[63] Accordingly, FinCEN requests comment on several questions related to this provision, including the scope of the US person requirement and the obligations of persons that are covered.
iv. Proposed AML/CFT Board Approval and Oversight Requirements
The Proposed Rule would modify the existing AML program rules to make the AML/CFT program approval and oversight requirements consistent across financial institution types.[64] Under the Proposed Rule, financial institutions must have their AML/CFT programs approved and overseen by their board of directors or, if the financial institution does not have a board of directors, an equivalent governing body.[65] For financial institutions without a board of directors, the equivalent governing body can take different forms. The equivalent governing body might be a sole proprietor, owner(s), general partner, trustee, senior officer(s), or other persons that have functions similar to a board of directors, including senior management.[66] For the US branch of a foreign bank, the equivalent governing body may be the foreign banking organization’s board of directors or delegates acting under the board’s express authority.[67] Although some financial institutions must already obtain board approval for their AML/CFT programs or be subject to oversight by a board of directors or equivalent governing body, the Proposed Rule’s approval and oversight requirement will represent a change in requirements for certain financial institutions.
The Proposed Rule’s oversight requirement contemplates appropriate and effective oversight measures, such as governance mechanisms, escalation and reporting lines, to ensure that the financial institution’s board or equivalent governing body can properly oversee whether AML/CFT programs are operating in an effective, risk-based and reasonably designed manner.[68] FinCEN notes that, in some instances, the Proposed Rule’s focus on oversight may require changes to the frequency and manner of reporting to the board, which may in turn result in additional costs and burdens for affected entities.[69]
FinCEN requests comment on several questions related to the board approval and oversight component of the Proposed Rule, including whether its requirement for board or equivalent governing body approval and oversight of AML/CFT programs is consistent with industry practice and whether the Proposed Rule should specify the frequency with which a board of directors or equivalent governing body must review, approve and oversee the financial institution’s AML/CFT program.
v. Proposed Changes to Promote Modernization, Clarification and Consistency
The Proposed Rule would make other revisions to modernize the AML/CFT program rules and promote consistency across the AML/CFT program rules applicable to all financial institutions. The majority of these changes are technical, such as renumbering provisions, amending cross-references and updating statutory references based on changes to the BSA from the AML Act.
For example, the Proposed Rule would apply the existing AML program rules for banks lacking a federal regulator to the AML program rules for banks that do have a federal regulator, so it would no longer be necessary to have two sets of AML program rules for banks.[70] The existing AML program rule for banks lacking a federal regulator requires them to: (i) have their AML programs approved by the board of directors or, if the bank does not have a board of directors, an equivalent governing body within the bank; and (ii) make a copy of their AML programs available to FinCEN or its designee upon request.[71] In effect, the Proposed Rule would explicitly consolidate the approval, oversight and availability requirements discussed earlier in this Alert into a single set of rules applicable to all banks.
Importantly, the Proposed Rule as it applies to broker-dealers, FCMs and IB-Cs would retain the existing requirement that their AML/CFT programs comply with the rules, regulations or requirements of their governing SROs, provided the rules, regulations or requirements of their governing SROs have been made effective by the appropriate Federal functional regulator in consultation with FinCEN.[72]
Takeaways
The Proposed Rule is designed to promote consistency across FinCEN’s AML/CFT program rules for all financial institutions. If finalized as proposed, the Proposed Rule will require all financial institutions to engage in a risk assessment process. The Proposed Rule will also add new, more nuanced compliance obligations for financial institutions. Financial institutions should review their existing internal policies, procedures and controls to understand how the Proposed Rule may require changes. Financial institutions should also consider providing comments to FinCEN, including on the definitions of “distribution channels” and “intermediaries”; the frequency financial institutions would be required to update their risk assessments and the material changes warranting such updates; and the frequency of audits and reports to a board of directors or equivalent governing body, including the manner of reporting that would be required.
Authored by Betty Santangelo, Melissa G.R. Goldstein, Kyle B. Hendrix and Noah A. Wright.
If you have any questions concerning this Alert, please contact your attorney at Schulte Roth & Zabel or one of the authors.
[1] Among other things, the Anti-Money Laundering Act of 2020 (“AML Act”) amended the Bank Secrecy Act to add a reference to “countering the financing of terrorism” as part of the requirement that financial institutions establish an AML program. AML Act, § 6101(a). According to FinCEN, the inclusion of “CFT” in the program rules is not anticipated to establish new obligations. FinCEN, Notice of Proposed Rulemaking, Anti-Money Laundering and Countering the Financing of Terrorism Programs, 89 Fed. Reg. 55428, 55435 (July 3, 2024), available here (hereinafter, “Proposed Rule”).
[2] For more information regarding the AML Act generally, please see our prior Alert, “Passage of Anti-Money Laundering Act of 2020 Includes Comprehensive BSA/AML Reform Measures.”
[3] Proposed Rule, 89 Fed. Reg. at 55428 (citing 31 C.F.R. § 1010.100(t) to (ff)). On Feb. 15, 2024, FinCEN proposed applying certain BSA requirements to certain investment advisers, including adding “investment adviser” to the definition of “financial institution” under the BSA. The proposed rule for certain investment advisers does not generally reflect the proposals in this Proposed Rule, but we assume that if the proposed rule for certain investment advisers is finalized as proposed, the Proposed Rule will ultimately incorporate those changes. For more information regarding FinCEN’s proposed AML/CFT program requirements for investment advisers, please see our prior Alert, “FinCEN Once Again Proposes Anti-Money Laundering Program Requirements for Investment Advisers.”
[4] Proposed Rule, 89 Fed. Reg. at 55444 (citing 31 C.F.R. § 1010.810(b)).
[5] Id. at 55444. For broker-dealers, FinCEN recognizes the SEC as the federal functional regulator, and registered national securities exchanges or national securities associations such as the Financial Industry Regulatory Authority, as the governing SROs. Id. at n.125. For FCMs and IB-Cs, FinCEN recognizes the Commodities and Futures Trading Commission as the federal functional regulator, and the National Futures Association as the governing SRO. Id.
[6] Office of the Comptroller of the Currency, Federal Reserve, Federal Deposit Insurance Corporation and National Credit Union Association, Notice of Proposed Rulemaking, Anti-Money Laundering and Countering the Financing of Terrorism Program Requirements, 89 Fed. Reg. 65242 (Aug. 9, 2024), available here.
[7] FinCEN, Office of the Comptroller of the Currency, Federal Reserve, Federal Deposit Insurance Corporation and National Credit Union Association, Interagency Statement on the Issuance of the AML/CFT Program Notices of Proposed Rulemaking (July 19, 2024), available here.
[8] FinCEN, Advanced Notice of Proposed Rulemaking, Anti-Money Laundering Program Effectiveness, 85 Fed. Reg. 58023 (Sept. 17, 2020), available here.
[9] Id. at 58026.
[10] Proposed Rule, 89 Fed. Reg. at 55430. The Proposed Rule uses “ML/TF” to refer to risks and “AML/CFT” to refer to programs and priorities.
[11] Congress enacted the AML Act shortly after FinCEN received comments on the Effectiveness ANPRM, and as a result, there was no further action on the Effectiveness ANPRM. Notably, many of the Effectiveness ANPRM’s proposals were superseded by the AML Act’s statutory amendments to the BSA.
[12] Proposed Rule, 89 Fed. Reg. at 55432.
[13] AML Act, § 6103.
[14] AML Act, § 6107.
[15] AML Act, § 6214.
[16] AML Act, § 6206.
[17] AML Act, § 6201.
[18] AML Act, § 6203(a). See Proposed Rule, 89 Fed. Reg. at 55433 n.51.
[19] Treasury, The Department of the Treasury’s De-Risking Strategy (April 2023), available here.
[20] De-Risking Strategy at 2.
[21] Proposed Rule, 89 Fed. Reg. at 55434.
[22] Id. (citing FIN-2014-A007, Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance (Aug. 11, 2014), available here).
[23] AML Act, § 6101(a).
[24] Id.
[25] Proposed Rule, 89 Fed. Reg. at 55436.
[26] Id.
[27] Id.
[28] Proposed Rule, 89 Fed. Reg. at 55437.
[29] FinCEN, Anti-Money Laundering and Countering the Financing of Terrorism Priorities (June 30, 2021), available here.
[30] Proposed Rule, 89 Fed. Reg. at 55440 n.95.
[31] Id. at 55438.
[32] Id.
[33] Id.
[34] Id. at 55439.
[35] Id.
[36] Id. at 55439 n.90.
[37] Id. at 55439.
[38] Proposed Rule, 89 Fed. Reg. at 55439.
[39] Id.
[40] Id. at 55440.
[41] Id.
[42] Proposed Rule, 89 Fed. Reg. at 55439.
[43] Id. at 55440.
[44] Id. (“For example, if the financial institution’s marketing or relationship management teams use internet or app-based data for commercial purposes, it would be reasonable for that financial institution’s AML/CFT program to consider using similar technology or approaches in managing and mitigating the financial institution’s ML/TF risks”).
[45] Id. at 55441 (citing BSA, 31 U.S.C. § 5318(h)(1)(B)).
[46] Id. at 55441.
[47] Id.
[48] Id.
[49] Id.
[50] Proposed Rule, 89 Fed. Reg. at 55441.
[51] Id. at 55442 (citing BSA, 31 U.S.C. § 5318(h)(1)(C)).
[52] Id. at 55442.
[53] Id.
[54] Id. at 55443 (citing BSA, 31 U.S.C. § 5318(h)(1)(D)).
[55] Id. at 55443.
[56] Id.
[57] Proposed Rule, 89 Fed. Reg. at 55444.
[58] Id.
[59] AML Act, § 6403.
[60] Proposed Rule, 89 Fed. Reg. at 55444 (citing FinCEN, Final Rule, Beneficial Ownership Information Access and Safeguards, 88 Fed. Reg. 88732 (Dec. 22, 2023), available here and codified at 31 C.F.R. §§ 1010.950 and 1010.955 (“BOI Access Rule”). The BOI Access Rule is the second of three rulemakings that will implement the CTA. The third rulemaking, which is still being drafted, will revise FinCEN’s customer due diligence rule to align it with the CTA. For more information regarding FinCEN’s BOI Access Rule, please see our prior Alert, “The Corporate Transparency Act: Final Rule on Access to Beneficial Ownership Information.”
[61] Proposed Rule, 89 Fed. Reg. at 55444.
[62] Id. at 55445 (citing AML Act, § 6101(a)).
[63] Proposed Rule, 89 Fed. Reg. at 55445.
[64] Id at 55444.
[65] Id.
[66] Id.
[67] Id.
[68] Id. at 55445.
[69] Id.
[70] Proposed Rule, 89 Fed. Reg. at 55446.
[71] Id.
[72] Id.
This communication is issued by Schulte Roth & Zabel LLP for informational purposes only and does not constitute legal advice or establish an attorney-client relationship. In some jurisdictions, this publication may be considered attorney advertising. © 2024 Schulte Roth & Zabel LLP. All rights reserved. SCHULTE ROTH & ZABEL is the registered trademark of Schulte Roth & Zabel LLP.