Anti-money laundering and anti-terrorist financing regulations are modernizing – financial institutions must adapt too
In December 2021, the Financial Crime Enforcement Network (FinCEN) published a notice seeking comments on its Request for Information (RFI) on ways to “streamline, modernize and update the fight against money laundering and financing of terrorism (AML/CFT ) regime of the United States. The agency needs to modernize its risk-based AML/CFT regulations to make compliance of financial services firms with the Bank Secrecy Act (BSA) more effective and efficient.
How does this work in practice?
Preventing malicious actors from abusing the US financial system is playing the mole game. As new ways and methods to track illicit financial transactions are developed or updated, threat actors find new schemes to access US dollars, contributing to an ever-changing illicit financial landscape. New technologies that facilitate new business models, products and services also offer new ways to evade sanctions and launder funds, rendering certain regulations and strategies obsolete.
Regulations must follow no matter what, which is why FinCEN is initiating a review to ensure that the safeguards that have been implemented to protect the US financial system from bad actors are effective and still effective, such as required by the Anti-Money Laundering Act 2020. The agency will not only review which required reports and records are still useful in combating financial crime, but will also assess which additional documents that do not currently fall within the record keeping requirements may be useful in the fight against illicit financing.
Some regulations are clearly redundant. Here’s how FinCEN describes “redundancy”:
For the purposes of this RFI, FinCEN considers redundant regulations to include BSA regulations that: (i) impose requirements on regulated entities that are the same or significantly overlap with requirements imposed by other BSA regulations; BSA; or (ii) were issued under a different statutory authority, but for which it is not possible to comply with both mandates by taking one set of measures. Regulations imposing such requirements will not be considered redundant to the extent that fully meeting one requirement in one framework fully meets the other requirement as well.
Some of the issues that FinCEN will consider involve threats or vulnerabilities that the agency may not be aware of, and whether current AML/CFT requirements and regulations adequately address those risks. The agency will also consider comments on record-keeping requirements that are no longer useful or do not meet international standards, as well as additional reporting requirements that will help combat modern financial crime. Some BSA regulations may be redundant Where outmoded if they do not promote a risk-based AML/CFT regime, and the agency said it plans to assess their usefulness and effectiveness.
The list of AML/CFT priorities published by FinCEN in June 2021 will play an important role in possible regulatory changes. FinCEN will almost certainly place more emphasis on corruption and cybercrime, given that the Biden administration has given these issues top priority.
Some common red flags related to corruption include dealings in jurisdictions known for corruption and kleptocracy, sanctions under Magnitsky authorities, and the involvement of politically exposed persons (PEPs) in dealings. All of this makes regional, political and linguistic knowledge essential for tracking ultimate beneficial ownership and allows regulators to be more proactive in preventing corrupt actors from gaining access to the US financial system.
U.S. financial institutions will likely need to prepare by engaging with experts who understand jurisdictional risk and can highlight possible front or shell companies operating in global free trade zones; examine the risks of PEP, understand the cultural environment of the targeted jurisdictions; and review global media, business registers and public databases in local languages.
Cybercrime continues to rise
Monitoring for red flags associated with cybercrime — especially ransomware — will be especially important as FinCEN adjusts regulations to reflect this key White House priority. Again, financial institutions will need to focus on risky jurisdictions and use geolocation tools to track IP addresses that may be in geographic locations at risk of cybercrime. Financial institutions also need to assess and understand their customers’ regular networks and activities, as well as note transactions that fall outside the norm.
Financial institutions should also report the use of anonymity-enhanced cryptocurrencies or virtual currency exchanges in high-risk foreign jurisdictions. And the use of an unregistered mixing service may also indicate a cybercrime-related transaction, as illicit actors seek to mix cybercrime proceeds to disguise their origins.
Ultimately, additional regulations regarding the reporting of suspicious activity associated with cybercrime will be implemented, as well as additional requirements to perform enhanced due diligence for customers in jurisdictions known for corruption, kleptocracy and breaches. human rights.
Provide feedback to regulators
FinCEN identifies financial institutions, casinos, depository institutions, insurance companies, money services businesses, mortgage brokers, precious metals and jewelry businesses, and securities firms as parties interested parties who may wish to comment on possible regulatory reforms.
Non-bank financial institutions (NBFIs) should take proactive steps to anticipate regulatory changes and improve their compliance programs accordingly, although FinCEN notes that NBFIs will not be required to incorporate agency priorities into their AML/CFT regimes until the date of entry into force of the changes.
Nonetheless, financial institutions and NBFIs may want to begin to assess their risk appetite as well as the potential risks associated with their specific offerings by engaging with expert analysts to perform a risk assessment on their current compliance and due diligence.