FinCEN pushing massive overhaul of AML regime to better achieve, define effectiveness, produce better intel for law enforcement

The Skinny:

  • The U.S. Treasury’s  Financial Crimes Enforcement Network (FinCEN) is engaging in a broad overhaul of the country’s financial crime compliance defenses, shifting more toward creating “effective and reasonably designed” programs that produce filings with a “high degree of usefulness” to law enforcement – even though the term has no “consistent definition” in current rules.
  • FinCEN is also querying stakeholders to glean if they could better manage risks, resources and threat actors if the bureau created national anti-money laundering (AML) priorities, a herculean effort informed by other national illicit finance, proliferation and terror risk assessments.
  • Part and parcel of the proposal would also be to more concretely graft a longstanding compliance best practice and federal regulatory exam flashpoint into formal rules: the AML risk assessment, according to an advanced notice of proposed rulemaking (ANPR).
  • The updates are informed by overarching efforts by global watchdog and private sector groups to prioritize “effectiveness” over technical compliance, at both the country, law enforcement and financial institutions levels, including the Paris-based Financial Action Task Force (FATF), the Wolfsberg Group, the Egmont Group of Financial Intelligence Units (FIUs) and others.
  • In all, the updates cover “developing and focusing on AML priorities, reallocation of compliance resources, modernizing monitoring and reporting, information sharing, regulatory innovations, and for the first time ever, issuing national AML priorities and defining an effective AML program,” said a top fincrime compliance professional at a large U.S. bank.

By Brian Monroe
bmonroe@acfcs.org
September 16, 2020

The U.S. Treasury is engaging in a broad overhaul of the country’s financial crime compliance defenses, shifting more toward creating “effective and reasonably designed” programs that produce filings with a “high degree of usefulness” to law enforcement – even though the term has no “consistent definition” in current rules.

The Financial Crimes Enforcement Network (FinCEN) is also querying stakeholders to glean if they could better manage risks, resources and threat actors if the bureau created national anti-money laundering (AML) priorities, a herculean effort informed by other national illicit finance, proliferation and terror risk assessments.

Part and parcel of the proposal would also be to more concretely graft a longstanding compliance best practice and federal regulatory exam flashpoint into formal rules: the AML risk assessment, according to an advanced notice of proposed rulemaking (ANPR).

To read the full notice in the Federal Register published Wednesday, click here.

Under the update, FinCEN’s bi-annual “Strategic Anti-Money Laundering Priorities” would inform the now formalized financial institution risk assessments, with the logic being banks would better be able to marshal technology and investigator capabilities to address rising risks, criminal threat tactics and law enforcement intelligence needs.

The updates are informed by overarching efforts by global watchdog and private sector groups to prioritize “effectiveness” over technical compliance, at both the country, law enforcement and financial institutions levels, including the Paris-based Financial Action Task Force (FATF), the Wolfsberg Group, the Egmont Group of Financial Intelligence Units (FIUs) and others.

In all, the updates cover “developing and focusing on AML priorities, reallocation of compliance resources, modernizing monitoring and reporting, information sharing, regulatory innovations, and for the first time ever, issuing national AML priorities and defining an effective AML program,” said a top fincrime compliance professional at a large U.S. bank.

“If these become regulations, they would make our AML regime more efficient and effective, produce more useful information for law enforcement, and better protect our financial system from criminals.”

Being effective on effectiveness: a lofty, but ill-defined objective

Increasing the “effectiveness” of the national AML regime “is a core objective of recent AML modernization efforts,” FinCEN stated in the proposed rulemaking, noting however that the term is bandied about with little in the way of bright line, reviewable or auditable boundaries.

“This term often refers to the implementation and maintenance of a compliant AML program, but has no specific, consistent definition in existing regulation.”

The potential regulatory amendments described in the ANPRM would make clear that an “effective and reasonably designed” program is one that: 

  • Internal, external risk assessment considerations: assesses and manages risk as informed by a financial institution’s own risk assessment process, including consideration of AML priorities to be issued by FinCEN consistent with the proposed amendments,
  • Don’t forget the AML compliance basics: provides for compliance with Bank Secrecy Act (BSA) requirements, and
  • Practical, tactical filings: provides for the reporting of information with a high degree of usefulness to government authorities. 

The current big unknown, however, is how federal regulators and will support such a tectonic shift in focus for bank AML teams.

As well, in that same vein, a second interlinked vaguery: how could examiners on the ground grade “effectiveness” for individual AML program components or outputs, such as suspicious activity reports (SARs) or keeping accounts open for investigations, without getting input from those selfsame law enforcement agencies banks are trying to better serve.

“The key is the proposed addition of determining a program’s effectiveness by whether it provides government agencies with reports that have a ‘high degree of usefulness,’” said Jim Richards, the former head of AML at Wells Fargo.  

“This would be a game changer: in 20 years as a BSA Officer, I never had an examiner ask if the SARs we filed were ‘useful’ to law enforcement…which is the very reason why we have an AML regime,” he said.

“But the next big question is this: how do we measure ‘a high degree of usefulness?’ Only law enforcement can make that determination.”

Richards has also written extensively about the need for “TSV SARs” – Tactical or Strategic Value SARs,” a move that would better parse out higher priority reports that must be reviewed and acted upon quickly.

If these changes come to pass, not only would banks need to produce such TSV SARs, they would likely need law enforcement feedback on the value of these SARs – and others – that investigative agencies found vital in actual cases to later prove “effectiveness” to examiners.

Prioritizing ‘effective outputs over auditable processes’

FinCEN stated much of the changes came from discussions with industry, including compliance professionals, regulators, investigators and other thought leaders part of the Bank Secrecy Act Advisory Group (BSAAG), going on as part of a subcommittee since mid-2019, dubbed the Anti-Money-Laundering Effectiveness Working Group (AMLE WG).

The tactic conclusions: regulators need to allow financial institutions subject to AML duties to “place greater emphasis on providing information with a high degree of usefulness to government authorities based on national AML priorities, in order to promote effective outputs over auditable processes,” FinCEN stated in a related release Wednesday.

The AMLE WG recommended that the relevant government agencies consider:

  • Publishing a regulatory definition of AML program effectiveness;
  • Developing and communicating national AML priorities as set by government authorities; and
  • Issuing clarifying guidance for financial institutions on the elements of an effective AML program.

How to free up AML analyst resources? Refine reviews of PEPs, negative news

The BSAAG also touched on other nebulous areas of AML that can eat up bank monitoring, analyst and investigator resources, noting that regulators should sharpen their expectations around the depth and breadth of scrutiny tied negative news on clients or those who are, or were, considered politically exposed persons (PEPs).

At issue is that if banks are constantly scouring the Internet, public and bespoke databases for news that may or may not raise the risk of certain customers, such efforts can draw significant AML resources, with few results.

Similarly, if banks must consider all PEPs – foreign and domestic – as high risk, along with relatives and close associates, these are groups that will tuned more closely in transaction monitoring systems and be generating significantly more alerts than other customers, again, siphoning sparse investigative resources.

The updates also touched on the power and promise of new technologies, like artificial intelligence, to amplify and augment human experience in investigations and better public-private information sharing across government agencies and banks – including foreign affiliates, a long sought carve out for large, international financial services groups.

Some of the suggestions from the working group included:

  • Retooling risk assessments, negative news dives: Clarifying current requirements and supervisory expectations with respect to risk assessments, negative media searches, customer risk categories, and initial and ongoing customer due diligence; and
  • Managing PEPs, models: Revising existing guidance or regulations in areas such as Politically Exposed Persons and the application of existing model-risk-management guidance to AML systems, in order to improve clarity, effectiveness, and compliance.
  • How far to SAR, keep open accounts for law enforcement: Clarifying expectations and updating practices for keep-open letters and suspicious activity monitoring, investigation, and reporting, including SARs based on grand jury subpoenas or negative media; and
  • Innovation, automation to streamline filings: Supporting potential automation opportunities for high-frequency/low-complexity SARs and currency transaction reports (CTRs), and exploring the possibility of streamlined SARs on continuing activity. Engaging new technologies like artificial intelligence and machine learning to improve the alerts generated by transaction monitoring systems, drop false positives, connecting data on larger groups and further freeing up analysts resources.  
  • Information sharing, PPPs: Forming a BSAAG-established working group with members from law enforcement agencies, regulators, and financial institutions to identify, prioritize, and recommend national AML priorities and advise on opportunities to communicate typologies, red flags, and other information related to national AML priorities;
  • Information sharing, foreign affiliates: Leveraging existing information-sharing initiatives between the public and private sectors, including enhanced use of the BSA’s information sharing provisions, sections 314(a) and (b) of the USA PATRIOT Act, and sharing with foreign affiliates and global institutions, as appropriate; and
  • Finally, what we have all been waiting for, feedback on SAR quality, utility: Assessing options for FinCEN and law enforcement agencies to provide more feedback to financial institutions related to the use and utility of BSA reports.

The goal? To ‘update and modernize the AML regime’

The combined changes, according to FinCEN, hold the potential to help institutions better detect and prevent all areas of financial crime, guided by the investigative agencies the banks are trying to create rich, relevant and timely intelligence for – while at the same time keeping examiner criticism at bay.

“The overall goal of these initiatives is to upgrade and modernize the national AML regime,” FinCEN stated, while at the same time fostering regulators and banks to adapt and adopt new, innovative techniques to counter criminals and their trillions of dollars in illicit finance.

The updates will help both sides further “leverage new technologies and risk-management techniques, share information, discard inefficient and unnecessary practices, and focus resources on fulfilling the BSA’s stated purpose of providing information with a high degree of usefulness to government authorities.”