New US AML rules, but what do non-US firms have to do?
The US Senate and House of Representatives, have issued the Conference Report on the National Defence Authorisation Act (NDAA), which contains the Anti-Money Laundering Act of 2020. It is the most significant reform to the US AML regulations since the 2001 US Patriot Act. It was passed into law in January 2021 but will largely come into effect in early 2022 and will:
Broaden the Bank Secrecy Act (BSA) to include national security as well as formalise the risk-based approach for Financial Institutions;
Expand the powers and duties of the Financial Crime Enforcement Network (FinCEN);
Increase civil and criminal penalties for violations;
Offer further protection for corporate whistle-blowers;
Establish a beneficial ownership reporting regime; and
Further the ability for US authorities to apply pressure to overseas financial institutions.
As this is the most substantial piece of US financial crime legislation in the last 20 years, what should banks in both the US and overseas be doing now to prepare? Below Oliver explores some of the key things to think about:
Beneficial ownership reporting:
One of the most significant aspects of the Act is the introduction of beneficial ownership reporting requirements for companies with up to 20 employees registered to carry out business in the US. The aim is to prevent the misuse of shell corporations as a route for money launderers to access the financial system. Smaller firms must report to FinCEN details on beneficial owners including name, date of birth, residential and business addresses, as well as official identification data such as passport numbers. FinCEN will also create a non-public beneficial ownership database with this data and be able to provide US and international authorities with any such information as part of AML/CTF investigations. Failure to comply with the new beneficial ownership rules could mean up to 2 years imprisonment for individuals, criminal fines up to $10K and further daily fines up to $500. Existing legal entities will have 2 years to report their beneficial ownership information to FinCEN.
What you need to think about now:
Review your onboarding procedures to ensure you have facilitated access to the FinCEN database
Review customer risk assessment and KYC processes to incorporate risk factors applicable to those both on and off the database
Ensure you have the right consent(s) in place to hold database information on customers
If the database is shared with institutions, ensure the correct employees and functions (such as onboarding teams) have access to the database information. It is unlikely it will be appropriate for large numbers of staff to have access so start deciding who really needs access.
Focus on Correspondent Banking and subpoena powers:
The Act expands subpoena powers for the US Treasury and the DoJ to subpoena foreign institutions which maintain correspondent accounts in the US as well as requesting records for any account that the foreign FI may hold. The Act aims to increase the sharing of information between foreign branches, subsidiaries and affiliates by introducing a three-year pilot programme (with the possibility of a two-year extension if needed) which will set out a new framework for international sharing rules. Similarly, to the SAR sharing provisions below, the new rules exclude FIs located in China and Russia, unless special provisions are made by the US Treasury on a case-by-case basis.
What you need to think about now:
Get ahead of any requests from US authorities and identify any foreign affiliates/subsidiaries/branches that may have local legal barriers to responding to a US subpoena and identify any work around solutions such as seeking individual customer permissions or amendments to customer terms and conditions
Make the rest of your bank aware that they could receive a subpoena and make a plan. This is especially important for non-US headquartered institutions
Suspicious Activity Report (SAR) sharing with foreign affiliates:
The Act introduces a three-year pilot programme under which FIs can share SARs with foreign branches, affiliates or subsidiaries unless they are located in Russia, China and jurisdictions subject to US sanctions. This pilot programme could be extended by another two years at the US Treasury’s discretion. Under current FinCEN rules, FIs are only able to share SARs outside of the US with their parent companies.
What you need to think about now:
Consider how you can utilise the greater ability to share SAR data within your bank to enhance your exit processes, single customer view and customer relationship management processes.
Increased money laundering (ML) penalties:
The Act also introduces increased penalties for failure to comply with the BSA and other AML related rules. Increased penalties include 10 years imprisonment and $1m fine for:
concealing information or material facts from FIs in transactions involving Politically Exposed Persons (PEPs), relatives and close associates that exceed $1 million; and
concealing information or material facts from FIs involving transactions with entities engaging in money laundering.
Directors, Officers and Partners and involved employees convicted of BSA violations may also have to pay back any bonuses received from the calendar year the violation took place or the subsequent year. Individuals who have committed egregious violations will be prohibited from sitting on the Board of another FI registered in the US for a 10-year period. Furthermore, the Secretary of the US Treasury may use their discretion and impose higher penalties for repeat offenders, such as fines up to three times the profit they gained or twice the statutory fine received.
What you need to think about now:
Use this as an opportunity to re-emphasise the importance of BSA and financial crime to employees
Where there are known gaps use the risks of enforcement in your business cases for financial crime investment
Remind senior management of potential personal fines and liability
Train staff on the potential consequences of BSA breaches
Whistleblowing program enhancements:
Section 6314 of the Act introduces enhanced protection and rewards for whistle-blowers who expose BSA related violations. According to the new legislation, whistle-blowers who provide original information on BSA violations could receive a reward up to 30% of the funds recovered by the US Treasury in fines exceeding $1m. The US Treasury and Department of Justice (DoJ) must take sufficient measures not only to protect the whistle blower’s anonymity but also the confidentiality of information shared by the whistle-blower. The Act further makes provisions to protect whistle-blowers against retaliation (e.g. suspension, harassment, blacklisting, etc.) when testifying against their employers. This leaves the possibility that people may now be more inclined to blow the whistle and report issues because of the increased incentivisation and protections.
What you need to think about now:
Revisit your whistle-blower policies and procedures. Where these arrangements sit outside of your financial crime functions, work with colleagues to ensure uplifts in whistleblowing procedures are made to encompass the reporting of BSA related violations
Ensure staff are aware of the new whistleblowing arrangements. Tailor communications and training for those most likely to be affected
Revisit your financial crime culture and incentivisation risk assessment
Whilst the Act’s purpose is to improve the framework at a national and firm level for preventing economic crime, the details and associated pieces of legislation to support the Act remain to be published. Over the next year firms both in the US and those who have either geographical or US dollar exposure to the US financial system will need to take steps to ensure they are not only compliant, but ahead of game.
Avyse Partners have experience working with financial institutions in both the US and globally on a range of financial crime engagements. If you would like to discuss how we are helping institutions solve some of the challenges above in a practical and purpose driven way, please get in touch.
Oliver