ARTICLE
2 August 2024

Summary Of FinCEN's AML/CFT Program Notice Of Proposed Rulemaking

WS
Winston & Strawn LLP

Contributor

Winston & Strawn LLP is an international law firm with 15 offices located throughout North America, Asia, and Europe. More information about the firm is available at www.winston.com.
On June 28, 2024, the United States Department of the Treasury's (the U.S. Treasury) Financial Crimes Enforcement Network (FinCEN) issued a notice of proposed rulemaking...
United States Finance and Banking

I. Background of AML/CFT Program NPRM

On June 28, 2024, the United States Department of the Treasury's (the U.S. Treasury) Financial Crimes Enforcement Network (FinCEN) issued a notice of proposed rulemaking (the NPRM) intended to strengthen and modernize financial institutions' anti-money laundering and countering the financing of terrorism (AML/CFT) programs, consistent with the broad goals of the Anti-Money Laundering Act of 2020 (AML Act). The NPRM would amend existing regulations to expressly require that AML/CFT programs be effective, risk-based, and reasonably designed, enabling financial institutions to focus their resources and attention in a manner consistent with their risk profiles. The NPRM's proposed amendments are based on changes enacted by the AML Act, which are a key component of the U.S. Treasury's objective of a more effective and risk-based AML/CFT regulatory and supervisory regime.

II. BSA and Current FinCEN Regulations

The Bank Secrecy Act (the BSA)1 requires financial institutions to establish AML/CFT programs that include, at minimum, the following components: (1) the development of internal policies, procedures, and controls; (2) the designation of a compliance officer; (3) an ongoing employee training program; and (4) an independent audit function to test programs. The BSA and FinCEN's implementing regulations subject banks and certain other types of financial institutions to additional obligations, including provisions related to customer identification programs (CIP) and customer due diligence related to legal entity customers (CDD), among other requirements.

Currently, FinCEN regulations implementing the BSA2 require banks regulated by a Federal functional regulator to implement and maintain an AML program that:

  1. Complies with the regulations that set forth requirements for due diligence programs concerning (a) correspondent accounts for foreign financial institutions and (b) private banking accounts;3
  2. Includes, at a minimum:
    1. A system of internal controls to assure ongoing compliance;
    2. Independent testing for compliance to be conducted by bank personnel or by an outside party;
    3. Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance;
    4. Training for appropriate personnel; and
    5. Appropriate risk-based procedures for conducting ongoing CDD, to include, but not be limited to:
      1. Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and
      2. Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information (including information regarding the beneficial owners of legal entity customers);4 and
  3. Complies with the regulation of its Federal functional regulator governing AML programs.

III. FinCEN's AML/CFT Program NPRM

The AML Act amended the BSA by, among other things, requiring several changes to the BSA's AML program requirements, including the insertion of "countering the financing of terrorism" when describing AML program requirements. Among the most prominent changes is the AML Act's mandate that FinCEN establish and make public government-wide AML/CFT priorities, and to update them at least once every four years. The AML Act also requires FinCEN to issue regulations incorporating the AML/CFT priorities into revised program rules, which the NPRM proposes to do.

In the general provision for AML program requirements applicable to all financial institutions,5 FinCEN is proposing to incorporate a statement describing the purpose of an AML/CFT program, as follows:

(a) The purpose of this section is to ensure that a financial institution implements an effective, risk-based, and reasonably designed AML/CFT program to identify, manage, and mitigate illicit finance activity risks that: complies with the Bank Secrecy Act and the requirements and prohibitions of this chapter; focuses attention and resources in a manner consistent with the risk profile of the financial institution; may include consideration and evaluation of innovative approaches to meet its AML/CFT compliance obligations; provides highly useful reports or records to relevant government authorities; protects the financial system of the United States from criminal abuse; and safeguards the national security of the United States, including by preventing the flow of illicit funds in the financial system.

Below is a summary of the AML/CFT program requirements that would apply to banks, as proposed under FinCEN's NPRM.6

A bank must establish, implement, and maintain an effective, risk-based, and reasonably designed AML/CFT program.

  1. An effective, risk-based, and reasonably designed AML/CFT program focuses attention and resources in a manner consistent with the bank's risk profile that takes into account higher-risk and lower-risk customers and activities and must, at a minimum:
    1. Establish a risk assessment process that serves as the basis for the bank's AML/CFT program, including implementation of the components required under paragraphs (a)(2) through (6) of this section. The risk assessment process must:
      1. identify, evaluate, and document the bank's money laundering, terrorist financing, and other illicit finance activity risks, including consideration of the following:
        1. The AML/CFT Priorities issued pursuant to 31 U.S.C. 5318(h)(4), as appropriate;
        2. The money laundering, terrorist financing, and other illicit finance activity risks of the bank based on the bank's business activities, including products, services, distribution channels, customers, intermediaries, and geographic locations; and
        3. Reports filed by the bank pursuant to this chapter;
      2. Provide for updating the risk assessment using the process required under this paragraph (a)(1) on a periodic basis, including, at a minimum, when there are material changes to the bank's money laundering, terrorist financing, or other illicit finance activity risks;
    2. Reasonably manage and mitigate money laundering, terrorist financing, and other illicit finance activity risks through internal policies, procedures, and controls that are commensurate with those risks and ensure ongoing compliance with the Bank Secrecy Act and the requirements and prohibitions of this chapter. Such internal policies, procedures, and controls may provide for a bank's consideration, evaluation, and, as warranted by the bank's risk profile and AML/CFT program, implementation of innovative approaches to meet compliance obligations pursuant to the Bank Secrecy Act and this chapter.
    3. Designate one or more qualified individuals to be responsible for coordinating and monitoring day-to-day compliance;
    4. Include an ongoing employee training program;
    5. Include independent, periodic AML/CFT program testing to be conducted by qualified bank personnel or by a qualified outside party; and
    6. Include appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to:
      1. Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and
      2. Conducting ongoing monitoring to identify and report suspicious transactions and to maintain and update customer information. For purposes of this paragraph, customer information must include information regarding the beneficial owners of legal entity customers (as defined in § 1010.230 of this chapter);
  2. The AML/CFT program and each of its components, as required under paragraphs (a)(1) through (6) of this section, must be documented and approved by the bank's board of directors or, if the bank does not have a board of directors, an equivalent governing body. Such documentation must be made available to FinCEN or its designee upon request. The AML/CFT program must be subject to oversight by the bank's board of directors, or equivalent governing body.
  3. The duty to establish, maintain, and enforce the AML/CFT program must remain the responsibility of, and be performed by, persons in the United States who are accessible to, and subject to oversight and supervision by, FinCEN and the appropriate Federal functional regulator.

Additionally, FinCEN is proposing to amend the language in the CIP requirements for banks, revising the general requirements and reliance on another financial institution provisions to replace "anti-money laundering program" with the proposed new term "AML/CFT program."7 There are no substantive changes to these requirements.

The comment period for the NPRM is open until September 23, 2024.

Footnotes

1. See 12 U.S.C. § 1829b, §§ 1951–1960, and 31 U.S.C. §§ 5311–5314 and §§ 5316–5336.

2. See 31 C.F.R. chapter X.

3. See 31 C.F.R. §§ 1010.610 and 1010.620.

4. See 31 C.F.R. § 1010.230.

5. FinCEN proposes to amend 31 C.F.R. § 1010.210, "Purpose of Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) Program Requirement," to include a statement of purpose for AML/CFT programs.

6. FinCEN proposes to amend 31 C.F.R. § 1020.210 to incorporate these revisions.

7. These proposed changes would amend paragraphs (a)(1) and (a)(6)(iii) under 31 C.F.R. § 1020.220.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More