On September 17, 2020, the Financial Crimes Enforcement Network ("FinCEN") published an Advance Notice of Proposed Rulemaking ("Notice") to obtain public comments on proposed enhancements to anti-money laundering ("AML") programs.[1] The Notice poses 11 questions for the public regarding FinCEN’s interest in new regulations requiring financial institutions to adopt "effective and reasonably designed" AML programs.

The Notice does not propose any new rules. Instead, it presents areas where FinCEN is focusing attention and may in the future propose new rules depending on public comments and suggestions and other political considerations.

Key Changes Suggested by the Notice

1. Adopt new regulations clearly defining an ‘‘effective and reasonably designed’’ AML program.

FinCEN’s proposed rule would focus on defining "effectiveness" and "reasonably designed." FinCEN would define a compliant AML program as one that would:

• Identify, assess and mitigate risks from illegal activities in view of the financial institution’s own risk profile and any published federal AML priorities. Covered financial institutions include banks, brokers, money service businesses, casinos, and among others.
• Comply with the recordkeeping and reporting requirements of the Bank Secrecy Act of 1970.
• Provide information with a high degree of usefulness to the government consistent with the institution’s own risk profile and any published federal AML priorities.[2]

2. Adopt an express regulatory requirement for a risk assessment program.

FinCEN recognizes that today almost all financial institutions who are subject to AML requirements (for example, banks, brokers, money service businesses, casinos, and others) design their AML programs based on risk assessments. FinCEN views the risk assessment process as a critical part of AML programs. Some financial institutions, like banks and brokers, are required by law to conduct risk assessments. Even though a risk assessment is not an express requirement for all financial institutions, under current practice AML program examiners (for example, the IRS) impose risk assessments as part of the evaluations of whether AML programs are effective. Therefore, a risk assessment is often a de facto requirement for all financial institutions subject to AML obligations, and now FinCEN believes that given the importance of a risk assessment, it should be required by law.

3. Publish a bi-annual list of national AML priorities.

FinCEN is considering whether to issue AML priorities and then require financial institutions to consider such priorities in risk assessments.

4. Adopt a specific requirement to reasonably manage and mitigate the risks identified in the risk assessment and the published AML priorities.

FinCEN believes the vast majority of financial institutions are doing just this without any express requirement, but as part of a well-designed AML program. This requirement would formalize this process.

Our Assessment of FinCEN’s Proposed New Regulations

In our view, FinCEN’s Notice does not make the case that a new set of rules and regulations are needed at this point. In fact, the Notice states that the vast majority of financial institutions are already doing what the Notice would require. If there is a problem in the implementation of the detailed AML requirements that would be corrected by new laws, FinCEN should expressly outline these issues. Financial institutions are already swamped with AML compliance obligations and most certainly make strenuous efforts to adhere to the existing regulations.

FinCEN’s proposals can be implemented without new regulations. There is nothing stopping FinCEN from publishing a list of AML priorities right now. FinCEN is already issuing guidance on a host of issues and could just as well make financial institutions focus on these matters even more with some simple guidance.

FinCEN is not requesting comments on the costs of the new rules. Small financial institutions already have to hire expensive consultants to comply on AML and risk assessments are becoming the purview of experts with the attendant additional costs. However, we note that generally before FinCEN can adopt new regulations, it must first solicit public comment and undertake a cost benefit analysis.

[1] Available at https://www.govinfo.gov/content/pkg/FR-2020-09-17/pdf/2020-20527.pdf.

[2] 85 Fed. Reg. 58026 (Sept 18,2020). Available at https://www.govinfo.gov/content/pkg/FR-2020-09-18/pdf/FR-2020-09-18.pdf.