Among the key propositions FinCEN proposes are an explicit requirement for a risk assessment process and the issuance of a biennial list of national AML priorities put together by the Director of FinCEN.³ While most AML programs already incorporate some type of risk assessment process, FinCEN has never explicitly required one. The creation of a priority list issued every two years would require AML programs to be more nimble and responsive to changes in the enforcement landscape.

FinCEN’s Proposed Changes

To develop the recently-issued Advance Notice of Proposed Rulemaking (“ANPRM”), the agency relied on a working group, the Anti-Money Laundering Effectiveness Working Group, created in June of 2019 by the Bank Secrecy Act Advisory Group.⁴ FinCEN presents the changes it proposes to make in Section III of the ANPRM, entitled “Elements of an ‘Effective and Reasonably Designed’ AML Program,” and continues to expand on the changes in Section IV.

The agency emphasizes that it is seeking comment “on whether it is appropriate to clearly define a requirement for an ‘effective and reasonably designed’ AML program in [Bank Secrecy Act] regulations.”⁵ Despite all of its AML regulations, FinCEN has never before defined what a good AML program would entail. The agency’s proposed definition of an effective and reasonably designed AML program is threefold and one that:

• “Identifies, assesses, and reasonably mitigates the risks resulting from illicit financial activity — including terrorist financing, money laundering, and other related financial crimes — consistent with both the institution’s risk profile and the risks communicated by relevant government authorities as national AML priorities;
• Assures and monitors compliance with the recordkeeping and reporting requirements of the BSA; and
• Provides information with a high degree of usefulness to government authorities consistent with both the institution’s risk assessment and the risks communicated by relevant government authorities as national AML priorities.”⁶

FinCEN also highlights that it seeks comments on whether the AML program regulations should explicitly require a risk-assessment process and whether the agency should issue a list of national AML priorities — “Strategic Anti-Money Laundering Priorities” — every two years.⁷

Among other points, FinCEN additionally seeks comments on:

• “[T]he effect to [sic] financial institutions’ efforts to comply with AML program requirements of adding a regulatory requirement to conduct a risk assessment, and the effect, if any, on burden to financial institutions’ processes for complying with AML program requirements.”⁸
• “[W]hether regulatory amendments should be made so that an ‘effective and reasonably designed’ AML program would require financial institutions to consider and integrate national AML priorities into their risk-assessment processes, as appropriate.”⁹
• “[W]hether an ‘effective and reasonably designed’ AML program should require that financial institutions reasonably manage and mitigate the risks identified in the risk-assessment process by taking into consideration the Strategic AML Priorities, as appropriate and among other relevant information.”¹⁰
• “[W]hether financial institutions’ AML program obligations should be based on the risks identified by the financial institution, to include consideration of Strategic AML Priorities, where appropriate and among other information.”¹¹

Finally, the ANPRM notes in a couple of places the issues of size, operational complexity, and industry type as being potential factors to take into account in granting carve-outs, waivers, or opt-ins, and seeks comments on those considerations as well.¹²

Why This Matters for You

FinCEN is currently soliciting written comments on eleven issues from interested stakeholders and will be accepting comments until November 16, 2020. Financial institutions concerned about how the proposed changes in AML regulations might impact them should seek the advice of counsel on whether to comment on the ANPRM.

¹ See 85 Fed. Reg. 58,023 (Sept. 17, 2020).

² Id. at 58,024.

³ See id. at 58,026.

⁴ See id. at 58,024-25.

⁵ Id.

⁶ See id. 58,026.

⁷ Id.

⁸ Id. (A. Identifying and Assessing Risks).

⁹ Id. (B. Consideration of the Strategic AML Priorities in the Risk-Assessment Process).

¹⁰ Id. at 58,027 (C. Risk Management and Mitigation Informed by Strategic AML Priorities).

¹¹ Id. at 58,027 (D. Assuring and Monitoring Compliance With the Recordkeeping and Reporting Requirements of the BSA).

¹² See id. at 58,028 (Questions 5 and 8).