In Short

The Situation: The U.S. Department of the Treasury's Office of Financial Crimes Enforcement Network ("FinCEN") issued the first national policy priorities for anti-money laundering and countering the financing of terrorism ("AML/CFT Priorities").

The Result: FinCEN and federal and state financial institution regulators (the "Agencies") have stated they will issue revised regulations within the next six months addressing how to integrate the national policy priorities into risk-based Bank Secrecy Act ("BSA") and AML/CFT compliance programs.

Looking Ahead: To prepare for implementing regulations, financial institutions should evaluate risks related to the AML/CFT Priorities connected to the customers they serve, the products and services they offer, and the geographies where they operate.

On June 30, 2021, FinCEN announced the first set of government-wide AML/CFT Priorities, as required by the Anti-Money Laundering Act of 2020 ("AML Act"). Consistent with the National Strategy for Combating Terrorist and Other Illicit Financing, the AML/CFT Priorities reflect a mix of new and long-standing threats to the U.S. financial system and national security. These threats involve attempts to exploit perceived legal, regulatory, supervisory, or enforcement vulnerabilities in the U.S. financial system that may be associated with a particular product, service, activity, or jurisdiction.

The national AML/CFT Priorities FinCEN identified are, in no specific order: (1) Corruption; (2) Cybercrime, including cybersecurity and virtual currencies; (3) Foreign and domestic terrorist financing; (4) Fraud; (5) Transnational criminal organization activity; (6) Drug trafficking organization activity; (7) Human trafficking and human smuggling; and (8) Proliferation financing. In identifying these AML/CFT Priorities, FinCEN consulted the Department of the Treasury's Office of Terrorist Financing and Financial Crimes, Office of Foreign Assets Control, and Office of Intelligence and Analysis, as well as the U.S. attorney general, federal and state financial regulators, law enforcement, and national security agencies.

Concurrent with the announcement of the AML/CFT Priorities, the Agencies issued an interagency statement explaining that the AML/CFT Priorities do not create any immediate changes to BSA requirements or supervisory expectations. Rather, the Agencies will revise their BSA regulations within six months to clarify how financial institutions should integrate the AML/CFT Priorities into their risk-based BSA programs. Financial institutions are not required to incorporate the AML/CFT Priorities into their risk-based BSA compliance programs until the effective date of these new regulations.

The Agencies will begin examining financial institutions' BSA compliance programs to assess how well they integrate the AML/CFT Priorities once the new regulations incorporating the priorities become final. In the meantime, financial institutions should evaluate the related risks of the customers they serve, the products and services they offer, the activities they engage in, and the geographies where they operate to understand how they will incorporate the AML/CFT Priorities into their BSA compliance programs.

FinCEN's announcement aligns with President Biden's National Security Study Memorandum, issued on June 3, 2021, making anticorruption efforts a core national security interest, and indicating that domestic and foreign corrupt actors and their financial facilitators seek to take advantage of vulnerabilities in the U.S. financial system to launder their assets and obscure the proceeds of crime. For example, FinCEN's announcement highlights the sophistication of Mexican and Colombian drug cartels' reliance on professional money laundering networks in Asia (primarily China) that facilitate currency exchanges of Chinese and U.S. currency or serve as money brokers in trade-based money laundering, trafficking drugs, and laundering money in the United States. Accordingly, financial institutions' BSA programs should reflect heightened AML/CFT risks, including those posed by drug trafficking organizations, transnational criminal organizations, fraud, and corruption. Financial institutions should also ensure that their current policies concerning politically exposed persons and senior foreign officials are up-to-date. Moreover, FinCEN's particular mention of Russia and other nations believed to have facilitated cybercrime in, or against, the United States indicates that financial institutions should closely review and revise their policies and practices to ensure vigilance against malicious cyber actors.

The Biden administration and FinCEN have expressed heightened concerns about cyber-enabled financial crime, ransomware attacks, and use of virtual assets to undermine innovation and launder illicit proceeds. According to FinCEN, convertible virtual currencies ("CVC") are becoming "the currency of preference in a wide variety of online illicit activity," many of which have targeted financial institutions. Financial institutions should evaluate the typologies and red flags FinCEN has issued with regard to cybercrime and take steps to combat ransomware by identifying and reporting suspicious activity concerning how criminals and bad actors exploit CVCs.

Additionally, because financial activity from human trafficking, human smuggling, and child exploitation may intersect at any point in the legal financial system, FinCEN has stated it is imperative for financial institutions to detect and report suspicious transactions by understanding the current methodologies that traffickers and facilitators use. Financial institutions should recognize the financial and behavioral red flags associated with these activities in order to identify and report suspicious transactions, and may share information about the proceeds of one or more specified unlawful activities in reliance on the safe harbor protection from civil liability in the USA Patriot Act.

Four Key Takeaways

1. FinCEN and federal and state financial institution regulators have stated they will issue new regulations within the next six months to implement the national AML/CFT Priorities. Those regulations will require financial institutions to integrate into their BSA compliance programs the novel and long-standing threats to the U.S. financial system and national security identified in the AML/CFT Priorities.
2. Financial institutions' compliance programs should reflect heightened AML/CFT risks, including those posed by drug trafficking organizations, transnational criminal organizations, fraud, and corruption.
3. Financial institutions should evaluate the typologies and red flags FinCEN has issued with regard to cybercrime and take steps to combat ransomware by identifying and reporting suspicious activity concerning how criminals and bad actors exploit convertible virtual currencies, which FinCEN views as "the currency of preference in a wide variety of online illicit activity."
4. Financial institutions should recognize the financial and behavioral red flags associated with human trafficking, human smuggling, and child exploitation in order to identify and report suspicious transactions.