On January 1, 2021, the U.S. Senate followed the lead of the House of Representatives in voting to override President Trump’s veto of the annual defense spending bill known as the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (NDAA). The NDAA has now become law and has made significant changes to federal anti-money laundering (AML) laws. Specifically, the NDAA imposes new beneficial ownership reporting requirements on a broad class of business entities, creates new criminal enforcement tools for the Financial Crimes Enforcement Network (FinCEN), and provides FinCEN with additional resources. These changes reflect the most substantial updates to the U.S. AML regime in recent memory, imposing new requirements on many businesses and potentially suggesting that increased AML enforcement efforts may be on the horizon.

Beneficial Ownership Reporting Requirements

One groundbreaking change in the NDAA is to beneficial ownership reporting requirements. The NDAA incorporates the Corporate Transparency Act of 2019, which notes that most states do not require information about the beneficial owners of the corporate entities formed under their laws. This has allowed for a proliferation of anonymous shell companies formed by “malign actors,” such as money launderers and persons engaged in financing terrorism, as more than 2 million corporate entities are formed each year. The so-called “Panama Papers” leak in 2016 was perhaps the most high-profile incident highlighting the extensive use of shell corporations by those engaged in illicit activity around the world.

U.S.-based financial institutions are required to collect beneficial owner information for legal entity customers, in effect acting as the sole collection point for beneficial ownership information for a host of entities. Under the Corporate Transparency Act, unless exempt, corporations, limited liability companies, and other similar entities created by the filing of a document with a U.S. state or Indian Tribe or formed under the law of a foreign country and registered to do business in the U.S. will now be required to disclose their beneficial owners to FinCEN. New entities will be required to report at the time of formation, and existing companies will be required to report within two years of the effective date of the regulations prescribed under the Corporate Transparency Act. Companies will be required to provide detailed updates to this information within one year of any change in the reported information. Knowing failure to provide complete and updated information, or willfully providing false or fraudulent information, can carry civil penalties of up to $10,000 ($500/day) and criminal penalties of up to two years in prison.

The definition of “beneficial owner” under the Corporate Transparency Act is written broadly and includes any individual who owns or controls 25% or more of an entity or exercises “substantial control” (a term defined by FinCEN's existing rule) over an entity. However, many companies will be exempt from the reporting requirements under one or more of the 24 exclusions from the definition of “reporting company.” These exemptions include: (1) publicly traded companies; (2) entities that are already required to disclose their beneficial owners, such as federally regulated banks, credit unions, investment advisers, broker-dealers, state-regulated insurance companies, churches, and charitable organizations; (3) companies that have a physical presence in the U.S., more than 20 full-time employees, and filed tax returns reporting over $5 million in gross revenue; (4) FinCEN registered money services businesses; and (5) any entity owned by an entity otherwise exempt. According to press statements released by Rep. Carolyn Maloney (D-NY), the third exemption is so broad because companies that employ this many people and that have legitimate, business-related income are very unlikely to be anonymous shell companies that were created to hide or launder illicit funds.

Beneficial ownership information, including each beneficial owner’s name, date of birth, current address, and driver’s license or non-expired passport number, will be maintained in a secure, nonpublic database. For those entities that are required to report their beneficial ownership information, FinCEN will be permitted to disclose their information to law enforcement and, with the reporting company’s consent, to financial institutions subject to customer due diligence requirements. Officers and employees of the Department of the Treasury also may obtain access to beneficial ownership information for tax administration purposes. FinCEN will store beneficial ownership information for at least five years after the reporting company ceases to operate.

The Corporate Transparency Act requires FinCEN to promulgate regulations to prescribe procedures and standards governing reporting requirements and providing for a unique FinCEN identifier that can be used in lieu of personally identifying information to prevent repeated transmissions of the same sensitive information. In promulgating these regulations, FinCEN is directed to minimize burdens on reporting companies to the extent practicable and ensure that the beneficial ownership information reported to FinCEN is “accurate, complete, and highly useful.” In addition, FinCEN will be required to revise customer due diligence regulations applicable to financial institutions to “account for the access of financial institutions to beneficial ownership information filed by reporting companies” under the Act. These regulations are required to reduce the burdens on financial institutions and their corporate customers in light of the existence of the beneficial ownership database and its ability to facilitate customer due diligence. However, the Act states that financial institutions may access the FinCEN database to “confirm” beneficial ownership information provided by customers to satisfy their customer due diligence obligations, and no changes to the suspicious activity report or currency transaction report dollar thresholds are contemplated. Thus, it will remain to be seen how aggressive FinCEN’s proposed rules are in implementing the law.

Meaningful Efforts to Improve Enforcement

The NDAA also incorporates the Anti-Money Laundering Act of 2020 (AMLA), provisions of which also reflect significant efforts to expand and improve the enforcement of AML laws. The AMLA provides numerous enhancements to federal authorities’ abilities to investigate and prosecute offenders, including improved tools and resources to identify money laundering and effectively combat it. For example, the AMLA provides for improved incentives and protections in the AML whistleblower program, which historically has been ineffective compared to other federal whistleblower programs. Further, the AMLA authorizes FinCEN to hire new personnel and seeks to create synergies among U.S. regulators and foreign counterparts concerning AML and counterterrorism efforts.

AML whistleblower program

The updated AML whistleblower program will offer individuals who provide “original” information to law enforcement about violations of the Bank Secrecy Act (BSA) with awards of up to 30% of any fine ultimately imposed over $1 million. This is a clear improvement from the previous incentives, which were capped at $150,000 or 25% of the net penalty, whichever was less. However, unlike the whistleblower programs of the Securities and Exchange Commission (SEC) and Internal Revenue Service (IRS), there is no guaranteed minimum reward. The SEC, for instance, offers a guaranteed 10% reward on fines over $1 million.

The AMLA also provides whistleblowers with significant protections from retaliation by their employers by creating a private right of action for whistleblowers who suffer retaliation for disclosing potential BSA violations to the Department of the Treasury or Department of Justice (DOJ). Under a new causation standard, plaintiffs need only show that their whistleblowing was a contributing factor in the unfavorable treatment by their employer. Notably, however, the whistleblower protections carve out employees of FDIC-insured depository institutions and NCUA-insured credit unions from the antiretaliation protections.

Stronger investigations, interagency collaboration, and enforcement mechanisms

The AMLA expands the DOJ’s previous authority to subpoena foreign banks that maintain a correspondent account in the U.S. for records. Not only can the DOJ subpoena records related to the correspondent account, but it can now also subpoena records “relating to … any account at the foreign bank, including records maintained outside of the United States.” Further, a foreign bank in receipt of such a subpoena will be prohibited from revealing the existence or contents of the subpoena to any account holder or person named in the subpoena, and the DOJ may seek penalties should the foreign bank do so. The AMLA thus resolves several areas of friction that have historically led to disputes of the scope of the DOJ’s investigatory authority.

Among other increased penalties, the AMLA would permit the Department of the Treasury to impose an additional fine in the case of repeat violations to the greater of: (1) three times the profit gained or loss avoided as a result of the violation; or (2) two times the maximum applicable penalty. This represents a significant increase in an apparent effort to deter recidivism. Further, the government may impose a 10-year prohibition on “egregious” offenders from serving on the boards of U.S. financial institutions.

The AMLA also establishes new offices and roles, both domestically and internationally focused, that function to carry out the mission of the international fight against terrorism, money laundering, and other illicit finance. These new roles include: (1) attachés focused on diplomatic relationship-building with foreign financial institutions to develop U.S. economic policy; (2) foreign financial intelligence unit liaisons; (3) senior FinCEN domestic liaisons assigned to Federal Reserve System regions; and (4) BSA information security officers in key agencies. The DOJ will now be able to collaborate with and leverage these new personnel to strengthen prosecution of individuals who commit “egregious violations” of the BSA, which include: (1) violations that result in convictions with an imprisonment term of more than one year; or (2) a “willful” civil violation that facilitated money laundering or terrorism financing.

To facilitate AML information sharing within the U.S., the AMLA establishes the FinCEN Exchange, which creates a voluntary information-sharing platform for law enforcement agencies, national security agencies, financial institutions, and FinCEN. Information shared will not be used for any purpose other than furthering AML and counterterrorism efforts, and private information will be appropriately protected. Additionally, the AMLA furthers a program in which agencies will rotate personnel in an effort to foster interagency cooperation and information sharing.

Looking Ahead

The NDAA is a significant step toward enhancing AML enforcement in the U.S. As with all changes to AML laws, however, the devil will be in the details. FinCEN and the federal banking agencies have already been active recently in addressing a range of AML issues through regulation. The new year promises a flurry of new regulations implementing the new legislation that have the potential to impact regulated entities for years to come. Affected entities should plan to keep a close eye on these developments into 2021.

Download PDF of Advisory

[View source.]