The Financial Crimes Enforcement Network (FinCEN) has issued a notice of proposed rulemaking (NPRM) to strengthen and modernize financial institutions’ anti-money laundering and countering the financing of terrorism (AML/CFT) programs. On January 1, 2021, Congress enacted the Defense Authorization Act for Fiscal Year 2021 (FY21 NDAA), of which the AML Act (AMLA) was a component. This NPRM is in response to AMLA mandates.
This NPRM would:
- amend the existing program rules to explicitly require financial institutions to establish, implement, and maintain effective, risk-based, and reasonably designed AML/CFT programs with certain minimum components, including a mandatory risk assessment process;
- require financial institutions to review government-wide AML/CFT priorities and incorporate them, as appropriate, into risk-based programs, as well as provide for certain technical changes to program requirements; and
- promote clarity and consistency across FinCEN’s program rules for different types of financial institutions.
One of the most significant changes is incorporating the risk assessment process into the AML/CFT program. While already in practice, this proposed rule would make it a core requirement. A bank would retain flexibility in how it would document the results of its risk assessment process. The risk assessment process should be sufficient to enable financial institutions to establish, implement, and maintain an effective, risk-based, and reasonably designed AML/CFT program to identify, evaluate, and document their money laundering (ML), terrorist financing (TF), and other illicit finance activity risks, including consideration of: (1) the AML/CFT Priorities; (2) the ML/TF and other illicit finance activity risks of the bank based on its business activities, including products, services, distribution channels, customers, intermediaries, and geographic locations (note the addition of distribution channels and intermediaries); and (3) reports filed pursuant to the BSA and 31 CFR chapter X, such as Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs).
The NPRM also makes various technical amendments and clarifications, much of which are already part of financial institutions’ current practices. FinCEN is proposing an effective date of six months from the date of issuance of the final rule.