Over the last decade, the adoption of potent-yet-user-friendly technologies have transformed the financial sector and consumer experience with respect to private banking. These developments have also contributed to a growing need for improvements in both interconnectivity and gross efficiency across a firm’s internal operational framework to better meet the demands of domestic clientele as well as an increasing number of international customers. While the relatively recent shift to digitalization in the financial realm has provided an unprecedented level of global reach to traditional financial institutions and opened diversified revenue streams to keep business thriving, it has also exposed banks to a plethora of new risks that accompany international lending. In spite of anti-money laundering (AML) and counter-terrorism financing (CFT) safeguards evolving on a consistent basis to better mitigate potential threats to the American financial system, significant variations in both depth and scope of financial regulations remain at the global level, creating loopholes for malicious actors, politically exposed persons, and others to exploit. As such, overburdened and overwhelmed compliance departments – specifically for banks offering services internationally – have remained susceptible to criminal activity, leaving their firm’s at increased risk of facing enforcement actions and potential sanctions over their regulatory compliance lapses.

The Financial Crimes Enforcement Network (FinCEN) – the bureau of U.S. Treasury Department largely responsible for managing legislation combatting financial crime both domestically and abroad – has been forced to issue an increasing number of civil money penalties for Bank Secrecy Act (BSA) violations over the last several years alone. As such, the regulatory body recently announced a proposal of new requirements catered directly to modernized financial institutions. Should it be enacted, the new measure would call for banks to maintain “effective, risk-based” Anti-Money Laundering (AML) programs that are “reasonably designed.” At first glance, the announcement comes as a bit of a surprise as for years now financial institutions small and large have already implemented risk-based solutions for maintaining regulatory compliance standards. The regulator maintains that the proposed rule would add more specificity (and more rigidity) to current regulatory standards however, this as the measure would effectively amend current regulations to enable financial institutions to better focus their resources and attention in a manner consistent with their risk profiles in accordance with the Anti-Money Laundering Act of 2020.¹ All told, risk assessments will officially become the 5^th mandatory program element covering all domestic financial institutions, joining a list of other prerequisites that include appropriate internal controls, appointment of a qualified AML/CFT officer, employee training, and independent testing.

The announcement has already led to a number of questions being asked by those operating within the financial space, the most prevalent being what took so long for FinCEN to ultimately propose these more explicit risk-rating requirements? The war in Ukraine, of course, is one factor that added a sense of urgency in this regard. With various Russian political figures and prominent businesses now subjected to economic sanctions levied by the U.S. in wake of the Kremlin’s invasion of Ukraine, and the reach of said sanctions extending further onto secondary targets that continue to conduct business with Russia, Know Your Customer (KYC) and sanctions screening requirements must also continue to evolve in response to these changes. The same premise also applies to Iran and its Middle Eastern allies that have continued to capitalize off of shadow banking exploits to fund destabilizing activities at the international level in spite of the seemingly staunch sanctions imposed against them. Another major factor is the United States – Mexico border crisis that has reached a boiling point under the Biden administration. As millions of illegal immigrants crossed the border in recent months, so have trafficked persons, suspected terrorists, and large amounts of fentanyl – the latter in conjunction with operations involving organized criminal groups in China. In wake of the turbulent geopolitical climate being faced and the growing number of both physical and cyber-threats facing that continue to threaten American interests, it is evident that an even greater number of individuals and associated entities will come under varying designations which will ultimately increase due diligence requirements on financial institutions in order exclude these “undesirables” from the global financial system.

The proposal itself also signals that a growing number of large-scale financial institutions are directly partnering with government agencies and regulatory bodies to better address serious law enforcement and national security issues. Analysts hope that this trend will continue to promote greater cross-border collaboration between government bodies with respect to prosecution of those facilitating money laundering activity moving forward. Further contributing to the initial backlash against the bill however is the fact that many of the financial institutions that are effectively on the front lines in the war against white-collar crime and terror financing exploits are battle-tested, with their current AML/CFT protocols already exceling in mitigating emerging threats and attempted criminal wrongdoing. However, FinCEN’s goal is not to limit the progress that has already been made with respect to achieving standardization in the responses of bank’s to financial threats. Instead one of the goals of the new legislation is that it will spur FI’s to avoid a “one-size-fits-all approach” to customer risk that has already led to many firms declining to provide financial services to entire categories of customers (i.e. de-risking).

FinCEN is also claiming the proposed rule would do the following:

• amend the existing program rules to explicitly require financial institutions to establish, implement, and maintain effective, risk-based, and reasonably designed AML/CFT programs with certain minimum components, including a mandatory risk assessment process.
• require financial institutions to review government-wide AML/CFT priorities and incorporate them, into risk-based programs, as well as provide for certain technical changes to program requirements.
• promote clarity and consistency across FinCEN’s program rules for different types of financial institutions.¹

Unfortunately for banks, FinCEN’s “dynamic” risk assessment process will likely prove costly and require significant resources to tend to appropriately. Many expect the penalties for failures to meet the qualifications of an “effective program” to also be stout. As with any change in regulations, financial institutions must stay up to date with what FinCEN ultimately decides to do with new requirements and choose wisely when it comes to selecting their risk-rating software solutions. The measure is now open for written comment.

Citations

1. “Fincen Issues Proposed Rule to Strengthen and Modernize Financial Institutions’ AML/CFT Programs.” FINANCIAL CRIMES ENFORCEMENT NETWORK, Department of the Treasury, 28 June 2024.