FinCEN Sets Timetable for Mandatory Risk Assessments, ‘Effective’ AML Programs

By Valentina Pasquali

The U.S. Treasury Department disclosed plans Friday to formally require financial institutions to assess their exposure to money launderers and other financial criminals, and ensure they have an “effective and reasonably designed” program in place to mitigate those risks.

Treasury’s Financial Crimes Enforcement Network aims to include the new obligations in its long-anticipated rollout of a rule that will direct financial institutions to target their anti-money laundering controls toward a list of eight priority threats, such as human trafficking, corruption and proliferation financing, that the bureau identified in June.

FinCEN expects to issue a proposal on how institutions may best incorporate the national priorities into their compliance programs in April, according to Treasury’s latest semiannual regulatory agenda. The expected proposal would appear to revive an earlier, preliminary plan to boost the efficacy of the U.S. framework against illicit finance.

The preliminary plan, which FinCEN pitched in September 2020, would have required financial institutions to build or maintain anti-money laundering programs that are not only adequate but also successful in giving law enforcement useful leads, including by formally assessing the risks inherent in their “business activities, products, services, customers and geographic locations.”

But the measure stalled amid the enactment on Jan. 1, 2021, of the AML Act, which tasked FinCEN with implementing far-reaching reforms to the Bank Secrecy Act, or BSA, including the issuance of the national priorities.

Regulators for years have expected financial institutions to conduct regular risk assessments and gear their AML programs towards those findings, and have come repeatedly under criticism by industry professionals for essentially treating their expectation as mandatory without having finalized a rule to that effect.

Rolling out a formal mandate would finally bring clarity to the issue without imposing a significant new burden on financial institutions, particularly banks, most of which have already adopted the practice of regularly identifying and measuring their unique exposures to financial crime, said Michael Leotta, a partner at the WilmerHale law firm in Washington, D.C.

On the other hand, a new “effectiveness” requirement would substantially impact AML compliance, Leotta told ACAMS

“In the past, if you did your best in a reasonable way to predict what risks you would face and you missed some, your program would still be seen as reasonably designed,” Leotta said. “Going forward you could see a regulator saying, ‘Your program might have been reasonably designed, but it missed this important money-laundering activity and therefore wasn’t effective.'”

Federal regulators predicted at an online industry conference this month that smaller community banks, credit unions and regional lenders may face a tougher trek than their larger peers in fully incorporating the national priorities into their AML programs.

Non-bank financial institutions, on the other hand, probably lag behind all banks, community or otherwise, in formally assessing their vulnerabilities to financial crime, said Dan Stipano, a former official with the Office of the Comptroller of the Currency.

A new risk-assessment mandate would boost regulators’ enforcement powers for all categories of financial institution, said Stipano, now a partner at Davis Polk & Wardwell in Washington, D.C.

“Let’s say you’re a bank and you don’t do a risk assessment, or you do a bad one, then the regulators don’t really have a legal hook now unless that has impacted some other required aspect of compliance,” Stipano said. “This will change [risk assessments] from a supervisory expectation into a legal requirement that can be directly addressed through enforcement.”

Friday’s agenda separately lays out FinCEN’s intention to issue a second notice of proposed rulemaking, or NPRM, in February to underpin the bureau’s implementation of the Corporate Transparency Act, a provision of the AML Act that mandates the creation of a national database of beneficial owners.

The second NPRM will outline how FinCEN plans to both protect and share ownership data with federal investigators, regulators, financial institutions and other parties, according to the agenda, and follows last month’s proposal on the details the bureau wants to collect, and the specific types of legal entities that must provide it.

In March, FinCEN and the Federal Reserve, aim to issue an updated proposal that would lower the travel rule’s current $3,000 threshold for sharing the names, addresses and account numbers of a transaction’s originators and beneficiaries to $250, and expand that obligation to the cryptocurrency industry.

The agencies sought feedback on a similar measure in October 2020, during the waning months of the administration of ex-President Donald Trump, before President Joe Biden ordered a regulatory freeze upon taking office in January of last year.

Over the next eight months, FinCEN separately aims to advance efforts to bring antiquities dealers under the BSA, and finalize a controversial proposal that would require cryptocurrency exchanges and other companies to report single and aggregate transfers of $10,000 or more in a single day to and from unhosted wallets, or involving wallets in Burma, Iran or North Korea.

Contact Valentina Pasquali at

Topics : Anti-money laundering , Counterterrorist Financing
Source: U.S.: FinCEN
Document Date: January 28, 2022