AML Regulation and Compliance Trends
Regulators and enforcement agencies continue to pursue aggressive regulations and requirements for financial institutions (a very broad definition under Title 31 of the US Code and regulations). The new administration does not show any signs of altering the course of agency priorities. Money laundering, sanctions and securities enforcement has continued at a straight-forward pace from the Obama Administration.
The most significant upcoming development is FinCEN’s new Customer Due Diligence rule, which is effective in May 2018. This new rule targets beneficial owner requirements and is long overdue since the United States is behind many other countries in requiring such disclosures.
FinCEN also has expanded its geographic targeting orders (GTOs) to additional jurisdictions to ensure that title companies report suspicious cash transactions to purchase real estate in high-risk cities and areas. Eight cities (and additional New York City boroughs) are now on FinCEN’s GTO list. (Here is related FinCEN advisory on GTOs).
As to other priorities, Bank Secrecy Act and AML compliance has experienced increased focus on Suspicious Activity Report filing requirements. The SEC and FINRA have devoted significant efforts to enforcing these requirements, especially against broker-dealers. The banking agencies continued their focus on BSA and AML compliance and reviewing AML compliance program functions and elements.
Over the last few years, the New York Department of Financial Services has become a force to regulatory and enforcement force against national and global banks that maintain branches in New York. The NYDFS requires certifications as to compliance with AML transaction monitoring and filtering programs.
Financial regulators also have converged compliance with cybersecurity and AML requirements. The NYDFS issued in 2016 cybersecurity regulation requirements. Meanwhile, on the federal side, banking regulators have mandated that compliance programs address AML and cybersecurity risks. The SEC has pushed companies to enhance their cybersecurity disclosures as a further means to prod companies into addressing cybersecurity risks. The BSA SARs filing requirements now incorporate cybersecurity issues as well.
De-risking is another hot topic in the AML regulatory arena which occurs when financial institutions withdraw from certain business lines or countries that the institutions find are too risky. This particular concern arises when financial institutions operate foreign correspondent bank accounts. In response to high compliance costs and regulatory scrutiny, banks have withdrawn from correspondent banking in high-risk countries. Regulators have clarified certain requirements in this area – first, that there is no expectation that US banks conduct due diligence on the customers of the foreign financial institution and that AML and OFAC enforcement regime is not zero tolerance when it comes to customers of foreign financial institutions.
U.S. depository institutions are required to assess the money laundering risk presented by their foreign correspondent accounts by addressing: (1) the nature of the FFI’s business and the markets it serves; (2) the type, purpose, and anticipated activity of the account; (3) the nature and duration of the account relationship; (4) the supervisory regime of the jurisdiction in which the FFI is licensed; and (5) information about the FFI’s AML record. Although there is currently no requirement for U.S. depository institutions to conduct due diligence on an FFI’s customers, banks should consider whether the due diligence information provided by their FFI customers is sufficient to fully assess the AML and sanctions risks posed by the foreign correspondent banking relationship. U.S. depository institutions often have to request additional information about the underlying activity in an FFI’s account in order to satisfy their risk-based obligations.