Anti-Money Laundering Program Effectiveness, 58023-58029 [2020-20527]

Agencies

• DEPARTMENT OF THE TREASURY
• Financial Crimes Enforcement Network

[Federal Register Volume 85, Number 181 (Thursday, September 17, 2020)]
[Proposed Rules]
[Pages 58023-58029]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-20527]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Financial Crimes Enforcement Network

31 CFR Chapter X

[Docket No. FinCEN-2020-0011]
RIN 1506-AB44


Anti-Money Laundering Program Effectiveness

AGENCY: Financial Crimes Enforcement Network (FinCEN), Treasury.

ACTION: Advance notice of proposed rulemaking (ANPRM).

-----------------------------------------------------------------------

SUMMARY: This document seeks public comment on potential regulatory 
amendments to establish that all covered financial institutions subject 
to an anti-money laundering program requirement must maintain an 
``effective and reasonably designed'' anti-money laundering program. 
Any such amendments would be expected to further clarify that such a 
program assesses and manages risk as informed by a financial 
institution's risk assessment, including consideration of anti-money 
laundering priorities to be issued by FinCEN consistent with the 
proposed amendments; provides for compliance with Bank Secrecy Act 
requirements; and provides for the reporting of information with a high 
degree of usefulness to government authorities. The regulatory 
amendments under consideration are intended to modernize the regulatory 
regime to address the evolving threats of illicit finance, and provide 
financial institutions with greater flexibility in the allocation of 
resources, resulting in the enhanced effectiveness and efficiency of 
anti-money laundering programs.

DATES: Written comments are welcome, and must be received on or before 
November 16, 2020.

ADDRESSES: Comments may be submitted, identified by Regulatory 
Identification Number (RIN) 1506-AB44, by any of the following methods:
     Federal E-rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments. Include RIN 1506-AB44 
in the submission. Refer to Docket Number FINCEN-2020-0011.
     Mail: Financial Crimes Enforcement Network, P.O. Box 39, 
Vienna, VA 22183. Include 1506-AB44 in the body of the text. Refer to 
Docket Number FINCEN-2020-0011.
    Please submit comments by one method only. All comments submitted 
in response to this ANPRM will become a matter of public record. 
Therefore, you should submit only information that you wish to make 
publicly available.

FOR FURTHER INFORMATION CONTACT: The FinCEN Regulatory Support Section 
at 1-800-767-2825 or electronically at [email protected].

SUPPLEMENTARY INFORMATION:

I. Scope of ANPRM

    The scope of program rules under consideration for amendment in 
this ANPRM includes those applicable to all of the industries that have 
anti-money laundering (AML) program requirements under FinCEN's 
regulations, including banks (which includes credit unions and other 
depository institutions, as defined in 31 CFR 1010.100(d)); casinos and 
card clubs; money services businesses; brokers or dealers in 
securities; mutual funds; insurance companies; futures commission 
merchants and introducing brokers in commodities; dealers in precious 
metals, precious stones, or jewels; operators of credit card systems; 
loan or finance companies; and housing government sponsored 
enterprises.\1\ FinCEN particularly requests comment regarding any 
industry-specific considerations that FinCEN should evaluate with 
regard to the scope of possible rulemaking described in this ANPRM.
---------------------------------------------------------------------------

    \1\ See 31 CFR 1020.210 (banks); 31 CFR 1021.210 (casinos and 
card clubs); 31 CFR 1022.210 (money services businesses); 31 CFR 
1023.210 (brokers or dealers in securities); 31 CFR 1024.210 (mutual 
funds); 31 CFR 1025.210 (insurance companies); 31 CFR 1026.210 
(futures commission merchants and introducing brokers in 
commodities); 31 CFR 1027.210 (dealers in precious metals, precious 
stones, or jewels); 31 CFR 1028.210 (operators of credit card 
systems); 31 CFR 1029.210 (loan or finance companies); and 31 CFR 
1030.210 (housing government sponsored enterprises).
---------------------------------------------------------------------------

II. Background

A. History of the Bank Secrecy Act (BSA)

    The Currency and Foreign Transactions Reporting Act of 1970, 
generally referred to as the BSA,\2\ authorizes the Secretary of the 
U.S. Department of the Treasury (Secretary) to require financial 
institutions to keep records and file reports that ``have a high degree 
of usefulness in criminal, tax, or regulatory investigations or 
proceedings, or in the conduct of intelligence or counterintelligence

[[Page 58024]]

activities, including analysis to protect against international 
terrorism.'' \3\ The Secretary has delegated to the Director of FinCEN 
the authority to implement, administer, and enforce compliance with the 
BSA and its related authorities.\4\ As a result, FinCEN may require 
financial institutions to maintain procedures to ensure compliance with 
the BSA and its related regulations and to guard against money 
laundering, including AML program requirements.\5\
---------------------------------------------------------------------------

    \2\ 12 U.S.C. 1829b, 12 U.S.C. 1951-1959, and 31 U.S.C. 5311-
5314; 5316-5332.
    \3\ 31 U.S.C. 5311.
    \4\ Treasury Order 180-01 (Jan. 14, 2020).
    \5\ 31 U.S.C. 5318(a)(2), (h)(2).
---------------------------------------------------------------------------

    The Money Laundering Control Act of 1986 (MLCA) \6\ made money 
laundering a Federal crime. It also amended the BSA, underscoring the 
importance of reporting information with a high degree of usefulness to 
government authorities. For example, Section 1359 of the MLCA amended 
section 8 of the Federal Deposit Insurance Act \7\ and section 206 of 
the Federal Credit Union Act,\8\ among other similar statutes, to 
require the Federal Banking Agencies \9\ to issue regulations for 
covered financial institutions to ``establish and maintain procedures 
reasonably designed to assure and monitor the compliance'' of such 
institutions with the reporting and some recordkeeping requirements of 
the BSA.
---------------------------------------------------------------------------

    \6\ Public Law 99-570, 100 Stat. 3207 (Oct. 27, 1986).
    \7\ 12 U.S.C. 1818.
    \8\ 12 U.S.C. 1786.
    \9\ The Federal Banking Agencies include the Board of Governors 
of the Federal Reserve System, the Federal Deposit Insurance 
Corporation (FDIC), the National Credit Union Administration, and 
the Office of the Comptroller of the Currency.
---------------------------------------------------------------------------

    The Annunzio-Wylie Anti-Money Laundering Act of 1992 (Annunzio-
Wylie) amended the BSA \10\ by strengthening the sanctions for BSA 
violations and Treasury's role.\11\ Annunzio-Wylie authorized Treasury 
to issue regulations requiring all financial institutions, as defined 
in BSA regulations, to maintain ``minimum standards'' of an AML 
program.\12\ The minimum standards set forth in the statute were 
substantially similar to the standards set forth by the Federal Banking 
Agencies in their BSA compliance program regulations, which required 
depository institutions under their supervision to establish and 
maintain procedures ``reasonably designed'' to assure and monitor 
compliance with the requirements of the BSA.\13\
---------------------------------------------------------------------------

    \10\ Title XV of Public Law 102-550, 106 Stat. 3672 (Oct. 28, 
1992).
    \11\ See Title XV, sec. 1503 (authorizing the termination of 
FDIC insurance of insured depository institutions convicted of a 
criminal violation of the BSA), sec. 1504 (authorizing the removal 
officers or directors of such institutions found to have violated a 
BSA requirement), and sec. 1517 (authorizing Treasury to require the 
reporting of suspicious transactions) of Public Law 102-550.
    \12\ Title XV, sec. 1517 of Public Law 102-550.
    \13\ The minimum standards for an AML program set forth in 
Annunzio-Wylie, and codified at 31 U.S.C. 5318(h), include: ``(A) 
the development of internal policies, procedures, and controls, (B) 
the designation of a compliance officer, (C) an ongoing employee 
training program, and (D) an independent audit function to test 
programs.''
---------------------------------------------------------------------------

    The Uniting and Strengthening America by Providing Appropriate 
Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA 
PATRIOT Act) further amended the BSA, reinforcing the framework 
established earlier by Annunzio-Wylie, to require, among other things, 
customer identification requirements and Treasury's further expansion 
of AML program rules to cover certain other industries.\14\ In 2003, 
FinCEN and the Federal Banking Agencies issued a joint final rule on 
customer identification program (CIP) requirements.\15\ The USA PATRIOT 
Act also ushered in an expanded role for AML and other financial and 
economic measures in countering threats to U.S. national security and 
protecting the U.S. financial system. The range of authorities and 
measures introduced in Title III were intended to, among other 
purposes, ``increase the strength of United States measures to prevent, 
detect, and prosecute international money laundering and the financing 
of terrorism.'' \16\
---------------------------------------------------------------------------

    \14\ Public Law 107-56, 115 Stat. 272 (Oct. 26, 2001). FinCEN 
issued interim final AML program rules for financial institutions 
regulated by a Federal functional regulator, money services 
businesses, mutual funds, and operators of credit card systems. 67 
FR 21113 (Apr. 29, 2002). FinCEN's rule originally cross-referenced 
the regulations of the Federal functional regulator and provided 
that satisfaction of the Federal functional regulator's AML program 
rule requirements would be deemed to satisfy the requirements of 
Treasury's rule.
    \15\ 68 FR 25090 (May 9, 2003). FinCEN issued joint CIP rules 
separately with the U.S. Securities and Exchange Commission, 68 FR 
25113 (May 9, 2003) (brokers or dealers in securities) and 68 FR 
25131 (May 9, 2003) (mutual funds), and the U.S. Commodity Futures 
Trading Commission, 68 FR 25149 (May 9, 2003) (futures commission 
merchants and introducing brokers).
    \16\ Title III, sec. 302(b)(1) of Public Law 107-56.
---------------------------------------------------------------------------

    FinCEN's most recent significant change to BSA regulations was the 
implementation of customer due diligence and beneficial ownership 
requirements in 2016. These rules resulted in: (i) The expansion of 
FinCEN's AML program rules for financial institutions regulated by a 
Federal functional regulator to expressly incorporate the minimum 
statutory elements of an AML program prescribed by 31 U.S.C. 
5318(h)(1); and (ii) the incorporation of minimum standards for 
customer due diligence and the collection of beneficial ownership 
information for depository institutions, broker-dealers, mutual funds, 
and futures commission merchants and introducing brokers in 
commodities.\17\
---------------------------------------------------------------------------

    \17\ 81 FR 29398 (May 11, 2016).
---------------------------------------------------------------------------

B. Recent Efforts To Modernize the National AML Regime

    Over the past several years, there have been significant 
innovations in the financial sector and the development of new business 
models, products, and services, fueled in part by rapid technological 
change. As a result, financial institutions have confronted new 
opportunities and challenges in meeting BSA compliance obligations and 
providing information with a high degree of usefulness to government 
authorities in an efficient manner. FinCEN seeks to ensure that the 
BSA's AML regime adapts to address the evolving threats of illicit 
finance, such as money laundering, terrorist financing, and related 
crimes--some of which have changed considerably in scope, nature, and 
impact since the initial passage of the BSA--while simultaneously 
providing financial institutions with additional flexibility in 
addressing these threats. FinCEN, in collaboration with supervisory 
partners, law enforcement, and, where appropriate, the financial 
industry, has undertaken recent initiatives that collectively re-
examine the BSA regulatory framework and the broader national AML 
regime. The overall goal of these initiatives is to upgrade and 
modernize the national AML regime, where appropriate, and to facilitate 
the ability of the financial industry and corresponding supervisory 
authorities to leverage new technologies and risk-management 
techniques, share information, discard inefficient and unnecessary 
practices, and focus resources on fulfilling the BSA's stated purpose 
of providing information with a high degree of usefulness to government 
authorities. This ANPRM is intended to further these efforts.
1. The Bank Secrecy Act Advisory Group's AML Effectiveness Working 
Group and Recommendations
    Annunzio-Wylie required the Secretary to establish a Bank Secrecy 
Act Advisory Group (BSAAG).\18\ The statutory purposes of the BSAAG are 
to keep private sector representatives informed on a regular basis of 
the ways in which BSA reports filed by financial institutions, 
including suspicious

[[Page 58025]]

activity reports (SARs), are being used, and to receive advice 
regarding the modification of those reporting requirements to enhance 
the ability of law enforcement agencies to use the information provided 
for law enforcement purposes. The Director of FinCEN chairs the BSAAG, 
and its membership includes representatives from financial 
institutions, Federal and state regulatory and law enforcement 
agencies, and trade groups whose members are subject to the 
requirements of the BSA and its regulations, or Section 6050I of the 
Internal Revenue Code of 1986. The purposes and membership of the BSAAG 
make it an important forum for understanding stakeholder views in 
efforts to reform and modernize the national AML regime.
---------------------------------------------------------------------------

    \18\ Title XV, sec. 1564 of Public Law 102-550.
---------------------------------------------------------------------------

    The BSAAG created an Anti-Money-Laundering Effectiveness Working 
Group (AMLE WG) in June 2019 to develop recommendations for 
strengthening the national AML regime by increasing its effectiveness 
and efficiency. Member stakeholders worked collaboratively throughout 
2019 and into 2020 to identify regulatory initiatives that would allow 
financial institutions to reallocate resources to better focus on 
national AML priorities set by government authorities, increase 
information sharing and public-private partnerships, and leverage new 
technologies and risk-management techniques--and thus increase the 
efficiency and effectiveness of the nation's AML regime.
    The resulting recommendations, summarized below in broad 
categories, are a collective set of complementary efforts.\19\ The 
October 2019 BSAAG plenary received and endorsed the recommendations 
from the AMLE WG. This ANPRM is a result of FinCEN's evaluation of 
those recommendations and a step toward considering their 
implementation. FinCEN anticipates taking additional steps, such as 
issuing guidance where appropriate, as FinCEN continues to evaluate the 
full set of BSAAG recommendations.
---------------------------------------------------------------------------

    \19\ The subsections which follow summarize recommendations 
issued by the BSAAG and do not necessarily reflect current 
regulatory initiatives, nor do they imply endorsement of, nor 
commitment by, the relevant government agencies to implement these 
recommendations.
---------------------------------------------------------------------------

a. Developing and Focusing on AML Priorities
    The AMLE WG recommended that stakeholders refocus the national AML 
regime to place greater emphasis on providing information with a high 
degree of usefulness to government authorities based on national AML 
priorities, in order to promote effective outputs over auditable 
processes and to ensure clearer standards for measuring effectiveness 
in evaluating AML programs. The AMLE WG recommended that the relevant 
government agencies consider:
     Publishing a regulatory definition of AML program 
effectiveness;
     Developing and communicating national AML priorities as 
set by government authorities; and
     Issuing clarifying guidance for financial institutions on 
the elements of an effective AML program.
b. Reallocation of Compliance Resources
    The AMLE WG recommended that stakeholders facilitate BSA compliance 
resource reallocation by reducing or eliminating activities that are 
not required by law or regulation, make limited contributions to 
meeting risk-management objectives, and supply less useful information 
to government authorities. Resources freed from these activities could 
be reallocated to address areas of risk and national AML priorities. 
The AMLE WG recommended that the relevant government agencies consider:
     Clarifying current requirements and supervisory 
expectations with respect to risk assessments, negative media searches, 
customer risk categories, and initial and ongoing customer due 
diligence; and
     Revising existing guidance or regulations in areas such as 
Politically Exposed Persons and the application of existing model-risk-
management guidance to AML systems, in order to improve clarity, 
effectiveness, and compliance.
c. Monitoring and Reporting
    The AMLE WG recommended that AML monitoring and reporting practices 
be modernized and streamlined to maximize efficiency, quality, and 
speed of providing data to government authorities with due 
consideration for privacy and data security. The AMLE WG recommended 
that the relevant government agencies consider:
     Clarifying expectations and updating practices for keep-
open letters and suspicious activity monitoring, investigation, and 
reporting, including SARs based on grand jury subpoenas or negative 
media; and
     Supporting potential automation opportunities for high-
frequency/low-complexity SARs and currency transaction reports (CTRs), 
and exploring the possibility of streamlined SARs on continuing 
activity.
d. Enhancing Information Sharing
    Information sharing among financial institutions, regulators, and 
law enforcement through partnerships and other existing mechanisms is a 
key component of an effective BSA/AML regime. The AMLE WG recommended 
steps for enhancing information sharing mechanisms to communicate 
national AML priorities, related typologies, and emerging threats, such 
as:
     Forming a BSAAG-established working group with members 
from law enforcement agencies, regulators, and financial institutions 
to identify, prioritize, and recommend national AML priorities and 
advise on opportunities to communicate typologies, red flags, and other 
information related to national AML priorities;
     Leveraging existing information-sharing initiatives 
between the public and private sectors, including enhanced use of the 
BSA's information sharing provisions, sections 314(a) and (b) of the 
USA PATRIOT Act, and sharing with foreign affiliates and global 
institutions, as appropriate; and
     Assessing options for FinCEN and law enforcement agencies 
to provide more feedback to financial institutions related to the use 
and utility of BSA reports.
e. Advance Regulatory Innovations
    The AMLE WG recommended the continued enhancement of the national 
AML regime to promote the use of responsible innovations to address new 
and emerging money laundering and terrorist financing risks and the 
evolving industry landscape, as well as to encourage financial 
institutions to pursue more effective and efficient BSA compliance 
practices. Measures recommended include steps that financial 
institutions could take to better use responsible innovation in meeting 
CIP requirements--such as third-party software and service providers--
and studying the impact of financial technology and other emerging non-
bank financial service providers on the AML regime.

III. Elements of an ``Effective and Reasonably Designed'' AML Program

    FinCEN, after consulting with the staffs of various supervisory 
agencies, and having considered the BSAAG recommendations and other BSA 
modernization efforts, is publishing this ANPRM seeking comment on 
whether it is appropriate to clearly define a requirement for an 
``effective and reasonably designed'' AML program in BSA regulations. 
Increasing the

[[Page 58026]]

``effectiveness'' of the national AML regime is a core objective of 
recent AML modernization efforts. This term often refers to the 
implementation and maintenance of a compliant AML program, but has no 
specific, consistent definition in existing regulation. FinCEN believes 
that incorporating an ``effective and reasonably designed'' AML program 
requirement with a clear definition of ``effectiveness'' \20\ would 
allow financial institutions to more efficiently allocate resources and 
would impose minimal additional burden on existing AML programs that 
already comply under the existing supervisory approach. This 
requirement would also seek to implement a common understanding between 
supervisory agencies and their supervised financial institutions on the 
necessary AML program elements.
---------------------------------------------------------------------------

    \20\ There is some variance in the specific AML program 
requirements for different types of financial institutions, but 
current AML program regulations for most financial institutions 
subject to such requirements contain a requirement that either the 
AML program as a whole, or the implementation of internal controls, 
is ``reasonably designed.'' In addition, current AML program 
requirements vary as to whether a financial institution must 
implement an AML program that is ``reasonably designed'' to achieve 
compliance with the BSA, ``reasonably designed'' to prevent money 
laundering or terrorist financing, or both.
---------------------------------------------------------------------------

    Specifically, FinCEN is considering regulatory amendments that 
would explicitly define an ``effective and reasonably designed'' AML 
program as one that:
     Identifies, assesses, and reasonably mitigates the risks 
resulting from illicit financial activity--including terrorist 
financing, money laundering, and other related financial crimes--
consistent with both the institution's risk profile and the risks 
communicated by relevant government authorities as national AML 
priorities;
     Assures and monitors compliance with the recordkeeping and 
reporting requirements of the BSA; and
     Provides information with a high degree of usefulness to 
government authorities consistent with both the institution's risk 
assessment and the risks communicated by relevant government 
authorities as national AML priorities.
    As explained in more detail in the sections that follow, this ANPRM 
also seeks comment on whether the AML program regulations \21\ should 
be amended to establish an explicit requirement for a risk-assessment 
process, as well as whether the Director of FinCEN should issue every 
two years a list of national AML priorities, to be called FinCEN's 
``Strategic Anti-Money Laundering Priorities.''
---------------------------------------------------------------------------

    \21\ See supra note 1.
---------------------------------------------------------------------------

A. Identifying and Assessing Risks
    The current AML program rules generally require each financial 
institution to implement a system of internal controls to ``assure 
ongoing compliance'' \22\ with the BSA. This system of internal 
controls includes the policies, procedures, and processes that not only 
mitigate the risks associated with the products and services the 
financial institution offers and the customers it serves, but also 
ensures the financial institution meets regulatory requirements under 
the BSA. Under current practice for most financial institutions, the 
design of an AML program is based on the risks identified and assessed 
by the financial institution through a risk-assessment process. FinCEN 
and other supervisory agencies have traditionally viewed a risk 
assessment as a critical element of a reasonably designed program, 
because a program cannot be considered reasonably designed to achieve 
compliance with the recordkeeping and reporting requirements of the BSA 
unless the institution understands its risk profile.
---------------------------------------------------------------------------

    \22\ See, e.g., 31 CFR 1020.210(b)(1).
---------------------------------------------------------------------------

    Even though a financial institution's risk-assessment process is 
key to ensuring an effective AML program, it is not an explicit 
regulatory requirement for all types of institutions. Given the 
importance of the risk-assessment process to establishing an 
``effective and reasonably designed'' AML program, FinCEN believes that 
it warrants explicit incorporation. FinCEN is considering whether its 
AML program regulations should be amended to require the establishment 
of a risk-assessment process that includes the identification and 
analysis of money laundering, terrorist financing, and other illicit 
financial activity risks faced by the financial institution based on an 
evaluation of various factors, including its business activities, 
products, services, customers, and geographic locations in which the 
financial institution does business or services customers.
    FinCEN and the Federal Banking Agencies issued a Joint Statement on 
Risk-Focused Bank Secrecy Act/Anti-Money Laundering Supervision in 2019 
that underscored the importance of a risk-based approach. The statement 
clarifies that these agencies' long-standing supervisory approach to 
examining for compliance with the BSA considers a financial 
institution's risk profile and notes that ``[a] risk-based [AML] 
compliance program enables a bank to allocate compliance resources 
commensurate with its risk.'' \23\ It further clarifies that a well-
developed risk-assessment process assists examiners in understanding a 
bank's risk profile and evaluating the adequacy of its AML program. The 
statement also explains that, as part of their risk-focused approach, 
examiners review a bank's risk-management practices to evaluate whether 
a bank has developed and implemented a reasonable and effective process 
to identify, measure, monitor, and control risks. Recognizing that many 
financial institutions are conducting risk assessments, FinCEN seeks 
comment on the effect to financial institutions' efforts to comply with 
AML program requirements of adding a regulatory requirement to conduct 
a risk assessment, and the effect, if any, on burden to financial 
institutions' processes for complying with AML program requirements.
---------------------------------------------------------------------------

    \23\ See Board of Governors of the Federal Reserve System, 
Federal Deposit Insurance Corporation, Financial Crimes Enforcement 
Network, National Credit Union Administration, and Office of the 
Comptroller of the Currency, Joint Statement on Risk-Focused Bank 
Secrecy Act/Anti-Money Laundering Supervision (July 22, 2019), 
available at https://www.fincen.gov/sites/default/files/2019-10/Joint%20Statement%20on%20Risk-Focused%20Bank%20Secrecy%20Act-Anti-Money%20Laundering%20Supervision%20FINAL1.pdf.
---------------------------------------------------------------------------

B. Consideration of the Strategic AML Priorities in the Risk-Assessment 
Process

    This ANPRM also seeks comment on whether regulatory amendments 
should be made so that an ``effective and reasonably designed'' AML 
program would require financial institutions to consider and integrate 
national AML priorities into their risk-assessment processes, as 
appropriate. FinCEN is considering whether the Director of FinCEN 
should issue national AML priorities, to be called its ``Strategic 
Anti-Money Laundering Priorities,'' every two years (or more frequently 
as appropriate to inform the public and private sector of new 
priorities). This ANPRM also seeks comment on whether these priorities 
should be considered, among other information, in a financial 
institution's risk assessment.
    FinCEN does not expect that its Strategic AML Priorities would 
capture the universe of all AML priorities, nor would they be intended 
to serve as the only priorities informing a risk-assessment process. 
Rather, they would seek to articulate FinCEN's existing AML priorities, 
informed by a wide range of government and private sector stakeholders, 
leveraging the broader priorities established by the National

[[Page 58027]]

Illicit Finance Strategy as determined by the Secretary of the 
Treasury--in consultation with the Departments of Justice, State, and 
Homeland Security, the Office of the Director of National Intelligence, 
the Office of Management and Budget, and the staffs of the Federal 
functional regulators--to better aid U.S. institutions in effectively 
complying with BSA obligations. Other relevant information that the 
Director of FinCEN may consider in determining Strategic AML Priorities 
includes, for example, FinCEN Advisories to financial institutions, 
which identify emerging risks and provide red flags and typologies that 
assist financial institutions in identifying and reporting suspicious 
activity; other relevant Treasury Department communications, including 
the National Risk Assessments; and information from law enforcement and 
other government agencies, and others.

C. Risk Management and Mitigation Informed by Strategic AML Priorities

    Building upon the prior two concepts--an explicit risk-assessment 
requirement and the publication of Strategic AML Priorities--this ANPRM 
also seeks comment as to whether an ``effective and reasonably 
designed'' AML program should require that financial institutions 
reasonably manage and mitigate the risks identified in the risk-
assessment process by taking into consideration the Strategic AML 
Priorities, as appropriate and among other relevant information. FinCEN 
believes that the vast majority of financial institutions are 
effectively and reasonably managing and mitigating the risks that they 
have identified. Under any proposal to incorporate a requirement for an 
``effective and reasonably designed'' AML program, FinCEN understands 
that institutions may reallocate resources from other lower-priority 
risks or practices to manage and mitigate higher-priority risks, 
including any identified as Strategic AML Priorities.
    Financial institutions may consider how FinCEN's Strategic AML 
Priorities impact and inform the risk assessment based on the 
institution's size, complexity, business activities, products, 
services, customers, and geographic locations in which the financial 
institution does business or services customers. This might enhance the 
financial institution's engagement with law enforcement and FinCEN to 
provide information with a high degree of usefulness to government 
authorities. In addition, a financial institution may be better able to 
engage with the appropriate level of Federal, state, or local law 
enforcement and other government officials to better understand and 
address risks within that jurisdiction. This might improve information 
sharing, to include requests from FinCEN or other government 
authorities, as well as participation in public-private information 
sharing forums.
    FinCEN recognizes that financial institutions may utilize different 
means to demonstrate effectiveness and anticipates that some financial 
institutions may determine that their AML programs already sufficiently 
assess and mitigate the risks identified as Strategic AML Priorities. 
FinCEN also anticipates that many financial institutions may determine 
that their business models and risk profiles reflect limited exposure 
to risks posed by the threats identified as Strategic AML Priorities, 
but may reflect greater exposure to significant and legitimate risks 
that may not be identified as Strategic AML Priorities. FinCEN 
recognizes and appreciates financial institutions must continue to 
identify, reasonably manage, and mitigate these risks consistent with 
financial institutions' risk-management processes.

D. Assuring and Monitoring Compliance With the Recordkeeping and 
Reporting Requirements of the BSA

    FinCEN does not expect that any regulatory changes made in response 
to this ANPRM would alter the recordkeeping and reporting requirements 
contained in existing BSA regulations. However, this ANPRM seeks 
comment as to whether financial institutions' AML program obligations 
should be based on the risks identified by the financial institution, 
to include consideration of Strategic AML Priorities, where appropriate 
and among other information. For example, a financial institution's 
process for the implementation of certain requirements, such as 
monitoring for suspicious activity, is based on risk. Making clear that 
compliance with this aspect of the AML program requirement is risk-
based is consistent with the objectives of increasing effectiveness and 
efficiency. It also reflects long-standing supervisory approaches and 
expectations.

E. Providing Information With a High Degree of Usefulness

    FinCEN believes that the proposed regulatory approach in this ANPRM 
furthers the statutory BSA purpose of providing information with a high 
degree of usefulness to government authorities. These regulatory 
amendments would explicitly define as a goal of the AML program that 
financial institutions provide information with a high degree of 
usefulness to government authorities consistent with the financial 
institution's risk assessment and Strategic AML Priorities, among other 
relevant information. FinCEN recognizes that many financial 
institutions have developed specialized units that focus on complex 
investigations. In addition, financial institutions of all sizes may 
collaborate with Federal, state, and local law enforcement, receive 
outreach from the government's SAR Review Teams, and often be willing 
to engage on relevant issues in their community. FinCEN expects that 
any future regulatory amendments to incorporate a requirement for an 
``effective and reasonably designed'' AML program would seek to provide 
a framework to recognize that these and other collaborative efforts may 
provide information with a high degree of usefulness to government 
authorities. This recognition, in turn, may provide further incentive 
for financial institutions to undertake and apply resources towards 
these important initiatives to combat money laundering, terrorist 
financing, and other related illicit financial crime. Such an approach 
has the potential to increase the overall effectiveness of the national 
AML regime by better enabling law enforcement and other users of BSA 
reporting to address priority threats to the U.S. financial system.

IV. Issues for Comment

    Based on the foregoing, FinCEN is seeking comment from the public, 
including industry, law enforcement, regulators, other consumers of BSA 
data, and any other interested parties, concerning a potential 
rulemaking to incorporate a requirement for an ``effective and 
reasonably designed'' AML program into AML program regulations and to 
provide clarity on its application. Specifically, FinCEN requests 
public comment on the following:
    Question 1: Does this ANPRM make clear the concept that FinCEN is 
considering for an ``effective and reasonably designed'' AML program 
through regulatory amendments to the AML program rules? If not, how 
should the concept be modified to provide greater clarity?
    Question 2: Are this ANPRM's three proposed core elements and 
objectives of an ``effective and reasonably designed'' AML program 
appropriate? Should FinCEN make any changes to the three proposed 
elements of an ``effective and reasonably designed''

[[Page 58028]]

AML program in a future notice of proposed rulemaking?
    As described above, FinCEN is considering regulatory amendments 
that would define an ``effective and reasonably designed'' program as 
one that:
     Identifies, assesses, and reasonably mitigates the risks 
resulting from illicit financial activity, including terrorist 
financing, money laundering, and other related financial crimes, 
consistent with both the institution's risk profile and the risks 
communicated by relevant government authorities as national AML 
priorities;
     Assures and monitors compliance with the recordkeeping and 
reporting requirements of the BSA; and
     Provides information with a high degree of usefulness to 
government authorities consistent with both the institution's risk 
assessment and the risks communicated by relevant government 
authorities as national AML priorities.
    Question 3: Are the changes to the AML regulations under 
consideration in this ANPRM an appropriate mechanism to achieve the 
objective of increasing the effectiveness of AML programs? If not, what 
different or additional mechanisms should FinCEN consider?
    Question 4: Should regulatory amendments to incorporate the 
requirement for an ``effective and reasonably designed'' AML program be 
proposed for all financial institutions currently subject to AML 
program rules? Are there any industry-specific issues that FinCEN 
should consider in a future notice of proposed rulemaking to further 
define an ``effective and reasonably designed'' AML program?
    FinCEN notes that, as regulations for different segments of the 
financial industry have been promulgated at different times in the 
past, such AML program regulations have evolved and, consequently, 
contain provisions that differ among the various industries subject to 
AML program requirements. For example, the AML program requirement for 
money services businesses (31 CFR 1022.210(a)) already contains an 
effectiveness component.\24\ FinCEN invites comments from all covered 
industries subject to AML program regulations as to how a requirement 
for an ``effective and reasonably designed'' AML program would impact 
their industry. Furthermore, FinCEN invites comment as to whether any 
industry-specific modifications would be appropriate to consider in 
future rulemaking.
---------------------------------------------------------------------------

    \24\ Specifically it provides that each money services business, 
as defined by Sec.  1010.100(ff), shall develop, implement, and 
maintain an effective anti-money laundering program. An effective 
anti-money laundering program is one that is reasonably designed to 
prevent the money services business from being used to facilitate 
money laundering and the financing of terrorist activities.
---------------------------------------------------------------------------

    Question 5: Would it be appropriate to impose an explicit 
requirement for a risk-assessment process that identifies, assesses, 
and reasonably mitigates risks in order to achieve an ``effective and 
reasonably designed'' AML program? If not, why? Are there other 
alternatives that FinCEN should consider? Are there factors unique to 
how certain institutions or industries develop and apply a risk 
assessment that FinCEN should consider? Should there be carve-outs or 
waivers to this requirement, and if so, what factors should FinCEN 
evaluate to determine the application thereof?
    Question 6: Should FinCEN issue Strategic AML Priorities, and 
should it do so every two years or at a different interval? Is an 
explicit requirement that risk assessments consider the Strategic AML 
Priorities appropriate? If not, why? Are there alternatives that FinCEN 
should consider?
    Question 7: Aside from policies and procedures related to the risk-
assessment process, what additional changes to AML program policies, 
procedures, or processes would financial institutions need to implement 
if FinCEN implemented regulatory changes to incorporate the requirement 
for an ``effective and reasonably designed'' AML program, as described 
in this ANPRM? Overall, how long of a period should FinCEN provide for 
implementing such changes?
    FinCEN seeks comment on specific programmatic changes. For example, 
how might the allocation of personnel change because of the possible 
regulatory amendments discussed in this ANPRM, and what processes would 
be required to reallocate AML compliance resources for different 
responsibilities? How long would such programmatic changes take to 
conceive, test, and implement? Would this vary by size of institution 
or across industry segments? If so, how? In addition to due diligence 
and monitoring processes, what other methods to mitigate risks are 
financial institutions engaged in? Should FinCEN add via future 
regulation more specific risk-mitigation requirements to ensure that 
controls are commensurate with the risks undertaken, and how might 
these risk-mitigation requirements vary by industry?
    Question 8: As financial institutions vary widely in business 
models and risk profiles, even within the same category of financial 
institution, should FinCEN consider any regulatory changes to 
appropriately reflect such differences in risk profile? For example, 
should regulatory amendments to incorporate the requirement for an 
``effective and reasonably designed'' AML program be proposed for all 
financial institutions within each industry type, or should this 
requirement differ based on the size or operational complexity of these 
financial institutions, or some other factors? Should smaller, less 
complex financial institutions, or institutions that already maintain 
effective BSA compliance programs with risk assessments that 
sufficiently manage and mitigate the risks identified as Strategic AML 
Priorities, have the ability to ``opt in'' to making changes to AML 
programs as described in this ANPRM?
    FinCEN appreciates that financial institutions vary considerably in 
size and complexity, and even well-intentioned regulatory actions that 
impact such a diverse collection of financial institutions can result 
in unintended consequences. Accordingly, FinCEN specifically requests 
comment on how the practical impact of the regulatory proposals 
described in this ANPRM could vary in implementation for institutions 
of differing size and complexity, and whether changes in approach--such 
as an opt-in decision--would be advisable. If greater flexibility is 
recommended, FinCEN requests comments as to whether any resultant 
divergence in AML program implementation might present financial crime 
vulnerabilities, and if so, how such vulnerabilities could be 
mitigated. If different requirements are recommended based on the size 
and/or operational complexity of financial institutions, please 
describe what thresholds and parameters might be appropriate, and why.
    Question 9: Are there ways to articulate objective criteria and/or 
a rubric for examination of how financial institutions would conduct 
their risk-assessment processes and report in accordance with those 
assessments, based on the regulatory proposals under consideration in 
this ANPRM?
    FinCEN appreciates that, in order for the regulatory proposals as 
described in this ANPRM to achieve the objective of increased 
effectiveness of the overall U.S. AML regime, the supervisory process 
must support and reinforce this objective. Indeed, FinCEN has consulted 
with the staffs of various Federal supervisory agencies in developing 
this ANPRM, and FinCEN requests comments on how the supervisory regime 
could best support the objectives as identified in this ANPRM.

[[Page 58029]]

    Question 10: Are there ways to articulate objective criteria and/or 
a rubric for independent testing of how financial institutions would 
conduct their risk-assessment processes and report in accordance with 
those assessments, based on the regulatory proposals under 
consideration in this ANPRM?
    FinCEN appreciates that the regulatory proposals described in this 
ANPRM may require changes in the implementation of independent testing 
by financial institutions in order to achieve the objectives as 
described in this ANPRM. Therefore, FinCEN also seeks comments on how a 
future rulemaking could best facilitate effective independent testing 
of risk assessments and other financial institution processes, as may 
be revised consistent with the proposals set forth in this ANPRM.
    Question 11: A core objective of the incorporation of a requirement 
for an ``effective and reasonably designed'' AML program would be to 
provide financial institutions with greater flexibility to reallocate 
resources towards Strategic AML Priorities, as appropriate. FinCEN 
seeks comment on whether such regulatory changes would increase or 
decrease the regulatory burden on financial institutions. How can 
FinCEN, through future rulemaking or any other mechanisms, best ensure 
a clear and shared understanding in the financial industry that AML 
resources should not merely be reduced as a result of such regulatory 
amendments, but rather should, as appropriate, be reallocated to higher 
priority areas?
    FinCEN specifically encourages commenters to provide quantifiable 
data, if available, that supports any views on whether the regulatory 
proposals under consideration would impact financial institutions' 
regulatory burden. FinCEN also invites comment with regard to how 
FinCEN and other supervisory authorities could best reinforce the 
importance of maintaining an appropriate level of BSA compliance 
resources if regulatory amendments are promulgated as described in this 
ANPRM.

V. Conclusion

    With this ANPRM, FinCEN is seeking input on the questions set forth 
above. FinCEN is soliciting comments on the impact to the public, 
including industry, law enforcement, regulators, other consumers of BSA 
data, and any other interested parties, and welcomes comments on all 
aspects of the ANPRM. All interested parties are encouraged to provide 
their views.

VI. Special Analysis

    This advance notice of proposed rulemaking is a significant 
regulatory action under Executive Order 12866 and has been reviewed by 
the Office of Management and Budget.

    Dated: September 14, 2020.
Michael Mosier,
Deputy Director, Financial Crimes Enforcement Network.
[FR Doc. 2020-20527 Filed 9-16-20; 8:45 am]
BILLING CODE 4810-02-P