Blog | Nov. 9, 2020 | 6 min read Navigating BSA/AML Compliance Challenges TwitterFacebookLinkedInEmailMessengerAt 50-years old, the Bank Secrecy Act (BSA) still serves a vital purpose for the United States financial system: protecting its individual members from being used to finance illegal activity. But its ability to achieve that purpose has not kept pace with an ever-evolving world. In fact, the sponsors of the BSA would barely recognize today’s financial system or global economy—they are so thoroughly different from what they were in 1970. Even so, the law remains largely unchanged except for a handful of updates, including the USA PATRIOT Act, which brought more industries under BSA jurisdiction. The resulting tug-of-war between regulatory agencies charged with examining and enforcing BSA compliance and the financial institutions required to comply with the law in a vastly different world than the one it was written for continues to move in a positive direction. Consensus on the need to modernize the BSA is growing. The Financial Crimes Enforcement Network (FinCEN) recently published the latest proof of this consensus in an advance notice of proposed rulemaking (ANPRM) on Anti-Money Laundering Program Effectiveness. The ANPRM also speaks to a growing partnership between the financial services industry and federal financial regulatory agencies. New Anti-Money Laundering Rules as Proposed FinCEN published the ANPRM on September 16 with an open comment period until November 16. The proposal focuses on three main BSA/AML amendments, which it poses as questions. First, should the BSA require that all covered financial institutions maintain an anti-money laundering (AML) program that meets the definition of “effective and reasonably designed?” To comply with that definition, an institution’s AML program would need to cover the following bases: It “identifies, assesses, and reasonably mitigates the risks resulting from illicit financial activity” based on the institution’s risk assessment and inclusive of national AML priorities. It complies with the recordkeeping and reporting requirements of the BSA. It “provides information with a high degree of usefulness to government authorities” based on the institution’s risk assessment and national AML priorities. Second, should FinCEN issue national AML priorities to help inform AML programs? If finalized as approved, they would be published every two years under the title “Strategic Anti-Money Laundering Priorities.” The ANPRM makes it clear that this would not be an all-inclusive list of risks. Instead, it would “seek to articulate FinCEN’s existing AML priorities.” In other words, institutions would need to focus on these areas but without losing sight of the institution-specific risks identified in their risk assessments. Third, should there be an explicit requirement for a risk assessment process within an AML program? Currently, this is not a direct requirement for all financial institutions as defined under the BSA, even though FinCEN and other supervisory agencies view a risk assessment as a critical element of a reasonably designed program. Covered Institutions within the ANPRM Scope The proposed rule would be “applicable to all of the industries that have anti-money laundering (AML) program requirements under FinCEN’s regulations.” This includes the following: Banks, including credit unions and depository institutions Casinos and card clubs Money service businesses Securities brokers or dealers Mutual funds Insurance companies Futures commission merchants and introducing brokers in commodities Precious metal, stone or jewel dealers Credit card system operators Loan or finance companies Housing government sponsored enterprises Given the disparity of what is required for these various categories, FinCEN encouraged commenters to speak about industry-specific BSA/AML considerations to help inform their final rulemaking. Positive Signs for BSA/AML Compliance The financial services industry has been advocating for a BSA overhaul for some time. At the core of its argument: The law’s current framework has failed to keep pace with ongoing changes in the industry, global economy and technology, which limits the BSA’s ability to fulfill its original and still very relevant purpose. All the while, the cost of BSA compliance continues to rise, thus placing significant and, arguably, incongruent burdens on financial institutions. When testifying before the House Financial Services Committee in 2019, CEOs Michael Corbat and Jamie Dimon revealed that Citigroup and JPMorgan annually spend $1 billion or more on BSA/AML compliance. Furthermore, a recent Government Accountability Office (GAO) report on Anti-Money Laundering anecdotally found that community banks and credit unions bear the greatest BSA/AML burden. Although the two very largest banks in the study spent more money for BSA/AML compliance, the total represented less than 1 percent of all their operating expenses. The same was true for only two other banks with fewer assets. By contrast, the rest of the banks in the study used a greater percentage of total operating expense dollars toward BSA/AML compliance, with a small community bank (2.4 percent) and a large credit union (4.9 percent) spending the most in relation to their expense budget. But there are several positive signs from the ANPRM that suggest that FinCEN is listening to the industry’s concerns about the cost and challenges associated with BSA/AML compliance. In the most optimistic of views, it looks like FinCEN is moving closer to implementing that change. Acknowledgement of Significant Innovations It’s not surprising that the world would evolve over the 50-year existence of a law, but the pace of change in banking and technology over the last two decades has been faster and more drastic than the previous 30 years. Consider that in 2001, the year the USA PATRIOT Act was enacted, no one had a smart phone, much less banked or even imagined banking from it. FinCEN cites this as one of the primary reasons for its ANPRM: “Over the past several years, there have been significant innovations in the financial sector and the development of new business models, products, and services, fueled in part by rapid technological changes.” Recognition of BSA Compliance Challenges As a result of the breakneck speed of innovation, financial institutions can now offer new channels and products to their customers, and financial criminals have new avenues to potentially exploit. Complying with the very static BSA in such a complex environment presents significant financial, operational and even reputational costs for institutions. Per the ANPRM, “FinCEN seeks to ensure that the BSA’s AML regime adapts to address the evolving threats of illicit finance,” while also “providing financial institutions with additional flexibility in addressing these threats.” Clarity About an Effective AML Program By explicitly defining the meaning of an “effective and reasonably designed” AML program, FinCEN provides a clearer picture of what is expected of financial institutions. Moreover, it states its belief that most institutions are already operating within that context—meaning that the proposed AML amendments are not intended to add more work to compliance staff. More Efficient Use of Resources Throughout the proposal, FinCEN acknowledges the high cost of BSA/AML compliance along with the mixed results it produces as currently set up. To address this disparity, it specifically notes that it wants financial institutions to have greater flexibility in how they allocate resources in order to have more effective and efficient anti-money laundering programs. FinCEN’s National AML Priorities Up until now, financial institutions mostly had to guess what specific issues were top priorities on the national radar. In that scenario, they may not focus on the AML areas of greatest concern to overall national security or priority, which can lead to problems at exam time, as well as contribute to the inefficient use of resources. FinCEN expects that by publishing its Strategic AML Priorities, they will: Impact and inform an institution’s risk assessment depending on its size, complexity, customers, geographic footprint, products and services Enhance the ability of institutions to provide information with a high degree of usefulness to law enforcement and government authorities Allow law enforcement to better understand and address risks in specific areas Improve information sharing, including public-private forums Request For Answers In requesting the industry to comment on the proposal, FinCEN posed 11 specific questions. One of the most notable of these asked if FinCEN should consider regulatory changes that “appropriately reflect” the wide variety of business models and risk profiles among different types of financial institutions. Next Steps This ANPRM is based on the recommendations of the Bank Secrecy Act Advisory Group (BSAAG), which was formed as part of FinCEN’s stated effort to modernize the national AML regime. This may be just the tip of the iceberg: “FinCEN anticipates taking additional steps, such as issuing guidance where appropriate, as FinCEN continues to evaluate the full set of BSAAG recommendations.” A New Partnership in the Making? No one on the industry or regulatory side disputes the need to protect the financial system from being used to perpetrate financial fraud or further other illicit activities, such as drug or human trafficking, terrorism or organized crime through money laundering. Now, there is also growing consensus for updating the AML aspects of the BSA to better match the true reality of today’s changing world. This could strengthen a mutually beneficial partnership that only the criminals will dislike.