Last week, the Financial Crime Enforcement Network (FinCEN) released a notice soliciting comments on its request for information (RFI), seeking ways to “streamline, modernize, and update the anti-money laundering and countering the financing of terrorism (AML/CFT) regime of the United States.” The agency needs to modernize its risk-based AML/CFT regulations to make compliance with the Bank Secrecy Act (BSA) more effective and efficient.

What does that mean?

Stopping malign actors from abusing the US financial system is something akin to playing whack-a-mole. As soon as new means and methods to track illicit financial transactions are developed or updated, threat actors find new schemes to access the US dollar, contributing to an ever-evolving illicit finance landscape. New technologies that facilitate new business models, products, and services also provide new means of evading sanctions and laundering funds, rendering some regulations and strategies obsolete.

Regulations must keep up, so FinCEN is embarking on a review to ensure that the safeguards that have been implemented to protect the US financial system from malign actors are efficient and still effective, as mandated by the Anti-Money Laundering Act of 2020. The agency will examine not only what required reports and records are still useful in countering financial crime, but will assess what additional documentation that does not currently fall under recordkeeping requirements may be useful in the fight against illicit finance.

FinCEN considers redundant regulations for the purpose of this RFI to include BSA regulations that: (i) Impose requirements on regulated entities that are identical to, or significantly overlap with, the requirements imposed by other BSA regulations; or (ii) were issued under a different statutory authority, but for which it is not possible to comply with both mandates by taking one set of actions. Regulations imposing such requirements will not be considered redundant to the extent that fully satisfying one requirement under one framework fully satisfies the other requirement as well.

Some of the issues FinCEN will be considering involve threats or vulnerabilities of which the agency may be unaware, and whether current AML/CFT requirements and regulations adequately address these risks. The agency will also consider feedback about what recordkeeping requirements are no longer useful or do not conform with international standards, as well as what additional reporting requirements will help counter modern financial crime. Some BSA regulations may be redundant or outdated if they do not promote a risk-based AML/CFT regime, and the agency plans on assessing their usefulness and efficiency

FiveBy assesses that the list of AML/CFT priorities that FinCEN published in June will play significantly into possible regulatory changes. FinCEN will almost certainly increase focus on corruption and cybercrime, given that the Biden administration has placed a top priority on those issues. Among some common corruption-related red flags are transactions conducted in jurisdictions known for corruption and kleptocracy, sanctions under Magnitsky authorities, and the involvement of politically exposed persons (PEPs) in transactions, making regional, policy, and linguistic knowledge vital to tracking ultimate beneficial ownership and being proactive in blocking corrupt actors from accessing the US financial system. US financial institutions will likely need to prepare by engaging with experts who understand jurisdictional risk and can highlight possible front or shell companies operating in global free trade zones; review PEP risks, understand the cultural environment of targeted jurisdictions; and examine global media and corporate registry and public databases in local languages.

Monitoring for red flags associated with cybercrime—especially ransomware—will be particularly important as FinCEN adjusts regulations to reflect this critical White House priority. Again, financial institutions will need to focus on risky jurisdictions and using geolocation tools to track IPs that may be located in geographic locations at risk for cybercrime. Financial institutions should assess and understand their customers’ networks and regular activities, as well as note transactions that are out of the norm, the use of anonymity-enhanced cryptocurrencies or virtual currency exchanges in foreign, high-risk jurisdictions. The use of an unregistered mixing service can also indicate a transaction linked to cybercrime, as illicit actors seek to comingle cyber proceeds to obscure their origins.

FiveBy anticipates that additional regulations regarding suspicious activity reporting associated with cybercrime will be implemented, as well as additional requirements to perform enhanced due diligence for clients in jurisdictions known for corruption, kleptocracy, and human rights violations.

FinCEN identifies financial institutions, casinos, depository institutions, insurance companies, money services businesses, mortgage brokers, precious metals, and jewelry firms, as well as securities as interested parties that may want to provide feedback on possible regulatory reforms. These non-bank financial institutions (NBFIs) should take proactive steps to anticipate regulatory changes and enhance their compliance programs accordingly, even though FinCEN notes that NBFIs will not be required to incorporate the agency’s priorities into their AML/CFT regimes until the effective date of the changes. Financial institutions and NBFIs may want to begin assessing their risk appetite as well as potential risks associated with their specific offerings by engaging with expert analysts at FiveBy to perform a risk assessment on their current compliance and due diligence programs.

Click here for PDF