2022 Refresh & Getting Ready for 2023
2022 has been a tumultuous year for AML compliance staff globally, with a number of dramatic geopolitical, economic, and financial events – highlighted by Russia’s invasion of Ukraine -- heightening the importance of AML risk management and spurring increased regulatory requirements and expectations.
If we had to pick a “top three” AML issues for the United States, they would be the following:
· The ratcheting up in importance of sanctions screening: The start of the Russia-Ukraine conflict in February triggered a flood of sanctions, export controls, and prohibitions against providing certain corporate services to Russia and Belarus. In March, U.S. Attorney General Merrick Garland announced the launch of Task Force KleptoCapture, an interagency law enforcement task force dedicated to enforcing the sweeping sanctions, export restrictions, and economic countermeasures that the U.S. has imposed, along with allies and partners, in response to Russia’s invasion. Sanctions evasion activity is now being investigated with a clear eye toward criminal prosecutions. U.S. bank regulators have publicly stated that their examiners will be looking into compliance with the sanctions.
Moreover, the importance of sanctions goes beyond Russia. For example, in September, OFAC published its “Sanctions Compliance Guidance for Instant Payment Systems” designed to help financial institutions allocate their compliance resources consistent with their particular sanctions risks. Because of the high velocity of instant payments, along with increasing values and volumes of such payments, the Guidance emphasizes the need for robust compliance measures in this context, including development and deployment of innovative sanctions compliance approaches and technologies.
· The focus on ultimate beneficial ownership requirements and the forthcoming UBO registry: Building out the UBO regime in the U.S. has become an even more critical regulatory priority, as evidenced by FinCEN’s recent final rule requiring certain legal entities to file reports that identify the beneficial owners of the entity as well as the individuals who filed the application to create or register the entity. FinCEN is focused on establishing the national UBO registry and completing implementation of the beneficial ownership information reporting and collection system.
· Increased regulation and scrutiny of virtual assets and virtual asset service providers: The regulators have ratcheted up their focus on AML risks arising from cryptocurrencies, digital activities, and virtual asset service providers, particularly entities and activities emanating from countries not complying with international standards. As an example, the FDIC has formally requested that all of its supervised institutions that intend to engage in, or that are currently engaged in, any activities involving or related to crypto assets provide notice to the FDIC. This priority also was reflected in the “Comprehensive Framework for Responsible Development of Digital Assets” issued by the White House in September. Another example is the FBI’s establishment of a Virtual Asset Unit to create a strategy for combatting cybercrime. Not surprisingly, there's been an uptick in regulatory actions in the digital asset space.
*
Next year promises to be as eventful in AML-land as this year, if not more so. Below are major anticipated regulatory developments for 2023, with a focus on the U.S.:
1. Regulations Implementing the National AML/CFT Priorities
FinCEN is working with other regulators to promote rulemakings regarding the AML priorities announced last year: corruption, cybercrime, domestic and international terrorist financing, fraud, transnational criminal organizations, drug trafficking organizations, human trafficking and human smuggling, and proliferation financing. Financial institutions need to begin the work to assess how to update their AML program and target their AML controls toward the eight threats, before new rules are promulgated. Required measures include revising the overall AML risk assessment, reassessing customer risk profiles, implementing new red flags and typologies for transaction monitoring, adding to employee expertise in these areas, enhancing training, and implementing independent testing geared to these priorities.
2. New UBO Rulemakings
Financial institutions soon can expect additional rulemakings governing access to the FinCEN registry and making necessary revisions to the CDD rule. To gear up for the expanded UBO regime, financial institutions must have various processes in place, including: (a) a process for drawing data from the new registry and evaluating against the UBO requirements, including an understanding of financial ownership and control structures and calculating ownership percentages; (b) continuous monitoring of changes made to company and UBO registers to keep KYC information up to date; (c) integration of UBO information into the CDD database; (d) assessing jurisdictional risk by considering the level of transparency of beneficial ownership and effectiveness of UBO registers in the jurisdiction of incorporation; (e) recordkeeping procedures to meet regulatory requirements and ensure that where there are difficulties in identifying the UBOs, firms can adequately demonstrate that their actions taken exhausted all possible means; (f) risk-based procedures tailored to the unique businesses, structures, and risks of each organization; (g) an updated case management system so that the new UBO requirements are integrated into an institution’s internal work flow and reporting processes; and (h) a UBO training program for employees responsible for completing due diligence, including compliance staff and relationship managers
Recommended by LinkedIn
3. Continued Growth of Sanctions Imperatives
Given the geopolitical strife globally, it’s highly likely that we’ll see continued growth of the already-considerable sanctions requirements, with financial institutions needing to expend significant tech and human resources to stay on top of and implement round-the-clock surveillance of the growing list of sanctioned entities and individuals. Among other things, financial institutions will need to constantly layer regulatory changes into their control software, ensure that payments they facilitate or that touch their institution’s cloud do not involve sanctioned persons, and assess IP addresses on an ongoing basis. Matching rules and typologies must constantly be fine-tuned. Adding to the immense challenge is that the lines between sanctions screening and other aspects of AML have increasingly blurred.
4. Legislation and Regulation Regarding Digital Assets and Virtual Asset Service Providers
The ramifications of the collapse of FTX are enormous, including bringing into question legislation being drafted in Congress that would further enable the crypto industry. That industry has grown exponentially -- the market capitalization for all cryptocurrencies had increased to close to $3 trillion in late 2021, before the valuations tanked. Unchartered areas such as DeFi likely will receive additional regulatory guidance, and additional requirements likely will be imposed on mixers (think Blender and Tornado Cash, which have been sanctioned by the Treasury), which provide a way for illicit actors to obfuscate the movement and the origin or destination of funds. Congress and the Treasury Department also will carefully consider matters such as better defining the key BSA obligations of MSBs and VASPs; applying CIP and CDD rules directly to VASPs; ensuring that VASPs are required to identify the beneficial owners of legal entity customers; and subjecting money transmission service providers and VASPs to examination for BSA/AML/CFT in the same manner as banks are.
5. Regulation Regarding Environmental, Social, and Governance Considerations
Because ESG-related illicit activity is money-driven, there’s a powerful convergence of AML and ESG. This is evident from the AML national priorities identified by FinCEN. Another example is the July 2021 report issued by FATF on money laundering from environmental crime, which contained best practices and case studies submitted by forty counties and identified clear regulatory gaps. Moreover, AML and ESG connect in the “governance” space through the fight against corruption. It’s likely that FinCEN, in cooperation with other Federal regulators, will issue extensive guidance regarding AML obligations related to ESG illicit activity.
6. Tougher Regulations for Real Estate Purchases
Real estate continues to function as an attractive money laundering vehicle due to the high value of properties, the ability to transact in cash, and subjective pricing. In December 2021, FinCEN issued an Advance Notice of Proposed Rulemaking to solicit public comment on a potential rule to address the vulnerability of the U.S. real estate market to money laundering and other illicit activity by imposing recordkeeping, reporting, and other requirements. The Treasury Department’s National Strategy for Combating Terrorist and Other Illicit Financing, repeatedly includes real estate as a key vulnerability. In 2023, further AML obligations in this arena appear likely.
7. Expansion of AML obligations to “Gatekeeper Professions”
On July 15, 2022, the House passed the ENABLERS Act, which would amend the BSA to extend AML compliance obligations to certain “gatekeeper professions” for the first time. The impetus is that various professionals and service providers — including lawyers, accountants, trust and company service providers, incorporators, and registered agents or nominees who open and move funds through bank accounts — are not required to understand the nature or source of income of their clients or prospective clients. The Act has been included in the 2023 National Defense Authorization Act.
Potentially impacted service providers and the financial institutions they use should start planning for the possible enactment and implementation of the ENABLERS Act. Covered professional service providers who never before had to implement BSA-required AML programs should consider conducting risk assessments to identify their key AML risk areas and begin preparations for implementing risk-based AML programs that cover the key pillars of a BSA/AML compliance program.
*
In sum, we expect a continued high level of AML regulatory activity in 2023. For much of that, financial institutions would be wise to begin preparing now for these changes and heightened expectations.