To those in the anti-money laundering practice, Nina Simone’s memorable singing that it’s a “new dawn” and “a new day” may be best suited to the recently-passed Anti-Money Laundering Act (AMLA) of 2020. Passed as part of a broader National Defense Authorization Act (NDAA), the AMLA is likely the most sweeping financial crime-related law update in the U.S. since the USA PATRIOT Act almost two decades ago.
There are, of course, some appropriately-hyped provisions within the AMLA, as well as a few that are related to it, that bear a little bit more attention from compliance practitioners.
WATCH: [Compliance Over Coffee] Preparing for the Next Wave of U.S. Regulatory Changes
There’s Risk, then there’s Risk
The AMLA is clearly written, with no in-between-the-lines review needed. As a result, the Secretary of the Treasury will review components of current BSA/AML requirements to see where “adjustments” are necessary. From there, a report that will effectively de-prioritize what the AMLA calls “noncomplex” reporting will be issued, perhaps such as Suspicious Activity Reports (SARs) that deal with run-of-the-mill structuring.
SARs as a Strategic Priority
The big shift with the AMLA is that there will be yet another report on “strategic priorities,” meaning that SAR reporting is going back to its roots as an information gathering tool for law enforcement and intelligence agencies. Still, what the AMLA hasn’t clarified is whether financial institutions will be able to forgo the “simple” SARs to focus on the more “valuable” SARs, or whether banks will be on double duty to report both. Risk assessments will be put in the same boat as SARs; having to review for those strategic priorities while still looking for the risks unique to their bank’s profile.
READ MORE: How Bad is PPP Fraud in Financial Services?
Maybe the most lauded of the AMLA’s provisions is the Corporate Transparency Act (CTA), which doesn’t criminalize or ban shell companies as a structure, but requires that most incorporated entities fall in line with beneficial ownership requirements. The biggest change is that the CTA requires FIs to collect historical information that was exempt from the 2018 regulation’s requirements. FinCEN will then create a registry, with certain exceptions, and will allow FIs to scrub KYC data for their due diligence processes against that list. The mechanics of the list, collection, and verification process aren’t known, meaning that FIs will have to continue to take a risk-based approach to business types.
READ MORE: SEC Priorities and a Changing of the Guard in 2021
Corruption in Politics and Art
What should get special attention, tying into the NDAA, is the emphasis on the risk related to corrupt political leaders (see the “Kleptocracy Asset Recovery Reward Act”) as well as arts and antiquities dealers. The NDAA goes further here by expanding the foreign bank account records held by a U.S. affiliate, such as KYC information, making those records fair game for subpoena.
READ MORE: What Recent OCC Enforcements Signal for Firms
7 Questions You Should be Asking
While we wait for the underlying regulations from the AMLA, a few lingering questions remain. First of all, where the AMLA references the intention to streamline and automate, will firms be held accountable if they don’t find ways to do so? Not very likely.
However, as FIs are required to automate more processes and reporting, will there be a risk of over-automation while regulators challenge the insufficiency of a BSA/AML compliance program’s human touch?
There is still time before the one-year window for the Treasury to issue supporting regulations kicks in. In the meantime, here are a few questions that FIs should be asking:
1. Are we asking enough questions? Or, minimally, are we asking the right questions for LLP/LLC-type customers? Are we prepared to retroactively work towards data collection beyond the 2018 Customer Due Diligence (CDD) rule’s requirements?
2. What are we doing in terms of Politically Exposed Persons screening? Are we looking for stolen government funds?
3. How will we risk-rate art/antiquity dealers going forward?
4. What’s the status and strength of our risk assessment process? Have we kicked the tires on the methodology recently? Will we be ready when new priorities emerge? Or will we be behind and at risk of missing critical requirements ?
5. Are our SARs “highly” useful to law enforcement? Or do we need to reinvent our processes with a closer eye on crime and intelligence?
6. If we are going to revamp our SAR processes, what are the best ways to make sure that second-line testing and audit are on board?
7. What should we automate? Where can we innovate? What processes are the most vulnerable to regulatory gaps?
Automate Regulatory Knowledge for AML Compliance
When it comes to identifying your requirements and obligations for AMLA and other regulations, automation can be especially helpful.
The process of collecting regulatory updates across multiple sources is time-consuming—and it’s only step one of a multi-step process. The next step of determining which updates will actually impact your firm is even more of a challenge.
Ascent is a regulatory knowledge solution, which automatically surfaces the right information and pinpoints your firm’s obligations. Ascent helps compliance teams zero in on the regulation that is relevant to the firm, freeing up time and resources to focus on higher-value activities such as maintaining policies and procedures and executing compliance throughout the firm.
INFOGRAPHIC: Regulatory Knowledge Automation, Explained
For more on regulatory knowledge automation and how it can play a role in your compliance framework, check out this blog. To stay up to date on all things compliance and technology, subscribe to our email series Cliff Notes below.