There has been no shortage of media chatter in the very unusual 2020 calendar year. For those concerned with organizational compliance, the release and re-release of regulatory guidance and legislation — particularly around BSA/AML and corporate compliance programs — has been nearly unparalleled. As we will show, these developments have significant implications, if not direct calls to action, for banks.
The Heaviest Hitter
At the risk of hyperbole, the Federal Financial Institutions Examination Council’s (“FFIEC”) Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) Examination Manual (the “Manual”) is perhaps the most sacrosanct of all regulatory frameworks. Intended to serve as a field guide for examiners, instead its outlines and parameters are utilized by banks’ BSA/AML compliance departments as the foundation for their compliance programs and by auditors as a basis for testing protocols. Updated in April, the Manual was not radically updated but the updates that were made were significant. First and foremost, the Manual makes reference to “other illicit activity” as a nod to the nebulous nexuses between crimes like healthcare fraud, corruption, and money laundering. The Manual further updates provisions in regards to risk assessments (while not flat out requiring them) and board-level oversight, broadly, requiring that banks ensure that their compliance programs are tailored to their unique risk profiles.
Perhaps the most significant updates include expansions to the expectations around training. Where only a paragraph existed previously, the updated Manual expands its expectations to have role-based technical and subject-matter training, along with much more precise guidance on the expectations for board of directors training.
A Close Second
As many compliance practitioners were settling into remote working, the U.S. Department of Justice (USDOJ) re-issued its Evaluation of Corporate Compliance Programs (the “Guidance”). In examining whether to consider and the depth of criminal penalties, prosecutors too (harkening back to the Manual) should look at whether the organization at issue maintains and leverages a risk assessment to inform decisions about compliance and mitigate the risk of misconduct. The Guidance goes on to note that perhaps one of the most important factors is, based on the risk assessment, how were allocations for staffing, technology, and resources such as training allocated. Were cost centers given hiring priority over compliance staff? Is the annual compliance training program a leaflet? Are the sales staff on top-of-the-line computers while the compliance and audit teams are using ineffective tech?
All seem like fair questions.
The Guidance directly states that compliance should be built into the compensation scheme, and that it should be a considerable factor in the allocation of (or withholding of) bonuses. Lastly, the Guidance reiterates the need for ongoing monitoring, testing, and escalation of the state of misconduct-related controls and their investigations.
On the Horizon
There are two fairly significant developments pending approval, and we cannot emphasize “pending” enough – a shell company transparency provision and the Anti-Money Laundering Act of 2020. They are both embedded within a defense spending bill that the White House has threatened to veto for unrelated reasons. The shell company provision would mandate the registration of beneficial owners with the Treasury department, effectively ending anonymous shell company use within the U.S.
Secondarily, if passed, the Anti-Money Laundering Act of 2020 would mandate that the Secretary of the Treasury take steps to “streamline” BSA/AML compliance requirements. In its September Advance Notice of Proposed Rulemaking (“ANPRM”), FinCEN sought input from the banking community on how to make more “effective” use of BSA/AML systems and processed, skewing more in favor of law enforcement’s needs than compliance. The proposed AML Act seems to end-run the feedback solicited by the ANPRM, and place the obligation with the Treasury to ease, reduce, or otherwise better facilitate the production and utilization of BSA/AML-related information.
While the approval of the AML Act and its governing bill are in a tentative state, the ongoing developments in this space speak to big changes for the BSA/AML compliance space going forward.
Technology helps banks keep pace with change
While these regulatory developments are broad reaching, their impact is different at each financial institution. This leaves Compliance teams with the tall order of reading through and analyzing the regulatory text to determine which parts of the Manual or the Guidance applies to their organizations — which can be like looking for a needle in a haystack.
According to an Ascent internal analysis, 65 percent of the regulatory text (the haystack) is made up of definitions and clarifications. The remaining 35 percent, which actually consists of obligations, is what compliance teams need to be reviewing in order to determine what regulatory requirements and obligations specifically apply to their firm (the needle).
Ascent can help banks and other financial firms stay above the rising tide of regulatory change. Read this article to learn how our RegTech platform can help your firm quickly produce “granular obligations” and keep them current as new regulatory developments arise.
If you’d like to contact a team member directly, you can do so here
To stay up on the latest in regulatory technology and other news, subscribe to our monthly Cliff Notes newsletter below.