Prepare for compliance with the Anti-Money Laundering Act

Jacob Rivkin, Caitlin Strelioff, Amber Korowicki
| 1/24/2023
FinCrime Preparing for AML

Organizations should address eight critical priorities of the Anti-Money Laundering Act of 2020 sooner than later.

While organizations await final rules on national priorities for anti-money laundering (AML) and countering the financing of terrorism (CFT), they can take certain steps to address specific priorities set forth by the Financial Crimes Enforcement Network (FinCEN). Understanding the background of the Anti-Money Laundering Act of 2020 (AML Act), reviewing eight critical priorities set by FinCEN, and considering targeted questions for each priority can help organizations strengthen their AML programs ahead of final rule publication.

The Anti-Money Laundering Act of 2020

The National Defense Authorization Act for Fiscal Year 2021, enacted on Jan. 1, 2021, includes the AML Act, which focuses on updating and amending federal AML laws. The AML Act required FinCEN to issue a list of national priorities addressing AML and CFT.

On June 30, 2021, FinCEN issued an update of its progress, “Anti-Money Laundering and Countering the Financing of Terrorism National Priorities.” FinCEN’s establishment of eight priorities is intended to help organizations meet obligations under laws and regulations designed to combat AML and CFT threats. FinCEN explicitly noted that organizations are not required to incorporate the AML and CFT priorities into their risk-based Bank Secrecy Act compliance programs until the final revised regulations become effective. However, FinCEN further explained that in preparation for the new requirements, organizations should consider now – rather than later – how they will incorporate the priorities into their AML compliance programs.

Interagency statements issued in tandem with the priorities further stated that all regulators across states, credit unions, and federal banking agency examiners (including the Federal Deposit Insurance Corp., the Federal Reserve, and the Office of the Comptroller of the Currency) will not examine banks or nonbank financial institutions for the incorporation of the AML and CFT priorities into their AML programs until the effective date of final revised regulations. However, examiners still might explore potential plans for the priorities during upcoming exams.

What can organizations do now?

Waiting for final rules can be difficult, as it can lead to uncertainty and confusion. While at this stage the priorities are broadly framed and do not offer specific and detailed guidance in terms of explicit expectations, organizations can still prepare for future obligations and requirements. Some steps include: 

  • Issuing notifications. Boards of directors and leadership should be notified that FinCEN will be requiring changes in the near future.
  • Reading the references. The references and footnotes included in the interagency statements provide a better idea of what FinCEN is focusing on for each priority. Directors and senior managers should review the referenced materials and determine if there is impact to the organization.
  • Assessing risk. Risk assessments, which are not new for compliance professionals, continue to be a critical first step for any action taken and control created. Organizations should assess which FinCEN priorities they think will have the most impact on their unique risk categories, such as products, services, customers, and geographic locations.
  • Consulting with business lines. Discussing the FinCEN priorities with business lines and encouraging them to begin evaluating how their control environment might need to be amended or adjusted based on the priorities would be a productive early step.
Keep informed
Sign up to receive the latest insights on strengthening your financial crime program.

8 FinCEN priorities

Following is a summary of the eight FinCEN priorities set in the June 30, 2021, statement along with targeted questions organizations can explore now as they prepare their AML programs to meet expectations. Note that strong controls might overlap across multiple priorities to mitigate the risks.


Corruption is used as a tool to undermine authority and breed mistrust of government and governing officials, and it is a threat to U.S. national security and the democratic process in general. Corruption can lead to increased risk of money laundering, weaken the global economy, and increase human rights violations. Examples of large-scale corruption in countries such as Nicaragua, South Sudan, and Venezuela led to human rights abuses and caused hardship and a lack of financial stability.

Questions to ask
  • How does corruption specifically affect our organization?
  • Have we conducted a risk assessment relevant to the effects of potential corruption?
  • Do we have an anti-bribery or anti-corruption policy?
  • Are our employees trained on red flags and signs of corruption?
  • Do we have a politically exposed person (PEP) policy, procedure, approval process, and exit strategy that aligns with our risk tolerance?
  • Do we have the appropriate governance processes in place for policies and procedures, including those related to anti-corruption or PEPs?
  • Do we regularly issue updates, receive board or committee approval (as required), and train employees on any changes or updates?

Cybercrime, including relevant cybersecurity and virtual currency

Cybercrime against the U.S. financial system, covered institutions, and other organizations is a major concern of the U.S. Department of the Treasury. According to FinCEN’s June 30, 2021, statement, “Treasury is particularly concerned about cyber-enabled financial crime, ransomware attacks, and the misuse of virtual assets that exploits and undermines their innovative potential, including through laundering of illicit proceeds.” As a response to growing threats, FinCEN has produced multiple advisories over the past several years regarding cyber-enabled crime, ransomware, convertible virtual currency, COVID-19-related scams, and other areas.

Questions to ask
  • Do we have strong network security and infrastructure controls?
  • Are our employees, contractors, and vendors trained in phishing techniques and other social engineering schemes?
  • Have we properly assessed the risk and threats related to cyberattacks?
  • Is sensitive customer data properly secured?
  • Do we maintain proper documentation of access control, onboarding and offboarding for system access, and periodic testing to confirm controls are working as intended?

Terrorist financing

Terrorism is evolving, and it is a relevant threat to the security of the United States. Terrorist groups, both international and domestic, require funding for recruitment, support, operations, and logistical costs. Preventing funding to a terrorist organization helps undermine operations, and it is vital to combating terrorism. Suspicious activity report (SAR) filing is an important tool that helps U.S. intelligence agencies gain important insight into potential terrorists, terrorist groups, and supporters of terrorism.

Questions to ask
  • Are our Office of Foreign Assets Control (OFAC) and sanctions screening models validated and tuned according to our risk-based approach and related OFAC and sanctions risk?
  • If we rely on a third-party vendor to update our OFAC and sanctions screening lists, are we completing ongoing testing to confirm that the lists were updated appropriately?
  • Have OFAC and sanctions red flags been incorporated into employee training programs?
  • Are we properly filing thorough and timely SARs where applicable and notifying law enforcement when immediate notice is required?


According to FinCEN, fraud, including bank fraud, provides the largest amount of illicit proceeds within the United States. FinCEN has issued multiple advisories and memos regarding recent fraud schemes, including personal and business-related email compromise, ransomware, COVID-19-related fraud, and elder financial exploitation.

Questions to ask
  • Are applicable employees aware of the different types of fraud and most common scams and schemes?
  • Are our monitoring systems properly validated and tuned to identify common red flags for fraud?
  • Have these red flags been incorporated into employee training programs?
  • Are we properly filing thorough and timely SARs where applicable and notifying law enforcement when immediate notice is required?

Transnational criminal organization activity

Several transnational criminal organizations (TCOs) include groups or networks that operate in multiple countries. TCOs, which include drug trafficking organizations (DTOs), are significant threats because they are involved in several illicit activities, including cybercrime, drug trafficking, fraud, wildlife trafficking, human trafficking, human smuggling, intellectual property theft, weapons trafficking, and corruption. FinCEN notes that Treasury considers Mexican and Russian TCOs as top priorities, and TCOs based in Africa and Asia are becoming more significant threats.

Questions to ask
  • Are applicable employees aware of these types of organizations? Do they understand the risks and red flag indicators?
  • Have these risks and red flags been incorporated into employee training programs?
  • Is our customer identification program (CIP) in line with regulatory expectations, including collection of beneficial ownership information?
  • Is our know your customer program asking the right questions and collecting the right information to truly understand our customers’ expected activity?
  • Are we regularly refreshing our customers’ profiles to confirm accurate information is on file?

Drug trafficking organization activity

Even though DTOs are TCOs, FinCEN considers them a separate priority because of the impact these organizations have. The proceeds from illegal drug trafficking are often laundered through the U.S., and the drugs affect U.S. citizens directly. FinCEN and Treasury specifically highlight the threat from Mexican and Columbian drug cartels as well as how DTOs use professional money laundering networks in Asia that act as money brokers in trade-based money laundering (TBML) operations.

Questions to ask
  • Is our organization aware of red flag indicators for drug trafficking activity, funnel accounts, and TBML?
  • Are our monitoring systems properly validated and tuned to identify red flags for drug trafficking activity, funnel accounts, and TBML?
  • Have these red flags been incorporated into employee training programs?
  • Do our due diligence programs consider private banking accounts held for non-U.S. persons and correspondent accounts maintained for foreign financial institutions? If yes, are our employees, both frontline and investigation employees, aware of the risk with these accounts?
  • Is our CIP in line with regulatory expectations, including the collection of beneficial ownership information?
  • Is our organization incorporating SAR terms for drug activity?

Human trafficking and human smuggling

Networks involved in human trafficking and human smuggling interact with the financial system. These networks have found creative ways to move illicit proceeds through cash smuggling, funnel accounts, and TBML schemes, so identifying red flags is critical.

Questions to ask
  • Does our organization understand the differences between human smuggling and human trafficking?
  • Are our monitoring systems properly validated and tuned to identify common red flags for human trafficking and human smuggling?
  • Have these red flags been incorporated into employee training programs?
  • Is our organization incorporating SAR terms for human trafficking and human smuggling activity?
  • Are questions regarding human trafficking and human smuggling incorporated as part of our due diligence process for applicable high-risk customer types that might also have an AML program, such as money service businesses and third-party payment processors?

Proliferation financing

Bad actors continually pursue new ways to exploit global supply chains. FinCEN explains that these individuals and entities, such as trade brokers and front companies, abuse the U.S. financial system by moving funds that will be used for acquiring weapons of mass destruction, delivery systems, or related components and for supporting state-sponsored weapons programs. This activity often includes evasion of sanctions set by the United Nations and the United States.

Questions to ask
  • Are we in compliance with all required sanctions programs, including economic and trade sanctions issued by the federal government?
  • Are our sanctions screening models regularly validated?
  • Is our sanctions compliance program routinely audited by a qualified third party?
  • Do we bank or offer services to maritime, energy, or metals customers? If yes, have we evaluated the due diligence in place to mitigate risks associated with these customers?
  • Do we have the appropriate controls in place for maritime industry clients, particularly those that own, operate, or provide services to ships operating in areas determined to pose a high risk for sanctions evasion?
  • Do our clients have appropriate sanctions programs in place?
  • Do we have a robust due diligence program to detect if our customers are operating near or in areas determined to be high risk?

Getting proactive

As a reminder, organizations are not required to incorporate the eight priorities into their AML compliance programs until the effective date of the final revised regulations. However, there is great value in organizations being forward-looking and assessing their programs now to understand what priorities might have the greatest impact.

Taking steps such as assessing sanctions screening, transaction monitoring, customer risk-rating, and fraud systems; confirming appropriate validations are in in place for all models in use; issuing proper training to employees on AML topics; conducting risk assessments; and updating policies and procedures can help organizations get in front of upcoming final regulations and strengthen their current AML programs.