What AML Act of 2020 updates mean for financial services

The ways in which people handle money, payments, and access to funds have changed dramatically in recent years. In response, Bank Secrecy Act (BSA) and AML rules and regulations have evolved to become more relevant to address risks that often accompany such changes.

The AML Act included some of the most significant revisions to the BSA and other AML requirements since 2001. The act mandated approximately 40 rules and requirements, including periodic congressional reporting on implementation efforts, assessments, and findings.

The AML Act made a strong impact from the start with FinCEN establishing eight national priorities, providing groundwork for the CTA. Additionally, FinCEN has issued multiple notices of proposed rulemaking (NPRMs) since 2021 requesting public comment from financial services organizations on these proposals. While FinCEN has finalized some rules implementing certain aspects of the AML Act, there remain additional key areas in which financial services organizations are still awaiting implementation rules from FinCEN.

As FinCEN continues to work toward fully implementing all components of the AML Act, financial services organizations must maintain a proactive approach to updating their AML programs to respond effectively to the increased sophistication of money laundering and terrorism financing schemes. It is important to note that FinCEN received an increased budget for FY23 and requested another budget increase for FY24 to help provide necessary resources to expedite rulemaking progress.

In June 2023, the U.S. Department of the Treasury released its semiannual agenda, which included FinCEN’s agenda. FinCEN’s semiannual rulemaking agenda serves as a guideline of when to expect additional information and NPRMs. The following schedule was set:

• July 2023: FinCEN issued an NPRM implementing Section 6314 of the AML Act (regarding the AML Whistleblower Improvement Act).
• September 2023: FinCEN noted a plan to issue a final rule regarding beneficial ownership information (BOI) access and safeguards and the use of FinCEN identifiers.
• November 2023: FinCEN noted a plan to issue a final rule implementing Section 6212 permitting financial services organizations to share SARs with their foreign branches, subsidiaries, and affiliates.
• December 2023: FinCEN issued NPRMs implementing Section 6101(b) of the AML Act, establishing the national priorities, and revising the existing customer due diligence (CDD) rule.

As of early 2024, we are awaiting final rules to implement Section 6212 and the issuance of an NPRM to implement national priorities or revise (and likely repeal) the CDD rule. During 2023, changes were made relating to the CTA, the AML Whistleblower Improvement Act, and BOI access and safeguards.

The CTA established beneficial ownership reporting requirements for corporations, limited liability companies, and similar entities formed or registered to do business in the U.S. The act also authorized FinCEN to collect and share information with authorized government authorities and financial services organizations, subject to effective safeguards and controls. FinCEN continues to roll out requirements and guidance to adhere to the elements of CTA. For the most up-to-date guidance, interested parties can refer directly to the BOI Newsroom on the FinCEN website.

CTA requirements took effect Jan. 1, 2024. Nonexempt legal entities must report information about their beneficial owners and company applicants to FinCEN.

As of the beginning of 2024, FinCEN has issued two of three final rules to implement the CTA: the reporting rule, issued in September 2022, and the access rule, issued in December 2023. Updates made to the reporting rule in 2023 include:

• September 2023: BOI reports and individual FinCEN identifier applications. FinCEN submitted both the BOI report that reporting companies will use to provide BOI to FinCEN and the application that individuals may use to obtain FinCEN IDs to the Office of Management and Budget (OMB) for review and clearance. OMB approved both at the end of November 2023.
• November 2023: Deadline extension for submitting BOI reports final rule. In September 2023, FinCEN proposed amending the reporting rule to extend the filing deadline for certain BOI reports. Under the initial reporting rule, entities created or registered on or after the rule’s effective date of Jan. 1, 2024, must file initial BOI reports with FinCEN within 30 days of notice of their creation or registration.

  The proposed amendment would extend that filing deadline from 30 days to 90 days for entities created or registered on or after Jan. 1, 2024, and before Jan. 1, 2025, to give those entities additional time to understand the new reporting obligation and collect the necessary information to complete the filing. On Nov. 30, 2023, FinCEN finalized a rule that extended this time frame. This extension, which applies only to companies created in 2024, means that a covered company created on or after Jan. 1, 2024, must submit a report of its beneficial owners and related company information within 90 days of receiving notice of the company’s creation or registration.

• December 2023: Final access rule. On Dec. 21, 2023, FinCEN issued a final rule regarding authorized access to the BOI system (access rule). This final rule explains the circumstances when BOI reported in compliance with FinCEN’s reporting rule may be disclosed to federal agencies and how that BOI must be protected.

  Under the CTA, BOI is confidential and can only be disclosed under specific circumstances to six categories of recipients:

  • Federal agencies engaged in national security, intelligence, or law enforcement activity
  • State, local, and tribal law enforcement agencies with court authorization
  • Foreign law enforcement agencies, judges, prosecutors, and other authorities that meet specific criteria
  • Financial services organizations with CDD requirements
  • Regulators supervising financial services organizations for compliance with CDD requirements
  • Treasury officers and employees 
  
  Each category of authorized recipients is subject to security and confidentiality protocols. To be clear, the access rule does not create a new regulatory requirement for financial services organizations to access BOI from the BOI system. Further, the access rule makes no changes to an organization’s requirements under FinCEN’s CDD rule. Financial services organizations still must collect BOI on their legal entity customers. The rule went into effect on Feb. 20, 2024. Throughout 2024, FinCEN will provide access to BOI in phases to authorized government agencies and financial services organizations that meet the requirements of this final rule.

Financial services organizations can take steps now to get up to speed on critical reporting changes and prepare to meet new regulations.

Changes to the AML Whistleblower Improvement Act

In 2023, notable developments took place concerning the whistleblower provisions of the AML Act. The AML Whistleblower Improvement Act contains key amendments to Section 6314 of the AML Act and clarifies matters such as how much whistleblowers may be paid.

The AML Act provides confidentiality for whistleblowers and protection from retaliatory actions. Under the initial act, whistleblowers could potentially receive rewards of up to 30% of the amount exceeding $1 million recovered by Treasury. However, the award amount was subject to the discretion of the Secretary of the Treasury and could even be zero dollars.

The AML Whistleblower Improvement Act, signed into law in December 2022, expanded these whistleblower protections and strengthened incentives for reporting. It established a minimum financial reward for whistleblowers, created a fund supported by violation recoveries, and allowed citizens of any country in the world to confidentially report violations and participate in recovery.

FinCEN has remained focused on whistleblower protections and considerations throughout governance processes. Financial services organizations can benefit from taking steps to understand the enhanced whistleblower protections and new regulatory developments to strengthen their whistleblower programs.

Financial trend analyses

Throughout 2023, FinCEN issued reports pursuant to Section 6206 of the AML Act, which requires FinCEN to periodically publish threat pattern and trend information comprised of BSA filing data. These FTAs continue to demonstrate the importance of SAR filings to law enforcement.

In March 2023, FinCEN published a report on business email compromise specifically related to the real estate sector in 2020 and 2021. This FTA discussed how fraudsters target businesses and financial services organizations that routinely conduct large wire transfers and rely on email for communication of the activity. The most common victims are individuals and entities involved in the title and closing processes within a real estate transaction.

In September 2023, FinCEN published an FTA on Russia’s evasions of U.S. export controls. The report highlights many suspicious transactions conducted after Russia’s invasion of Ukraine and how companies in intermediary countries appear to have purchased U.S.-origin goods on behalf of Russian end users. Many of the companies in the data set are linked to the electronics industry.

Finally, at the beginning of 2024, FinCEN published a report on threats and trends on identity-related suspicious activity that occurred during 2021. Per the report, approximately 1.6 million SARs are related to identity fraud, resulting in an estimated $212 billion in suspicious activity. This FTA highlighted the need for robust customer identity processes to keep financial systems secure.

What's next?

While there is some uncertainty on the timing of FinCEN’s remaining implementation activities related to the AML Act, we anticipate further clarification of the CTA, including details related to accessing and using the BOI system. FinCEN has also indicated that the CDD final rule is a priority for 2024, including the potential repeal and replacement of the obligations specific to beneficial ownership. We also anticipate that FinCEN will provide clarifying details related to the eight national priorities for AML and combating the financing of terrorism established by FinCEN as a result of the AML Act, including when AML programs will be required to incorporate these priorities.

While financial services organizations wait for additional implementing rules and guidance, they should continue to enhance their BSA and AML programs using existing guidance while anticipating some key changes still to come.