On June 28, 2024, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) issued a Notice of Proposed Rulemaking (“NPRM”) intended to strengthen and modernize U.S. financial institutions’ anti-money laundering (“AML”) and counter the financing of terrorism (“CFT”) compliance programs. The proposed rule, if enacted, would require financial institutions to establish, implement, and maintain effective, risk-based, and reasonably designed AML/CFT compliance programs that include certain minimum components such as a mandatory risk assessment process, and incorporate government-wide AML/CFT priorities.

The Bank Secrecy Act (31 USC 5311 et seq) (“BSA”) currently mandates that financial institutions develop and maintain AML/CFT compliance programs with the following components: (i) internal policies, procedures, and controls to prevent and detect money laundering and terrorism financing, which includes customer identification programs and customer due diligence for legal entities; (ii) appointment of a dedicated officer responsible for overseeing AML/CFT compliance, (iii) continuous education programs for employees on AML/CFT compliance policies, procedures and internal controls, and (iv) an independent audit function to regularly test the effectiveness of AML/CFT compliance programs.

The Proposed Rule

In preparing the proposed rule, FinCEN consulted with the U.S. Department of Justice, other relevant Department of Treasury offices and operating bureaus, Federal functional regulators, relevant State financial regulators, and relevant national security agencies (collectively, the “Agencies”). FinCEN and the Agencies previously encouraged financial institutions to adopt similar risk-based AML/CFT compliance programs. The new NPRM rule would codify this expectation of an effective, risk-based and reasonably designed compliance program into FinCEN rules, and explicitly require financial institutions to develop a risk assessment process that would serve as the basis for the financial institution's risk-based AML/CFT compliance program, including:

• Risk Assessment. The risk assessment would identify, evaluate, and document the financial institution's risks, including consideration of: (1) the aforementioned government-wide AML/CFT priorities, as appropriate; (2) the money laundering and terrorist financing risks of the financial institution, based on its business activities, including products, services, distribution channels, customers, intermediaries, and geographic locations; and (3) reports filed by financial institutions pursuant to 31 CFR chapter X, such as currency transactions.
• Purpose Statement. The rule proposes a purpose statement to ensure AML/CFT compliance programs: (i) comply with the BSA and FinCEN regulations; (ii) focus resources based on risk profiles; (iii) consider innovative approaches for compliance; (iv) deliver actionable information to government authorities; and (v) protect the U.S. financial system and national security.
• Tone from the Top. All AML/CFT compliance programs must be approved and overseen by the financial institution’s board of directors or an equivalent body.

Additional goals include:

• technical revisions to modernize, clarify and update compliance program rules,
• emphasis on extending financial services to the underbanked, and
• enhancing information sharing and collaboration between FinCEN, law enforcement, financial regulators, and financial institutions.

Next Steps

The proposed amendments are part of a broader, multi-year implementation of the Anti-Money Laundering Act of 2020, to modernize the AML/CFT regime, promote innovation, and strengthen national security. The NRPM comment period ends September 3, 2024.