On June 28, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) announced a proposed rule aimed at strengthening and modernizing financial institutions’ anti-money laundering and countering the financing of terrorism (AML/CFT) programs. The Treasury’s priority is to promote a more effective risk-based regulatory regime that directs financial institutions to focus their AML/CFT programs on the highest priority threats.

The Bank Secrecy Act (BSA), as amended by the Anti-Money Laundering Act of 2020 (AML Act), requires financial institutions to establish AML/CFT programs with specific components, including the development of internal policies, the designation of a compliance officer, ongoing employee training, independent testing of BSA/AML compliance, and customer due diligence. The BSA and FinCEN’s implementing regulations subject many financial institutions to additional obligations, including provisions related to customer identification programs (CIP) and customer due diligence related to legal entity customers (CDD). The AML Act amended the BSA by, among other things, requiring the insertion of “countering the financing of terrorism” when describing AML program requirements.

The proposed rule builds on these obligations and addresses broader considerations such as avoiding one-size-fits-all approaches to customer risk, which can lead to financial exclusion. It emphasizes the importance of extending financial services to the underbanked and facilitating financial transactions while preventing abuse by criminal entities. More broadly, financial institutions would need to consider the total amount and nature of the resources available to identify, manage, and mitigate illicit finance activity risks.

Highlights of the proposed rule, include:

• Reiterating the long-standing requirement that financial institutions establish, implement, and maintain AML/CFT programs that are effective, risk-based, and reasonably designed.
• Requiring financial institutions to incorporate a mandatory risk assessment process into their AML/CFT programs. This process involves identifying, evaluating, and documenting the institution’s risks, including money laundering and terrorist financing risks, based on a periodic evaluation of their business activities, products, services, customers, and geographic locations.
• Requiring financial institutions to review government-wide AML/CFT priorities and incorporate them, as appropriate, into their risk-based programs. This is aimed at ensuring that institutions remain aligned with national security objectives and evolving threats.
• Encouraging financial institutions to modernize their AML/CFT programs and adopt innovative approaches to meet compliance obligations. This includes leveraging emerging technologies to enhance the effectiveness of their programs while managing illicit finance risks.
• Requiring that an AML/CFT program be approved, and be subject to oversight, by a financial institution’s board of directors or equivalent body.

The proposed rule was developed in consultation with various federal regulators, including the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, and the National Credit Union Administration. Written comments on the proposed rule must be submitted within 60 days following its publication in the Federal Register.