Proposal to Strengthen AML/CFT Programs Under BSA
Navigating the New AML/CFT Compliance Landscape
KPMG Insights:
- Expanding AML/CFT: Increasing expectations and regulatory coverage for robust and consistent AML/CFT risk programs across financial institutions.
- Emerging Risk/Continuous Improvement: Focus on a “reasonably designed”, risk-based AML/CFT program, including a mandatory risk assessment process and inclusion of “government-wide AML/CFT priorities”.
- Supervision and Enforcement: Expect continued supervisory intensity with associated focus on maintaining/increasing needed talent/skillsets, tooling/automation, and investments - including in such areas as AML programs, fraud, and SAR identification/filing.
_______________________________________________________________________________________________________________________________________
The Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issues a proposed rule that is intended to “strengthen and modernize” anti-money laundering (AML) and countering the financing of terrorism (CFT) programs pursuant to the Anti-Money Laundering Act of 2020 (AML Act).
The proposal would amend existing regulations to require financial institutions (including banks, broker-dealers, insurance companies, casinos, money services businesses and dealers in precious metals) to establish, implement and maintain effective, risk-based AML/CFT programs with certain minimum components, including a mandatory risk assessment and inclusion of “government-wide AML/CFT priorities”. The program would also need to be reasonably designed to identify, manage, and mitigate risks associated with illicit finance, consistent with the Bank Secrecy Act (BSA) and the goal of safeguarding the U.S. financial system and national security.
In conjunction with FinCEN’s release, the Federal Reserve Board (FRB), Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC), and National Credit Union Administration (NCUA) jointly propose a rule that would amend each agency’s BSA compliance program requirements to align with FinCEN’s proposal.
FinCEN Proposal to Strengthen AML/CFT Programs
Proposal. FinCEN’s proposed rule seeks to “strengthen and modernize” AML/CFT programs at financial institutions by amending its existing regulations to:
- Explicitly require financial institutions to establish, implement, and maintain effective, risk-based, and reasonably designed AML/CFT programs with certain minimum components, including a mandatory risk assessment process.
- Incorporate “government-wide AML/CFT priorities”, as appropriate, into those risk-based AML/CFT programs. (Pursuant to the AML Act, FinCEN published the first AML/CFT priorities in June 2021, and will update the list every four years.)
- Promote clarity and consistency across different types of financial institutions. (Note: Some rules may currently apply to some but not all financial institutions and applications by type of financial institution may differ.)
Scope. The proposed rule would apply to financial institutions defined to include banks; casinos and card clubs (casinos); money services businesses (MSBs); brokers or dealers in securities (broker-dealers); mutual funds (MFs); insurance companies; futures commission merchants and introducing brokers in commodities; dealers in precious metals, precious stones, or jewels; operators of credit card systems; loan or finance companies; and housing government sponsored enterprises (GSEs). (Earlier this year, FinCEN issued a proposed rule that would add “investment advisers” to the definition of “financial institution” – see KPMG Regulatory Alert, here.)
Key AML/CFT Program Components | |
|---|---|
AML/CFT Programs | Effective, reasonably designed, risk-based AML/CFT program that:
The Risk Assessment process would serve as the basis for the AML/CFT program and must:
|
Internal policies, procedures, and controls | Internal policies, procedures, and controls must reasonably manage and mitigate identified money laundering and terrorist financing risks and ensure ongoing compliance with the BSA and implementing regulations. |
Designation of AML/CFT Program Officer(s) | One or more qualified individuals must be designated as an AML/CFT officer responsible for coordinating and monitoring day-to-day compliance. |
Employee Training | Employee training programs must be ongoing, risk-based, and focused on risk areas identified in the risk assessment process. The frequency of training should be commensurate with the risk profile of the financial institution and targeted to the roles and responsibilities of employees. |
Independent Testing | AML/CFT programs must undergo independent, periodic testing by qualified personnel of the financial institution or by a qualified outside party. The frequency of testing should be based on the risk profile of the financial institution, changes in the risk profile, and the overall risk management strategy, as informed by the risk assessment process. |
Other (application may vary between financial institutions) | Board Oversight and Approval. AML/CFT programs and components must be overseen (including governance mechanisms, escalation and reporting lines), documented, and approved by the institution's board of directors or an equivalent governing body. Customer Due Diligence. Establish risk-based procedures for conducting CDD including but not limited to:
Persons in the United States. The duty to establish, maintain, and enforce the AML/CFT program is the responsibility of, and must be performed by, persons in the United States who are accessible to and subject to oversight and supervision by FinCEN and the Federal functional regulator. |
FinCEN also proposes technical changes and modifications to the AML/CFT program requirements for individual types of financial institutions covered by the proposed rule.
Note: As part of regulators heightened risk standards focus, financial institutions are facing increased regulatory scrutiny in the management of financial crime risks. Financial institutions should expect continued supervisory intensity (and enforcement activity) on AML/CFT/BSA and CDD compliance along with attention to continuously assessing risk, implementing risk-based compliance programs, maintaining/increasing needed talent/skillsets, tooling/automation, and investments - including in such areas as AML/CFT programs, fraud, and SAR identification/filing. (See KPMG Regulatory Alert, here.)
Request for comment. Comments are requested no later than September 3, 2024. FinCEN seeks feedback on a variety of questions, including questions related to incorporation of the AML/CFT priorities, the risk assessment process and related updates, de-risking and financial inclusion, the requirement for “persons in the United States”, the likelihood of investment in updating or new technology due to the rule, potential efficiencies, burden categories, and the impact on current compliance costs.
Final Rule Effective Date. FinCEN proposes an effective date that is six months from the date of issuance of the final rule.
Interagency Proposal to Align BSA Compliance Programs with FinCEN
In a separate but related action, the FRB, FDIC, OCC, and NCUA jointly propose a rule that would amend each agency’s BSA compliance program requirements to align with FinCEN’s proposed AML/CFT program requirements.
Request for comment. The agencies request comment on or before 60 days after the date of publication in the Federal Register.
Dive into our thinking:
FinCEN Proposal to Strengthen AML/CFT Programs Under BSA
Navigating the New AML/CFT Compliance Landscape
Download PDFExplore more
Insight
Points of View
Insights and analyses of emerging regulatory issues and their impact.
Insight
Regulatory Insights View
Series covering regulatory trends and emerging topics
Insight
Regulatory Alerts
Quick hitting summaries of specific regulatory developments and their impact.
Get the latest from KPMG Regulatory Insights
KPMG Regulatory Insights is the thought leader hub for timely insight on risk and regulatory developments.
Meet our team
