September 1, 2020

AML/CFT Compliance Risks Highlighted 2020

The Department of the Treasury, the Financial Crimes Enforcement Network (FinCEN), and federal and state financial regulators filled the first four months of 2020 with a series of actions that should put financial institutions and their compliance officers on notice that scrutiny of AML/CFT compliance is increasing in key areas.

Assessing the adequacy of risk assessments, the foundation of a risk-based AML/CFT compliance program, was the subject of an update to the FFIEC Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual released April 15 by the Federal Financial Institutions Examination Council (FFIEC), acting jointly with state regulatory agencies and in conjunction with FinCEN. An FFIEC statement acknowledged that the Covid-19 pandemic was creating uncertainty for financial institutions, but emphasized that the update was a project that began long before the pandemic.

Cryptocurrencies and other digital assets officially became one of the most significant AML/CFT risks in 2020. In early February, Treasury released the new 2020 National Strategy for Combating Terrorist and Other Illicit Financing, which stated for the first time that the U.S. government considers digital assets to be one of the most significant money laundering and terrorist financing vulnerabilities. Following seven years of FinCEN guidance and enforcement actions addressing the application of the BSA to digital asset businesses, the 2020 National Strategy unequivocally established AML/CFT relating to digital assets as a high priority in 2020 and beyond.

The importance of both risk assessment and digital assets was apparent in an enforcement action that the Office of the Comptroller of the Currency (OCC) concluded in late January. The OCC found that M.Y. Safra Bank had provided financial services to cryptocurrency-related businesses and failed to appropriately assess and monitor the AML/CFT risks associated with them. It was the first formal BSA enforcement action against a bank for cryptocurrency-related issues.

Compliance officers at any business subject to AML/CFT regulation also should be on notice that they are at risk of being held personally liable for decisions that they make.

FinCEN made this risk apparent in a March 4 enforcement action that imposed a $450,000 penalty on the former chief risk officer of a bank that had been punished for BSA violations in 2018. This penalty was the largest against an individual since 2014, when FinCEN penalized the former chief compliance officer of Moneygram $1 million.

AML/CFT Compliance in the Time of Covid-19

The Covid-19 pandemic entered this concerning situation and made it even worse. Nationwide and worldwide disruptions of the basic ability of staff to go to work and perform their jobs strain all operations of financial institutions, including AML/CFT compliance. At the same time, substantial opportunities for fraud and other financial crime have emerged.

FinCEN addressed both of these problems in statements that it issued March 16 and April 3. FinCEN advised March 16 that a financial institution concerned about its ability to timely file required BSA reports should contact FinCEN and its functional regulator, then announced April 3 that it had created a Covid-19-specific online contact mechanism to report compliance issues. The March 16 statement also advised financial institutions to remain alert for malicious or fraudulent transactions similar to those occurring in the wake of natural disasters, noting emerging trends in imposter scams, investment scams, product scams, insider trading, and other offenses described in its 2017 FinCEN Advisory on disaster-related fraud.

The April 3 statement emphasized that FinCEN “expects financial institutions to continue following a risk-based approach” and “diligently adhere to their BSA obligations.” It relieved financial institutions of one technical requirement, suspending implementation of FinCEN’s Feb. 6 ruling on currency transaction report (CTR) filing obligations. Generally, however, FinCEN is not relieving financial institutions of their BSA compliance obligations, although it “will continue outreach to regulatory partners and financial institutions” and “will issue additional new information as appropriate.”

The Paycheck Protection Program (PPP) with its hundreds of billions of dollars of forgivable loans to small businesses—a potential bonanza for fraud—was one of the first areas of risk that FinCEN has specifically addressed. FinCEN issued guidance on beneficial ownership information collection requirements for existing customers in its April 3 statement, and followed up with FAQs on PPP AML/CFT compliance on April 13. Additional guidance from FinCEN and the functional regulators on high risk areas and regulatory relief is likely to follow as compliance problem areas become clearer.


Modevity Commercial Intelligence


#FinCEN, #DepartmentoftheTreasury, #BSA, #AML, #ComptrolleroftheCurrency, #OCC, #KYC, #AML, #Compliance, #Cryptocurrencies, #PPP,#Covid-19,

Post Details


September 1, 2020