The Bank Secrecy Act (BSA) establishes program, recordkeeping and reporting requirements to ensure that banks have controls in place to deter and detect financial-related crimes, including money laundering and terrorist financing.
In June 2024, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) proposed a ruling to strengthen anti-money laundering (AML), counter the financing of terrorism (CFT) programs at financial institutions and to clarify minimum standards for the programs.
Previously, FinCEN has encouraged a risk-based approach to AML/CFT programs. The proposed ruling would require a mandatory risk assessment process to be established and properly maintained.
What are the Key Objectives of the Proposal?
FinCEN’s proposal introduces a more robust risk-based approach to AML/CFT, which will require financial institutions to complete formal risk assessments to identify and mitigate threats specific to their institution.
It aims to enhance transparency and reporting by imposing more stringent requirements for reporting suspicious activities and maintaining comprehensive transaction records.
As technology continues to rapidly advance, the proposal encourages innovation and the use of advanced technology, such as Artificial Intelligence (AI), to detect and prevent illicit activities. In addition to increasing U.S. standards, the proposal seeks to better align to AML/CFT standards to global standards, such as those set by the Financial Action Task Force (FATF).
FinCEN is also committed to working with financial institutions in the implementation and maintenance of effective AML/CFT programs, encouraging the collaboration of financial institutions, financial regulators, law enforcement and other stakeholders.
What Does This Mean for Financial Institutions?
Financial institutions would be required to establish, implement and maintain a risk-based AML/CFT program with various components, such as the mandatory risk assessment process. This risk assessment would incorporate the reports filed with FinCEN, ensuring BSA filings are being considered. While many financial institutions have a risk assessment process already in place for AML/CFT programs, the proposed rule outlines the requirements of the mandatory risk assessment process:
- Integration of AML/CFT Priorities: The risk assessment is geared towards identifying AML/CFT threats and prioritizing them for the institution. The risk assessment should be tailored to the financial institution’s size and complexity to ensure its effectiveness.
- Documentation and Reporting: Risk assessments must be documented, including any mitigation measures for identified risks.
- Ongoing Monitoring: The risk assessment is meant to be flexible and adapt to any changes in risk. Regular monitoring and updating of the risk assessment on a regular basis will ensure that any new or continuous risks are considered.
- Training Requirements: Institutions must provide regular training to staff that covers AML/CFT regulations and the risk assessment process.
How Will This Help Your Institution?
The proposed ruling aims to strengthen and modernize AML and CFT by taking a risk-based approach to promote continued effectiveness and flexibility. The goal is to make AML and CFT programs more responsive to various risks, reinforcing BSA and tackling financial-related national security threats. The ability to tailor the risk assessment to the financial institution would enable the institution to focus on higher-risk customers and business activities, effectively enhancing security procedures.
What Can You do to Prepare for the Potential Implementation?
- Conduct a gap analysis to identify any areas related to your AML/CFT program that need improvement to meet the new requirements.
- If there is not one already in place, develop a formal risk assessment process based on your institution’s size, complexity and needs. Once developed, consider reviewing and revising relevant policies and procedures to ensure alignment.
- Implement regular trainings related to AML and CFT to ensure that employees are knowledgeable and updated.
- Research technology solutions such as automated risk assessment tools to streamline compliance processes.
- Stay informed about the proposal’s implementation. Rulings often take months to be finalized, so ensure to check FinCEN’s website for periodic updates.
About Schneider Downs Financial Services
The Schneider Downs Financial Services industry group provides financial institutions of all sizes with the expertise to effectively address their needs in risk management, IT security and internal audit. Through cybersecurity, IT risk advisory, internal audit, IT compliance frameworks, risk advisory, risk management and more, our experienced professionals provide extensive and comprehensive solutions to our financial services industry clients.
To learn more, visit our Financial Industry Group page.
