On Monday, September 14, 2020, the Financial Crimes Enforcement Network (“FinCEN”) issued a final rule (the “final rule”) requiring minimum standards for anti-money laundering (“AML”) programs for banks without a federal functional regulator (“covered banks”). The final rule implements a notice of proposed rulemaking issued on August 25, 2016.
The final rule applies to a limited set of specialized institutions, including, among others: state-chartered non-depository trust companies, non-federally insured credit unions, and a small number of other non-federally insured state-chartered institutions, private banks, and international banking entities. The date for these covered banks to come into compliance with the final rule is March 15, 2021, which is 180 days after the final rule was issued.
FinCEN notes in the final rule that it closes a gap with respect to the AML regulation of these institutions, which “presented a vulnerability to the U.S. financial system that could be exploited by bad actors.” To that end, the final rule covers three sets of requirements:
- AML Program Requirements. The final rule extends the AML program requirements of the Bank Secrecy Act (“BSA”) to covered banks. These requirements include (i) the development of internal policies, procedures, and controls; (ii) the designation of one or more individuals responsible for coordinating and monitoring AML compliance; (iii) an ongoing training program; (iv) an independent internal or outside testing program; and (v) risk-based procedures for conducting ongoing customer due diligence. See 12 C.F.R. § 1020.210(b). FinCEN expects that covered banks should not find compliance with AML program requirements to be unduly burdensome, because covered banks are already required to comply with many other BSA reporting and recordkeeping requirements and likely have already developed procedures and protocols consistent with the AML program requirements.
- Customer Identification Program. Customer Identification Program (“CIP”) regulations mandate that financial institutions (i) verify the identity of any person seeking to open an account, (ii) maintain records of the information used to verify identity, and (iii) develop and follow procedures for determining whether the person appears on certain lists of known or suspected terrorists or terrorist organizations. See 12 C.F.R. § 1020.220. Certain covered banks are already required to comply with the CIP requirements, and the final rules extends these requirements to all covered banks.
- Beneficial Ownership Requirement. The Beneficial Ownership regulation requires covered financial institutions to establish and maintain written procedures that are reasonably designed to identify and verify beneficial owners of legal entity customers. See 12 C.F.R. § 1010.230. When this regulation was codified as the Customer Due Diligence Rule in 2016, it applied to federally regulated banks and certain other financial institutions, including some categories of covered banks. The final rule extends these requirements to all covered banks.
The final rule reflects ongoing legislative and regulatory efforts by Congress and FinCEN (in consultation with other agencies, as appropriate) to extend AML obligations to additional classes of financial services firms. Some gaps targeted by this effort include dealers in art and antiquities and registered investment advisers. The final rule also coincides with FinCEN’s release of an Advance Notice of Proposed Rulemaking (“ANPR”) to solicit public comment on regulatory amendments to the BSA’s AML program requirement. The ANPR includes a proposal to create a potentially heightened standard by establishing that all covered financial institutions subject to this requirement must maintain an “effective and reasonably designed” AML program. We will address this proposed rulemaking in a separate client alert in the coming days.