Three Major Takeaways from Congress’ Recent Overhaul of AML Policy
April 20, 2021
Anti-Money Laundering programs in place today resemble a juggler with about twice as many balls in the air as they could reasonably handle. Over the years, evolving priorities have accumulated without considering whether monitoring for some older crime patterns may have become redundant. Compliance teams are spread thin, making it difficult to think about investing in innovation or keeping up with evolving trends.
This accumulation is a byproduct of the mismatch between continuous innovation by criminals and a regulatory approach created decades ago that keeps up by layering on new expectations. Until recently, regulators did not have the tools to realistically consider methods for deploying outcomes-oriented regulation and have thus had to rely on inputs like policies, procedures, and processes in the hope that the program will achieve the desired result.
Back in September, FinCEN took a significant first step towards building a next generation framework for anti-money laundering regulation with the release of an advanced notice of proposed rule making focused on re-orienting our approach to AML to focus on effectiveness. In December, Congress passed the most significant overhaul to the anti-money laundering regime in the United States since the Patriot Act in the form of the Anti-Money Laundering Act of 2020 (AMLA), re-enforcing and expanding on FinCEN's efforts. This law was a part of the National Defense Authorization Act (NDAA).
There are three important themes in the legislation:
- Unlocking innovation (at both regulators and banks)
- Collaboration and better information
- Reinforcing Culture
Unlocking innovation at regulators
The AMLA acknowledges the challenges FinCEN and the other regulators face in modernizing AML and increases resources committed to innovation and exploring new technologies accordingly.
Here’s what the AMLA does to foster innovation at regulators:
- Creates a new subcommittee on innovation in the Treasury Bank Secrecy Act Advisory Group
- Adds new BSA innovation and information security officers at FinCEN and the other primary regulators
- Issues a mandate to convene global financial crimes symposia
Through these actions, the AMLA charges regulators to "encourage and support" innovation and "reduce obstacles" to technological innovation. These new formalized roles dedicated to innovation at the regulators and a focus on cross-agency collaboration could significantly accelerate the pace of policy change.
The intent behind the innovation officer roles and related committees is to improve collaboration and engagement with financial institutions and facilitate increased consistency across agencies. Banks of all sizes should prioritize engagement with the people in these new positions. Be sure to consider the potential benefits presented by modernization together with the challenges and convey both to your regulator's innovation lead.
Unlocking innovation at banks
The creation of the innovation sparks for regulators, and the mandate to promote rules and standards for testing AML technology should go a long way to removing the cloud of uncertainty that often exists when experimenting with new technologies. Historically, this uncertainty has led banks to default to focus more heavily on the risks presented by the latest technology without accurately considering the risks inherent in sticking with the status quo. In many cases, the solutions in place at a bank fall far below some of the new technologies out there if they are measured side-by-side. Unfortunately, it is much more common for a novel solution to be compared with a fictional perfect version of the tech in place today, leading to a status-quo bias. The initiatives defined in the AMLA, taken together with signals from other regulators, suggest that a shift in focus away from the risks associated with adopting new technology to the risk of doing nothing is underway. In two or three years, exam teams may be asking why your program hasn't changed instead of focusing on the changes from your last review.
- Expect new guidelines for experimenting with AML technology. Factor these guidelines into your risk assessment process and consider how to create safe spaces for experimenting with new technology with the goal of gathering sufficient data to demonstrate that the benefits outweigh the risks and costs of adoption.
- When considering new technology, be sure to ask the "compared to what?" questions when comparing the potential benefits and risks presented. Perform a side-by-side comparison of any new solution against your existing systems using the same metrics. This will help ensure that you compare the new tech against an accurate assessment of your current stack without any rose-tinted glasses.
- In addition to clearing the air for innovation, the AMLA is likely to free up resources in compliance teams through a directive to regulators to review existing rules to identify outdated and redundant guidance. Monitor these efforts closely to stay on top of opportunities to pull people off of redundant tasks.
Collaboration and information sharing
Woven throughout the AMLA is an enhanced focus on coordination and sharing information between law enforcement, regulators, and financial institutions to help everyone better understand what to look for and create feedback loops.
The AMLA fosters collaboration and information sharing by:
- Establishing a FinCEN exchange to promote public/private partnerships
- Creating a mandate for FinCEN to share threat patterns regularly, a requirement that the Treasury Department produce national AML priorities periodically
- Resource sharing between financial institutions by codifying the 2018 interagency statement on sharing BSA resources in law
Taken together, all of these initiatives should go a long way to helping banks avoid operating in the dark, as is often the case today. Clear cut guidance on what to look for will help ensure efficient allocation of resources and produce more certainty in regulatory exams.
Take a look at your AML program and consider how well it would handle frequent adjustments in focus. Ask yourself:
- Are you maintaining rigid rule sets that require manual updates, or do you have adaptive systems in place?
- Does your organizational structure have hierarchical bottlenecks, or is it built on agile, cross-functional concepts?
- Can your team pivot between priorities every week, or would it take months to retool everything?
- Do you have your own engineers and data scientists, or are you relying on vendors to do everything for you?
The AMLA will lead to much more rapid changes in AML priorities than have been seen previously, be sure that your team is ready to adapt.
The modernization efforts highlighted above come with commensurate changes that are likely to lead to increased enforcement activity. BSA whistleblower provisions have been modified to more closely resemble the SEC program that has resulted in more than 40,000 tips since its inception. Increased penalties now specifically include any profits made as a result of the violation. Repeat violations can lead to fines up to three times the profit gained. It is more important than ever for compliance programs to stay on top of AML risks then identify and close gaps as soon as possible.
A strong culture of compliance will be more critical than ever. Take steps to ensure that employees at your bank know what they are supposed to do and feel that people listen when they raise questions.
The banking industry tends to, often fairly, view new regulations as likely to add additional burdens, but we encourage an open-minded approach to the forthcoming changes. The AMLA represents a meaningful opportunity to improve effectiveness in blocking financial crime and terrorist financing while simultaneously reducing the regulatory cost to the financial industry. This is possibly the first time in regulatory history that it has been possible to achieve both goals simultaneously.