Financial institutions would be required to conduct more thorough risk assessments on their anti-money laundering/countering the financing of terrorism (AML/CFT) programs under a new rule proposed by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN).
The proposed rule would “explicitly require that such programs be effective, risk-based, and reasonably designed, enabling financial institutions to focus their resources and attention in a manner consistent with their risk profiles,” FinCEN said Friday in a press release.
The new requirements were included in the AML Act of 2020, which became law in 2021 as part of the National Defense Authorization Act for FY2021. The law comprehensively updated the Bank Secrecy Act (BSA) for the first time in decades, according to FinCEN.
According to a FinCEN fact sheet, the rule would “require a financial institution’s AML/CFT program to include a risk assessment process to better enable it to identify and understand its exposure to money laundering, terrorist financing, and other illicit finance activity risks. Under the proposed rule, financial institutions would be expected to use the results of their risk assessment process to develop risk-based internal policies, procedures, and controls in order to manage and mitigate risks, provide highly useful information to government authorities, and further the purposes of the BSA.”
The risk assessment would have to be based on the latest AML/CFT priorities promulgated by FinCEN, which the AML Act requires the agency to update at least once every four years. The risk assessment would also have to take into consideration the money laundering and terrorism financing (ML/TF) risks of the financial institution itself, “based on a periodic evaluation of its business activities, including products, services, channels, customers, intermediaries, and geographic locations.” And finally, firms would also have to periodically review and update their risk assessment process, “including, at a minimum, when there are material changes to their ML/TF risks,” the fact sheet stated.
By requiring companies to tailor their risk assessment to their lines of business, FinCEN said it would discourage implementing “one-size-fits-all approaches to customer risk that can lead to financial institutions declining to provide financial services to entire categories of customers.” FinCEN also said it will encourage financial institutions to update and improve their AML/CFT programs with “responsible innovation” in the use of emerging technology.
The rule would also prohibit financial institutions from outsourcing oversight of AML/CFT programs overseas. All employees tasked with overseeing a financial institution’s AML/CFT program must be U.S. persons subject to proper oversight by the Treasury or appropriate federal regulator, the agency noted.
Under the new rule, AML/CFT programs would have to be approved by the financial institution’s board of directors (or equivalent body) and remain under its direct oversight.
Written comments on FinCEN’s proposed rule must be received on or before 60 days following its publication in the Federal Register.
No comments yet