On January 1, 2021, the Senate followed the House and voted to override President Trump’s veto of the National Defense Authorization Act for Fiscal Year 2021 (NDAA). As is typical, the NDAA touched on a wide range of legal areas, including numerous new government contracts requirements, as well as a number of sanctions and export control related features, which will be summarized separately. One of the core features of the NDAA, however, is Division F, The Anti-Money Laundering Act of 2020 (AMLA or the Act), which makes sweeping reforms to the Bank Secrecy Act (BSA) and other anti-money laundering rules. The following is a summary of the most significant changes to the AML legal landscape, including:
- New beneficial ownership requirements and the creation of a registry
- Establishment of national AML and counter-terrorism priorities
- Creation of a new Office of Domestic Liaison within the Financial Crimes Enforcement Network (FinCEN)
- Broader Department of Justice (DOJ) and Department of the Treasury (Treasury) subpoena authority for non-U.S. bank records
- Expanded definition of “financial institution” to include “dealers in antiquities” and “virtual currencies”
- Review by FinCEN of whether to implement a “no-action letter” program
- Increased BSA/AML penalties
- Mandatory U.S. Treasury Department review of currency transaction report (CTR) and suspicious transaction report (SAR) requirements
- New SAR pilot program to allow regulated financial institutions to share SARs with their foreign branches, subsidiaries, and affiliates
- Safe harbor for compliance with “keep open” letters
- New whistleblower program
New Beneficial Ownership Requirements and the Creation of a Registry
The Corporate Transparency Act, which is part of the AMLA, will require new and existing state and tribal corporations, limited liability companies, and other similar entities, as well as similar non-U.S. entities that register or are registered to conduct business in the United States (Reporting Companies), to report personal identifying information to FinCEN for their natural-person beneficial owners and for the applicants who establish or register the entities. This change is designed to expand the information available to the government about the natural persons that own U.S. corporate entities, and to discourage the use of shell companies by money launderers and other illicit actors. The information will be maintained by FinCEN in a non-public national registry made accessible to law enforcement, and to certain financial institutions with the consent of their customers (the Registry). Beneficial owners are individuals who: (1) own or control 25 percent or more of the ownership interests of a Reporting Company; or (2) exercise “substantial control” over a Reporting Company. This definition is similar to the definition of beneficial owners used in FinCEN’s 2016 customer due diligence rule (CDD Rule), but appears not to limit the number of control parties that must be identified (the CDD Rule requires only one control party to be identified). The Act does not define “substantial control,” but instead delegates authority to do so to FinCEN.
The current CDD rule requires covered financial institutions to obtain beneficial ownership information on legal entity customers that open accounts with those institutions. The new registry has the potential to substantially increase the beneficial ownership information available to law enforcement, because it requires such information from U.S. companies generally. At the same, time, the Act excludes a long list of entities from this reporting requirement, with exclusions that are broader than the many that already appear in the CDD Rule. Among other things, they exclude any entity that: (1) employs more than 20 people on a full-time basis, (2) filed federal taxes in the previous year demonstrating more than $5,000,000 in gross receipts or sales in the aggregate, and (3) has an operating presence at a physical office in the U.S.
The Secretary of the Treasury (the Secretary) has one year to promulgate regulations implementing the new requirements, after which they become effective. Existing companies will have two years after the effective date of these regulations to provide the required information to FinCEN. Reporting Companies formed or which register in the U.S. after the date of the regulations will be required to report beneficial ownership information at the time of formation or registration. Reporting Companies also will be required to report changes to previously reported information within one year of the change.
Establishment of National AML and Counter-Terrorism Priorities
The Act requires the Secretary to establish, in consultation with DOJ, federal and state financial regulators, and relevant national security agencies, national priorities for AML and countering the financing of terrorism (CFT) by June 30, 2021. FinCEN and prudential regulators then will expect financial institutions subject to an AML program requirement to ensure that their AML programs and risk assessments address these priorities, and that financial regulators include an assessment of compliance with this requirement in their regular examinations of affected institutions.
Creation of a New Office of Domestic Liaison within FinCEN
The Act establishes a new Office of Domestic Liaison within FinCEN intended to promote the coordination and consistency of supervisory guidance from FinCEN, federal functional regulators, state bank supervisors, and state credit union supervisors regarding the BSA. Among other things, the office will receive feedback from BSA officers at financial institutions about the issues they encounter with the implementation of the BSA, and feedback from BSA officers and their examiners at federal functional regulators about specific BSA examinations of their institutions.
Broader DOJ and Treasury Subpoena Authority for Non-U.S. Bank Records
The Act broadens pre-existing authority under the BSA at 31 U.S.C. § 5318(k) to allow Treasury or DOJ to subpoena the financial records of non-U.S. (or foreign) banks that hold correspondent accounts with U.S. financial institutions. Under the new authority, these agencies will be able to demand not only information from the foreign bank about its use of the U.S. correspondent account, but about any account of the foreign bank, including records maintained outside the United States. While Treasury and DOJ have historically used the pre-existing authorities judiciously, recent use is more aggressive. Most notably, it was used to demand records from three Chinese banks about the use of their correspondent accounts by alleged North Korean agents, which was upheld by the D.C. Circuit in a 2019 landmark decision.
Expanded Definition of “Financial Institution” to Include “Dealers in Antiquities” and “Virtual Currencies”
The Act expands various definitions throughout the BSA to include virtual currency, described as “value that substitutes for currency.” These definitions include: (1) defining a “financial agency” subject to regulation under the Act to include foreign persons that provide services relating to virtual currency; (2) defining “currency exchangers” to include entities that exchange virtual currency for fiat currency or funds; (3) defining money transmitters to include transmitters of virtual currency; (4) allowing the Secretary to provide by regulation that “monetary instruments” include value that substitutes for more traditional monetary instruments such as checks or money orders; and (5) revising the definition of money transmitters that must register with FinCEN to include those who transmit virtual currency. These changes appear to codify FinCEN’s 2013 and 2019 virtual currency guidance that companies that exchange or transmit virtual currency qualify as money transmitters and must register with FinCEN.
The Act also broadens the BSA definition of “financial institution” to include “dealers in antiquities,” (“a person engaged in the trade of antiquities, including an advisor, consultant, or any other person who engages as a business in the solicitation or the sale of antiquities,”). The Act requires the Secretary, through FinCEN, to issue proposed rules implementing this provision by January 1, 2022. The Act also requires FinCEN, before the issuance of these rules, to consult with the FBI, DOJ, and other relevant agencies on the appropriate scope of the rules, including: (1) the size, type of business, and geographic location of persons who should be subject to the rules; (2) the degree to which the regulations should focus on high-value trade in antiquities and on the need to identify the actual purchasers of such antiquities and their agents or intermediaries; (3) the need to generally identify persons who are dealers, advisors, consultants, or others who engage in antiquities trading; and (4) whether any thresholds or exemptions should apply in determining whom to regulate.
Review by FinCEN of Whether to Implement a “No-Action Letter” Program
The Act requires FinCEN, in consultation with DOJ, federal functional regulators, state banking supervisors, and other relevant agencies, to submit a report to Congress within six months that analyzes whether the implementation of no-action letters by FinCEN in response to inquiries from financial institutions on the application of AML laws or regulations to specific conduct, could enhance BSA compliance by financial institutions. The report must also include proposed rulemaking to implement any recommendations. FinCEN also is required to consider whether to establish a timeline for the review of requests for no-action letters, which could help to accelerate the pace of interpretive guidance from the agency.
Increased BSA/AML Penalties
The Act provides additional civil penalties for persons who violate the BSA after having done so previously. For each additional violation, effective immediately, repeat offenders now are subject to additional penalties of three times the profit gained or loss avoided as a result of the violation, or two times the maximum allowable penalty for the violation, whichever is greater. The underlying previous violation must have occurred after the Act became effective on January 1, 2021.
The Act also provides that individuals who commit “egregious” violations of the BSA will be barred from serving on the board of directors of a U.S. financial institution for a 10-year period. An “egregious” violation is defined as a criminal violation that results in conviction and for which the maximum term of imprisonment is one year, or a civil violation that is willful and where the violation facilitated money laundering or the financing of terrorism.
The Act further provides that, in addition to any other criminal fines, a person convicted of violating the BSA may be fined an amount equal to the profit gained from the violation and, for employees of financial institutions, be required to repay any bonus they received during the year in which the violation occurred or the succeeding one.
Mandatory Treasury Review of CTR and SAR Requirements
The Act requires the Secretary, in consultation with federal law enforcement and federal and state banking regulators, to conduct a formal review of the financial institution reporting requirements relating to CTRs and SARs and to propose changes to reduce unnecessarily burdensome regulatory requirements and ensure the continued usefulness of such reports against statutory requirements. This includes a review of rules and guidance issued to implement CTR and SAR provisions, a consideration of whether the dollar thresholds for the reports require adjustment, a review of which fields should be designated as critical on the SAR form, and whether additional exemptions to CTR reporting should be allowed to avoid reports that have little or no value to law enforcement. The Secretary must submit a report of her findings to Congress by January 1, 2022, and propose rulemaking to implement the report’s findings.
New SAR Pilot Program to Allow Regulated Financial Institutions to Share SARs with Their Foreign Branches, Subsidiaries, and Affiliates
The Act requires the Secretary to promulgate rules by January 1, 2022, establishing a pilot program that will permit participating financial institutions to share information related to SARs with their foreign branches, subsidiaries, and affiliates for the purposes “of combating illicit finance risks.” No sharing will be allowed with branches, subsidiaries, or affiliates located in China, Russia, state sponsors of terrorism, federally-sanctioned jurisdictions, and other jurisdictions as determined by the Secretary.
Safe Harbor for Compliance with “Keep Open” Letters
The Act establishes a safe harbor from BSA liability and from adverse supervisory action for maintaining accounts on the basis of law enforcement “keep open” letters. Law enforcement agencies historically have issued such letters to ask that financial institutions not close an account, despite potential suspicious activity, because doing so might affect a law enforcement investigation. In order for the safe harbor to apply, the relevant law enforcement agency first must provide notice to FinCEN of the “keep open” request, and the request must state a termination date.
New Whistleblower Program
To provide additional incentives for reporting BSA/AML violations, the Act enhances existing BSA whistleblower provisions (which have never been implemented) to allow larger rewards for reporting violations that lead to civil penalties or criminal fines exceeding $1,000,000. The violation must be reported to the whistleblower’s employer, Treasury, or DOJ and lead to a successful administrative or judicial enforcement action. The whistleblower may then receive an award worth up to 30% of the monetary penalty or fine assessed against the violating party.
The Act also creates a private right of action for those retaliated against for disclosing BSA violations, which may be pursued by filing a complaint with the Secretary of Labor and, if that is not acted upon within 180 days, by filing a complaint in an appropriate U.S. District Court.
- Beneficial Ownership Registry. Although the Registry will take some time to set up, banks and other financial institutions subject to due diligence requirements should plan whether and how they will use the information about beneficial owners and control persons that will be available through the Registry in cases where customers consent to sharing it. On the one hand, because this information is not limited to a single control person, and also includes information about applicants who establish or register corporations, it may provide additional relevant information about customer risk, and regulators may expect financial institutions to obtain and make use of such information where possible. On the other hand, using the Registry to obtain beneficial ownership information is not likely to relieve financial institutions from updating such information on a risk basis or when new accounts are opened, or from other diligence activities. It will be important to understand how the new Registry and the provisions for use of its information interact with other requirements, in particular, with FinCEN’s CDD Rule. Separately, companies generally may wish to start considering whether they fit within the many exemptions to the requirement to provide identifying information on beneficial ownership and applicants (i.e., the person or persons who establishes or registers the corporation).
- Virtual Currencies. Virtual currency businesses that may have previously assessed their business model as not captured by FinCEN’s virtual currency guidance, should make sure that their analysis on this issue is air tight. FinCEN’s efforts to codify the application of the BSA to virtual currency, along with recent enforcement and remarks throughout 2020, indicate an increased focus on virtual currency business enforcement in 2021 and beyond.
- Dealers in Antiquities. Depending on the scope of any final rules FinCEN may issue, dealers in antiquities that become subject to BSA rules should not underestimate the amount of time and investment required to develop and implement an effective AML program. A careful assessment of a dealer’s AML risk is the recommended first step. Without a thorough risk assessment, a dealer can waste significant time and money building an AML program that does not fit its risk profile, fails to meet regulatory expectations, and in the long run may cost the organization more in monetary terms and reputational damage.
- New CTR and SAR Rules. Any change to the CTR and SAR reporting rules will impact financial institutions significantly. If, for example, CTR and SAR transaction amount reporting thresholds are adjusted downward, resulting in more transactions subject to reporting, this could have significant operational impacts on financial institutions in terms of resources and procedures. An adjustment upward could also have an operational impact, as such a change may come with greater expectations on the type of information filed on transactions that do remain in scope. The Act does require FinCEN to consider streamlining these reporting processes, and therefore offers some hope that any decision on thresholds is accompanied by other process improvements, but this remains to be seen.
- National Priorities. Financial institutions may wish to begin considering how they will amend their risk assessments and AML programs to incorporate national priorities established by FinCEN, and separately to add procedures to deal with the new standards that apply to “keep open letters.”