Navigating the AML Act of 2020 & New CFT Regulations

In brief: 

• The Anti-Money Laundering Act of 2020 expands the Bank Secrecy Act definition of “financial institution” to cryptocurrency exchange/transmission businesses and certain art/antiquities businesses; and mandates beneficial ownership information reporting for most types of US businesses.
• Other provisions of the AMLA include increased US federal power to subpoena foreign banks; increased AML/CFT whistleblower rewards & protections; and easier coordination of AML/CFT efforts by US financial institutions with their foreign affiliates.
• A new FinCEN rule based on the AMLA proposes that financial institutions conduct mandatory risk assessments to develop AML/CFT programs that align with new national AML/CFT priorities, while being institution-specific enough that they don’t unfairly exclude certain demographics from access to financial services.
• These regulatory changes will likely require more strategic risk management, tighter internal controls, and greater cooperation with foreign banks, so investing in technology like Middesk can help streamline implementation of related tasks.

The financial services industry is facing new regulations, with a heightened focus on both Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT). The recent proposed rule by the Financial Crimes Enforcement Network (FinCEN) marks a significant evolution in this regulatory landscape, reflecting broader changes under the Anti-Money Laundering Act of 2020. 

Details on FinCEN's proposed rule and its implications are included in their official announcement. Suffice to say, this shift is reshaping how financial institutions (FIs) approach compliance, risk assessments, and financial inclusion. Many must reevaluate their fraud prevention programs to adapt to this new regulatory environment. This article is meant to assist by providing an AML Act of 2020 summary of who it affects, what the major changes are, and what financial institutions specifically should do to adapt. In it, we’ll cover:

Let’s start with what the AML Act of 2020 is and its broader impact on regulations.

‍

The Anti-Money Laundering Act of 2020 is a section within the National Defense Authorization Act of 2021. Its purpose is to set the US’s priorities in combating money laundering and terrorist financing, and expand the US’s ability to do so to new industries and to an international stage.

What is the effective date of the AML Act of 2020?

The AML Act of 2020’s effective date was January 1, 2021, as this is when its parent act – the National Defense Authorization Act of 2021 – was signed into law. However, its various provisions have been implemented over the course of the preceding few years, with some of them still ongoing as of this writing (late 2024). 

Who does the AML Act of 2020 apply to?

The AML Act of 2020 applies to primarily businesses classified as financial institutions under the Bank Secrecy Act. These include:

• Casinos
• Depository Institutions
• Insurance Industry
• Money Services Businesses
• Mortgage Companies or Brokers
• Precious Metals and Jewelry Industries
• Securities and Futures Industry

The AMLA also expands this definition to include businesses that exchange or transmit cryptocurrency, as well as certain dealers of fine art or antiquities.

In a broader sense, though, the AMLA applies to many other types of US businesses, as they are required to report their beneficial ownership information.

To ensure your KYB system accounts for all businesses classified as “reporting companies” for this provision of the AMLA, read about how to run informative data tests when choosing between business verification software vendors.

‍

The updates to FinCEN’s rules are part of a broader effort to align with the changes introduced by the AMLA. This legislation represents a significant overhaul of the Bank Secrecy Act (BSA) of 1970, aiming to enhance the effectiveness of AML/CFT programs and address evolving threats in the financial sector.

The AMLA introduced several key provisions:

1. Mandatory beneficial ownership information registration

One of the most impactful subsections of the AML Act of 2020 regards beneficial ownership information registration. Known as the Corporate Transparency Act (CTA), it requires all legal US business entities – with some exceptions (many of which are bound by similar industry-specific regulations anyway) – to file identifying information about their beneficial owners with FinCEN. For newer businesses, this also includes information on anyone involved in filing those businesses’ registration paperwork.

This information is primarily to be used by US law enforcement and other government agencies for AML & CFT purposes. However, financial institutions are also allowed to use it for business and customer identity verification, if the entity in question consents.

2. Expanded definition of “financial institution” under the BSA

As virtual currencies, NFTs, and other digital assets have emerged, they have become popular for facilitating money laundering and other financial crime. In the case of cryptocurrencies, for example, transactions are conducted semi-anonymously, and cannot be reversed without majority approval from users of the blockchain network the cryptocurrency runs on.

This has spurred the US government to add cryptocurrency exchanges and other cryptocurrency-related money services businesses to the BSA definition of “financial institution”. Thus, thanks to the AMLA, FinCEN now has the authority to regulate these types of businesses.

The AMLA also adds certain types of businesses that deal in fine art or antiques to the BSA definition of “financial institution”. This is likely because purchasing such luxury items is a common way for money launderers to place illegitimate funds into circulation. Then they can recover legitimate funds by selling these goods.

3. Added BSA violations regarding hiding or falsifying information from FIs

In line with introducing mandatory beneficial ownership disclosure, the AMLA has also made it a crime to knowingly hide or falsify this information when dealing with financial institutions. Specifically, this information includes asset ownership or control details in transactions totaling $1,000,000 or more where at least one of the parties involved is a politically exposed person (PEP). It also includes details on the source of funds in any transaction where at least one of the parties involved is deemed to be a “primary money laundering concern”.

Punishments for these crimes include up to 10 years in prison, fines of up to $1,000,000, or both.

4. Revised penalty structure for existing BSA violations

The AMLA introduces a tiered civil penalty system for repeat or egregious BSA offenders. Repeated or egregious violations may incur fines that are double the normal maximum fine for a particular offense, or up to triple the profit gained (or loss avoided) due to the violation.

The AMLA also introduces new penalties for anyone involved in the ownership or operation of a financial institution who violates the BSA. They can be punished with jail time, loss of their bonuses for the year, and – in the case of egregious violations – being banned from serving on a financial institution’s board of directors for up to 10 years.

5. Modified suspicious activity reporting

The AMLA requires the US Department of the Treasury to reassess the transaction value thresholds that mandate financial institutions to file suspicious activity reports (SARs) and currency transaction reports (CTRs). This is likely in an effort to curb the facilitation of money laundering by criminals moving funds through a series of smaller transactions.

The act also requires FinCEN to create a new automated filing process to simplify the submission of non-complex SARs. The goal of this rule is to reduce the compliance burden on financial institutions, many of which have had to implement sophisticated AML programs to keep up with both new regulations and emerging methods of laundering money.

6. Broader sharing of AML/CFT-related information with foreign affiliates

Under the AMLA, US financial institutions are now allowed to share SARs and other information related to AML/CFT with their affiliates, subsidiaries, and branches in foreign countries. This may help coordinate cross-border compliance efforts that have before been limited by privacy laws. Financial institutions headquartered in some countries are not included in this rule, including those under sanctions, deemed state sponsors of terror, or otherwise judged unable to safeguard the security and privacy of this information.

‍

Another thing the AMLA does is - for the first time - name particular financial crimes and other illicit activities as national priorities to be considered when forming and maintaining AML/CFT policies. These priorities are:

• Corruption
• Cybercrime (including cybersecurity and virtual currency considerations)
• Terrorist financing (both foreign and domestic)
• Fraud
• Transnational criminal organization activity
• Drug trafficking
• Human trafficking & smuggling
• Proliferation financing

FinCEN's proposed rule aims to modernize and strengthen AML and CFT programs for FIs based on these priorities. The overarching goal of this is to promote a more effective and cohesive regulatory landscape. 

Key aspects of the rule include:

• Adopting federal government AML/CFT priorities: Institutions are required to incorporate the above national priorities into their AML/CFT programs. This reflects a broader alignment with national security and policy objectives, ensuring that FIs contribute effectively to combating terrorism financing and other financial crimes both at home and abroad.
• Effective, risk-based, and reasonably-designed AML/CFT programs: FIs must establish AML/CFT programs that are effective, reasonably designed to ensure compliance with the BSA, and risk-based. This means institutions must tailor their programs in a way that lets them focus their attention and resources on the most prominent risks relevant to their specific operations and customer base.
• Mandatory risk assessments: FIs need regular and comprehensive risk assessments to understand how vulnerable they are to being used for illicit financial activities. They must then use the results of these reports to adjust their AML/CFT measures accordingly. This requirement is intended to enhance the ability of institutions to proactively detect and prevent illicit activities.
• Focus on financial inclusion: A broader consideration of the proposed rule is to achieve AML/CFT objectives while still extending financial services to the underbanked. The emphasis on FIs creating individualized risk-based AML/CFT programs is meant to avoid a cookie-cutter approach to financial risk, which may inadvertently and unfairly lead to certain demographics being locked out of access to financial services.
• Encouraging technological innovation: As long as they are still managing their AML/CFT risks, FIs are allowed to investigate, test, and adopt new technologies and techniques to more efficiently meet their BSA compliance obligations. Regulators will engage with the private sector and search for other ways to help with these processes.

Learn how Middesk’s Signal and Verify products offer customizable rule-based risk scoring, making it easy for you to implement a risk-based AML/CFT program that focuses on US federal AML/CFT priorities.

‍

For FIs, the recent shift in regulations requires a new, more strategic approach to compliance which includes:

• Revamping AML/CFT programs: Institutions must review and update their AML/CFT programs to align with the new requirements. This involves incorporating risk-based strategies, government priorities, and enhanced risk assessments into existing compliance frameworks.
• Coordination with foreign branches: FIs with branches in foreign countries should make those branches aware of the expanded subpoena powers the AMLA gives the US government. They should also inform those branches that the AMLA gives them greater freedom to exchange information related to AML & CFT with their counterparts in the US.
• Tightening internal controls: Since the AMLA introduces new penalties for people inside financial institutions who violate the BSA, FIs should take additional steps to keep financial crime from being initiated internally. They should also modify their internal procedures and policies to avoid running afoul of the AMLA’s new whistleblower protections.
• Greater scrutiny on PEPs and other high-risk entities: The AMLA also introduces new penalties on PEPs and other entities considered at high risk of being involved in money laundering for withholding or falsifying information related to the source, ownership, or control of assets in large transactions. This should spur FIs to place even greater priority on these entities with regards to due diligence procedures.
• Investing in technology: Embracing technological advancements is crucial for meeting the new regulatory demands. Investments in data analytics, machine learning, and other technologies can enhance the effectiveness of AML/CFT programs and support more rapid, precise risk assessments. This can also include taking advantage of FinCEN’s new beneficial ownership information database and updated SAR filing system to streamline KYB verification and reporting.
• Balancing compliance and inclusion: As FIs adapt to the new regulations, they must ensure that their efforts to combat financial crime do not inadvertently exclude or disadvantage legitimate customers. Striking the right balance between stringent compliance measures and financial inclusion is essential for maintaining a fair and accessible financial system.
• Training and awareness: Ongoing training and awareness programs are vital for ensuring that staff understand and can adapt to the new regulatory requirements effectively. Keeping abreast of changes and best practices is key to maintaining compliance and mitigating risks.

Adapt to regulatory changes with less friction using Middesk

The seismic shift in the regulatory landscape, as evidenced by FinCEN's proposed rule and the Anti-Money Laundering Act of 2020, signifies a new era for FIs. The emphasis on risk-based AML/CFT programs, mandatory risk assessments, and financial inclusion presents challenges for the financial sector, to be sure. However, it also offers opportunities for FIs to contribute to a more secure and inclusive US financial system. 

Middesk can help ease this transition by providing a suite of tools that assist in automating:

• Customer identity lookup & verification
• Managing client risk through assessment, organizing, and filtering
• Reporting and other information-sharing tasks

To see our products in action, contact our sales team for a demo.