New Challenges: Anti-money Laundering Act 2020

On January 1, 2021, Congress enacted the National Defense Authorization Act for the Fiscal Year 2021 (“NDDA”). The NDAA includes the expansive Anti-Money Laundering Act of 2020 (“AMLA”), with the purpose of updating and amending the country’s anti-money laundering laws. The AMLA also provides one of the more notable additions to this anti-money laundering legal regime, the Corporate Transparency Act (“CTA”). It is the most sweeping AML legislation since the passage of the USA PATRIOT Act.

Spanning more than 85 pages, the AMLA creates a broad range of new anti-money laundering (“AML”) obligations for banks and other financial institutions, certain private investment structures, and even federal regulators. Many of the new provisions, including those creating a federal beneficial ownership registry, call for implementing regulations that will be promulgated months or years from now. Other provisions, including new criminal offenses and new subpoena authority over foreign banks with U.S. correspondent accounts, take effect immediately.

This article addresses the following key aspects of the AMLA:

• Federal Beneficial Ownership Registry-The Corporate Transparency Act
• Broader Subpoena Power over Foreign Banks
• Enforcement Priorities, New Crimes, and New Penalties
• New AML Whistleblower Regime
• Expanded Scope of the Bank Secrecy Act
• Changes to BSA/AML Program Requirements
• Ability to Share SARs with Foreign Branches
• Focus on Technology
• Safe Harbors

The CTA creates a federal beneficial ownership registry, which will require certain types of domestic and international corporate entities, “reporting companies”, to file with the Financial Crimes Enforcement Network (“FinCEN”) information about the beneficial ownership of those entities. The CTA additionally requires that FinCEN maintain a non-public federal registry of this beneficial ownership information., thereby implementing a version of the “Registry Approach” recommended by the Financial Actions Task Force (“FATF”). The authors of the Corporate Transparency Act estimate about two million business entities are formed annually in the U.S. Coupled with all of the existing business entities that have already been formed, the raw data that will be generated under the legislation is enormous.

Reporting Company

The CTA defines a “reporting company”, subject to the new reporting requirements, as a corporation, limited liability company, or similar entity that is either (i) created by a filing with a secretary of state, or (ii) formed under foreign law and registered to do business in the U.S. by a filing with a secretary of state. This definition is similar to the definition of “legal entity customer” under the “Customer Due Diligence Requirements for Financial Institutions” rule (“CDD Rule”).  Like the CDD rule, the CTA does not appear to cover trusts, other than statutory trusts.

Many entities are exempted from the definition of “reporting company”. The exemptions include entities that are already required to disclose beneficial ownership information, such as publicly-traded companies and companies subject to significant regulatory oversight from other governmental authorities including banks, insurance companies, broker-dealers, and certain investment funds, charities, investment vehicles that are advised or operated by banks or registered investment advisers. Most corporations and LLCs that are owned or controlled by an exempted entity are also exempt from reporting. In addition, an entity is exempt if it (i) employs more than 20 employees; (ii) filed federal income tax returns in the previous year demonstrating more than $5,000,000 in gross receipts or sales, aggregating the income of both subsidiary and parent entities; and (iii) “has an operating presence at a physical office within the United States.”

If an exempt pooled investment vehicle is formed under foreign law, it must nonetheless file with FinCEN a written certification that provides identification information of an individual that exercises “substantial control”—again, a term the CTA does not define—over the pooled investment vehicle.

Beneficial Owners

Each reporting company must disclose information about its “beneficial owners,” which the CTA defines as a person who, directly or indirectly, (i) exercises substantial control over the entity; or (ii) owns or controls not less than 25 percent of the ownership interests of the entity. The CTA does not define “substantial control.”

In addition, each reporting company must also disclose information about each “applicant,” which the CTA defines as any individual who files an application to (i) form a corporation, limited liability company, or similar entity under state law, or (ii) registers with a secretary of state a corporation, limited liability company, or other similar entity formed under the laws of a foreign country to do business in the United States.  Notably, there is no exemption for lawyers or paralegals that form an entity on behalf of a client. It is unclear whether that person and their affiliated law firm would be implicated. 

The CTA includes substantial penalties for willfully providing false information or willfully failing to report (or update) beneficial ownership information, including civil of up to $500 per day the violation continues and criminal penalties of up to $10,000 and/or imprisonment for up to two years.

Confidentiality of Beneficial Owner Information

Beneficial ownership information, much like other information in FinCEN’s possession, is confidential and may not be disclosed except to law enforcement solely for national security, law enforcement, and intelligence purposes. A reporting company, however, may consent to FinCEN’s disclosure of a company’s beneficial owner information to a financial institution to facilitate its compliance with customer due diligence requirements under applicable law.

CDD Rule                                    

AMLA 2020 makes clear that it will not immediately reduce CDD requirements for financial institutions. The legislation provides that nothing in the new law may be construed "to authorize Treasury to repeal the requirement that financial institutions identify and verify beneficial owners of legal entities."  However, the new law does direct Treasury to revise the CDD rule within one year of promulgating implementing regulations, in order to reduce burdens on financial institutions and legal entity customers that are unnecessary or duplicative in the light of the new registration requirements.

Implications for Clients:

• All financial institutions should continue to collect beneficial ownership information as required by the CDD rule;
• The precise scope of entities that will be excluded from the reporting obligation will not be clear until FinCEN issues implementing regulations;
• Offering circulars may raise new risks that the CTA creates, including the possibility that implementing regulations may require the disclosure of certain investor information to FinCEN;
• In the future, loan documents may need to be revised to require deal entities to periodically confirm that they are in compliance with FinCEN’s beneficial owner disclosure requirements and require as a condition to any permitted beneficial ownership transfers that the deal entities have complied with the CTA; and
• Funds and other clients may wish to analyze their structures to determine whether implementing regulations are likely to exclude all part or all of the structure from the new reporting obligations.

Expanded Subpoena Power

Section 6308 of the AMLA provides a new mechanism that will help the US Department of Treasury (“Treasury”) and the US Department of Justice (“DOJ”) obtain foreign bank records during criminal investigations and in civil forfeiture actions. It permits the Treasury and the DOJ to issue a subpoena to any foreign bank that maintains a correspondent account in the United States. This subpoena power, however, is not limited to records related to the correspondent account, which is the limitation that existed previously. Rather, the subpoena can request records related to any account at the foreign bank, including records maintained outside of the United States.

Officers, directors, and employees of a foreign bank that receive such a subpoena are prohibited from notifying any account holder involved, or any person named in the subpoena, about the existence of the subpoena. A violation of this prohibition is punishable by a civil penalty of double the amount of suspected criminal proceeds sent through the correspondent account of the foreign bank in the related investigation.

The implications of these new provisions are potentially significant.  The changes are meant to allow federal investigators to more easily obtain foreign bank records and not have to rely principally on the mutual legal assistance treaty process or other international agreements.  Although the law is aimed at combatting money laundering, its broad scope (permitting subpoenas connection with “any investigation of a violation of a criminal law in the United States”) means that it may, and likely will, be used to target other serious criminal conduct, including high-profile white-collar crimes (e.g., tax evasion, Foreign Corrupt Practices Act violations), as well as international drug trafficking and national security violations. The AMLA prohibits courts from quashing or modifying the subpoena on the sole ground that compliance would conflict with foreign bank secrecy or confidentiality laws.

Penalties

A foreign bank that fails to comply with a subpoena may be punished for contempt and liable for a civil penalty of up to $50,000 for each day that the foreign bank fails to comply with the terms of the subpoena. Funds held in the correspondent account may be seized to satisfy these civil penalties. Further, Treasury or the DOJ may order the U.S. financial institution providing the correspondent account to terminate the account relationship. A U.S. financial institution that fails to terminate the correspondence account relationship within 10 days is liable for a civil penalty of up to $25,000 for each day the financial institution fails to terminate the relationship.

Implications for Clients:

• The AMLA vastly expands the U.S. government’s ability to gather information from foreign banks;
• US branches of foreign banks should make sure their Head Offices are aware of the expanded subpoena power and that penalties for not complying may be seized from the correspondent account;
• The new subpoena powers permit the government to subpoena information not only concerning a foreign bank’s U.S. correspondent account, but also about any account at the foreign bank;
• In an attempt to move beyond the reach of the new subpoena powers, some foreign accountholders of foreign banks with U.S. correspondent accounts may move their business to foreign banks that do not hold U.S. correspondent accounts.

New BSA Violations

AMLA 2020 added two new criminal BSA violations for intentionally deceiving or withholding information from financial institutions, The first new offense is to knowingly conceal, falsify, or misrepresent, from or to a financial institution, a material fact concerning the ownership or control of assets involved in a monetary transaction if (i) the person or entity who owns or controls the assets is a senior foreign political figure; and (ii) the aggregate value of the assets involved is at least $1,000,000.

The second new offense is to knowingly conceal, falsify, or misrepresent, from or to a financial institution, a material fact concerning the source of funds in a monetary transaction that (i) involves an entity found to be a primary money laundering concern; and (ii) violates a prohibition on opening or maintaining a correspondent or payable through account.

A violation (or conspiracy to violate) either law is punishable by up to 10 years' imprisonment and a fine of up to $1 million. Forfeiture of funds involved in the crime may also be imposed.

Disgorgement Claims

Congress also authorized the Securities and Exchange Commission to bring disgorgement claims for violations of the Securities Exchange Act. The statute of limitations for disgorgement claims is five years for most violations, and 10 years for fraud other violations for which scienter must be established.

New Penalties for Existing BSA Violations

The AMLA includes increased civil penalties for repeat and egregious BSA violators. For certain repeat violators, Treasury may impose three times the profit gained or loss avoided as a result of the violation or two times the maximum penalty for the violation for certain repeat violators who commit both a first and subsequent violation after January 1, 2021.

Further, if an individual partner, director, officer, or employee of a financial institution is convicted of a BSA violation, the individual must repay to the financial institution any bonus received during the calendar year during which or after which the violation occurred. In addition, any individual found to have committed an egregious violation of the BSA “shall be barred” from serving on the board of directors of a U.S. financial institution for 10 years following the conviction or judgment.

Implications for Clients:

• Individual bonus clawbacks are required only where an individual is convicted of a BSA violation;
• Where an enforcement action is against a financial institution alone, the AMLA does not require individual employees to repay their bonuses; and
• The defense bar can be expected to challenge the retroactive application of the 10-year statute of limitations for disgorgement claims in connection with Exchange Act violations

Perhaps the most significant impact of the AMLA is the amendments made by Section 6314 to 31 U.S.C. § 5323 of the BSA to “[update] whistleblower incentives and protection.” 

AMLA broadly defines “whistleblower” as any individual (or two or more people acting jointly) “who provide information relating to a violation of this subchapter … to the employer of the individual or individuals, including as part of the job duties of the individual or individuals, or to the Secretary [of the Treasury] or the Attorney General”. This language expands the categories of employees benefitting from the whistleblower provisions to include compliance officers, auditors, counsel and others who often learn of violations during the normal course of business.

In addition, the whistleblowers are not required to be U.S. citizens or residents. Further, the illegal conduct does not have to have taken place in the United States, as long as the U.S. regulators have jurisdiction.

Enhanced Whistleblower Protection

Section 6314 of the AMLA bars employers from discharging, demoting, threatening or harassing employees who provide information relating to money laundering and violations of BSA to their employer, or to the Attorney General, Secretary of the Treasury, regulators and others.

Previously, the protection under the BSA only applied to whistleblowers who reported possible violations to a federal supervisory agency as opposed to those only reporting to an employer. The AMLA protects whistleblowers who complain only to their employers. If the employer retaliates for bringing these claims, the employee can file a civil lawsuit and seek reinstatement, compensatory damages, counsel fees, double back pay with interest added, and other appropriate remedies regarding the prohibited conduct.

Effective Date

The AML Whistleblower Program is now in effect.  When the AMLA was signed into law, the reward provisions became effective, without the need for implementing regulations. Critically, the program covers wrongdoing prior to its creation.  A whistleblower with information about any violations of the BSA that are within the statute of limitations for government enforcement actions – six years for civil actions under 31 U.S.C. § 5321(b) and five years for criminal penalties under 18 U.S.C § 3282(a) – can submit a claim under the AML Whistleblower Program.

Implications for Clients:

• The significantly larger awards the AMLA authorizes places this new whistleblower regime on par with the SEC’s whistleblower program, which in recent years has resulted in numerous enforcement actions and high-dollar whistleblower awards; and
• Financial institutions may wish to study the new whistleblower provisions carefully to ensure that (1) appropriate processes are in place to receive and respond to whistleblower information, and (2) employee contracts and other agreements do not attempt to waive any of the rights or remedies available to whistleblowers.

The Anti-Money Laundering Act of 2020 broadens the definition of “financial institution” under the BSA. The term “financial institution” now includes:

• Businesses that exchange or engage in the transmission of cryptocurrency; and
• Persons “engaged in the trade of antiquities”.

 FinCEN is required to issue regulations within the next year that determine the scope of persons “engaged in the trade of antiquities” that will be considered “financial institutions” under the BSA.

Explicit Coverage of Digital Assets

AMLA resolves any doubt as to whether FinCEN has the authority to regulate digital assets. It achieved this by amending the BSA from covering “monetary instruments” to including activities related to “value that substitutes for currency.” In addition to cementing FinCEN’s authority over cryptocurrency firms, the AMLA potentially broadens the applicability of AML laws to other FinTechs involved in digital payments, such as payment processors and wallet providers, who could be subject to liability if their infrastructure is used to circumvent AML requirements.

Implications for Clients:

• The inclusion of cryptocurrency businesses as financial institutions largely codifies existing FinCEN guidance; and
• Financial institutions can expect some level of requirements to conduct customer due diligence and file currency transaction reports (“CTRs”) and suspicious activity reports (“SARs”) on antiquities dealers.

National AML Priorities

The AMLA includes a number of provisions that will alter the landscape for financial institutions implementing BSA/AML programs. Key among these changes are requirements that FinCEN provide financial institutions with information about financial crime concerns and patterns. Within six months, the Treasury must establish national AML priorities, to be updated at least once every four years. Federal regulators will subsequently review whether and to what extent financial institutions have incorporated the national AML priorities into their risk-based programs.

On June 30, 2021, FinCEN issued its first-ever Anti-Money Laundering and Countering the Financing of Terrorism National Priorities (the “Priorities”).

FinCEN identified the following AML and countering the financing of terrorism (“CFT”) priorities:

• Corruption;
• Cybercrime, including cybersecurity and virtual currency considerations;
• Foreign and domestic terrorist financing;
• Fraud;
• Transnational criminal organization activity;
• Drug trafficking organization activity;
• Human trafficking and human smuggling; and
• Proliferation financing.

Financial institutions will be required to incorporate these priorities into their AML programs after FinCEN finalizes implementing regulations, which must occur by December 27, 2021. FinCEN and federal and state banking regulators also issued a parallel interagency statement emphasizing that they will not examine banks for incorporation of the Priorities until after FinCEN issues implementing regulations.

Disclosure by FinCEN of Useful SAR Information

The AMLA also requires FinCEN, “to the extent practicable,” to periodically disclose to “each financial institution” a summary of information on SARs that “proved useful” to law enforcement. The AMLA does not require financial institutions to respond to FinCEN’s disclosures, but financial institutions that receive negative feedback or no positive feedback may wish to consider whether they are meeting regulatory expectations.

Emerging Money Laundering and Terrorist Financing Threats

FinCEN also must publish information relating to emerging money laundering and terrorist financing threat patterns and trends. FinCEN must include typologies, “including data that can be adapted in algorithms if appropriate. This suggest that “financial institutions will be evaluated on whether and to what extent they have incorporated FinCEN’s published threat patterns and trends into the financial institutions’ BSA/AML programs and SAR reporting processes.

De-Risking

The AMLA addresses de-risking, which is the practice of cutting off financial services to underserved individuals, entities, and geographic areas when BSA/AML risks are difficult or expensive to manage. The AMLA states that BSA/AML policies “must not unduly hinder or delay legitimate access to the international financial system,” and that federal enforcement efforts should not primarily focus on BSA/AML policies that result in “incidental, inadvertent benefits” to designated groups in the course of delivering “life-saving aid to civilian populations.” The Office of the Comptroller of the Currency (“OCC”) and FinCEN are required to study and report on de-risking, and to propose changes, as appropriate, to reduce any unnecessarily burdensome regulatory requirements.

Implications for Clients:

• As suggested by the regulators, financial institutions may wish to start considering how they will incorporate the Priorities into their AML programs, “such as by assessing the potential related risks associated with the products and services they offer, the customers they serve, and the geographic areas in which they operate”;
• Ensure SARs are “useful” to law enforcement; and
• Review AML Policies to confirm they do not hinder or delay legitimate assess to the international financial system.

Under current regulations, U.S. financial institutions are limited in their ability to share SAR details with foreign affiliates. The AMLA requires FinCEN to establish a pilot program for U.S. financial institutions to share SAR information with their foreign branches, subsidiaries, and affiliates, other than those in China, Russia, or jurisdictions that are state sponsors of terror, subject to sanctions, or unable to reasonably protect the security and confidentiality of the information.

Location of AML Compliance Resources for U.S. Branches of Foreign Banks

Financial institutions also face new limitations on where a financial institution’s BSA duties can be carried out. The AMLA states that the “duty to establish, maintain and enforce” a BSA/AML program must be performed by “persons in the United States” who are accessible to and supervised by the appropriate federal regulator.

Implications for Clients:

• Financial institutions that are authorized to share SAR information across borders will also be expected to incorporate that information into their ongoing monitoring and SAR reporting processes; a financial institution may be deemed to know what its foreign branch knows; and
• This is actually a helpful provision in the AMLA, insofar as global international banks have at times been stymied in coordinating cross-border compliance efforts by exceedingly strict rules about the confidentiality of SARs. This loosening of restrictions on sharing information might enable compliance professionals to reduce the risk of banking with bad actors across bank branches in the United States and abroad.

Portions of the AMLA focus on the role of technology in financial institutions’ BSA/AML compliance programs. FinCEN must issue regulations establishing standards that financial institutions must use when testing technology utilized for compliance with the BSA. FinCEN is also required to establish “streamlined, including automated, processes to, as appropriate, permit the filing of noncomplex categories” of SARs.

Implications for Clients:

• Financial institutions may be able to automate the filing of certain categories of SARs at some future date, provided that the technology for doing so meets forthcoming FinCEN standards.

Under the AMLA, FinCEN must assess whether to establish a process for the issuance of no-action letters, including in response to requests for a statement as to whether FinCEN or another federal functional regulator intends to take enforcement action against a person under the AML laws with respect to specific conduct. If appropriate, regulations must be proposed within 180 days of enactment.

On June 30th, FinCEN also announced that it had submitted to Congress its assessment of no-action letters. FinCEN concluded that it should undertake a rulemaking to establish a no-action letter process as a supplement to other forms of guidance and relief available from the agency.

This may be a benefit to financial institutions that are considering offering novel and innovative products and services to engage with FinCEN on proposed or current activities and to receive definitive statements that FinCEN will not take enforcement action.

The AMLA substantially changes and modernizes the BSA and related AML laws and regulations. However, because many of the new statutory provisions will require rulemakings, reports, analyses, and other measures, the impact of the AMLA remains to be seen and may only be slowly realized over the next few years. Nonetheless, financial institutions should seek to prepare their stakeholders, including boards of directors, foreign affiliates, and BSA/AML compliance personnel, by informing them of these changes and how they may impact their day-to-day operations.

Key timeline for AMLA

June 30, 2021

• Publication of national AML/CFT priorities;
• Assessment and proposed rules regarding FinCEN no-action letter process.

December 26, 2021

• BSA proposed rule or antiquities dealers;
• Implementing regulations on incorporation of national priorities into AML/CFT programs.

December 31, 2021

• Beneficial Ownership reporting and FinCEN Corporation registry implementation due;
• SAR/CTR threshold report to be published;
• Final Rule on pilot program for SAR sharing with foreign affiliates;
• National FinTech Assessment;
• Report on Treasury review of BSA regulations and guidance.

Sources

1. https://www.fincen.gov/sites/default/files/shared/AML_CFT%20Priorities%…