In my last post, I discussed the so-called “FinCEN Files” (leaked Suspicious Activity Reports (SARs) filed by banks with the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN)), and the reports from BuzzFeed News and the International Consortium of Investigative Journalists (ICIJ) based on those leaked documents. This reporting highlighted serious weaknesses in the current anti-money laundering (AML) system, both in the United States and globally. Perhaps coincidentally (but perhaps not), just a couple of days before the FinCEN Files stories went public, FinCEN issued an Advanced Notice of Proposed Rulemaking (ANPRM), seeking public comment on various proposed changes to its current regulations implementing the AML provisions of the Bank Secrecy Act (BSA). The comment period will remain open until November 16th, 2020. Of course, it’s never clear how seriously federal agencies will take public comments, but in at least some circumstances sophisticated comments, supported by evidence and analysis, can move the needle, at least somewhat, on agency policy. So, I very much encourage those of you out there in ReaderLand, especially those of you who work at organizations that have expertise in this area and might be well-positioned to submit the sort of detailed, substantive comments that stand a chance of making some practical difference, to submit your comments before that deadline. (Comments can be submitted through the federal government’s e-rulemaking portal, referencing the identification number RIN 1506-AB44, and the docket number FINCEN-2020-0011, in the submission. The link above goes directly to the comment section for this rule, though, so you don’t need to enter that info again if you follow the link.)
The full ANPRM is not that long, but let me provide a very quick summary, highlighting the main proposal under consideration and the specific questions on which FinCEN is seeking public input.
The main issue on which FinCEN is seeking public input concerns the BSA requirement that covered financial institutions establish AML programs. FinCEN is considering “whether it is appropriate to clearly define a requirement for an ‘effective and reasonably designed’ AML program in BSA regulations,” with clearer definitions of the terms “effective” and “reasonably designed” than appears in existing regulations. More specifically, FinCEN is considering amending its regulations to explicitly define an “effective and reasonably designed” AML program as one that meets three criteria. According to those criteria, an effective and reasonably designed AML program is one that:
- “Identifies, assesses, and reasonably mitigates the risks resulting from illicit financial activity—including terrorist financing, money laundering, and other related financial crimes—consistent with both the institution’s risk profile and the risks communicated by relevant government authorities as national AML priorities;
- “Assures and monitors compliance with the recordkeeping and reporting requirements of the BSA; and
- “Provides information with a high degree of usefulness to government authorities consistent with both the institution’s risk assessment and the risks communicated by relevant government authorities as national AML priorities.”
FinCEN is especially interested in public input on eleven questions related to these three criteria, questions that I will quote directly in the following bullet point list:
- Question 1: Does this ANPRM make clear the concept that FinCEN is considering for an “effective and reasonably designed” AML program through regulatory amendments to the AML program rules? If not, how should the concept be modified to provide greater clarity?
- Question 2: Are this ANPRM’s three proposed core elements and objectives of an “effective and reasonably designed” AML program appropriate? Should FinCEN make any changes to the three proposed elements of an “effective and reasonably designed” program in a future notice of proposed rulemaking?
- Question 3: Are the changes to the AML regulations under consideration in this ANPRM an appropriate mechanism to achieve the objective of increasing the effectiveness of AML programs? If not, what different or additional mechanisms should FinCEN consider?
- Question 4: Should regulatory amendments to incorporate the requirement for an “effective and reasonably designed” AML program be proposed for all financial institutions currently subject to AML program rules? Are there any industry-specific issues that FinCEN should consider in a future notice of proposed rulemaking to further define an “effective and reasonably designed” AML program?
- Question 5: Would it be appropriate to impose an explicit requirement for a risk-assessment process that identifies, assesses, and reasonably mitigates risks in order to achieve an “effective and reasonably designed” AML program? If not, why? Are there other alternatives that FinCEN should consider? Are there factors unique to how certain institutions or industries develop and apply a risk assessment that FinCEN should consider? Should there be carve-outs or waivers to this requirement, and if so, what factors should FinCEN evaluate to determine the application thereof?
- Question 6: Should FinCEN issue Strategic AML Priorities, and should it do so every two years or at a different interval? Is an explicit requirement that risk assessments consider the Strategic AML Priorities appropriate? If not, why? Are there alternatives that FinCEN should consider?
- Question 7: Aside from policies and procedures related to the risk-assessment process, what additional changes to AML program policies, procedures, or processes would financial institutions need to implement if FinCEN implemented regulatory changes to incorporate the requirement for an “effective and reasonably designed” AML program, as described in this ANPRM? Overall, how long of a period should FinCEN provide for implementing such changes?
- Question 8: As financial institutions vary widely in business models and risk profiles, even within the same category of financial institution, should FinCEN consider any regulatory changes to appropriately reflect such differences in risk profile? For example, should regulatory amendments to incorporate the requirement for an “effective and reasonably designed” AML program be proposed for all financial institutions within each industry type, or should this requirement differ based on the size or operational complexity of these financial institutions, or some other factors? Should smaller, less complex financial institutions, or institutions that already maintain effective BSA compliance programs with risk assessments that sufficiently manage and mitigate the risks identified as Strategic AML Priorities, have the ability to “opt in” to making changes to AML programs as described in this ANPRM?
- Question 9: Are there ways to articulate objective criteria and/or a rubric for examination of how financial institutions would conduct their risk-assessment processes and report in accordance with those assessments, based on the regulatory proposals under consideration in this ANPRM?
- Question 10: Are there ways to articulate objective criteria and/or a rubric for independent testing of how financial institutions would conduct their risk-assessment processes and report in accordance with those assessments, based on the regulatory proposals under consideration in this ANPRM?
- Question 11: A core objective of the incorporation of a requirement for an “effective and reasonably designed” AML program would be to provide financial institutions with greater flexibility to reallocate resources towards Strategic AML Priorities, as appropriate. FinCEN seeks comment on whether such regulatory changes would increase or decrease the regulatory burden on financial institutions. How can FinCEN, through future rulemaking or any other mechanisms, best ensure a clear and shared understanding in the financial industry that AML resources should not merely be reduced as a result of such regulatory amendments, but rather should, as appropriate, be reallocated to higher priority areas?
Again, it’s hard to know how much difference public comments will make to this rulemaking, but—especially in light of the debate and discussion that the FinCEN Files reports have generated—this seems like a good opportunity for experts in the AML/anticorruption advocacy community to weigh in. Let me close with a few thoughts on how to make the comments most effective, drawn in part from my day job as an administrative law professor:
- Quality counts more than quantity. Agencies don’t really care if they get dozens or hundreds or thousands of comments that just express a preference or a policy conclusion. A moralistic tone probably also doesn’t help get agencies to pay attention. FinCEN receiving lots of letters saying some form of “Bad bankers should go to jail!” isn’t going to have much impact on the outcome of this rulemaking. It’s probably better if several advocacy groups join forces to submit one really thorough and detailed letter than if each of them sends its own letter if those letters tend to make the same points and are thinner on analysis.
- Tailoring the comments to the specific questions flagged by the agency is helpful. Ideally, a comment from an advocacy NGO would go point by point through each of FinCEN’s 11 questions and provide a detailed response.
- The more evidence (ideally quantitative, but qualitative too), the better. Comments that present relevant factual information are harder for the agency to ignore or dismiss.
- Anticipate what your adversaries in the regulatory process are likely to say (or, better yet, follow the electronic docket and see what they actually do say) and present rebuttals—again, supported by concrete evidence whenever possible.
- If you can find allies with experience in the financial industry, who will be able to talk in bankers’ language and flag the sorts of practical concerns that FinCEN might be worried about when considering more stringent regulations, this would be helpful when crafting comments to persuade the agency. One of the built-in advantages that the regulated sector has during a contested rulemaking process is that they can make veiled (or not-so-veiled) appeals to their superior expertise and authority—“If you really understand the banking industry, you’ll see that regulation X isn’t practical, what we need instead is (milder) regulation Y.” To counter that, it’s helpful to have allies who “speak banker,” as it were, and can rebut these arguments on the merits.
These are just a few tips, and I hope they’re helpful. I probably don’t have enough AML subject-matter expertise to weigh in on this rulemaking directly, but I very much hope that others do! This rulemaking proceeding isn’t going to lead to the transformative change in the AML system that many believe is necessary, but it does seem to hold the promise of meaningful incremental improvement.