by Franca Harris Gutierrez, Boyd Johnson, Bruce Newman, Michael Dawson, Zachary Goldman, Rachel Dober, Michael Romais, Alina Lindblom, and Andrew Miller
This is Part II of a three-part post. For Part I, discussing the collection of beneficial ownership information, click here.
Innovation and SAR Reform
Over the past few years, FinCEN and federal banking agencies have expressed general support for more effective, efficient, and innovative AML compliance programs, and both the letter and spirit of the NDAA represent another step in that direction.[1] Recent statutory and regulatory efforts have paved the way for concrete shifts in the compliance regime. In December, the Federal Deposit Insurance Corporation (“FDIC”) and Office of the Comptroller of the Currency (“OCC”) finalized parallel Notices of Proposed Rulemaking (“NPRMs”) entitled Exemptions to Suspicious Activity Report Requirements. The regulators proposed modified regulations that, if finalized, would enable them to grant financial institutions broader exemptions to the SAR filing requirements in connection with innovative compliance approaches.[2]
Although FinCEN and the federal banking agencies have articulated support for innovation over the past several years, prior action did not result in concrete regulatory change to effectuate these goals. The NDAA and NPRMs provide a pathway toward a clear regime that would give financial institutions confidence that good faith efforts to experiment and to advance the use of technology in the financial crimes compliance space will not themselves generate adverse regulatory consequences. While the NDAA and NPRMs are promising steps forward, change will take more time as regulators continue to review the issues, absorb feedback, evaluate implementation, and issue additional guidance. In the meantime, to the extent a financial institution is contemplating adopting an innovative approach that would represent a material deviation from its standard process, it should take, at a minimum, two vital steps: (i) conduct a formal risk assessment in connection with the change; and (ii) thoroughly document the change, including why the financial institution has a good faith belief that the change supports financial crimes compliance and ensuring that the financial institution is able to explain clearly to its regulators what the technical tool does. Financial institutions that band together and collectively propose changes to the SAR regime that will assist law enforcement and regularize the compliance burden on companies may have more impact with the new Biden Administration.
The Progression of Regulatory Efforts to Modernize SAR Requirements
Background: The Joint Statement. On December 3, 2018, FinCEN issued a joint statement with the Federal Reserve Board, FDIC, National Credit Union Administration, and OCC to encourage financial institutions to consider and implement “innovative efforts to combat money laundering and terrorist financing” through the deployment of novel technologies.[3] The regulators noted that as money launderers’ tactics evolve, compliance mechanisms must keep pace, and new technologies such as artificial intelligence and machine learning can help manage risks. They also acknowledged that innovative pilot programs should be encouraged, even when such programs prove ultimately unsuccessful or uncover compliance gaps. FinCEN announced a new innovation initiative that would include outreach efforts. The other agencies committed to establish or continue to support their respective offices focused on advancing innovation.
While this guidance signaled openness to innovation in theory, it was heavily caveated and did not offer concrete regulatory relief. Banks were cautioned to “prudently evaluate whether, and at what point, innovative approaches may be considered sufficiently developed to replace or augment existing BSA/AML processes.”[4] As a result, relying on innovative approaches carried nontrivial risks for financial institutions, and the opportunities for change were limited. Although FinCEN has taken subsequent steps to promote innovation—including the BSA Value Project,[5] “Innovation Hours,”[6] and COVID-19 accommodations[7] — these risks remain.
FinCEN’s Advance Notice of Proposed Rulemaking. In 2019, the Bank Secrecy Act Advisory Group (“BSAAG”)—a forum for industry, regulators, and law enforcement—created an Anti-Money-Laundering Effectiveness Working Group to develop recommendations for strengthening the national AML regime by increasing its efficiency and effectiveness. This working group offered recommendations, culminating in FinCEN’s September 17, 2020 publication of an Advance Notice of Proposed Rulemaking (“ANPRM”). The ANPRM is aimed at ensuring an “effective and reasonably designed” AML program that provides a “high degree of usefulness to government authorities.”[8] Among other things, the ANPRM addresses the need “to facilitate the ability of the financial industry and corresponding supervisory authorities to leverage new technologies and risk-management techniques.”[9] The ANPRM specifically includes FinCEN’s recommendations to “support[] potential automation opportunities for high-frequency/lowcomplexity SARs and currency transaction reports (‘CTRs’), and explor[e] the possibility of streamlined SARs on continuing activity.”[10]
It is worth monitoring developments on this front to consider how FinCEN may approach the continued evolution of the BSA, particularly with new leadership at the Treasury and, we anticipate, FinCEN. However, proactive financial institutions should consider conducting annual effectiveness reviews of their AML compliance programs, with the expectation that examiners will increasingly look at their programs through this lens, even as the rulemaking progresses or, indeed, even if the rulemaking is abandoned. An effectiveness review could be done by enhancing the “control effectiveness” portion of a financial institution’s existing enterprise risk assessment. For example, assessment of the control effectiveness of a financial institution’s SAR reporting process could be expanded to include information sharing with law enforcement. The results of the annual effectiveness review should be fed back into the financial institution’s plan for continuous improvement of its AML compliance program.
Recent Actions: Proposed SAR Exemptions and the NDAA
-
Proposed SAR Exemptions
The recent FDIC and OCC NPRMs are intended to alleviate burdens for financial institutions that adopt innovative approaches to SAR filing. These NPRMs reinforce the general statements that FinCEN and the banking agencies have been making since their 2018 joint statement, and take the important step further by proposing concrete regulatory change that incentivizes innovation and efficiency in BSA compliance activities.
The proposed changes are designed to accomplish two primary goals: (i) enable the banking agencies to reduce regulatory burdens by coordinating with FinCEN to provide one unified requirement; and (ii) encourage financial institutions to embrace technology to meet BSA requirements.
With respect to the first objective, the NPRMs enable the banking agencies to allow broader SAR exemptions for certain kinds of activity that are consistent with safe and sound banking practices. The current regime only relieves SAR filing obligations in circumstances involving physical crimes (e.g., robberies) and lost, missing, counterfeit, or stolen securities. FinCEN has broader discretion to grant exemptions from BSA requirements, meaning FinCEN may issue a SAR filing exemption but an institution could still be required to file a SAR under the relevant banking agency’s regulations. This proposed rule, if adopted, would harmonize these approaches.
On the innovation front, the banking agencies contemplate that financial institutions may adopt technologies to enhance monitoring tools, automate investigation processes, and automate the population of forms.[11] The FDIC anticipates that “supervised institutions will leverage existing or future technologies to report information concerning suspicious activity in a different manner or time frame or to share SAR-related information.”[12] The OCC specifies that exemption requests from financial institutions may relate to, “among other things, expanded investigations and SAR timing issues, SAR disclosures and sharing, continued SAR filings for ongoing activity, outsourcing of SAR processes, the role of agents of national banks and federal savings associations, the use of shared utilities and shared data, and the use and sharing of de-identified data.”[13]
The proposed regulatory changes would enable more flexibility in granting exemptions and help synchronize requirements imposed by multiple federal regulators, notwithstanding some differences between the FDIC and OCC’s proposed changes.[14]
-
The NDAA
Beyond the provisions identified above, the NDAA amends the BSA in several ways that support innovation, efficiency, and effectiveness related to SARs by conducting reviews, providing reports and briefings to Congress, implementing new guidance for financial institutions, and making institutional changes by designating innovation support roles (e.g., Innovation Officers and a Subcommittee on Innovation and Technology).
Regulator Reviews and Reports to Congress. The NDAA requires the Treasury Department, the Justice Department, and other agencies to evaluate SAR reporting requirements and Currency Transaction Reports and consider options for streamlining compliance processes. Among other things, agencies must analyze options to integrate financial institution systems and the BSA e-filing system to permit, for example, “automatic population of report fields and the automatic submission of transaction data for suspicious transactions, without bypassing the obligation of each reporting financial institution to assess the specific risk of the transaction reported.”[15] The agencies’ review also must include an analysis of “whether financial institutions should be permitted to streamline or otherwise adjust, with respect to particular types of customers or transactions, the process for determining whether activity is suspicious or the information included in the narrative of a [SAR].”[16]
The review will rely heavily on the BSA Value Project[17] and focus on identifying data that provide “the greatest value to, and that best support, investigative priorities of law enforcement and national security agencies.”[18] In addition, the NDAA contemplates that the government must consult with “other relevant stakeholders” in connection with the review. Financial institutions and industry groups should consider whether and how to ensure this process accounts for their perspectives. The review will culminate with a report to Congress and appropriate proposed rulemakings within one year of enactment of the NDAA.[19]
Additionally, the Secretary of the Treasury must submit to relevant Senate and House Committees a report that must include legislative and administrative recommendations related to “the impact of financial technology on financial crimes compliance.”[20] And the Director of FinCEN must “brief” relevant Senate and House Committees on the use of emerging technologies, including “artificial intelligence, digital identity technologies, [and] distributed ledger technologies.”[21]
New Guidance. Regulators must update guidance for financial institutions on innovative compliance systems. The NDAA includes these requirements:
- Regulators shall “establish streamlined, including automated, processes to, as appropriate, permit the filing of noncomplex categories of reports.”[22]
- FinCEN will provide financial institutions information about typologies (techniques to launder money or finance terrorism), “including data that can be adapted in algorithms if appropriate.”[23]
- New regulations will define standards for testing technology, which may include “innovative approaches such as machine learning or other enhanced data analytics processes.”[24]
- The Secretary of the Treasury, in coordination with FinCEN, will establish a pilot program permitting financial institutions to share SAR information with their “foreign branches, subsidiaries, and affiliates” to facilitate more effective and efficient groupwide AML compliance.[25]
Designated Innovation Roles. To foster innovation and coordination with the private sector, the NDAA requires a BSAAG Subcommittee on Innovation and Technology. This Subcommittee will focus on reducing “obstacles to innovation” and will include “representatives of a cross-section of financial institutions subject to the [BSA].”[26] Additionally, FinCEN and each federal functional regulator must appoint an Innovation Officer who will work with financial institutions and technology providers to foster “innovative methods, processes, and new technologies that may assist in compliance with” BSA requirements.[27] Additionally, to advance outreach and collaboration further, the Secretary of the Treasury must convene an international financial crimes technology symposium that will include regulators, regulated firms, technology providers, and other experts.[28]
The NDAA requires FinCEN and banking agencies to launch initiatives that will take time. These requirements represent a critical step toward eventual important improvements to the BSA/AML compliance regime. However, proactive financial institutions may wish to consider establishing a financial crime innovation function. This office should ensure that efforts to apply new technologies to manage financial crime are well-conceived, well-documented, well-tested, and well-supported by data of sufficient quality. Such a proactive approach would help position financial institutions to both successfully apply new technologies to AML risk and successfully engage with their regulators about the application of new technologies.
Footnotes
[1] The NDAA significantly amends the BSA and other AML laws. The NDAA imposes multiple requirements on regulators which that are aimed at advancing the use of technology in this space. These include requirements that regulators conduct reviews, provide reports and briefings to Congress, implement new guidance, and make institutional changes, including the establishment of “Innovation Officer” positions to provide resources to financial institutions.
[2] See Press Release, FDIC, FDIC Board Approves Proposed Rule to Amend Suspicious Activity Report Requirements (Dec. 15, 2020), https://www.fdic.gov/news/press-releases/2020/pr20138.html; Press Release, OCC, OCC Proposes Rule Regarding Exemptions to Suspicious Activity Report Requirements (Dec. 17, 2020), https://www.occ.gov/news-issuances/news-releases/2020/nr-occ-2020-174.html.
[3] 5 FRB, FDIC, FinCEN, NCUA, OCC, Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing (Dec. 3, 2018), https://www.fincen.gov/sites/default/files/2018-12/Joint Statement on Innovation Statement (Final 11-30-18)_508.pdf (PDF: 70 KB).
[4] Id. at 2.
[5] In 2019, FinCEN launched the BSA Value Project to analyze the value of the BSA information it receives in order to improve processes. Press Release, FinCEN, Prepared Remarks of FinCEN Director Kenneth A. Blanco, delivered at the American Bankers Association/American Bar Association Financial Crimes Enforcement Conference (Dec. 10, 2019), https://www.fincen.gov/news/speeches/prepared-remarks-fincendirector-kenneth-blanco-delivered-american-bankers.
[6] This program provides opportunities for financial institutions and technology companies to present innovative products and services to FinCEN during monthly virtual meetings. Press Release, FinCEN, FinCEN Announces Its Innovation Hours Program (May 24, 2019), https://www.fincen.gov/news/newsreleases/fincen-announces-its-innovation-hours-program; FinCEN, FinCEN’s Innovation Hours Program, https://www.fincen.gov/resources/fincens-innovation-hours-program (last visited Jan. 14, 2021).
[7] FinCEN acknowledged that financial institutions might experience difficulties or delays in meeting their BSA obligations due to the demands of disbursing COVID-19 relief funds. FinCEN guidance highlights innovation as a potential solution to this problem. For more information, see David S. Cohen, Michael J. Leotta, Zachary Goldman & Michael Romais, COVID-19: Federal Regulators Provide Limited AML Relief in Coronavirus Response, and Limited Support for the Use of Technology in Financial Crime Compliance Activities, WilmerHale (Apr. 24, 2020), https://www.wilmerhale.com/en/insights/client-alerts/20200424- federal-regulators-provide-limited-aml-relief-in-coronavirus-response.
[8] Press Release, FinCEN, FinCEN Seeks Comments on Enhancing the Effectiveness of Anti-Money Laundering Programs (Sept. 16, 2020), https://www.fincen.gov/news/news-releases/fincen-seeks-commentsenhancing-effectiveness-anti-money-laundering-programs.
[9] Anti-Money Laundering Program Effectiveness, 81 Fed. Reg. 58,023, 58,024 (Sept. 17, 2020), https://www.govinfo.gov/content/pkg/FR-2020-09-17/pdf/2020-20527.pdf (PDF: 274 KB).
[10] 81 Fed. Reg. at 58,025.
[11] FDIC NPRM at 6–7, https://www.fdic.gov/news/board/2020/2020-12-15-notice-sum-d-fr.pdf (PDF: 283 KB); OCC NPRM at 8, https://www.occ.gov/news-issuances/federal-register/2020/nr-occ-2020-174a.pdf (PDF: 279 KB).
[12] FDIC NPRM at 3.
[13] OCC NPRM at 8–9.
[14] The FDIC proposal contemplates more deference to FinCEN as the administrator of the BSA. When both FinCEN and the banking agency require a SAR, the FDIC would seek FinCEN’s determination whether the exemption is consistent with safe and sound banking principles under the BSA and FinCEN’s exemption concurrence, whereas the OCC would make an independent determination and may notify the other banking agencies and consider their views. FDIC NPRM at 8; OCC NPRM at 10.
[15] NDAA § 6204(b)(2)(H).
[16] Id. § 6204(b)(2)(L).
[17] This project includes three core components: (1) assessing how potential regulatory and compliance changes will lead to more effective law enforcement outcomes, beyond the goal of industry efficiency; (2) providing detailed feedback to financial institutions so that they can assess the value of their automated tools and databases; and (3) identifying challenges that require action, particularly with respect to the development and communication of AML priorities. Through this project, FinCEN has developed over 500 metrics to quantitatively track and measure the value of the compliance information that financial institutions submit. Press Release, FinCEN, Prepared Remarks of FinCEN Director Kenneth A. Blanco, delivered at the American Bankers Association/American Bar Association Financial Crimes Enforcement Conference (Dec. 10, 2019), https://www.fincen.gov/news/speeches/prepared-remarks-fincen-director-kenneth-blancodelivered-american-bankers.
[18] NDAA § 6204(b)(2)(D).
[19] Id. § 6204(c).
[20] Id. § 6210(a), (c).
[21] Id. § 6211(f).
[22] Id. § 6202 (adding 31 U.S.C. § 5318(g)(5)(D)(i)(I)).
[23] Id. § 6206 (adding 31 U.S.C. § 5318(g)(6)(C)).
[24] Id. § 6209(a) (adding 31 U.S.C. § 5318(o)(2)(A)).
[25] Id. § 6212(a) (adding 31 U.S.C. § 5318(g)(8)(B)(i)).
[26] Id. § 6207 (adding 31 U.S.C. § 5311(d)(2)(B), (3)(A)).
[27] Id. § 6208(a), (c)(1).
[28] Id. § 6211(b), (c).
Franca Harris Gutierrez, Boyd Johnson, Bruce Newman, and Michael Dawson are partners, Zachary Goldman and Rachel Dober are counsel, Michael Romais and Alina Lindblom are senior associates, and Andrew Miller is an associate, at Wilmer Cutler Pickering Hale and Dorr LLP.
Disclaimer
The views, opinions and positions expressed within all posts are those of the authors alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the authors and any liability with regards to infringement of intellectual property rights remains with them.