Ankura's Nova O sits down with Mark McGrath, Ayana Murphy, and Elif Cinar to discuss the current anti-money laundering (AML) landscape in the latest Q&A with our Ankura experts. Learn more about responding to the increased global risk of financial crimes in the article below.
Q: Could you outline some of the more recent key legal and regulatory developments in the U.S. affecting anti-money laundering (AML)?
In 2021 the National Defense Authorization Act (NDAA) became law, which included the most comprehensive reforms to AML/CFT laws since the USA Patriot Act in 2001. The reforms, now codified in the Anti-Money Laundering Act of 2020 (AMLA) are applicable to all regulated financial institutions (FIs) and are intended to enhance national security concerns by moving the U.S. from what was a more U.S.-centric legal framework to a more global posture in fighting financial crimes. The AMLA reforms many areas, which include:
- Enhancements to beneficial ownership reporting requirements to prevent the anonymity of beneficial owners of companies that were created to launder illicit funds,
- Establishing an enhanced whistleblower program with substantially increased awards from prior Department of the Treasury caps and anti-retaliation protections similar to expanded whistleblower programs at other regulators (e.g., the SEC) that have proven extremely successful at driving successful enforcement efforts,
- Expanding the government’s subpoena authority to obtain foreign bank records more easily,
- Codifying a risk-based approach to AML/CFT compliance, increasing incentives on foreign institutions to comply with cross-border investigations by increasing fines, and
- Aiming to modernize the AML/CFT system by embracing technology and innovation and eliminating obsolete regulations and guidance, among others.
On June 30, 2021 FinCEN released its first set of government-wide priorities for AML/CFT pursuant to the AMLA FinCEN proposal issued in January 2022, stemming from enactment of the AMLA requiring the Treasury Secretary establish a pilot program to improve SAR reporting to help financial institutions further combat illicit finance risks, would allow U.S. financial institutions to share SARs with their own foreign branches, which are treated as foreign banks under the Bank Secrecy Act (BSA).
The Wolfsberg Group, a consortium of some of the largest global banks which provides industry leadership and guidance on BSA/AML topics, recently issued a statement responding to FinCEN’s requests for comments on the released AML/CFT priorities. Wolfsberg noted that current SAR regulations in the U.S. are very broad and could be improved by prioritizing certain types of suspicious activity and providing a framework for FIs to focus on AML/CFT priorities.
Q: What areas are poised to receive heightened scrutiny from regulators and what can companies do to effectively address those risks and prepare for increased attention to particular areas?
The AMLA required FinCEN to establish AML/CFT priorities upon which financial institutions could rely for planning purposes and allocate resources within their own AML programs. On June 30, 2021, FinCEN released its first set of government-wide priorities for AML/CFT which span eight areas related to: i.) corruption; ii.) cybercrime; iii.) terrorist financing; iv.) fraud; v.) transnational organized crime; vi.) drug trafficking; vii.) human trafficking and smuggling; and viii.) arms proliferation. FinCEN issued a joint statement with federal banking agencies and state bank regulators encouraging banks (and other regulated FIs) to start incorporating the Priorities into their risk-based BSA compliance programs.
While banks and FIs are not required to incorporate the Priorities into their BSA/AML compliance programs until the effective date of the final revised regulations, the Priorities and joint statement telegraph areas that will eventually receive heightened scrutiny from regulators. Regulated entities should begin by reviewing their BSA/AML and Sanctions risk assessments and incorporating the Priorities into their risk matrices, to ensure that they are properly evaluating the potential risks associated with the products and services they offer, the customers they serve, and the geographies in which they operate. . . The AMLA requires that such a review by financial institutions be included as a measure on which the FI is supervised and examined. Companies should also remain on the lookout for revised regulations and additional guidance from FinCEN, federal banking agencies and state bank regulators to assist them in complying with the BSA.
Enforcement actions against financial institutions for violations of anti-money laundering (AML) and data privacy regulations totaled $5.4 billion in the United States for 2021.
Q: When considering integrating Fintech services into their businesses, what steps should companies take to ensure adequate processes, programs and policies are in place to support AML?
Fintechs operate in many areas of financial services, including lending, credit and securities and many traditional financial services firms are incorporating Fintechs into their brands and service offerings. However, Fintech is a broad term, which describes a whole host of potential services, many (but not all) of which will involve the use of cryptocurrencies or other virtual assets. For example, there are Fintechs that make payment services smoother or faster, which may or may not involve payment services for cryptocurrencies.
Financial institutions should approach the integration of a Fintech the same as the any other new product or service. The first step is, of course, understanding what product or service the platform provides. In the U.S., the regulatory framework is such that many agencies (both federal and state) might have oversight of a Finech and it will depend on the specifics of the business offerings. For example, whether the Fintech is providing a service that could be categorized as a money services business (and would therefore be required to register as such) is a question that turns on the exact nature of the product offered. There are some overlapping requirements between agencies but there are also separate and distinct requirements based on licensing, jurisdictions involved, etc. , and it should go without saying that in a global business the regulations in all jurisdictions in which a Fintech or corporation operates need to be considered.
Once a company understands the regulatory framework for the Fintech, the company should begin the process of aligning BSA/AML programs using the five pillars of a BSA/AML program, as outlined by the Federal Financial Institutions Examination Council (FFIEC), the U. S. government interagency body composed of five banking regulators that is "empowered to prescribe uniform principles, standards, and report forms to promote uniformity in the supervision of financial institutions”. A BSA/AML compliance program should begin with a risk assessment, which reviews the products, services, customer and geographies of the business and the program should then be aligned to the identified risks.
Q: Non-fungible tokens (NFTs) exhibited exponential sales growth from 2020 to 2021. With that came crimes in the form of wash trading and money laundering. What can be done to help prevent wash trading and what can companies do to detect money laundering activity in NFTs?
Wash trading refers to a transaction in which the seller is on both sides of the trade. These types of transactions are illegal in the U.S., as the purpose is to feed misleading information to the market by boosting perceptions of the value and liquidity of an asset.
Because users on NFT marketplaces can create multiple wallets without identifying themselves, a single source can trade an NFT multiple times, therefore creating the appearance of large trade volume and falsely inflating the value of the NFT.
Companies that are seeking to prevent this type of activity on their platforms can implement policies and procedures that discourage this activity, such as removing users that perform wash trades and reporting them as well as utilize automated tools to identify these types of transactions.
Traditional financial institutions are buying into cryptocurrencies in a big way – Standard Chartered Bank, Citibank, JP Morgan Chase and Goldman Sachs among others have all made multi-million-dollar investments in blockchain technology.
Q: What are the latest technology trends in the fight against financial crimes?
When we talk about the technological developments in the transactions space, Intelligent automation is the greatest asset we currently have towards making our anti-financial crimes efforts stronger and more efficient.
Intelligent automation can come in different forms: At the most basic level, it starts with applying robotics process automation to AML and sanctions alert investigations and case management. As fancy as ‘robotics process automation’ sounds, it basically refers to the act of automating the repeatable steps of investigating and adjudicating alerts in transaction monitoring and sanctions screening systems. When investigating an alert, a human investigator often needs to gather data from various internal systems, including internal transactional and customer databases, as well as conduct searches on external resources for background information on the related entities. What if we could get an automated process to complete all the repetitive steps, including the drafting of the investigation report? Not only does it save time, but it also greatly reduces incidence of human error.
A higher form of machine intelligence that can be applied to transaction monitoring and sanctions screening is machine learning, where historical outcomes of previous cases and other available information can be used to train a model to perform the investigation and make a determination on a given alert. These types of models utilize existing data as a baseline and then learn from continuous feedback to improve performance over time. They don’t replace human investigators, but they complement them to make the outcomes more efficient and more accurate.
Q: What advice would you offer to organizations on integrating technology into their processes to enhance the efficiency of their AML capabilities and allow them to detect unusual behavior and identify red flags?
This is not going to be a surprise for many, but the best advice I can give anyone who is using any kind of technology-enabled solution to enhance their AML programs is to make sure that the data they are feeding into their transaction monitoring system pass the data quality test. The financial institutions that are farther along the maturity curve in their AML programs tend to have strong data quality assessment processes and procedures that perform ‘source to surveillance’ tests on their transaction data.
These tests include checks across all six pillars of data quality: accuracy, completeness, consistency, integrity, timeliness, and validity, and they are run on different junctions of the data (and transaction) lifecycle to make sure that critical data elements are not getting corrupted or lost along the way. Think of it this way: You have a bank teller entering the transaction details into the front office system. By the time the data gets to the surveillance system, it undergoes many transfers and transformations. Some of the world’s biggest financial institutions have gotten fined hundreds of millions of dollars because key transaction data got truncated somewhere along the way, rendering their transaction monitoring system ineffective. Clean data is key, because without clean data, the outliers that you pick up as unusual behavior or red flags are very likely to be insufficient, unreliable, and/or misleading.
In the transactions landscape, technology acts as both a catalyst of innovation and an enabler of fraud. The only way to effectively mitigate risks of financial crimes in the digital world is to embrace technology-enabled solutions.
© Copyright 2022. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.