On June 30, the US Financial Crimes Enforcement Network (FinCEN) issued the first government-wide list of AML/CFT priorities — a requirement of the recently passed Anti-Money Laundering Act of 2020 (AML Act). These represent “the most significant AML/CFT threats currently facing the United States” and are meant to help financial institutions tailor their individual AML/CFT programs and resources to confront those specific threats.
To most, these threats will come as no surprise. They are: corruption, cybercrime (which encompasses virtual currencies where appropriate), foreign and domestic terrorist financing, fraud, transnational criminal organization activity, drug trafficking, human trafficking and smuggling and proliferation financing. Perhaps most striking, however, is that the list is incredibly broad at first glance — so much so that financial institutions are likely wondering how this helps them marshal their limited resources in a way that assists the federal government in advancing their priorities.
FinCEN does go into more detail on each one. It points out, for example, that fraud related to the COVID-19 pandemic has emerged as a primary concern, as have email account compromise schemes. In addition, the agency emphasizes that ransomware attacks have increased significantly over the past two years and represent an especially grave cybercrime threat. Further, virtual currencies, although not discussed as a separate category, are singled out as the preferred currency when engaging in many illicit activities, which suggests additional regulations around cryptocurrencies may be forthcoming.
Financial institutions may also note that while foreign threats are prominent throughout the report, FinCEN takes care to explain what it considers to be the most dangerous domestic threats. These include corrupt actors and violent extremists, especially those who are racially or ethnically motivated or who are anti-government or anti-authority. While not wholly surprising, details such as these will provide the careful reader with valuable insight.
Nevertheless, alongside the release of the stated priorities, the government agency published two separate statements, one to banks and the other to other covered financial institutions, reiterating that financial institutions aren’t expected to act on the stated priorities right away. FinCEN will issue implementing regulations within the next 180 days — which banks and other financial institutions will, in turn, need to incorporate into their risk-based AML/CFT programs.
The publication and subsequent regulations are to be updated every four years. The hope is that this will provide clarity and ensure alignment among all involved —- regulators and financial institutions alike — thereby enabling a more current and dynamic response to AML/CFT threats as they emerge. Whether that particular hope becomes a reality remains to be seen, but it will be interesting to observe how the priorities change over time and as administrations come and go.