Skip to main content Skip to navigation

FinCEN Issues Banking Advisory on Risk-Based Approach to Independent ATMs

Regulators & Key Institutions Latest News

On June 22, the Financial Crimes Enforcement Network (FinCEN) issued a statement providing clarity to banks on applying a risk-based approach to conducting customer due diligence (CDD) on independent ATM owners or operators consistent with the 2016 CDD Final Rule. The advisory highlights the importance of independent ATM owners and operators’ access to banking services due to “the important financial services they provide” to “underserved markets.” 

The advisory notes that banks should not automatically classify independent ATM owners and operators as high risk. Rather, each risk assessment relating to these customers should reflect the individual levels of risk exposure that each entity presents.

Applying a risk-based approach

FinCEN’s statement reiterates the agency’s stance that banks should respond to threats on a contextual basis. The potential risk to a bank depends on the presence or absence of numerous factors, including the location of the ATMs, transaction volumes, and the source of funds used to restock the ATMs.

Despite not being explicitly required by the CDD Rule, FinCEN recommends banks collect certain information to assess the individual level of risk exposure posed by independent ATM owners and operators. This includes information such as:

  • Organizational structure and management
  • Operating policies, procedures, and internal controls
  • Currency servicing arrangements
  • Source of funds used to replenish an ATM, if not a bank account
  • Where the independent owner or operator is established and maintains places of business
  • Expected and actual ATM activity levels, including currency transactions
  • Whether ATM operations are supplemental to other retail operations or are the primary business of the customer

The CDD Final Rule

Issued in May 2016, FinCEN’s CDD Final Rule is an amendment to the Bank Secrecy Act that standardized CDD requirements for banks, broker-dealers, mutual funds, futures commissions merchants, and brokers in commodities. 

The rule required “covered financial institutions” to identify and verify the beneficial owners of every account, both at its opening and throughout the business relationship. It also established ongoing monitoring for reporting suspicious transactions and updating customer information on a risk basis. 

Key takeaways

Compliance teams that work with ATM owners and operators should consider the policies and procedures they have in place regarding the sector, mapping the recommendations from FinCEN to their existing risk-based approach. This may unearth new opportunities to boost financial inclusion among underserved communities.

Originally published 01 July 2022, updated 22 August 2024

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2024 IVXS UK Limited (trading as ComplyAdvantage).