How Firms can Respond to FinCEN’s AML/CFT National Priorities

On June 30, 2021, FinCEN published the first U.S. government-wide list of national priorities for anti-money laundering and counter-terrorism financing (AML/CFT) and the Bank Secrecy Act (BSA). FinCEN collaborated with the staff of several offices in the Department of the Treasury, as well as Federal and State regulators, law enforcement, and national security agencies.

FinCEN has issued guidance on eight main priorities, all of which include money /laundering as an integral feature as that is the core mission of FinCEN and the U.S. Department of the Treasury. FinCEN priorities include detecting corruption; cybercrime, including relevant cybersecurity considerations and the use of cryptocurrencies; foreign and domestic terrorist financing; fraud; transnational criminal activity; and drug trafficking. Other crimes that also must be reported, if detected, include human trafficking and human smuggling, and proliferation financing to acquire weapons of mass destruction.

The priorities also include crimes that are categorized as “predicate crimes” that generate illicit proceeds that may be laundered through the financial system. Predicate crimes are offenses that are components of larger crimes. The larger crime may be racketeering, money laundering, or terrorist financing; the contributing predicate crime may include but is not limited to, arms trafficking, concealment of assets, corruption and bribery, counterfeiting, cybercrime, drug trafficking, extortion, forgery, fraud, human trafficking or human smuggling, insider trading and market manipulation, kidnapping, illegal restraint and hostage-taking, organized crime/racketeering, robbery or theft, smuggling of goods, tax evasion, and terrorist financing.

FinCEN, in coordination with relevant federal and state regulators, issued two statements to provide guidance on the priorities, one for banks and the other for covered non-bank financial institutions. Banks are defined to include each agent, agency, branch, or office of U.S. banks, credit unions, savings associations, and U.S.-based foreign bank branches. Non-bank financial institutions include banks without a federal functional regulator; brokers or dealers in securities; mutual funds; insurance companies; futures commission merchants and introducing brokers in commodities; dealers in precious metals, precious stones or jewels; operators of credit card systems; loan or finance companies; casinos and card clubs; money services businesses; and government-sponsored housing enterprises.

The FinCEN priorities are not yet required to be incorporated into risk-based BSA or AML/CFT compliance programs of covered financial institutions until the effective date of the final revised regulations. By year-end 2021, BSA/AML regulations are expected to be revised to provide guidance as to how the priorities should be incorporated into the BSA/AML requirements of covered financial institutions.

Although the FinCEN priorities do not contain specific guidance or recommendations, banks and covered financial institutions should begin reviewing their BSA/AML programs, policies, procedures, and practices and the relevant FinCEN advisories and memoranda in order to consider changes that can be made to incorporate the FinCEN priorities into their risk-based programs. Firms may also want to consider incorporating appropriate clauses related to the priorities into customer agreements and certifications.

In addition, on June 28, 2021, FinCEN submitted a report to Congress, in accordance with AMLA 2020, stating that the agency should establish a “no-action letter” process to supplement existing regulatory guidance and to provide relief that may be requested by banks and covered financial institutions. FinCEN expects to incorporate into the no-action letter process an opportunity for financial institutions to consult with relevant regulators, departments, and agencies as appropriate in order to provide a better and more beneficial no-action letter process.

Key Takeaways of the AML/CFT Priorities

A summary of the importance of each of the FinCEN priorities is as follows:

Corruption

FinCEN has identified fighting corruption as a priority because corrupt individuals and their enablers undermine democracy. FinCEN has stated that corruption is a key issue because corrupt individuals and their activities threaten U.S. national security and the global financial system. They also impact individuals and entities across the world, debase the rule of law, and perpetuate conflict and human rights violations while seeking to use the U.S. financial system to obscure the proceeds of crime.

FinCEN has issued advisories on human rights abuses enabled by corrupt senior foreign political figures and their facilitators with regard to Nicaragua, South Sudan, and Venezuela. However, firms should confirm that their procedures are designed to recognize and report any potential corruption and include methods to identify and classify red flags for corruption types in all jurisdictions.

Cyber Crime

FinCEN has identified cyber-enabled financial crime, including ransomware attacks, foreign interference in democratic processes, and the use of convertible virtual assets to launder proceeds of illegal activities as significant types of cybercrime. FinCEN has also encouraged increased communication between the AML and cybersecurity units of covered financial institutions to help deter and detect cybercrime.

FinCEN considers covered institutions to be uniquely positioned to detect suspicious financial activity related to cybercrime. Ransomware campaigns to conduct illegal activities and advance nuclear weapons ambitions have been associated with adversary governments, sanctioned entities, and jurisdictions with weak AML/CFT regimes, such as Russia, North Korea, and Iran. As evidenced by recent attacks on the nation’s fuel and food supplies, ransomware is of particularly intense concern, as criminals increasingly use sophisticated attacks to target various sectors, including government, finance, education, energy, and health care. FinCEN has issued several advisories regarding cybercrime to help covered institutions identify and report suspicious activity by detecting common traits or characteristics of red flags related to cybercrime. Covered financial firms should review these advisories and verify that their procedures include the necessary steps to identify and report suspected cybercrime.

Terrorist Financing

FinCEN’s priorities state that one of the nation’s highest priorities continues to be combatting terrorism, including from ISIS, Al Qaeda, Hezbollah, and Iran’s Islamic Revolutionary Guard Corps. FinCEN notes that racially or ethnically motivated violent extremists and anti-government or anti-authority violent extremists have evolved significantly and are the most lethal domestic threats. 

As a countermeasure, covered institutions are reminded to comply with sanction programs and identify activity conducted by terrorists and terrorist organizations that are named on sanctions lists issued by the U.S. government.

International Terrorism

FinCEN views the most common type of international terrorism to be conducted by individuals who provide funding to overseas terrorists, terrorist groups, or their supporters. Most terrorist groups rely primarily on banks, money services businesses, and cash couriers to transfer funds, though some regularly seek smaller donations in digital assets. FinCEN considers disrupting terrorist networks, such as Al Qaeda and Hezbollah, and preventing an ISIS or Taliban resurgence as vitally important for the security of the United States and its allies.

Domestic Terrorism

FinCEN has named combatting domestic terrorism as vital to the security of the United States because extremists operating primarily within the territorial United States seek to carry out unlawful acts of force or violence. Domestic terrorists may include violent extremists and militia groups, who purport to use political and religious justifications to support racially or ethnically-based ideological objectives and terrorist activities. FinCEN deems the identifying and reporting of financial transactions linked to domestic terrorists to be of crucial importance to deter donations and contributions to individuals or organizations named on U.S. government sanction lists.

Covered financial institutions are reminded of their obligations to identify potential terrorist financing transactions and related activity, file suspicious activity reports, and comply with the requirements for expedited reporting of violations that require immediate attention. 

Fraud

FinCEN has stated that combatting fraud is a priority because crimes that involve fraud generate the largest volume of illegal proceeds. These include bank fraud, consumer fraud, health care fraud, securities and investment fraud, and tax fraud. Also of principal concern to FinCEN are foreign entities and their proxies that use illicit financial practices to conduct influence campaigns, facilitate espionage through front companies, and conduct targeted investments to gain access to U.S. individuals, sensitive information, technology, and intellectual property. FinCEN considers deterring internet-based fraud, including fraud related to synthetic identity fraud and other forms of identity theft to be a priority.

More recently, fraud related to the COVID-19 pandemic has been of particular concern to FinCEN and this has been the subject of six FinCEN Advisories. Examples of pandemic-related fraud include identity theft fraud related to Covid testing or vaccine availability, fraudulent filings for unemployment benefits, and fraudulent filings for Paycheck Protection Plan benefits. Fintech firms and financial institutions are reminded of their obligations to identify and report suspected fraud.

Transnational Criminal Organizations (TCOs)

FinCEN has identified stopping transnational crime as a priority because TCOs operating in the United States include organizations that conduct cybercrime, fraud, human trafficking, trafficking in drugs, weapons, and wildlife, intellectual property theft, and corruption. A number of TCOs including Mexican and Russian organizations operating in the United States, and certain Africa- and Asia-based organizations remain priority threats. These organizations may use professional money laundering networks that provide specialized expertise in laundering proceeds generated by criminal enterprises. 

Therefore covered financial institutions are well situated to be able to detect and report suspicious financial activity related to suspicious financial transactions conducted by these organizations.

Drug Trafficking Organization (DTO) Activity

FinCEN has included drug trafficking as a priority because the sale of illegal drugs continues to pose a significant public health emergency as well as a priority due to proceeds of the sales being laundered in or through U.S. financial institutions. 

Mexican DTOs and drug cartels in Mexico and Colombia are operating sophisticated organizations to distribute drugs in the United States. DTOs may also rely on professional money laundering networks in Asia (primarily China) or may serve as brokers in trade-based money laundering schemes. FinCEN has identified a substantial increase in complex schemes used to exchange cash proceeds from Mexican organizations to Chinese citizens residing in the United States, including through the use of front companies or couriers to deposit cash derived from narcotics sales into the banking system. Financial organizations should be aware of these potential financing deals so that they can more readily identify and report potentially suspicious transactions.

Key Concerns and Next Steps

One of the primary concerns related to cybercrime is the use of convertible virtual currencies (cryptocurrency, digital currencies, and digital assets). Although FinCEN has noted that the use of virtual currency is a substantial financial innovation, virtual currency can also be used for a variety of illicit activities, including payments for ransomware attacks, illicit drugs, human exploitation, and other criminal activity. For those reasons, FinCEN is highlighting that misuse of convertible virtual currencies is a significant part of cybercrime.

As mentioned above, the newly published BSA and AML/CFT priorities do not modify the Bank Secrecy Act or AML/CFT regulations. FinCEN has stated that examiners will not evaluate compliance with these priorities until the effective date of the final rules. FinCEN has declared that it will issue rules, within 180 days of the publication of the priorities, as required by the Anti-Money Laundering Act of 2020. New rules are expected to be issued in late December 2021 and it is anticipated that these rules will provide guidance on how to incorporate the FinCEN priorities into BSA and AML/CFT programs.