This is part 1 of a five-part series with Tom Fox and the FCPA Compliance Report on the National Defense Authorization Act (NDAA) and changes to the BSA and AMLA.
To better understand the National Defense Authorization Act’s (NDAA) move toward Bank Secrecy Act and Anti-Money Laundering (BSA/AML) reform, it is important to take a step back and look at the evolution of AML reform over the past 20 years. After 9/11, the United States recognized that any potential disruption or exploitation of the American financial system by suspected terrorist organizations was a threat to its national security. In response, the government substantially strengthened and expanded the BSA through the implementation of the USA PATRIOT Act, which broadened the BSA to cover most segments of our financial system and set expectations for covered entities AML/CFT compliance programs.
When examining the NDAA and its focus on reporting and information sharing, company formation reform and the addition of beneficial ownership regulations might be the most important element—one that will guide the implementation of a risk-based approach. This has been at the heart of the debate around implementation challenges to the BSA.
For the past 20 years, most areas of governance and the financial system have relied on a risk-based approach in which financial institutions are required to understand and manage risks associated with money laundering and illicit finance on a continuous basis. Companies are judged by examiners, regulators, and law enforcement in terms of their effectiveness in meeting those requirements. This can be challenging if institutions are operating with different types of information, and with different kinds of expectations, in a highly dynamic and evolving financial system and threat environment.
Among the most substantive changes contained in the NDAA are a host of new reporting and information sharing requirements that allow the financial system, financial institutions, regulators, and law enforcement to better understand what a risk-based approach means in terms of prioritization. Armed with this information, all parties need to consider how those risks are covered and translated into examinations, supervision, and expectations. Ultimately, those priorities and risks inform the AML programs that are implemented by financial institutions.
The NDAA also broadens the enforcement power of the Financial Crimes Enforcement Network (FinCEN), helping to strengthen and codify existing work by FinCEN, and also expanding upon it. Along with this additional authority, however, the NDAA also gives FinCEN additional accountability. The NDAA contains statutory requirements for FinCEN to establish additional liaison officers, both domestically and internationally.
Further codification of resourcing and reporting around requirements in the NDAA will also strengthen FinCEN’s historical efforts on threat reporting. This includes requiring FinCEN to periodically provide feedback to filing institutions on their Suspicious Activity Reports (SARs). The law also mandates a series of reviews of the utility of the BSA. Together, these requirements should help FinCEN rationalize what reporting requirements it is focused on and help the industry understand which information is most valuable for protecting the financial system, safeguarding national security, and assisting law enforcement.
Finally, the NDAA contains new risk management opportunities and obligations. It is now a requirement going forward that the Department of the Treasury—in consultation with the AG, relevant federal regulators, and national security agencies—identify and maintain national AML/CFT priorities that it communicates to supervised entities, which will help inform and align what risks financial institutions should be looking for based on expectations from law enforcement and the national security community.
To listen to the next episode in the series, please click here.