This is part 3 of a five-part series with Tom Fox and the FCPA Compliance Report on the National Defense Authorization Act (NDAA) and changes to the Bank Secrecy Act (BSA) and the Anti-Money Laundering Act (AMLA). To listen to the first episode in the series, please follow this link.
For both the public and private sector, there are opportunities under the new Anti-Money Laundering Act (AMLA) as part of the NDAA. Some of the most significant and most immediately evident benefits are related to information sharing, collaboration, and innovation.
Public-to-Private Sector Information Sharing
Parts of the law are targeted at addressing longstanding pain points for the industry related to information sharing, including in the public-to-private sphere. The new law makes it easier for private sector entities to communicate with the government and makes the government’s outreach more proactive by creating dedicated positions for the government’s liaison functions, both domestically and internationally.
This is intended to lead to a more active exchange of information. The NDAA requires the U.S. government to establish and communicate to the private sector its priorities and what it identifies as the biggest threats and risks. This is critical to building a foundation of common understanding on which banks can base their risk-based approach. Additionally, FinCEN will be required to periodically disclose to each financial institution information on the suspicious activity reports (SARs) they filed, and which of these SARs filings have been helpful, which is exciting because the private sector has been asking for this type of feedback for years.
Private-to-Private Sector Information Sharing and Collaboration
The second area of focus under the new law is private-to-private sector information sharing. The bill establishes a pilot program in which covered financial institutions will be able to share information related to SARs within their respective financial groups. This means that for international financial groups, there can be more cross-border information sharing related to activity within the financial institution or group itself. This removes an important barrier that financial institutions have struggled with in the past.
The NDAA also codifies what was previously joint supervisory guidance about sharing compliance resources across private-sector institutions. Many smaller financial institutions that do not have the resources to set up their own large compliance function will now be able to share compliance resources. Of course, all covered institutions need to have their own AML/CFT compliance programs and need to understand the risks that they face, but entities can share the cost of labor-intensive compliance functions such as transaction monitoring. This important step will make a marked difference, providing a real shot of confidence for those financial institutions that want to explore managed services or outsource elements of their compliance function. Those that are dipping their toes in the approach already should have more confidence to pursue it.
Technological Innovation
The NDAA does a lot to try to push the issue of innovation forward. There has always been a dynamic tension between innovation and regulatory compliance, as the BSA was written at a time when stakeholders could not envision the types of technologies at the disposal of financial services and regulators today. At present, the system is reactive by design. Regulations tend to proscribe approaches to “follow the money,” with reports filed largely after money has already traveled through the financial system.
However, now there are technologies available such as artificial intelligence (AI) and machine learning (ML). These allow compliance to take a more proactive, preventive approach to protecting the financial sector. The question becomes: Are stakeholders building a better mouse trap or are they creating a whole new, different, disruptive way to trap mice or solve the mouse problem?
In many ways, it can be easier to demonstrate the effectiveness of incremental innovations by comparing them to how the old system worked. However, with many of these innovations, entities are creating a new system or approach and shifting from the reactive to the preventive. As a result, it is challenging to compare the two approaches and prove effectiveness in the same way. The NDAA helps get at this issue by mandating an examination of whether and to what extent traditional AML model validation and model risk governance processes should even apply to AML/ CFT. Moving ahead, both the public and private sector will see clear benefits from the NDAA in innovation, information sharing, and beyond.
To listen to the next episode in this series, please click here.