This is part 4 of a five-part series with Tom Fox and the FCPA Compliance Report on the National Defense Authorization Act (NDAA) and changes to the Bank Secrecy Act (BSA) and the Anti-Money Laundering Act (AMLA). To listen to the first episode in the series, please follow this link.
The NDAA creates governance mechanisms to clarify expectations and better align all of the efforts of financial institutions, regulators, and law enforcement—allowing them to spend more time tracking bad actors and combating risk and less time fighting over what good risk management looks like. It does this in three ways.
Improved Interagency Coordination, Cooperation, and Information Sharing
The law promotes better interagency coordination and cooperation, and, at the end of the day, improved information sharing. The agencies involved include the regulators that are charged with ensuring financial institutions follow the laws and regulations associated with Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT); the law enforcement agencies charged with investigating and prosecuting financial crimes and confiscating the assets associated with it; policymakers that attempt to bridge these gaps; and the national intelligence and security community. There are many moving parts involved in coordinating such interagency efforts. The NDAA begins by asking the important questions: What are the risks? What are the challenges? What are the threats that we’re facing? What are we requiring? It is an important place to start with a risk-based approach based on “What are the risks that we worry about and why?”
Refreshed Whistleblower Provisions
There has been some feedback from external parties regarding some provisions which plausibly allow an AML specialist, chief compliance officer (CCO), or internal auditor to report illegal conduct under the law, which some see as controversial. That section defines a whistleblower as follows:
“The term ‘whistleblower’ means any individual who provides, or two or more individuals acting jointly who provide, information relating to a violation of this subchapter or subchapter III to the employer of the individual or individuals, including as part of the job duties of the individual or individuals, or to the [Treasury] Secretary or the Attorney General.”
This provision provides an additional option and strengthens the hand of those that are trying to work within these institutions to implement effective AML programs. This does not come at the expense of internal cooperation, but rather it further empowers those individuals and seeks to resolve issues internally while also having an avenue for recourse.
The Pooling of Compliance Resources
When it comes to sharing compliance resources, regulators have opened up the way—through interagency guidance—to allow institutions to share compliance resources in ways that allow for the more effective and sustainable use of resources. The NDAA codifies the sharing of resources that was described in 2018 guidance in ways that represent another governance model, one that affords financial institutions the ability to share costs, especially when they have similar risk profiles, customers, markets, products and services, or delivery channels. This important step means organizations can free up resources to manage risks more effectively, and ultimately bring together different parts into a platform of common interests.
The NDAA looks to the future without taking responsibility away from the risk-based approach. This helps the institutions on the front lines to collectivize risk management on the back of shared data and shared compliance resources. All of these resources can help institutions to better understand and manage risk on a continuous basis.
To listen to the next episode in the series, please click here.