Decoding the Future of Work
This article discusses the key aspects of the AMLA and includes a discussion of the June 30, 2021 actions taken by FinCEN to approach Anti-Money Laundering and Countering the Financing of Terrorism National Priorities. 
On January 1, 2021, Congress enacted the National Defense Authorization Act for the Fiscal Year 2021 (“NDDA”). The NDAA includes the expansive Anti-Money Laundering Act of 2020 (“AMLA”), with the purpose of updating and amending the country’s anti-money laundering laws. The AMLA also provides one of the more notable additions to this anti-money laundering legal regime, the Corporate Transparency Act (“CTA”). It is the most sweeping AML legislation since the passage of the USA PATRIOT Act.
Spanning more than 85 pages, the AMLA creates a broad range of new anti-money laundering (“AML”) obligations for banks and other financial institutions, certain private investment structures, and even federal regulators. Many of the new provisions, including those creating a federal beneficial ownership registry, call for implementing regulations that will be promulgated months or years from now. Other provisions, including new criminal offenses and new subpoena authority over foreign banks with U.S. correspondent accounts, take effect immediately.
This article addresses the following key aspects of the AMLA:
The CTA creates a federal beneficial ownership registry, which will require certain types of domestic and international corporate entities, “reporting companies”, to file with the Financial Crimes Enforcement Network (“FinCEN”) information about the beneficial ownership of those entities. The CTA additionally requires that FinCEN maintain a non-public federal registry of this beneficial ownership information., thereby implementing a version of the “Registry Approach” recommended by the Financial Actions Task Force (“FATF”). The authors of the Corporate Transparency Act estimate about two million business entities are formed annually in the U.S. Coupled with all of the existing business entities that have already been formed, the raw data that will be generated under the legislation is enormous.
The CTA defines a “reporting company”, subject to the new reporting requirements, as a corporation, limited liability company, or similar entity that is either (i) created by a filing with a secretary of state, or (ii) formed under foreign law and registered to do business in the U.S. by a filing with a secretary of state. This definition is similar to the definition of “legal entity customer” under the “Customer Due Diligence Requirements for Financial Institutions” rule (“CDD Rule”). Like the CDD rule, the CTA does not appear to cover trusts, other than statutory trusts.
Many entities are exempted from the definition of “reporting company”. The exemptions include entities that are already required to disclose beneficial ownership information, such as publicly-traded companies and companies subject to significant regulatory oversight from other governmental authorities including banks, insurance companies, broker-dealers, and certain investment funds, charities, investment vehicles that are advised or operated by banks or registered investment advisers. Most corporations and LLCs that are owned or controlled by an exempted entity are also exempt from reporting. In addition, an entity is exempt if it (i) employs more than 20 employees; (ii) filed federal income tax returns in the previous year demonstrating more than $5,000,000 in gross receipts or sales, aggregating the income of both subsidiary and parent entities; and (iii) “has an operating presence at a physical office within the United States.”
If an exempt pooled investment vehicle is formed under foreign law, it must nonetheless file with FinCEN a written certification that provides identification information of an individual that exercises “substantial control”—again, a term the CTA does not define—over the pooled investment vehicle.
Each reporting company must disclose information about its “beneficial owners,” which the CTA defines as a person who, directly or indirectly, (i) exercises substantial control over the entity; or (ii) owns or controls not less than 25 percent of the ownership interests of the entity. The CTA does not define “substantial control.”
In addition, each reporting company must also disclose information about each “applicant,” which the CTA defines as any individual who files an application to (i) form a corporation, limited liability company, or similar entity under state law, or (ii) registers with a secretary of state a corporation, limited liability company, or other similar entity formed under the laws of a foreign country to do business in the United States. Notably, there is no exemption for lawyers or paralegals that form an entity on behalf of a client. It is unclear whether that person and their affiliated law firm would be implicated.
The CTA includes substantial penalties for willfully providing false information or willfully failing to report (or update) beneficial ownership information, including civil of up to $500 per day the violation continues and criminal penalties of up to $10,000 and/or imprisonment for up to two years.
Beneficial ownership information, much like other information in FinCEN’s possession, is confidential and may not be disclosed except to law enforcement solely for national security, law enforcement, and intelligence purposes. A reporting company, however, may consent to FinCEN’s disclosure of a company’s beneficial owner information to a financial institution to facilitate its compliance with customer due diligence requirements under applicable law.
AMLA 2020 makes clear that it will not immediately reduce CDD requirements for financial institutions. The legislation provides that nothing in the new law may be construed "to authorize Treasury to repeal the requirement that financial institutions identify and verify beneficial owners of legal entities." However, the new law does direct Treasury to revise the CDD rule within one year of promulgating implementing regulations, in order to reduce burdens on financial institutions and legal entity customers that are unnecessary or duplicative in the light of the new registration requirements.
Section 6308 of the AMLA provides a new mechanism that will help the US Department of Treasury (“Treasury”) and the US Department of Justice (“DOJ”) obtain foreign bank records during criminal investigations and in civil forfeiture actions. It permits the Treasury and the DOJ to issue a subpoena to any foreign bank that maintains a correspondent account in the United States. This subpoena power, however, is not limited to records related to the correspondent account, which is the limitation that existed previously. Rather, the subpoena can request records related to any account at the foreign bank, including records maintained outside of the United States.
Officers, directors, and employees of a foreign bank that receive such a subpoena are prohibited from notifying any account holder involved, or any person named in the subpoena, about the existence of the subpoena. A violation of this prohibition is punishable by a civil penalty of double the amount of suspected criminal proceeds sent through the correspondent account of the foreign bank in the related investigation.
The implications of these new provisions are potentially significant. The changes are meant to allow federal investigators to more easily obtain foreign bank records and not have to rely principally on the mutual legal assistance treaty process or other international agreements. Although the law is aimed at combatting money laundering, its broad scope (permitting subpoenas connection with “any investigation of a violation of a criminal law in the United States”) means that it may, and likely will, be used to target other serious criminal conduct, including high-profile white-collar crimes (e.g., tax evasion, Foreign Corrupt Practices Act violations), as well as international drug trafficking and national security violations. The AMLA prohibits courts from quashing or modifying the subpoena on the sole ground that compliance would conflict with foreign bank secrecy or confidentiality laws.
A foreign bank that fails to comply with a subpoena may be punished for contempt and liable for a civil penalty of up to $50,000 for each day that the foreign bank fails to comply with the terms of the subpoena. Funds held in the correspondent account may be seized to satisfy these civil penalties. Further, Treasury or the DOJ may order the U.S. financial institution providing the correspondent account to terminate the account relationship. A U.S. financial institution that fails to terminate the correspondence account relationship within 10 days is liable for a civil penalty of up to $25,000 for each day the financial institution fails to terminate the relationship.
AMLA 2020 added two new criminal BSA violations for intentionally deceiving or withholding information from financial institutions, The first new offense is to knowingly conceal, falsify, or misrepresent, from or to a financial institution, a material fact concerning the ownership or control of assets involved in a monetary transaction if (i) the person or entity who owns or controls the assets is a senior foreign political figure; and (ii) the aggregate value of the assets involved is at least $1,000,000.
The second new offense is to knowingly conceal, falsify, or misrepresent, from or to a financial institution, a material fact concerning the source of funds in a monetary transaction that (i) involves an entity found to be a primary money laundering concern; and (ii) violates a prohibition on opening or maintaining a correspondent or payable through account.
A violation (or conspiracy to violate) either law is punishable by up to 10 years' imprisonment and a fine of up to $1 million. Forfeiture of funds involved in the crime may also be imposed.
Congress also authorized the Securities and Exchange Commission to bring disgorgement claims for violations of the Securities Exchange Act. The statute of limitations for disgorgement claims is five years for most violations, and 10 years for fraud other violations for which scienter must be established.
The AMLA includes increased civil penalties for repeat and egregious BSA violators. For certain repeat violators, Treasury may impose three times the profit gained or loss avoided as a result of the violation or two times the maximum penalty for the violation for certain repeat violators who commit both a first and subsequent violation after January 1, 2021.
Further, if an individual partner, director, officer, or employee of a financial institution is convicted of a BSA violation, the individual must repay to the financial institution any bonus received during the calendar year during which or after which the violation occurred. In addition, any individual found to have committed an egregious violation of the BSA “shall be barred” from serving on the board of directors of a U.S. financial institution for 10 years following the conviction or judgment.
Perhaps the most significant impact of the AMLA is the amendments made by Section 6314 to 31 U.S.C. § 5323 of the BSA to “[update] whistleblower incentives and protection.”
AMLA broadly defines “whistleblower” as any individual (or two or more people acting jointly) “who provide information relating to a violation of this subchapter … to the employer of the individual or individuals, including as part of the job duties of the individual or individuals, or to the Secretary [of the Treasury] or the Attorney General”. This language expands the categories of employees benefitting from the whistleblower provisions to include compliance officers, auditors, counsel and others who often learn of violations during the normal course of business.
In addition, the whistleblowers are not required to be U.S. citizens or residents. Further, the illegal conduct does not have to have taken place in the United States, as long as the U.S. regulators have jurisdiction.
Section 6314 of the AMLA bars employers from discharging, demoting, threatening or harassing employees who provide information relating to money laundering and violations of BSA to their employer, or to the Attorney General, Secretary of the Treasury, regulators and others.
Previously, the protection under the BSA only applied to whistleblowers who reported possible violations to a federal supervisory agency as opposed to those only reporting to an employer. The AMLA protects whistleblowers who complain only to their employers. If the employer retaliates for bringing these claims, the employee can file a civil lawsuit and seek reinstatement, compensatory damages, counsel fees, double back pay with interest added, and other appropriate remedies regarding the prohibited conduct.
The AML Whistleblower Program is now in effect. When the AMLA was signed into law, the reward provisions became effective, without the need for implementing regulations. Critically, the program covers wrongdoing prior to its creation. A whistleblower with information about any violations of the BSA that are within the statute of limitations for government enforcement actions – six years for civil actions under 31 U.S.C. § 5321(b) and five years for criminal penalties under 18 U.S.C § 3282(a) – can submit a claim under the AML Whistleblower Program.
The Anti-Money Laundering Act of 2020 broadens the definition of “financial institution” under the BSA. The term “financial institution” now includes:
FinCEN is required to issue regulations within the next year that determine the scope of persons “engaged in the trade of antiquities” that will be considered “financial institutions” under the BSA.
AMLA resolves any doubt as to whether FinCEN has the authority to regulate digital assets. It achieved this by amending the BSA from covering “monetary instruments” to including activities related to “value that substitutes for currency.” In addition to cementing FinCEN’s authority over cryptocurrency firms, the AMLA potentially broadens the applicability of AML laws to other FinTechs involved in digital payments, such as payment processors and wallet providers, who could be subject to liability if their infrastructure is used to circumvent AML requirements.
The AMLA includes a number of provisions that will alter the landscape for financial institutions implementing BSA/AML programs. Key among these changes are requirements that FinCEN provide financial institutions with information about financial crime concerns and patterns. Within six months, the Treasury must establish national AML priorities, to be updated at least once every four years. Federal regulators will subsequently review whether and to what extent financial institutions have incorporated the national AML priorities into their risk-based programs.
On June 30, 2021, FinCEN issued its first-ever Anti-Money Laundering and Countering the Financing of Terrorism National Priorities (the “Priorities”).
FinCEN identified the following AML and countering the financing of terrorism (“CFT”) priorities:
Financial institutions will be required to incorporate these priorities into their AML programs after FinCEN finalizes implementing regulations, which must occur by December 27, 2021. FinCEN and federal and state banking regulators also issued a parallel interagency statement emphasizing that they will not examine banks for incorporation of the Priorities until after FinCEN issues implementing regulations.
The AMLA also requires FinCEN, “to the extent practicable,” to periodically disclose to “each financial institution” a summary of information on SARs that “proved useful” to law enforcement. The AMLA does not require financial institutions to respond to FinCEN’s disclosures, but financial institutions that receive negative feedback or no positive feedback may wish to consider whether they are meeting regulatory expectations.
FinCEN also must publish information relating to emerging money laundering and terrorist financing threat patterns and trends. FinCEN must include typologies, “including data that can be adapted in algorithms if appropriate. This suggest that “financial institutions will be evaluated on whether and to what extent they have incorporated FinCEN’s published threat patterns and trends into the financial institutions’ BSA/AML programs and SAR reporting processes.
The AMLA addresses de-risking, which is the practice of cutting off financial services to underserved individuals, entities, and geographic areas when BSA/AML risks are difficult or expensive to manage. The AMLA states that BSA/AML policies “must not unduly hinder or delay legitimate access to the international financial system,” and that federal enforcement efforts should not primarily focus on BSA/AML policies that result in “incidental, inadvertent benefits” to designated groups in the course of delivering “life-saving aid to civilian populations.” The Office of the Comptroller of the Currency (“OCC”) and FinCEN are required to study and report on de-risking, and to propose changes, as appropriate, to reduce any unnecessarily burdensome regulatory requirements.
Under current regulations, U.S. financial institutions are limited in their ability to share SAR details with foreign affiliates. The AMLA requires FinCEN to establish a pilot program for U.S. financial institutions to share SAR information with their foreign branches, subsidiaries, and affiliates, other than those in China, Russia, or jurisdictions that are state sponsors of terror, subject to sanctions, or unable to reasonably protect the security and confidentiality of the information.
Financial institutions also face new limitations on where a financial institution’s BSA duties can be carried out. The AMLA states that the “duty to establish, maintain and enforce” a BSA/AML program must be performed by “persons in the United States” who are accessible to and supervised by the appropriate federal regulator.
Portions of the AMLA focus on the role of technology in financial institutions’ BSA/AML compliance programs. FinCEN must issue regulations establishing standards that financial institutions must use when testing technology utilized for compliance with the BSA. FinCEN is also required to establish “streamlined, including automated, processes to, as appropriate, permit the filing of noncomplex categories” of SARs.
Under the AMLA, FinCEN must assess whether to establish a process for the issuance of no-action letters, including in response to requests for a statement as to whether FinCEN or another federal functional regulator intends to take enforcement action against a person under the AML laws with respect to specific conduct. If appropriate, regulations must be proposed within 180 days of enactment.
On June 30th, FinCEN also announced that it had submitted to Congress its assessment of no-action letters. FinCEN concluded that it should undertake a rulemaking to establish a no-action letter process as a supplement to other forms of guidance and relief available from the agency.
This may be a benefit to financial institutions that are considering offering novel and innovative products and services to engage with FinCEN on proposed or current activities and to receive definitive statements that FinCEN will not take enforcement action.
The AMLA substantially changes and modernizes the BSA and related AML laws and regulations. However, because many of the new statutory provisions will require rulemakings, reports, analyses, and other measures, the impact of the AMLA remains to be seen and may only be slowly realized over the next few years. Nonetheless, financial institutions should seek to prepare their stakeholders, including boards of directors, foreign affiliates, and BSA/AML compliance personnel, by informing them of these changes and how they may impact their day-to-day operations.
June 30, 2021
December 26, 2021
December 31, 2021