The US Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) has published a Notice of Proposed Rulemaking that would require anti-money laundering (AML) programs for banks that lack a federal functional regulator, including:
- state-chartered, non-depository trust companies
- non-FDIC-insured state banks and savings associations and non-NCUSIF-insured credit unions
- private banks
- international banking entities that are not FDIC insured but are authorized by Puerto Rico and the US Virgin Islands to provide banking and other services to non-resident aliens
For some time, such firms have had exemptions from certain AML program requirements, which in practice generated inconsistency and uncertainty with respect to exactly what is expected in terms of Bank Secrecy Act compliance and AML programs. FinCEN’s proposed rulemaking, announced August 25, 2016, confirms that the expectation for these firms is consistent with that for traditional commercial or retail banks, and they must have an AML program inclusive of:
- internal policies, procedures and controls
- a designated compliance officer
- ongoing employee training
- independent audit of the program
The rulemaking also applies customer due diligence (CDD) requirements to banks lacking a federal functional regulator, thereby requiring them to identify and verify the identity of customers and beneficial owners of customers that are legal entities (consistent with FinCEN’s Final Rule published last May requiring CDD to be performed on individuals with direct or indirect ownership of 25 percent or more equity interest in legal entity customers, if any, as well as one control person for each legal entity customer).
FinCEN also welcomes public comments on the proposal. In particular, FinCEN is seeking comments on two key issues:
- Is the scope of the proposed rulemaking correct? More specifically, should any banks lacking federal functional regulators be excluded from the rule − presumably because they present little, if any, risk of money laundering and terrorist financing or have existing self-regulatory organizations which mandate AML requirements? Conversely, should other types of firms not listed also be included within the rule?
- Is the imposition of the same CDD requirements for these firms as currently applied to traditional banks appropriate in light of their customer relationships? If so, what time period is necessary for firms to implement these requirements?
Public comments are due by October 24, 2016.
Timing for any final rule on this proposal is unclear. In fact, it is noteworthy that the content and rationale for this proposal is generally consistent with a Notice of Proposed Rulemaking published by FinCEN in September 2015, extending Bank Secrecy Act compliance and AML requirements to registered investment advisers. That proposal has not yet been finalized. Because this proposed rule, as well as the prior one for registered investment advisers, clarifies regulatory expectations, however, we would advise clients to begin compliance efforts in anticipation of future finalization of the rule.