On August 25, 2016, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) published a proposed rule that would extend the anti-money laundering (AML) and customer information program (CIP) requirements of the USA PATRIOT Act of 2001 to all banks. Currently, FinCEN’s AML and CIP requirements only apply to banks that are subject to regulation by a federal functional regulator. The proposed rule also would extend to all banks the customer due diligence (CDD) requirements that FinCEN published in May 2016, on which we reported previously. See Fried Frank Client Memorandum, FinCEN Issues Final Customer Due Diligence Rule (May 12, 2016).
Currently, banks not subject to regulation by a “federal functional regulator” are exempted from formal AML requirements pursuant to FinCEN regulations (31 C.F.R. § 1010.205).1 The proposed rule would remove this exemption and amend the regulations such that all entities meeting the definition of “bank” in 31 C.F.R. § 1010.100(d) would be subject to AML, CIP, and CDD requirements. FinCEN stated in a press release that it expects this proposed rule to affect an estimated 740 banks nationwide. The proposed rule sets forth a non-exhaustive list of categories of institutions that will be affected if the rule is adopted:
- State-chartered non-depository trust companies
- Non-federally insured credit unions
- Private banks
- Non-federally insured state banks and savings associations
- International banking entities authorized under the laws of Puerto Rico and the U.S. Virgin Islands
AML and CDD Requirements
If adopted, the proposed rule would require banks that are not regulated by a federal functional regulator to establish an AML compliance program that meets the same standards as those required for federally regulated banks. The proposed rule sets forth standards for a compliant AML program, requiring at a minimum:
- Establishing a due diligence program for correspondent accounts for foreign financial institutions;
- Establishing a due diligence program for private banking accounts;
- A system of internal controls to assure ongoing AML compliance;
- Independent testing for compliance conducted by bank personnel or an outside party;
- Designation of an individual responsible for monitoring and coordinating day-to-day compliance;
- Training for appropriate personnel; and
- Risk-based procedures for conducting ongoing customer due diligence, including developing customer risk profiles, updating customer information, and conducting ongoing monitoring relating to suspicious transactions.
FinCEN has been concerned with the perceived “gap” in AML coverage between banks that are and are not federally regulated. The rationale for the proposed rule is that banks without a federal functional regulator may be just as vulnerable to money laundering risks such as terrorist financing as federally regulated banks, and the rule seeks to impose uniform regulatory requirements in an attempt to close this gap.
If adopted, the proposed rule would also require non-federally regulated banks to comply with CIP requirements. The minimum standard imposed by this proposed rule is identical to the standard imposed on federally regulated banks, and requires each bank’s CIP to contain:
- Risk-based identity verification procedures;
- Recordkeeping procedures to store all information collected during the identity verification process;
- Procedures to screen potential customers against blocked persons lists; and
- Procedures to notify potential customers that the bank is requesting information for identity verification.
After the CIP requirements were finalized for federally regulated banks on May 9, 2003, FinCEN proposed rules to require other banks to comply with CIP requirements. However, those rules were never finalized. As with AML compliance, FinCEN believes that regulatory consistency and protection against systemic vulnerability to money laundering and terrorist financing are best achieved by a uniform standard relating to CIP requirements.
The proposed rule continues FinCEN’s expansion of its regulatory powers over the past few years. Banks that are not currently subject to federal AML and CIP requirements should begin preparing to implement them in the future if and when this proposal becomes a final rule. FinCEN will be accepting public comments on the proposed rule until October 24, 2016.