The Financial Crimes Enforcement Network (FinCEN) issued its first governmentwide priorities for anti-money-laundering and countering the financing of terrorism (AML/CFT) policy (the Priorities) on June 30, 2021.1 In an accompanying press release, acting FinCEN Director Michael Mosier stated that the Priorities reflect the U.S. government’s view of “the most significant AML/CFT threats facing the United States.” The Priorities are

  • Corruption
  • Cybercrime
  • Foreign and Domestic Terrorist Financing
  • Fraud
  • Transnational Criminal Organization Activity
  • Drug Trafficking Organization Activity
  • Human Trafficking
  • Proliferation Financing

The Priorities, issued pursuant to the Anti-Money Laundering Act of 2020 (the AML Act), are designed to assist covered institutions in assessing their risks, tailoring their programs, and prioritizing the allocation of compliance resources in the implementation of AML program requirements. Most important, upon the issuance of implementing regulations, covered institutions will be expected to incorporate each Priority into their AML/CFT compliance programs.2 FinCEN expressly recognizes, however, that not every Priority will be relevant to every covered institution.

While FinCEN has made clear that covered financial institutions are not required to make changes to their AML programs based on the Priorities until the implementing regulations go into effect3 — which is expected to occur within the next six months — such institutions should carefully consider the Priorities to assess whether their current compliance programs fully address the risks related to each of the Priorities.

Below we provide a brief overview of the Priorities and some recommendations for what covered financial institutions can be doing now to prepare for the forthcoming implementing regulations. As an initial matter, note that these Priorities are just that, priorities. There is no indication that they are meant to serve as an exhaustive list. Covered institutions must still develop their AML/CFT programs based on the specific risks associated with their business and clients — including risks that may fall outside the Priorities.


Echoing the recent National Security Study Memorandum issued by the White House on June 3, 2021, the Priorities state that “[c]orruption, both domestic and foreign, threatens U.S. national security by eroding citizens’ faith in government, distorting economies, and weakening democratic institutions.” As a result, addressing the money-laundering risks associated with such corruption is a core national security interest of the United States.

Covered financial institutions should be sure to consult prior FinCEN advisories related to human rights abuses and corrupt senior foreign political figures in certain jurisdictions such as Nicaragua, South Sudan, and Venezuela. Additionally, while covered institutions should look broadly across their AML/CFT program to assess the typologies and red flags within their lines of business, particular attention should be paid to the robustness of the institution’s policies and procedures related to senior foreign political figures and politically exposed persons. These kinds of customers pose a particularly high corruption risk, and we expect that regulators will closely scrutinize AML/CFT procedures and controls policies relating to them when the implementing regulations go into effect.

Cybercrime, Including Relevant Cybersecurity and Virtual Currency Considerations

FinCEN’s Priorities broadly define cybercrime as any illegal activity that involves a computer, another digital device, or a computer network. Specifically, the Priorities define cybercrime to include such common cybersecurity threats as social engineering, software vulnerability exploits, and network attacks. In the wake of several high-profile ransomware attacks, the Priorities also single out ransomware as a cyber-enabled crime of “particularly acute concern” and a “top priority for the United States.” In doing so, FinCEN highlights its own prior advisory on the use of financial institutions to facilitate ransomware payments4 and specifically reminds covered institutions of OFAC’s separate 2020 advisory identifying the sanctions risks associated with making or facilitating a ransomware payment to an entity that may be associated with a sanctioned person, an adversary government, or a jurisdiction with a weak AML/CFT regime.5

To address these concerns, covered financial institutions should keep themselves current on trends, typologies, and indicators of financial crime involving cybercrime. This review should include an assessment of how their business lines may be affected by this kind of crime — either as a victim or as a means of laundering illicit proceeds. Indeed, FinCEN makes a point to add that “[c]overed institutions are uniquely positioned to observe the suspicious activity that results from cybercrime, including cyber-enabled financial crime.” Covered institutions should take this observation as a sign that regulators will expect AML/CFT programs to include effective transaction monitoring systems and procedures to identify and root out activity that may involve cybercrime. 

As for virtual currency, FinCEN’s Priorities emphasize that the Treasury Department as a whole is “particularly concerned” with “the misuse of virtual assets that exploits and undermines their innovative potential, including laundering of illicit proceeds.” FinCEN describes convertible virtual currencies as the “currency of preference in a wide variety of online illicit activity,” including ransomware attacks, child exploitation, and drug trafficking. As a result, covered institutions that transact in virtual currency should assess their ability to rapidly trace and/or interdict virtual currency proceeds. Such covered institutions should also ensure that they are familiar with FinCEN’s guidance for filing suspicious activity reports (SARs) related to illicit activity involving convertible virtual currencies.6

Terrorism — International and Domestic

The need to detect and prevent terrorist financing is not new. The Priorities reinforce the long understood principle that thwarting terrorist financing “is essential to counter the threat of terrorism successfully.” FinCEN reiterates in the Priorities that covered financial institutions must be cognizant of their obligations to identify and file SARs on potential terrorist financing transactions and to have in place a robust sanctions program to help identify the risks associated with individuals on sanctions lists and/or transactional activities from U.S. economic and/or trade-sanctioned countries. However, the Priorities also make clear that all terrorism comes in many shapes, from “lone actors using small amounts of money to self-fund attacks, [to] more complex schemes and networks that may be embedded within existing money laundering methods used to support logistical networks, operatives, and the procurement of material.”

To address these risks, covered institutions should ensure that their policies, procedures, and controls specifically address risks of money movements from the U.S. to overseas individuals/organizations that may be part of terrorist activities. While FinCEN cites certain examples of how and where terrorist financing may be more prevalent, covered financial institutions’ risk-based AML programs should look closely at the footprint of their client base, their locations, and the movement of money within jurisdictions that may facilitate terrorist financing. Additionally, covered institutions need to also begin considering how best to develop an AML/CFT program that address risks attendant with domestic terrorism. For example, robust and comprehensive onboarding and Customer Due Diligence (CDD) procedures will be integral to identifying individuals or groups that may be using an institutions’ services to facilitate domestic terrorism.


FinCEN notes in the Priorities that “fraud — such as bank, consumer, health care, securities and investment, and tax fraud — is believed to generate the largest share of illicit proceeds in the United States.”7 In addition to these more common crimes involving fraud, FinCEN raises the risk posed by “foreign intelligence entities and their proxies, which employ illicit financial practices to fund influence campaigns and facilitate a range of espionage activity by establishing front companies, and conducting targeted investments to gain access to sensitive U.S. individuals, information, technology and intellectual property.”

In response, covered institutions should review their onboarding and CDD procedures to be sure they are designed to identify the kind of foreign intelligence activity FinCEN raises. Covered institutions should also look closely at their controls surrounding money movements, particularly transfers through accounts of offshore legal entities and/or accounts controlled by individuals that may be cyberactors. In addition, covered institutions should continue to look at closely at identifying and reporting email account compromises as well as potential COVID-19-related fraud activities (e.g., economic impact payments, unemployment insurance, and pump-dump and other market manipulation activities).  

Criminal Activity Priorities — Transnational Criminal Organization Activity, Drug Trafficking Organization Activity, and Human Trafficking and Smuggling

Three of the Priorities — Transnational Criminal Organization Activity, Drug Trafficking Organization Activity, and Human Trafficking and Smuggling — all focus on preventing the laundering of criminal proceeds through U.S. financial institutions. Identifying and reporting the movement of ill-gotten gains from these crimes is not a new concept for covered financial institutions. However, in light of the Priorities, institutions should reassess the sufficiency of their AML/CFT programs with regard to these specific activities.  

In particular, covered financial institutions should closely examine any customer profiles that present a risk of engaging in any of these crimes, especially accounts that may be shell companies designed to hide the true nature of a business, as well as individuals who may be using funnel accounts to avoid detection. Additionally, covered institutions should ensure that their suspicious activity monitoring controls are calibrated to detect money movements connected with these kinds of activities and make sure their SAR filing procedures are clear and comprehensive.

Proliferation Financing 

The Priorities also include preventing “proliferation financing,” meaning the “exploit[ation] [of] the U.S. financial system to move funds that will be used either: (1) to acquire weapons of mass destruction or delivery systems or their components; or (2) in the furtherance or development of state-sponsored weapons programs, including the evasion of United Nations or U.S. sanctions.”  

As with international terrorist financing, covered institutions should begin reviewing their sanctions programs closely, particularly economic and trade sanctions, when trying to identify and report potentially suspicious transactions associated with possible proliferation financing. This is especially important for covered financial institutions that conduct global correspondent banking, which presents particular proliferation risk. Additionally, covered financial institutions should ensure that their know-your-customer and CDD policies and procedures include controls specifically geared toward identifying bad actors seeking to engage in proliferation activity.

The Priorities provide covered institutions with a guide on how to assess their current risk-based AML/CFT programs before FinCEN implements future regulations. While the Priorities do not exclude other risks that covered financial institutions may face, they do provide an opportunity to consider ways to prioritize the allocation of time and resources toward addressing the particular risks regulators will focus on. This should include an internal review as well as consultation with outside counsel and third-party vendors who can assist in tailoring an institution’s AML/CFT program to the Priorities.