On December 3, 2018, the federal banking regulators and the Treasury Department's Financial Crimes Enforcement Network (“FinCEN”) issued a joint statement (the “Statement”) encouraging banks to adopt innovative technological approaches to comply with the requirements imposed on them pursuant to the Bank Secrecy Act (“BSA”) and other anti-money laundering (“AML”) laws and related regulations. The Statement does not impose any new obligations, but instead provides some degree of regulatory comfort for banks that seek to reduce costs and/or improve their compliance systems by trying new approaches to meet their BSA/AML compliance obligations, provided they continue to comply with BSA/AML requirements in accordance with their safety and soundness obligations.
The Statement is consistent with the general deregulatory trend in Congress and among many federal agencies in recent years, as explained in a 2017 Treasury report on regulatory recommendations for banks and credit unions, along with several follow-up reports that discussed reducing regulatory burden on financial services companies of many types. Congress has also taken up the deregulatory baton, passing, in May 2018, the Economic Growth, Regulatory Reform and Consumer Protection Act, the first significant deregulatory piece of legislation amending the Dodd-Frank Act. As another example, the Department of Justice (“DOJ”) announced in May 2018 that it would require its various components to coordinate internally and with other agencies when imposing multiple penalties on a single company arising from the same misconduct in order to avoid excessive “piling on” of penalties. In November 2018, the DOJ announced that it would loosen criteria for companies facing investigations – criminal or civil – to receive credit for cooperating with the DOJ, such that companies would generally have to identify those “substantially” involved in the conduct under investigation.
Key Takeaways from the Statement
In the Statement, the Agencies expressed the view that bank innovation, both in the sense of developing new technologies and in finding new applications of existing technologies, has an important role to play in improving BSA/AML compliance, and that the Agencies prioritize their role in fostering private sector innovation in this area.
The Agencies welcome the fact that some banks have developed financial intelligence units dedicated to BSA/AML compliance; in some cases, employing artificial intelligence and digital identity technologies to achieve compliance goals, such as risk identification, transaction monitoring, and suspicious activity reporting. Often, a necessary step for a bank to develop and deploy new technologies and techniques is to test them in a pilot program. In the Statement, the Agencies provide regulatory comfort – though not formal safe harbors – for such bank pilot programs in at least three ways:
- “[P]ilot programs in and of themselves should not subject banks to supervisory criticism even if the pilot programs ultimately prove unsuccessful”;
- “[P]ilot programs that expose gaps in a BSA/AML compliance program will not necessarily result in supervisory action with respect to that program”; and
- “[I]mplementation of innovative approaches in banks’ BSA/AML compliance programs will not result in additional regulatory expectations.”
The Agencies emphasize that banks remain subject to BSA/AML compliance requirements in accordance with their general safety and soundness obligations while developing, implementing, and conducting a pilot program. They also say that each bank should “prudently evaluate” when to consider a pilot program successful enough for the bank to adopt the technologies tested in the pilot program as part of its “baseline” BSA/AML program. The Statement encourages banks to discuss any pilot programs with their appropriate regulator early on in the program’s development.
As always, banks should be evaluating and updating their BSA/AML compliance measures on an ongoing basis. We, and the Agencies, are aware that many banks are developing new approaches to compliance through regulatory technology, or “RegTech.” For example, analytics, prediction models, and advanced computing technology may allow banks to improve compliance outcomes while simultaneously reducing time spent producing required BSA/AML reports, as well as lowering other BSA/AML-related compliance costs.
In light of the Statement, banks already considering changes or enhancements to their BSA/AML compliance programs should consider setting up formal pilot programs to test the new programs or technologies. Also, banks should consider contacting regulators to discuss any such changes and enhancements, and should also consider contacting legal counsel for assistance in evaluating current BSA/AML compliance and/or planning discussions with their federal banking regulators regarding implementing new pilot programs.