On January 1, 2021, Congress passed the National Defense Authorization Act for Fiscal Year 2021 (the NDAA), an omnibus statute that addresses a variety of defense and national security matters, including the most substantial and sweeping legislative reforms to US anti-money laundering (AML) and counter-terrorism financing (CFT) laws since the USA Patriot Act of 2001. The NDAA introduces these AML/CFT amendments and enhancements in the form of the Anti-Money Laundering Act of 2020 (AMLA). These developments will have a profound impact not only on financial institutions (that have traditionally borne the brunt of AML/CFT compliance), but also certain types of businesses other than financial institutions. Congress enacted the AMLA with bipartisan support overriding a prior presidential veto. The AMLA is yet another example of enhancements made by the United States to address national security concerns and complements recent developments and enforcement activity involving US sanctions/embargoes, export controls, anti-corruption and anti-fraud laws, and the Committee on Foreign Investment in the United States.
Among its provisions, the AMLA requires certain corporations and limited liability companies to disclose their beneficial owners to the Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury. It also strengthens US regulators’ abilities to combat money laundering, terrorist financing, and other financial crimes. As explained by its bipartisan sponsors, the AMLA will “improve transparency and … give prosecutors, national security officials, law enforcement, and financial institutions the modern tools they need to crack down on money laundering and terrorist financing.” (See Press release, Senator Mark R. Warner, “Warner, Rounds, Jones Applaud Inclusion of Bipartisan Anti-Money Laundering Legislation in NDAA,” December 3, 2020.)
While the AMLA contains numerous changes to the existing AML/CFT landscape, the following eight changes deserve particular focus:
- Creating a non-public registry that tracks the beneficial owners of certain corporations
- Enhancing the AML Whistleblower Program akin to the Dodd-Frank Act’s SEC Whistleblower Program
- Expanding US regulators’ statutory authority to seek documents from foreign financial institutions
- Modernizing the existing AML/CFT regime to account for emerging finance markets and patterns and expanding the resources and tools to counterthreats, including increased penalties and inter-agency information sharing
- Increasing penalties for BSA and AML violations
- Allowing Suspicious Activity Report (SAR) sharing with foreign affiliates
- Establishing priorities to govern AML/CFT policy and
- Creating an annual reporting requirement to apprise Congress of all Department of Justice (DOJ) settlements involving the Bank Secrecy Act (BSA).
1. Beneficial ownership reporting
The AMLA – through its Corporate Transparency Act – requires certain “reporting companies” to disclose beneficial ownership information to FinCEN, including each beneficial owner’s full name, date of birth, current address, and unique identifying number from a valid passport, driver’s license, or other state-issued identification document. According to the AMLA, the term “beneficial owner” covers an individual who directly or indirectly (i) exercises “substantial control” over an entity, or (ii) owns or controls not less than 25 percent of an entity. At this stage, it is unclear what the AMLA means by substantial control. Further FinCEN regulations may address this concern.
Certain types of US as well as non-US companies registered to do business in the United States can qualify as reporting companies subject to the above disclosure requirement. Unlike the United Kingdom and Europe, the United States has traditionally avoided requiring companies to provide their beneficial ownership information to a government agency. This is the first time that such a requirement has entered US law.
Largely aimed at shell companies, the above AMLA reporting requirement applies to corporations, LLCs, and “other similar entities,” but broadly carves out entities such as certain publicly-traded companies or issuers, securities issuers, banks, credit unions, investment companies, pooled investment vehicles, charitable organizations, trusts, and certain companies with a physical US presence that have more than 20 full-time employees and $5 million in gross receipts or sales. Entities excluded from the reporting requirement also include partnerships, sole proprietorships, unincorporated associations, foreign entities not registered to do business in the United States, money transmitters, and entities of which the ownership interests are owned or controlled, directly or indirectly, by an excluded entity. Notwithstanding the above exemptions under AMLA, financial institutions will continue to be responsible for risk-based customer due diligence (CDD) on certain of those persons in accordance with FinCEN’s CDD Rule.
The AMLA beneficial ownership database maintained by FinCEN will not be publicly available. Instead, FinCEN can avail itself of the reported information and share it with law enforcement agencies (including foreign agencies) in certain situations. FinCEN may also share the reported information with financial institutions to enable them to comply with CDD requirements, provided that such institutions first obtain the consent of the reporting company. Traditionally, financial institutions have had to assume the burden of obtaining ownership information directly from their customers to fulfill their FinCEN CDD obligations. Although it remains to be seen how AMLA will work in practice, a central beneficial ownership repository maintained by FinCEN can help alleviate certain CDD collection burdens otherwise imposed on financial institutions.
The AMLA obligates FinCEN to issue implementing regulations on beneficial ownership disclosures within one year of its enactment. Reporting companies have two years in which to submit their beneficial ownership information to FinCEN if those companies were already formed or registered prior to the above-mentioned regulations. However, reporting companies formed or registered after the regulations go into effect will have an immediate reporting obligation with FinCEN. Furthermore, the AMLA requires reporting companies to update their ownership information within one year of any changes.
It is imperative that businesses carefully assess whether they qualify as reporting companies under AMLA. This is because reporting companies that willfully fail to report, or willfully submit false or fraudulent information, will be subject to civil penalties, criminal fines, and imprisonment. Parties that engage in unauthorized knowing disclosures or usage of beneficial ownership information can also face serious civil and criminal consequences.
2. Enhanced AML Whistleblower Program
To solicit high-quality enforcement tips, the AMLA also enhances the program that incentivizes and protects AML whistleblowers. Replacing an earlier “informant” program that capped awards at $150,000, the new program incentivizes whistleblowers to report suspected AML violations by offering bounties of up to 30 percent of all monetary sanctions recovered in BSA/AML enforcement actions resulting from their tips. It also prohibits employers from retaliating or discriminating against employees who report suspected AML violations, and allows aggrieved whistleblowers to sue their employers for compensatory damages, reinstatement, and other relief including double back-pay with interest, litigation costs, and attorneys’ fees (subject to filing a complaint with the Labor Department and not receiving a final decision within 180 days).
The new program is akin (but certainly not identical) to the successful SEC whistleblower program created by the Dodd-Frank Act in 2010. Among the eligibility requirements for an award: (i) the individual must voluntarily report the information to her employer, the Treasury Department, or the DOJ; (ii) the information must be “original”; (iii) the information must “le[a]d to” a successful enforcement action; and (iv) the resulting enforcement action must recover at least $1 million.
Unlike the SEC Whistleblower Program, the AML Whistleblower Program does not limit award eligibility for compliance personnel, internal or external auditors (even if they reported the information as part of their job duties), or for counsel (but legal ethics rules would provide their own restrictions on the use of attorney-client information). On the other hand, the new whistleblower program would not set a minimum percentage that must be paid for a given award (instead requiring several factors to be considered). The anti-retaliation provisions also differ from Dodd-Frank in that an internal report to an employer is sufficient to trigger protections.
3. Expanded subpoena power
The AMLA also significantly expands the US government’s authority to obtain information from foreign financial institutions. Section 6308 authorizes the Treasury Department and DOJ to subpoena foreign banks that maintain a correspondent account in the US. This authorization extends not just to the foreign banks’ records related to the correspondent account, but to any account at the bank, so long as the records are relevant to certain enumerated types of investigations.
While the AMLA contemplates a process for foreign banks to quash or modify such subpoenas, it also expressly notes that “[a]n assertion that compliance with [such] a subpoena … would conflict with a provision of foreign secrecy or confidentiality law shall not be a sole basis for quashing or modifying the subpoena,” likely setting up a future clash in the courts involving foreign banks from countries that have enacted restrictive blocking, secrecy, or privacy statutes. Foreign banks, like US financial institutions, may also be subject to substantial civil penalties if their employees or agents notify a subject account holder of the inquiry.
Should a foreign bank fail to cooperate, the AMLA permits the DOJ to seek contempt sanctions and require the US correspondent bank to end its customer relationship with the foreign bank. US financial institutions who fail to terminate relationships with foreign banks not in compliance with a subpoena, may also be subject to a daily fine.
4. Modernized regime and enhanced resources
The AMLA also seeks to modernize the existing AML/CFT regime to account for emerging finance channels and to provide greater resources to the government to address money laundering. For instance, it expanded the definition of financial institutions and money transmitting business under the BSA to include, consistent with existing FinCEN regulations, entities that provide services involving “value that substitutes for currency” – a category that includes stored value and virtual currency instruments (eg, cryptocurrencies). Antiquities dealers, advisors and consultants were also added to the definition of “financial institutions” that are subject to the BSA and FinCEN’s CDD Rule.
The AMLA requires FinCEN to establish streamlined processes, including automated processes, to file certain categories of noncomplex SARs, including potentially for structured transactions, which could lessen compliance burdens. In establishing those processes, FinCEN is required to consider structured transactions and certain fund and asset transfers with little or no apparent economic or business purpose. The Office of the Comptroller of the Currency (OCC) has endorsed the automated filing of SARs for structuring, but FinCEN has not yet done so.
AMLA also requires FinCEN to solicit feedback from law enforcement on SARs and provide information to financial institutions on SARs they filed. AMLA requires DOJ to provide the Treasury Department with an annual report that includes statistics, metrics, and other information on the use of data derived from SARs and other reports filed by financial institutions, including whether such reports contained information acted on by law enforcement agencies. FinCEN must also publish, at least semi-annually, threat pattern and trend information and typologies, including data to be included in algorithms as appropriate, to inform financial institutions about the preparation, use, and value of SARs.
Additional resources to combat money laundering and to enforce money laundering laws were also enumerated within the AMLA. These include a voluntary public-private information-sharing partnership between law enforcement agencies, national security agencies, and FinCEN; the creation of FinCEN domestic liaison roles to oversee various US regions; the appointment of BSA “Innovation Officers” and “Information Security Officers” at FinCEN and other federal financial regulators; the appointment of six Foreign Financial Intelligence Unit Liaisons; the creation of a Treasury Financial Attaché Program; and other provisions designed to strengthen cooperation among law enforcement and national security agencies, both within the US and abroad. These measures are expected to enhance the ability of US enforcement authorities to detect and prosecute AML/CFT violations as well as predicate offenses such as corruption, fraud, or narcotics offenses.
5. Increased penalties for AML violations
The AMLA allows the Secretary of the Treasury to impose additional civil monetary penalties for certain repeat violators of AML laws, including three times the profit gained or loss avoided as a result of the violation or two times the maximum penalty for the violation. In addition, the new law requires certain partners, directors, officers, or employees of financial institutions convicted of violating the BSA are required to repay any bonus paid to that individual during the calendar year during which or after the violation occurred. Importantly, any individual found to have committed an “egregious violation” of the BSA is barred from serving on the board of directors of a US financial institution for 10 years from the date of conviction or judgment.
6. SAR sharing with foreign affiliates
Under current FinCEN guidance, financial institutions may only share SARs outside of the United States with parent companies. AMLA provides for a three-year pilot program under which financial institutions may share SARs with foreign branches, subsidiaries, and affiliates, except for foreign branches, subsidiaries, and affiliates in certain locations such as China, Russia, and jurisdictions subject to US sanctions. The pilot program is subject to a two-year extension at Treasury’s discretion.
7. National AML priorities
Within 180 days of the AMLA’s passage, the Treasury Department, in consultation with the DOJ, as well as relevant state and federal regulators and national security agencies, must establish and publish defined AML and CFT policy priorities. These priorities must be consistent with the national strategy for countering the financing of terrorism and related forms of illicit finance as described under Section 261 of the Countering Russian Influence in Europe and Eurasia Act of 2017 and must be renewed every four years. Following the publication of these priorities, FinCEN, in conjunction with the relevant regulators, has another 180 days to adopt regulations to ensure compliance. Subject financial institutions’ compliance programs will be assessed, in part, on the risk-based approach taken to incorporate these priorities once established.
8. Congressional reporting
Section 6311 of the AMLA requires the DOJ to report to the Congressional judiciary and banking committees, on an annual basis, all deferred prosecution agreements and non-prosecution agreements that the DOJ has entered into during the prior year with respect to any violation or suspected violation of the BSA. The report must include the justification for the action taken, the factors taken into account, and the extent to which the DOJ coordinated with other regulatory agencies before entering into the settlement.
The passage of the AMLA signals the start of a new era in enhanced money laundering enforcement in the US. While it may take time to fully implement the legislation, the next few months will likely see a wave of new regulations and guidance, as well as interest in the plaintiffs’ bar regarding the revamped AML Whistleblower Program and anti-retaliation provisions. Multinational financial institutions, US companies and non-US parties engaged in business in the US should ensure they are familiar with the AMLA provisions that may apply to their operations. The passage of the AMLA, and its attendant regulations to follow, signal an increased focus by US regulators on the prevention, detection, and prosecution of AML/CFT violations and support continuing efforts to strengthen the US national security posture.