For the first time in a decade, the Treasury Department has released its own anti–money laundering (AML) and terrorist financing Risk Assessments, which may both set a strategic framework for future AML regulatory developments and establish a baseline expectation for financial institutions’ own AML risk assessments.

Treasury published its National Money Laundering Risk Assessment (NMLRA) and National Terrorist Financing Risk Assessment (NTFRA) on June 12, 2015. Together, these Risk Assessments constitute the federal government’s evaluation of the present state of the US AML and countering the financing of terrorism (CFT) system. The Risk Assessments summarize the threats posed to the United States by money laundering and terrorist financing. They also analyze the risks and vulnerabilities that money launderers and terrorists seek to exploit, the preventive measures taken to mitigate those vulnerabilities, and the residual risks facing the United States and the US financial system.

Treasury officials said they hope financial institutions will use these Risk Assessments to bolster their own understanding of AML/CFT risks when designing and implementing their risk-based AML programs. Thus financial institutions may wish to ensure that their own risk assessments consider the AML/CFT risks and vulnerabilities that Treasury has identified. 

The specific threats, vulnerabilities and risks identified by the Risk Assessments are mostly unchanged from the last comprehensive assessment, issued in 2005.  Instead, the Risk Assessments reflect technological and industry developments since 2005, such as those associated with Bitcoin and other digital currency. The AML and CFT risks identified are organized by threats, vulnerabilities and risks consistent with the Financial Action Task Force’s (FATF) new risk assessment methodology, while the 2005 assessment was primarily organized by industry sector.

The Risk Assessments were prepared by the Treasury Department’s Office of Terrorist Financing and Financial Crimes (TFFC), in consultation with multiple other offices and agencies across the federal government. TFFC leads the US delegation to the FATF and plays a critical role in setting policy and coordinating AML/CFT efforts across Treasury and the US government. Understanding TFFC’s areas of focus, by reading the office’s publications or through separate conversations with TFFC staff, can help financial institutions predict and prepare for future AML regulatory developments.

Preparation for FATF Review

The Risk Assessments should also be evaluated in light of an upcoming international peer review of the US AML/CFT framework by the FATF, the international body charged with setting AML/CFT standards and evaluating whether member countries meet those standards. Like the last AML/CFT risk assessment—the 2005 National Money Laundering Threat Assessment—these Risk Assessments were prepared in anticipation of the January 2016 international peer review of US AML/CFT standards by the FATF.

The FATF’s mutual evaluations influence US regulatory policy by identifying perceived deficiencies to be addressed through government action. The last mutual evaluation of the United States, in 2006, identified gaps US AML/CFT framework.  For example, the FATF said that US laws regarding beneficial ownership were “non-compliant” with FATF standards.  In its discussion of the Risk Assessments, Treasury officials acknowledged that the 2006 mutual evaluation led to regulatory efforts to strengthen beneficial ownership standards, as reflected in the proposed rule on CDD requirements.  Similarly, the FATF criticized the lack of US AML program requirements for investment advisors, and many expect the government will re-propose such requirements before the 2016 mutual evaluation begins.1

The Risk Assessments may be viewed as an attempt to demonstrate that the US government has a strong grasp of relevant money laundering risks. For example, the NMLRA asserts that US “AML regulation, supervision, enforcement, and compliance . . . are generally successful in minimizing money laundering risks” and asserts that AML compliance deficiencies are  not a “systemic vulnerabilit[y] in the United States.”2 Whether the Risk Assessments convince the FATF remains to be seen. 

Key Money Laundering Threats, Vulnerabilities and Risks

In its assessment of the threats facing the US financial system, the NMLRA estimates that $300 billion is generated through illicit activity annually in the United States. The NMLRA lays out at a high level the predicate money laundering crimes that threaten the US financial industry, focusing on fraud, drug trafficking, human smuggling, organized crime and public corruption. It then examines key vulnerabilities that create opportunities for money laundering with respect to specific financial sectors or products, and states the overall risk.

The main vulnerabilities that facilitate money laundering remain largely the same as those identified in the 2005 threat assessment. They include:

use of cash and monetary instruments in amounts under regulatory recordkeeping and reporting thresholds (e.g., $10,000 for transactions in currency);

opening bank and brokerage accounts in the names of businesses and nominees to disguise the identity of the individuals who control the accounts (this risk may be addressed through the forthcoming CDD rules);

deficient compliance by financial institutions with AML regulations; and

merchants and financial institutions intentionally facilitating illicit activity.3

The 2005 threat assessment recognized that the shift from paper to electronic forms of payment, the expansion of online banking (and corresponding decline of face-to-face account opening), and the development of digital currencies would present new opportunities for money launderers to exploit the US financial system. The 2015 Risk Assessments confirm that these technological shifts have led to current vulnerabilities in the US financial system. 

The NMLRA also identifies other key vulnerabilities, methods of money laundering and the residual risks, including:

Banking. Large banks are particularly at risk for criminal abuse, and this risk must be mitigated through strong AML reporting and customer due diligence. Banks with deficient AML controls can be gateways to money laundering through misuse of banking products and services such as structuring transactions, foreign correspondent banking and prepaid cards; misuse of customer relationships, such as the creation of funnel accounts; and AML compliance deficiencies.

Securities. Key money laundering risks arise from master/sub and omnibus account structures and services, intermediated relationships, microcap securities, structured products, private placements, direct market access, certain foreign bond transactions, and bank-type brokerage accounts. The NMLRA also highlights risks caused by a lack of beneficial ownership information for certain account structures, such as master/sub or omnibus accounts.

Money Transmission. The NMLRA concludes that the money laundering risk of a typical $200-$400 remittance is low. Financial institutions or policymakers might use this finding to argue against reported efforts to broadly “de-bank” money services businesses due to perceived AML risk. Money transmission services are nevertheless susceptible to structuring transactions below recordkeeping thresholds, compliance deficiencies, and unlicensed and unregistered operations.

Digital Currencies. The NMLRA discusses digital currencies such as Bitcoin, and calls unregistered or unlicensed digital currency companies a “vulnerability” for banks and other money services businesses. It reasons that digital currencies cannot operate in the United States unless their exchanges (i.e., those that convert between US dollars or other legal tender and digital currency) can send and receive payments through the domestic financial system. The NMLRA mentions the related risk of virtual currency administrators and exchangers opening an account under a nominee, shell or front company to shield the true nature of transactions. Banks and other financial institutions thus play a gatekeeping role between digital currencies and traditional funds. The virtual currency vulnerability described in the NMLRA is slightly different from that discussed in the 2005 threat assessment. In 2005, the main vulnerability posed by digital currencies was the fact that they provide services across jurisdictions, making it difficult for law enforcement authorities to pursue legal action against them. This is likely still a vulnerability, but one that was not emphasized in the NMLRA.

Prepaid Access. The NMLRA states that anonymity is the greatest risk posed by open loop prepaid cards below the $1,000 threshold at which prepaid providers are required to collect customer information. It concludes that both open and closed loop prepaid access vehicles pose a risk of cross-border money laundering.

Casinos. “The most significant money laundering vulnerability at US casinos is the potential for individuals to access foreign funds of questionable origin through US casinos, and to use the money for gambling and other personal or entertainment expenses, and then withdraw or transfer the remaining funds either in the United States or elsewhere,” according to the NMLRA.4 The main risk is that casinos are primarily destinations for recreation and entertainment, rather than financial services. This may lead some casinos “to intentionally or inadvertently put customer service above BSA compliance,” particularly by assisting patrons in evading reporting requirements.5

The Risk Assessments identify risks but do not purport to instruct financial institutions as to how to combat them. Rather, Treasury officials warned that there is no “silver bullet” to improving AML and CFT efforts. While the Risk Assessments contain valuable information, financial institutions should draw from them to identify and manage their own risk.