Eight key points from the AML Reform Law
Insight provided by PwC's Financial Crimes Unit: Julien Courbe, Financial Services Advisory Leader, Vikas Agarwal, Head of US Financial Crime, Elsie Pan, Asian Financial Services Consulting Leader; Jeff Lavine, Global Head of Financial Crime; Vasilios Chrisos, US AML & Sanctions Functional Leader; and Roberto Rodriguez, Director of Regulatory Strategy

On December 11, Congress passed the latest National Defense Authorization Act, which among its many areas of focus contains the most significant changes to the anti-money laundering (AML) regime since the 2001 USA PATRIOT Act. Regulators, international standard setters, law enforcement and the industry have long recognized that the US AML framework is in need of modernization and while the past decade has seen task forces reevaluating the framework 1 and multiple AML reform bills appearing in Congress, 2 no significant changes were passed until now. Originally implemented in 1970, the Bank Secrecy Act (BSA) that created the current AML framework did not contemplate the technological advances available today. As a result, the industry has expressed frustration with the significant amount of resources it takes to comply with sometimes routine or check-the-box AML requirements, noting that those resources could be better spent innovating to address emerging threats and developing more proactive AML investigations processes.

Among other provisions, the new law requires certain companies to disclose their “ultimate beneficial owners” (i.e., those who own at least 25% or exercise significant control over the company) to the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), which will develop a registry accessible by law enforcement or, with customer consent, financial institutions (FIs). It also requires that Treasury and FinCEN provide more transparency into their examination and supervision priorities, expand their scope to include areas such as antiquities dealers and digital currency, develop information sharing platforms and take measures to support innovation. Notably, the law does not include any adjustment to thresholds for Suspicious Activity Reports (SARs) or Currency Transition Reports (CTRs), but it does call for Treasury to allow for more streamlined reporting of certain information and to examine whether to raise the thresholds or make other simplifications to reporting requirements going forward.

In time, some of the changes such as modifications to reporting thresholds will represent significant relief to banks, but the overall impact will depend on the specific details of FinCEN’s implementing regulations. Meanwhile, many FIs that have been newly brought into scope by the law such as antiquities dealers and digital currency platforms now have work to do to strengthen their programs to meet regulatory expectations.

As of the date of publication, the President has threatened to veto the law for reasons unrelated to the AML provisions. While it passed both chambers of Congress with enough votes to override any potential veto, whether they would vote to do remains unclear.
  1. The long-awaited national beneficial ownership registry is coming. Of the AML provisions included in the bill, the requirement for legal entities, including corporations and LLCs, to submit the names of their beneficial owners for inclusion in a national registry is likely to have the most immediate impact. However, this impact is limited by the significant exemptions in the law, which among others excludes from coverage publicly-traded entities as well as those that A) employ more than 20 employees, B) have $5 million  in annual gross receipts or sales, and C) maintain a US physical presence. The registry will bring the US into more alignment with EU countries that have been collecting beneficial ownership information for years as part of their compliance with the EU 4th AML Directive and would, at least partially, also address the deficiency noted by the Financial Action Task Force’s (FATF) 2016 Mutual Evaluation that lack of timely access to adequate beneficial ownership information is one of the fundamental gaps in the US AML framework. 

    Despite the exclusions, this new requirement will improve law enforcement’s efforts to prevent and detect bad actors who wish to hide their identity in order to use the US financial system for illicit purposes, but at this time it is unclear whether it will streamline or complicate FIs’ customer due diligence efforts. FIs are currently required to collect beneficial ownership information in accordance with FinCEN’s Customer Due Diligence (CDD) Rule 5 using a beneficial ownership certification form. For entities that fall within the scope of the national registry, the law will eventually shift the burden for collection to the government and allow FIs, with customer consent, to access the registry. It is unclear whether the certification form will be maintained going forward, leaving a gap for certain entities such as foreign clients and unlisted companies that have more than 20 employees and $5 million in sales. As the new requirement only requires the identification of beneficial owners with greater than 25% ownership, it will also leave a gap for many FIs who collect beneficial owners at the 10% level for higher risk customers. FIs should also remain aware that they are still subject to the CDD Rule’s requirements for ongoing customer monitoring.

  2. More emphasis on transparency and efficiency. In an effort to provide greater transparency for FIs and reduce the risk of examination surprises, the law calls for the Treasury Department to provide a list of its examination and supervision priorities. It will also require that they tailor the focus of their programs to these highlighted priorities. Other provisions of the law also highlight this push for transparency, including requirements that FinCEN provide firms with feedback on the effectiveness of reporting as well as the establishment of a platform for firms to work with FinCEN to develop innovative approaches to their AML practices while receiving feedback as to whether they run afoul of any regulatory expectations.

    In all, these steps are efforts to make the US’s AML control regime more effective and are in line with recent expressed efforts from FinCEN to do the same. For example, a recent FinCEN proposal would provide transparency into what constitutes an “effective” AML program, emphasize that reporting should be “useful to government authorities” and potentially result in FinCEN releasing a bi-annual strategic priorities document. 6 The message coming from Congress and the regulators is clear: the regulatory authorities, in coordination with law enforcement and national security agencies, will work with firms to make the AML regime more efficient, but they expect firms to put in effort to improve and better focus their programs and data and technology in return. As such, firms should make sure they are up-to-date on recently-issued AML guidance from FinCEN and examiners 7 to make sure their programs are up-to-date and, due to the increasing emphasis on effectiveness of programs, conducting comprehensive risk assessments is more important than ever.

  3. Expanded BSA scope includes antiquities dealers, digital currency. The law expands the BSA definition of “coins and currency” to include “digital currency,” which in effect brings all cryptocurrency-to-cryptocurrency transactions into scope for reporting requirements. Previously, exchange of one digital currency to another would not have been reportable because such transactions lacked a cash component. In response to this gap, the New York Department of Financial Services (NYDFS) set up requirements for firms that it regulates to submit filings of such exchanges if the value exceeds $10,000, analogous to a CTR filing. Those firms already subject to NYDFS requirements will be able to leverage the work they have already done, but other firms will have to begin developing (or enhance existing) reporting programs in order to comply.

    In response to increased scrutiny around terrorists financing their activities through the sale of stolen antiquities and bad actors laundering money through art markets, the law also expands the coverage of the BSA to the antiquities market and directs Treasury to study whether to expand it to the art market. However, participants in the antiquities and arts markets (e.g., dealers, insurers) will need to develop AML programs that meet regulatory expectations, including customer due diligence and know-your-customer programs, a designated BSA officer, reporting capabilities, and potentially risk assessment programs. While many large dealers have some AML capabilities built into their overall compliance or risk programs, they generally do not have the standalone programs that would satisfy regulatory expectations. For FIs, the expansion of AML requirements to the antiquities and potentially art sector will reduce the risks associated with these customers, resulting in some relief of their own due diligence burden, but they should keep in mind that they are not off the hook and should remain vigilant when transacting with any high-risk sector.


    While this expanded scope brings the US AML regime further in line with FATF recommendations, there remain several areas that it has still not yet brought into scope including financial intermediaries and the real estate sector. For now, these industries are likely to consider AML as a reputational risk, but they should be prepared for additional scrutiny as the law could foreshadow future action.

  4. Scrutiny heats up for foreign FFIs with US correspondent accounts. The law codifies recent court decisions holding that foreign financial institutions (FFIs) with US correspondent accounts will not be shielded from penalties for failing to comply with subpoenas by pointing to conflicts with their home jurisdiction’s regulations preventing them from disclosing customer information. Under the NDAA, FFIs will be required to produce and authenticate records requested by the Treasury or the Attorney General concerning BSA/AML-related investigations regardless of any conflicts. 

    The impact to FFIs that fail to comply may be severe. In addition to a potential contempt of court citation, failure to respond to subpoenas or provide testimony could result in penalties double the amount of illicit funds sent through the organization. More significantly, correspondent banks are required to terminate their relationships with the FFI within 10 days following notice from the Treasury Department or Attorney General, with failure to comply resulting in additional monetary penalties. In total, these potential penalties indicate that the government is dedicated to removing obstacles in pursuit of AML-related investigations and enhancing their ability to track the flow of illicit funds through the financial system.

    These provisions appear to be a response to several Chinese banks’ over the past several years inability to comply with requests for customer data from US authorities due to conflicts with Chinese laws that prevent them from disclosing customer data. Chinese FIs must first obtain permission from their home regulators before providing records to foreign authorities. While this process is relatively opaque, Chinese banks have successfully obtained this permission in the past, and considering the severity of the potential penalties we expect Chinese banks’ compliance teams to develop a communications strategy with their regulators around the importance of a streamlined approval process. Chinese regulators’ willingness to budge, however, may ultimately depend on the future of the US-China geopolitical relationship.

  5. Push for innovation will accelerate change. Industry participants have been encouraging their regulators to be more accepting of innovation, including advanced analytics, artificial intelligence (AI) and machine learning. Now, the roles are reversed. The new law contains a strong push for innovation, increasing pressure on FIs to clear obstacles preventing them from using technology to better prevent money laundering, including addressing inadequate data quality and availability, strengthening workforce digital acumen and increasing access to specialized analytics and technology resources. It also requires that FinCEN and each federal functional regulator appoint a BSA Innovation Officer responsible for conducting outreach with the industry with respect to new AML technologies and providing guidance on the implementation of innovative approaches in a way that complies with regulatory requirements. Further, the law establishes a Subcommittee on Innovation and Technology within FinCEN’s BSA Advisory Group responsible for advising on technology that can help AML efforts as well as reducing obstacles for their adoption by the industry.

    Currently, FIs spend a significant amount of resources on manual tasks that could be performed more efficiently using data analytics, AI and machine learning. For example, many institutions’ screening systems contain a large number of dedicated analysts conducting repetitive manual reviews, resulting in the rare detection of prohibited transactions and a high number of false positives. The potential for innovative technology to quickly determine which entities pose a credible risk would potentially free up these resources to focus on actual analysis rather than simply clearing out the noise. Despite statements from FinCEN and federal bank regulators encouraging FIs to pursue innovation for AML activities, they have been hesitant to do so considering both the significant spend it would take to implement these technologies for a non-money making function and challenges in obtaining quality data to use these technologies. We believe that the law’s mandate for FinCEN to encourage FIs to modernize their technology, compel them to improve their data and to work with them in implementation efforts will spur FIs’ innovation agendas.

  6. FinCEN gets new tools and sharper teeth. The law contains a number of provisions to strengthen investigations and enforcement against firms with inadequate programs. Specifically, it contains a whistleblower program that would provide those that report wrongdoing with up to 30% of the enforcement penalties and protection from retaliation. Currently, awards for whistleblowers are capped at $150,000, decisions around whether to provide the awards are voluntary, and there is no explicit protection from retaliation. While this existing award system has not resulted in significant participation, we expect that the significantly expanded system under the law will become a major part of industry AML programs. It is substantially similar to the Securities and Exchange Commission’s whistleblower system, which has recovered over $2.7 billion and paid over $700 million in rewards since 2012.

    The law also boosts FinCEN’s enforcement capabilities with significant pay raises and additional hiring authority, including for experts at a new “analytical hub” to assist the agency and any other federal regulator with AML-related investigations. It also provides FinCEN with the ability to impose significant new penalties, including up to double the maximum penalty for repeat offenders. Under the law, those convicted of violating BSA/AML requirements will have to return any bonus paid to them in the calendar year in which the violation occurred. Further, those found to have committed “egregious” violations (i.e., a criminal violation or a civil violation that was committed willfully) will be barred from serving on boards of directors.

  7. Reporting thresholds left untouched but future changes to come. While the law gives the industry many items on their wishlist, one stocking remains noticeably empty: the thresholds for SARs and CTRs remain at their current levels. Banks have long advocated for raising these thresholds, explaining that they are out-of-date – the $10,000 CTR threshold has not been raised since 1970, when the median family income was $9,830. Considering the amount of inflation since then, the industry has had to dedicate an increasing amount of resources to filing reports while their effectiveness has dwindled, with only approximately four percent of the tens of millions of reports filed annually receiving follow-ups from law enforcement. Several AML reform bills from recent years have proposed raising the thresholds or indexing them to inflation, but these provisions did not make it into the NDAA.

    However, the law does include several provisions to streamline and further examine the overall reporting requirements. Notably, it calls on FinCEN to establish streamlined and automated processes for firms to file “non-complex” SARs and CTRs. It also requires that the Treasury Secretary formally review reporting requirements and propose changes to reduce any unnecessary burdens they may impose, including potentially by raising thresholds. While it will take some time before we see what these streamlined processes or proposed changes may look like, the industry will appreciate any relief it can get from the high resource demands of the current reporting regime.

  8. Loose ends. The overall impact of many areas within the new law will ultimately be determined by forthcoming regulations and studies. Notably, the law contains several apparent restrictions on offshoring of AML compliance responsibilities, stating that the duty to establish and maintain an AML program shall be performed by “persons in the US.” It also contains a prohibition on establishing an operation outside of the US to comply with the law’s information sharing provisions. While it may be reasonable to interpret these provisions narrowly, for example to apply to the BSA Officer as opposed to compliance staff, if the ultimate implementing regulation is more conservative, it could reverse the increasing trend of offshoring certain tasks to lower-cost jurisdictions. 

    For many of the reforms mentioned earlier in this paper, the devil will be in the details of how they are implemented – for example, the ability to streamline and automate certain reporting practices could substantially reduce compliance burdens but it will ultimately depend upon the scope of reporting to be defined by FinCEN. Additionally, while the legislation requires numerous studies 9 to be conducted which may result in further modifications to the AML regime down the road, institutions will likely have a long wait before these studies result in any practical impact.