Anti-Money Laundering (AML): An Overview of Compliance and Due Diligence Under the Bank Secrecy Act and Other Laws
Anti-money laundering (AML) compliance is a growing concern for financial institutions, brokers, and other businesses. While federal AML laws have been in place for decades, the exponential growth in volume of transactions involving offshore banks and other foreign entities, AML compliance has garnered increased attention from the U.S. Department of Justice (DOJ), Financial Crimes Enforcement Network (FinCEN), and other authorities in recent years.
As a result, all entities that are subject to the Bank Secrecy Act and other pertinent laws need to prioritize compliance, and they must ensure that they perform adequate due diligence in order to fully meet their AML obligations.
What is AML Compliance?
The U.S. federal government began its contemporary efforts to combat money laundering in the 1960s. Initially, these efforts largely focused on preventing money laundering as a means of financing terrorist and other criminal organizations. However, in the years since the Bank Secrecy Act’s enactment in 1970, federal authorities have expanded the scope of their AML enforcement efforts significantly. Today, the DOJ, FinCEN, and other authorities use federal AML laws and regulations to target everything from illicit online transactions to the use of offshore accounts to evade federal income tax obligations.
With this in mind, there are several aspects to AML compliance. Additionally, there are several authorities that enforce this, and each of these authorities has its own specific set of enforcement priorities. As a result, when addressing their compliance obligations, financial institutions, brokers, and other businesses must carefully identify their specific obligations, and they must craft policies and procedures that comprehensively address all pertinent statutory and regulatory requirements.
The primary sources of federal authority in the U.S. regarding AML compliance include:
Bank Secrecy Act (as amended) – The Bank Secrecy Act is the foundation of the federal government’s contemporary AML regime. As originally enacted, the Bank Secrecy Act established recordkeeping and reporting requirements, with particular emphasis on allowing the federal government to track the source and destination of significant financial transactions. Since its enactment, the Bank Secrecy Act has been amended several times by laws including the Annunzio-Wylie Anti-Money Laundering Act, the PATRIOT Act, and the Intelligence Reform & Terrorism Prevention Act of 2004.
Money Laundering Control Act – Enacted 16 years after the Bank Secrecy Act, the Money Laundering Control Act established money laundering as a federal crime, created additional reporting and recordkeeping requirements, and implemented new prohibitions designed to prevent entities from structuring transactions to fall outside of the BSA.
Money Laundering Suppression Act – The Money Laundering Suppression Act represented another major effort to enforce AML at the federal level. It established the registration requirement for money services businesses (MSBs), and it established additional requirements for financial institutions to prevent, identify, and report money laundering.
Money Laundering and Financial Crimes Strategy Act – The Money Laundering and Financial Crimes Strategy Act established certain additional AML compliance obligations, but its main focus was on establishing a coordinated national AML enforcement strategy. As discussed below, today, numerous federal agencies and other entities all play distinct roles in combating money laundering in the United States and abroad.
Under these laws (among others), authorities including FinCEN, the U.S. Commodity Futures Trading Commission (CFTC), the Office of Foreign Asset Control (OFAC), and the Financial Industry Regulatory Authority (FINRA) enforce AML compliance. Additionally, these entities have all adopted regulations that further define institutions’ and businesses’ compliance obligations. As a result, institutions and businesses in a broad range of industries face a complex web of compliance obligations, and establishing (and maintaining) compliance represents a substantial undertaking for many entities.
What is AML Due Diligence?
One particular area of AML compliance that is of concern for financial institutions, brokers, and other businesses is AML due diligence. This encompasses the “know your customer,” or “KYC,” obligations that apply to banks and other financial services providers. As the CFTC states, an AML due diligence program, “must ensure, at a minimum, that the financial institution takes reasonable steps to ascertain the identity of the nominal and beneficial owners of the private account, whether any such person is a senior foreign political figure, the sources of funds deposited into the private banking account and the purpose and expected use of the account.”
Of course, this is just an extremely brief summary of the very basic AML due diligence requirements. There is much more involved in AML due diligence and KYC compliance. Banks and other financial service providers must not only ensure that they comply with all due diligence requirements, but that they comprehensively document their compliance efforts as well.
What Do Financial Institutions, Brokers, and Other Businesses Need to Do?
Given the scope of the federal AML statutes and regulations as well as the breadth of the circumstances to which these statutes and regulations apply, what do financial institutions, brokers, and other businesses need to do in order to meet their legal obligations? Here are some of the key components of AML compliance and due diligence:
5 Key Components of an AML Compliance Program
While there are some core components that should serve as the foundation of any program, it is important to note that specific requirements vary for different types of entities. For example, as the CFTC explains, while the Commission has established its own expectations for financial institutions and brokers, “[t]he National Futures Association (NFA) adopted Rule 2-9(c) and an accompanying Interpretive Notice that sets forth AML Program requirements applicable to its [futures commission merchants] and [initiating broker] members.” Similarly, FINRA has established the compliance requirements that are specific to brokerage firms and other FINRA registrants.
With this in mind, here is an overview of five foundational components of an AML compliance program:
Written Policies and Procedures – All agencies that oversee and enforce AML compliance expect financial institutions, brokers, and other businesses to have comprehensive policies and procedures. These policies and procedures must not only specifically address all pertinent aspects of AML compliance, but entities must also develop policies and procedures that are custom-tailored to the specific and unique aspects of their operations.
Adequate Prevention and Detection of Suspicious Activity – AML compliance programs must adequately prevent and detect any and all forms of suspicious activity, as defined by the Bank Secrecy Act and other pertinent statutes. Again, different entities’ obligations will vary, and each entity’s AML compliance program must reflect its specific risks and requirements.
Mechanisms for Reporting Suspicious Activity – In addition to implementing procedures for preventing and detecting suspicious activity, the compliance programs must also include mechanisms for reporting suspicious activity to the appropriate authority. Reporting protocols should be clearly documented and disseminated throughout the organization, and it should be made clear that all personnel play a role in helping the institution or business maintain their compliance.
Adequate Personnel Education and Training – Education and training are critical to the success of a compliance program. With this in mind, compliance programs need to include provisions for education and training, and banks and other entities must document their education and training efforts so that they can demonstrate compliance if and when necessary.
Ongoing Monitoring and Review of AML Compliance Efforts – Entities that are subject to AML compliance obligations must monitor and review their compliance efforts on an ongoing basis. In addition to conducting internal compliance audits, the CFTC instructs that independent monitoring will be necessary in some cases.
5 Key Components of AML Due Diligence
With regard to AML due diligence, different types of entities will face varying obligations as well. Broadly speaking, however, some of the key aspects of due diligence include:
Policies, Procedures, and Controls – Similar to general AML compliance, banks and other entities must establish comprehensive policies, procedures, and controls for conducting due diligence. Here, too, entities’ efforts should be tailored to their specific legal obligations.
Specific, Risk-Based Due Diligence – Entities that are subject to AML requirements should perform specific, risk-based due diligence focused on identified concerns or threats for suspicious transactions.
“Know Your Customer” Compliance – Banks and other financial institutions must ensure strict compliance with the “know your customer” requirements as part of their broader AML due diligence efforts.
Enhanced Due Diligence for Certain Circumstances – In certain circumstances, entities may be subject to “enhanced” due diligence requirements. For example, the CFTC advises that covered institutions must implement enhanced efforts with regard to foreign banks operating under offshore banking licenses and licenses issued by designated “non-cooperative” governments.
Recordkeeping and Reporting – In order to demonstrate compliance with their AML due diligence obligations, financial institutions, brokers, and other businesses must maintain comprehensive records of their due diligence efforts. They must also report all suspicious transactions identified through their due diligence efforts as required by law or regulation.