Anti-money laundering (AML) and countering the financing of terrorism (CFT) professionals spent 2022 awaiting highly anticipated regulatory guidance, which was slow to appear. From the Anti-money Laundering Act of 2020 (AMLA) to the SAFE Banking Act, here is a high-level look at what hot topics banks will still be watching in 2023 and what updates did occur last year.
AML/CFT hot topics: What to expect in 2023
Regulatory movement expected in the AML/CFT industry
Financial institutions should keep an eye on these AML/CFT hot topics while awaiting regulatory guidance.
You might also like this upcoming webinar, "BSA officer’s mindset: A comprehensive look at your AML/CFT program."
Recap and forecast
The current state of AML/CFT regulations
Financial crime professionals have long referred to Bank Secrecy Act (BSA) compliance in conjunction with anti-money laundering efforts as “BSA/AML.” Last year, the regulatory agencies changed the term “BSA/AML” to “AML/CFT” to describe the industry’s goals more accurately. The change was made in all official wording, including the Federal Financial Institutions Examination Council (FFIEC) Examination Manual and consent orders. While a BSA/AML program is now officially referred to as an AML/CFT Program, “BSA Officer” is a title required by law and remains unchanged. This shift in focus towards countering terrorism has been a hot topic for the past decade, and represents the Financial Action Task Force's commitment to anti-terrorism financing.
Beneficial ownership registry
The AMLA was signed into effect in January 2021, paving the way for the first major BSA reform since the PATRIOT Act and encouraging a culture of compliance. However, the regulatory movement since then has been slow. One aspect of AMLA did make forward progress: the Corporate Transparency Act (CTA). The CTA mandated the creation of a public database for obtaining and holding beneficial ownership information for certain U.S. entities. Here’s what the CTA means for banks in 2023:
- The final rule for beneficial ownership reporting was issued in September 2022. The rule is effective January 1, 2024, and reporting companies will have one year from that date to file their beneficial ownership information.
- A Notice of Proposed Rulemaking regarding access and safeguards around the BOI database was issued in December 2022. This NPRM would implement the provision of the CTA that establishes rules for who may access BOI, for what purposes, and what safeguards will be required to ensure that the information is protected.
- The next expected rulemaking will revise FinCEN’s customer due diligence (CDD) rule to bring current regulations in line with the first two rules. This is to be issued no later than one year after the effective date of the BOI Reporting Rule (January 1, 2024).
Stay tuned to Abrigo's blog for a detailed look at what banks must do to prepare for CTA rules.
According to the Federal Trade Commission, consumers lost more than $5.8 billion to fraud in 2021, a 70% increase over the prior year. That represents nearly 2.8 million people and constitutes an annual record.
In 2022, bankers saw typologies exacerbated by the pandemic provide criminals with avenues for fraud while cryptocurrency scams surfaced more frequently. In the event of economic downturn, banks should stay on high alert.
"When the economy takes a turn, it boils down to fundamentals. We know that individuals are more likely to commit fraud when normal conditions worsen," says Andi McNeal, vice president of education at the Association of Certified Fraud Examiners.
The topic of fraud will always be a critical area for financial crimes professionals. Banks should get familiar with the 2023 fraud trends identified by the FBI to stay vigilant.
Cryptocurrency is making its way into the mainstream, which means that crypto-specific scams and fraud trends should be on AML/CFT programs’ radar. Shortly after the collapse of FTX, federal regulators released a joint statement warning financial institutions of significant volatility and vulnerabilities within the crypto-asset sector. With no centralized authority to flag suspicious transactions, it’s difficult to stop crypto fraud before it happens. Crypto transfers cannot be reversed – once the money is gone, users cannot get it back even if they report a fraudulent transaction. And the ability to remain somewhat anonymous on crypto platforms makes detecting fraud and tracking down scammers more difficult.
AML professionals should continue to educate themselves on crypto and be prepared to show regulators what their institutions have added to their policy, procedures, and transaction monitoring in light of the risks. Understanding the red flags for crypto monitoring is a critical first step.
Cybercrime and cybersecurity
According to 2021 statistics compiled by the Federal Bureau of Investigation's Internet Crime Complaint Center (IC3), over 847,376 cybercrime complaints were made to the FBI with hard dollar losses of over $6.9 billion, a 7% increase over 2020. Among the 2021 statistics, ransomware, business email compromise (BEC) schemes, and the illicit use of cryptocurrency are among the top incidents reported.
Experts predict that by 2025, 45% of companies worldwide will have experienced some form of cyber-attack on their networks and online supply chains, making cybersecurity a hot topic for banks. A good first defense is investing in fraud detecting software that detects specific fraud in their clients' accounts, such as account takeover, ACH, new account, kiting, debit card, and check card fraud, along with following cybercrime security tips from the FBI.
Russia and China
Another important aspect of the cybercrime topic is to be acutely aware of threats originating in Russia and China, which are expected to continue into 2023. Russia still has the lead in cybercrime and has more experience with intelligence operations than China. Although Russia has a more entrenched cybercrime community, China is gaining ground and could soon overtake Russia due to its sheer volume of citizens. China is far more aggressive than Russia in using cyber intelligence to steal intellectual property. While Russia generally targets significant U.S. and private companies, China targets smaller firms and home offices. China appears more interested in gathering private data on users rather than national security or corporate secrets. So far, that is.
FinCEN has issued numerous advisories about cybercrimes in the past several years which financial institutions should understand and reference as they look for cybersecurity advice for banks and credit unions. These advisories cover trends, typologies, and red flag indicators of phishing, money mule scams, and other activities that could become more frequent in the current climate.
By now, most AML professionals are familiar with the eight FinCEN AML/CFT priorities published in June 2021 as a mandate of AMLA. Further regulations are expected to be written around these priorities to help financial institutions understand their AML/CFT responsibilities in each area, but there was no clarification in 2022. FinCEN has its hands full with implementing the CTA, and further guidance may progress slowly. In the meantime, it would be prudent for financial institutions to take a proactive approach to assess their unique risk in each of the priorities to align with regulatory expectations.
Terrorism and domestic violent extremism
Terrorism is one of the eight FinCEN priorities and includes international and domestic terrorism. International terrorism will remain a concern throughout 2023, particularly terrorist groups such as ISIS, ISIL, Hamas, and Hizballah. Sub-Saharan Africa is now the epicenter of jihadist terrorism with increasing violence and should be watched.
The FBI and the Department of Homeland Security (DHS) state that domestic terrorism is currently the most significant terrorist threat to the U.S. Financial institutions should understand how the FBI defines domestic terrorism and categorizes domestic terrorism threats to help combat domestic terrorism financing.
Domestic terrorism remains a persistent threat, with actors crossing the line from exercising first amendment-protected rights to committing crimes in furtherance of violent agendas. Common themes among domestic violent extremist (DVE) attacks are race or ethnicity, anti-government agendas, animal rights/environmental extremism, or abortion-related agendas.
The most significant threat domestically is the lone offenders or small groups that are often radicalized online and then mobilized to commit violence. These actors can change ideology at any time and are difficult to detect. They can be widely affected by social media infiltrated by foreign governments and by conspiracy to drive misinformation. Although DVEs can be difficult to detect by financial institutions before an attack, understanding their social profile and training front-line staff can assist in investigations into possible domestic terrorism.
Marijuana banking is an ongoing topic that will continue in 2023, with more states legalizing the sale and use of marijuana in some form. As of January 2023, 21 states and territories have given the green light to recreational marijuana. Thirty-seven states and territories have approved marijuana for medicinal use.
On the federal level in 2022, President Biden issued an executive order pardoning nonviolent offenders and directing a review into potentially rescheduling cannabis from a Schedule 1 drug in the Controlled Substance Act. The Medical Marijuana and Cannabidiol Research Expansion Act became law in late 2022, which rolls back federal restrictions on medical marijuana research and cultivation of marijuana and promotes the development of FDA-approved drugs that use CBD and marijuana.
If your institution is banking cannabis-related businesses, keep a watchful eye out for many other bills that failed previously to make a comeback, such as the Cannabis Opportunity Act, the States Reform Act, the MORE Act, the HOPE Act, and the SAFE Banking Act.
Russia, previously mentioned in the cybercrime section, deserves a hot topic section of its own, considering Russian sanctions. Following the Russian invasion of Ukraine, the U.S. Treasury Department and many global allies issued hundreds of sanctions against high-level Russian entities and individuals. According to sanctions intelligence sources, as of August 2022, there were 2,017 entries, up 148% from before the attack on Ukraine on February 24, 2022.
Whether this trend will continue into 2023 is contingent on several factors, such as whether the war on Ukraine continues, where the global price of oil lands, and if sanctions threaten the U.S. financial system. For now, FinCEN will continue to target Russian sanctions evasion in real estate, among other markets.
Keeping up with AML/CFT news
Financial crime professionals have a lot to consider when preparing for these critical topics and meeting regulatory expectations. The first step to ensuring that your AML program is ready is education. Keeping your board of directors and executive management informed on AML/CFT trends and their importance will help ensure that you have a strong culture of compliance with the tone at the top. Fighting financial crime is a team effort, so thoroughly train your staff using the latest AML resources. For a more in-depth look at these topics, sign up for our newsletter to receive additional blogs on each topic.