Skip to main content

10 NBFI AML compliance essentials

Terri Luttrell, CAMS-Audit, CFCS
February 8, 2022
Read Time: 0 min

What NBFIs should know about their AML programs

NBFI AML compliance requirements are top of mind in today's regulatory environment. Here are 10 basics to ensure a sound program.

You might also like this webinar, "AML Compliance and Sanctions Requirements for Non-Bank Financial Institutions."


Competing with banks

Non-bank financial institutions in focus

The banking world is changing quickly, with faster delivery methods expected from consumers at an ever-growing rate.

As the expectations around technology change with each generation and the recent pandemic pushing products and services that do not require an in-person transaction to become more mainstream, the demand for financial services to support a more decentralized experience has reached its peak. Branch networks and banking hours have been replaced with mobile banking and user experience as important decision criteria in choosing financial relationships.

It is not surprising that the non-bank financial institution (NBFI) sector has grown faster than the banking sector over the past decade. NBFIs are broadly defined as institutions other than banks or credit unions that offer financial services, such as money services businesses, casinos and card clubs, trust companies, securities and commodities, firms, and insurance companies. NBFIs are agile and innovative and are competing head-to-head with traditional financial institutions. Consumers are looking for speed without the hassle of mounds of paperwork and lengthy approval processes, whether with deposit or lending accounts.

Consent orders more common

NBFIs’ AML compliance requirements

In the race to provide financial services with the fewest clicks, velocity is top of mind for NBFIs. But what about the NBFI compliance factor, particularly Bank Secrecy Act and anti-money laundering (BSA/AML) compliance? During the last few years, added requirements have made BSA compliance more challenging for these companies. After all, compliance has never been known to speed-up services to customers.

AML and terrorist financing are known to flow through NBFIs at an alarming rate, in part due to less monitoring and historically less regulatory scrutiny than traditional banks and credit unions. However, this is rapidly changing as FinCEN envelops more businesses, such as antiquities dealers and those related to cryptocurrencies, under the umbrella of financial-related companies subject to BSA requirements,. Consent orders among NBFI for non-compliance of BSA are becoming more common and should be understood by all NBFI management.

Stay up to date on regulations affecting NBFIs.

BSA/AML Officer required

NBFIs need written AML program

It is more important than ever that NBFIs understand the BSA/AML requirements regarding their industry to ensure the safety and soundness of their business, their communities, and our country. The new FinCEN Priorities specifically state that each priority applies to NBFIs in addition to traditional financial institutions.

Below are 10 things NBFIs should do to ensure their AML programs are sound and pass the scrutiny of FinCEN and their primary regulators.

Written AML program based on five pillars of BSA

Establish a written AML program: Yes, those five pillars of BSA apply to NBFIs. Here's a recap:

  • An NBFI must have effective internal controls appropriate for the business's risk profile. Controls will include written policy and procedures, which include a definition of the roles and responsibilities for each stakeholder in the financial institution.
  • A qualified and experienced BSA/AML compliance officer must be designated to manage the AML program. The designee must have the appropriate authority to carry out all aspects of managing an effective program.
  • Periodic BSA training must be given to all employees of the NBFI. The training should be tailored to each role within the institution.
  • Independent testing should be performed for the program to ensure that policies and procedures are working as expected and followed in actual practice. An internal audit function can test if they don't report through the BSA chain of command, or an outside third-party auditor may be used.
  • Ongoing risk-based customer due diligence (CDD) must be conducted at account opening and throughout the duration of the customer account(s). The NBFI must understand the nature and purpose of the customer relationship. Enhanced due diligence will be required on any business or individual customer that poses a higher risk of money laundering or terrorist financing.

Risk assessment

To implement a risk-focused AML program, an NBFI should first conduct a risk assessment. In addition to AML and sanctions risks, consider a fraud risk assessment since fraud is one of the eight FinCEN priorities.

Registration requirements

Each NBFI will have state or federal registration and licensing requirements which must be adhered to and kept up to date. Agents of money services businesses generally do not have to register.

Reporting requirements

NBFIs have specific reporting requirements under the BSA, just as traditional financial institutions. These include currency transaction reporting, monetary instrument recording, and suspicious activity reporting. Each industry must understand the unique requirement and thresholds of their FinCEN filing requirements as they do vary among different types of services offered by the NBFI.

Sanctions requirements

Sanctions apply to everyone in the United States, even individuals. NBFIs are expected to understand and comply with all Office of Foreign Asset Control (OFAC) sanctions and understand the requirements of each sanction.

Record retention

NBFIs are subject to the retention requirements of the BSA data, so no mass deleting or cleaning out of files before the mandated period is allowed.

Customer risk rating

Like their traditional financial institution counterparts, NBFIs should risk rate their customers by deeper dives into potentially higher-risk clients, such as cannabis-related businesses. These higher-risk customers will require ongoing enhanced due diligence.

Suspicious activity monitoring

This is the cornerstone of a robust AML program, and NBFIs must have strong processes in place to detect and report illicit activity.

Foreign presence

If an NBFI has a foreign presence, a person who resides in the U.S. must be designated as an agent of the NBFI, including with matters of BSA compliance.

Communication with regulators

NBFIs should instill open dialogue with their primary regulatory agency. With increased scrutiny, this relationship should not be avoided. Get in front of any questions before becoming the next headline story of what not to do in an AML program.

Regulations & guidance forthcoming

NBFIs & AML Act of 2020

As the role of NBFIs expands within the U.S. financial system, BSA requirements must be met. Although compliance requirements may make processes more cumbersome, the Pandora Papers show the U.S. is far from controlling the amount of illicit money flowing through NBFIs. Hopefully, some of the regulatory burdens will be lifted when the regulations and guidance from the AML Act of 2020 are released. Until then, it is up to all financial institutions to assist law enforcement in the fight against money laundering, terror financing, and other illicit crimes affecting our nation. It seems NBFIs may be taking over a more significant stake in the industry, but not without increased scrutiny and regulation.    

Learn more about what to expect as FinCEN and regulatory agencies implement the AMLA.

keep me informed Watch Webinar
About the Author

Terri Luttrell, CAMS-Audit, CFCS

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.