Top 10 Regulatory Hot Topics for 2022 – What AML Professionals Need to Know

Sanctions

Sanctions are fast becoming the most crucial focus of the year. Be assured that your regulators will look at your sanctions program more closely than at prior exams, and rightly so. Office of Foreign Assets Control (OFAC) compliance should be a high focus as sanctions become more complex and require constant diligence. Pay close attention to added Russian entities and individuals and understand your scanning logic. If your institution does not have automated OFAC scanning, now may be the time to invest in reputable software. Consider adding an enhanced section on Russian sanctions to your OFAC policy to show your regulators that you understand the magnitude of this situation. The reputational risk alone is significant to your institution if you let a sanctioned Russian transaction fall through the cracks. If your institution needs assistance enhancing your sanctions program, a downloadable Key Components of a Strong Sanctions Compliance Program may help.

AMLA preparation

With the passing of AMLA on January 1, 2021, the most sweeping regulatory changes since the USA PATRIOT Act were put into motion. The AML industry is awaiting further guidance from FinCEN to understand regulatory expectations around the requirements, particularly associated with the eight FinCEN priorities. A joint interagency statement issued in June 2021 made it clear that regulators had no immediate expectations for financial institutions to act until rules and guidance are released. However, the panel suggested thinking and planning around AMLA requirements and informing executive management of expected changes. According to the panel, financial institutions should be prepared to answer the "how are you planning" questions during their 2022 exams.

Beneficial ownership information

As part of AMLA, the Corporate Transparency Act (CTA) includes enhanced requirements around beneficial ownership information in addition to establishing the beneficial owner database for legal entity customers. There have been three stages of implementation so far, with a final rule and changes to the 2018 customer due diligence (CDD) legislation still forthcoming. Financial institutions must continue to comply with the CDD rule today but should carefully follow all future changes and be ready to implement them. There will likely be a grace period for implementing any changes, as was given with the 2018 rule, and banks and credit unions must be fully informed when that time comes. It should be noted that CDD is one of the most common regulatory findings. That's partly why it's among the top regulatory hot topics in 2022 and is further discussed in the common deficiencies section later in this article.

Cryptocurrency

In general, traditional financial institutions have a low risk tolerance for banking cryptocurrency. Few banks and credit unions are settling cryptocurrency accounts, posing a higher risk for illicit activity. At the most, banks and credit unions may knowingly, or unknowingly, provide services for cryptocurrency exchanges, such as Coinbase or Binance. The COVID-19 pandemic increased the need to move funds virtually, and cryptocurrency usage filled this need. Regulators advise financial institutions to have risk-based cryptocurrency policies and procedures as part of their enterprise-wide risk assessment. Once the risk is assessed, create procedures around the residual risk. After all, there is a big difference between financial institutions that purchase cryptocurrency or hold it as a fiduciary and those that process cryptocurrency for customers or act as a clearinghouse for cryptocurrency exchanges. Each scenario has different risks and different due diligence expectations. A financial institution must understand the nature and purpose of each account associated with cryptocurrency and its expected activity and know their customer's customers. Consider this one of the higher risk areas of BSA (and therefore, among the regulatory hot topics in 2022), and make sure your financial institution's cryptocurrency policies are included in your risk assessment.

Cannabis

Speakers on the HBA panel predict that we may not see legislative clarity on the cannabis industry at the federal level for a while due to partisan disagreements and other national priorities. Therefore, continued due diligence is necessary for financial institutions, whether they are knowingly providing traditional services to cannabis-related businesses (CRBs) or not. The Secure and Fair Enforcement Banking Act of 2021 (SAFE Act) will undoubtedly help the AML industry and the regulators by authorizing safe harbor to financial institutions providing services to the cannabis industry, and has passed the house for the third time. But with priorities shifting due to current global threats, the cannabis banking topic is not likely to move in Congress anytime soon. Regardless, financial institutions should continue to shore up policies and procedures around CRBs.

Non-bank financial institutions

Non-Bank Financial Institutions (NBFIs) are under increased regulatory scrutiny. Financial institutions should know which types of NBFIs they provide services to and conduct a thorough risk assessment on each NBFI category. Regulators want to see enhanced due diligence (EDD) on those NBFIs that present a higher risk to the institution, such as money services businesses and other non-depository institutions requiring AML/BSA programs. Banks and credit unions may be asked to provide copies of their NBFI customer's AML program during their exam, so being proactive in obtaining a copy from each customer at onboarding and updating it throughout the life of the account would be prudent. An NBFI AML program can be lighter than a full-service traditional bank or credit union program. Still, it should address the 5 BSA pillars and the enhanced due diligence suggestions laid out in the FFIEC BSA Examination Manual. Noted deficiencies for NBFI AML programs include not being robust, not securing an independent audit, failing to do customer due diligence (CDD) on mortgages, and appointing a BSA Officer with no training or expertise. The panel suggests paying close attention to mortgage companies and money transmitters.

Innovation and technology

Another regulatory focus coming out of AMLA is financial institutions' innovation and technology needs, regardless of asset size. The financial market is rapidly changing when it comes to payment methods, and AMLA requires financial institutions to modernize their technology to handle new emerging threats. Further rules and guidance will determine the expectations and requirements, but these will undoubtedly be risk-focused. For financial institutions using artificial intelligence (AI), regulators will want to see best practices in place. There should be model validations to check to ensure AI is working as it should be. After all, AI is developed by humans, and mistakes can happen. Manage with caution and have a good quality assurance process in place.

Partnerships with fintechs

The increased demand and competition for immediate digital payment methods has created opportunities for Fintech firms to partner with traditional financial institutions that are generally more conservative in developing innovative technologies or lack expertise and resources for development. From a regulatory perspective, these partnerships can be cloudy at best, which is a new focus during exams. Fintech partners and any third-party vendor management must have an appropriate AML program, including proper CDD, adequate controls, audit function, and suspicious activity referral procedures. Financial institutions should obtain a copy of their partner's AML program and test to be sure they comply with program requirements.

Change management

Change management has been critical during the last two years as the pandemic caused a shift to remote working. Enhanced controls are needed to ensure data security and processes align with expectations, and regulators may ask what steps a financial institution has taken to adapt during the pandemic. Added quality assurance measures may be needed to address the challenges of managing a remote work team. Regulators will also consider how financial institutions have handled the "great resignation." Retaining talent has proven difficult for some traditional institutions as remote work in the industry has become more acceptable. AML professionals have opportunities nationwide, which include those outside of conventional banking. Experienced BSA professionals have long been in high demand, and this shift has caused a significant strain on financial institutions' ability to staff their BSA teams with experienced, qualified officers and investigators. The great resignation has also affected technology talent, which has a significant crossover effect for BSA.  Regulators will not want to know why a BSA team is understaffed or underqualified; they want the deficiency corrected.