Top 10 Regulatory Hot Topics for 2022 – What AML Professionals Need to Know
Experts weigh in on regulatory hot topics for 2022
Review these 10 insights into what regulators are looking for in 2022 to help your financial institution pass exams with flying colors.
You might also like this whitepaper on combatting domestic terrorism financing
The world of FinCrime is more dynamic than ever, with fraud escalating thanks to an increase in mobile payments precipitated by the pandemic and security concerns rising over the Russian conflict in Ukraine. The anti-money laundering (AML) industry waits patiently for further regulations and guidance on the Anti-Money Laundering Act of 2020 (AMLA), specifically expectations for aligning with the eight FinCEN priorities. What does this mean for the current regulatory focus for financial institutions? A panel of experts from top regulatory supervisory agencies recently spoke at the Hawaii Bankers Association (HBA) BSA/AML Symposium to give insight into what they will be looking for in upcoming examinations. Below are the top 10 regulatory hot topics for 2022, in no order of importance.
Sanctions are fast becoming the most crucial focus of the year. Be assured that your regulators will look at your sanctions program more closely than at prior exams, and rightly so. Office of Foreign Assets Control (OFAC) compliance should be a high focus as sanctions become more complex and require constant diligence. Pay close attention to added Russian entities and individuals and understand your scanning logic. If your institution does not have automated OFAC scanning, now may be the time to invest in reputable software. Consider adding an enhanced section on Russian sanctions to your OFAC policy to show your regulators that you understand the magnitude of this situation. The reputational risk alone is significant to your institution if you let a sanctioned Russian transaction fall through the cracks. If your institution needs assistance enhancing your sanctions program, a downloadable Key Components of a Strong Sanctions Compliance Program may help.
With the passing of AMLA on January 1, 2021, the most sweeping regulatory changes since the USA PATRIOT Act were put into motion. The AML industry is awaiting further guidance from FinCEN to understand regulatory expectations around the requirements, particularly associated with the eight FinCEN priorities. A joint interagency statement issued in June 2021 made it clear that regulators had no immediate expectations for financial institutions to act until rules and guidance are released. However, the panel suggested thinking and planning around AMLA requirements and informing executive management of expected changes. According to the panel, financial institutions should be prepared to answer the "how are you planning" questions during their 2022 exams.
Beneficial Ownership Information
As part of AMLA, the Corporate Transparency Act (CTA) includes enhanced requirements around beneficial ownership information in addition to establishing the beneficial owner database for legal entity customers. There have been three stages of implementation so far, with a final rule and changes to the 2018 customer due diligence (CDD) legislation still forthcoming. Financial institutions must continue to comply with the CDD rule today but should carefully follow all future changes and be ready to implement them. There will likely be a grace period for implementing any changes, as was given with the 2018 rule, and banks and credit unions must be fully informed when that time comes. It should be noted that CDD is one of the most common regulatory findings. That's partly why it's among the top regulatory hot topics in 2022 and is further discussed in the common deficiencies section later in this article.
In general, traditional financial institutions have a low risk tolerance for banking cryptocurrency. Few banks and credit unions are settling cryptocurrency accounts, posing a higher risk for illicit activity. At the most, banks and credit unions may knowingly, or unknowingly, provide services for cryptocurrency exchanges, such as Coinbase or Binance. The COVID-19 pandemic increased the need to move funds virtually, and cryptocurrency usage filled this need. Regulators advise financial institutions to have risk-based cryptocurrency policies and procedures as part of their enterprise-wide risk assessment. Once the risk is assessed, create procedures around the residual risk. After all, there is a big difference between financial institutions that purchase cryptocurrency or hold it as a fiduciary and those that process cryptocurrency for customers or act as a clearinghouse for cryptocurrency exchanges. Each scenario has different risks and different due diligence expectations. A financial institution must understand the nature and purpose of each account associated with cryptocurrency and its expected activity and know their customer's customers. Consider this one of the higher risk areas of BSA (and therefore, among the regulatory hot topics in 2022), and make sure your financial institution's cryptocurrency policies are included in your risk assessment.
Speakers on the HBA panel predict that we may not see legislative clarity on the cannabis industry at the federal level for a while due to partisan disagreements and other national priorities. Therefore, continued due diligence is necessary for financial institutions, whether they are knowingly providing traditional services to cannabis-related businesses (CRBs) or not. The Secure and Fair Enforcement Banking Act of 2021 (SAFE Act) will undoubtedly help the AML industry and the regulators by authorizing safe harbor to financial institutions providing services to the cannabis industry, and has passed the house for the third time. But with priorities shifting due to current global threats, the cannabis banking topic is not likely to move in Congress anytime soon. Regardless, financial institutions should continue to shore up policies and procedures around CRBs.
Non-Bank Financial Institutions
Non-Bank Financial Institutions (NBFIs) are under increased regulatory scrutiny. Financial institutions should know which types of NBFIs they provide services to and conduct a thorough risk assessment on each NBFI category. Regulators want to see enhanced due diligence (EDD) on those NBFIs that present a higher risk to the institution, such as money services businesses and other non-depository institutions requiring AML/BSA programs. Banks and credit unions may be asked to provide copies of their NBFI customer's AML program during their exam, so being proactive in obtaining a copy from each customer at onboarding and updating it throughout the life of the account would be prudent. An NBFI AML program can be lighter than a full-service traditional bank or credit union program. Still, it should address the 5 BSA pillars and the enhanced due diligence suggestions laid out in the FFIEC BSA Examination Manual. Noted deficiencies for NBFI AML programs include not being robust, not securing an independent audit, failing to do customer due diligence (CDD) on mortgages, and appointing a BSA Officer with no training or expertise. The panel suggests paying close attention to mortgage companies and money transmitters.
Innovation and Technology
Another regulatory focus coming out of AMLA is financial institutions' innovation and technology needs, regardless of asset size. The financial market is rapidly changing when it comes to payment methods, and AMLA requires financial institutions to modernize their technology to handle new emerging threats. Further rules and guidance will determine the expectations and requirements, but these will undoubtedly be risk-focused. For financial institutions using artificial intelligence (AI), regulators will want to see best practices in place. There should be model validations to check to ensure AI is working as it should be. After all, AI is developed by humans, and mistakes can happen. Manage with caution and have a good quality assurance process in place.
Partnerships with fintechs
The increased demand and competition for immediate digital payment methods has created opportunities for Fintech firms to partner with traditional financial institutions that are generally more conservative in developing innovative technologies or lack expertise and resources for development. From a regulatory perspective, these partnerships can be cloudy at best, which is a new focus during exams. Fintech partners and any third-party vendor management must have an appropriate AML program, including proper CDD, adequate controls, audit function, and suspicious activity referral procedures. Financial institutions should obtain a copy of their partner's AML program and test to be sure they comply with program requirements.
Change management has been critical during the last two years as the pandemic caused a shift to remote working. Enhanced controls are needed to ensure data security and processes align with expectations, and regulators may ask what steps a financial institution has taken to adapt during the pandemic. Added quality assurance measures may be needed to address the challenges of managing a remote work team. Regulators will also consider how financial institutions have handled the "great resignation." Retaining talent has proven difficult for some traditional institutions as remote work in the industry has become more acceptable. AML professionals have opportunities nationwide, which include those outside of conventional banking. Experienced BSA professionals have long been in high demand, and this shift has caused a significant strain on financial institutions' ability to staff their BSA teams with experienced, qualified officers and investigators. The great resignation has also affected technology talent, which has a significant crossover effect for BSA. Regulators will not want to know why a BSA team is understaffed or underqualified; they want the deficiency corrected.
Staffing issues must be addressed, and according to the HBA panel, you may be asked how your institution is attracting and retaining talent within your BSA team.
Is your AML Department understaffed?
Assess your institution's resources with this calculator tool.
Revisiting Common Deficiencies
Wrapping up the top 10 regulatory hot topics for 2022 are common deficiencies cited by regulators during recent exams. Be assured that regulatory bodies share information and stay updated on other consent orders. As money laundering and fraud appear to be on the rise in many areas, financial institutions should review these common deficiencies of AML programs and fill in any identified gaps before their next audit or exam.
- Backlogs in BSA related processes, such as processing alerts, cases, and EDD high-risk reviews
- Change in transaction monitoring systems leading to the backlog described above
- Staffing turnover leading to inadequate or inexperienced staffing
- Lack of adequate controls, either an independent audit function or internal quality assurance processes
- Risk Assessment not updated with current products/services or markets
- Alerts closed with inadequate or no documentation
- No SAR decision with cut and paste templates— while templates are acceptable, they should always include and support reasons why the activity is not suspicious
- Inadequate analysis for No SAR decisions. Using "known customer" to justify these decisions is insufficient. Each potentially suspicious transaction must be analyzed.
Although there has been a drop in regulatory BSA findings for 2020 and into 2021, the panel believes this is primarily due to pandemic restrictions, increased off-site examinations, and a focus shift away from BSA to asset quality and liquidity. Regulators have seen an increase in BSA focus during the first half of 2022, and with the Russian invasion of Ukraine, OFAC will be in the spotlight more than ever. Keeping these top 10 hot topics in mind will assist your financial institution in passing your next exam with flying colors.