Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Top 10 regulatory topics NBFIs should prepare for in 2022

Terri Luttrell, CAMS-Audit, CFCS
March 11, 2022
Read Time: 0 min

Expert insights on 10 regulatory topics that NBFIs should consider this year

Review this list of what regulators are looking for in 2022 to help your NBFI pass exams with flying colors.

You might also like this whitepaper on combatting domestic terrorism financing



Regulatory focuses in 2022

Regulatory topics for NBFIs to watch for

Thanks to an increase in mobile payments precipitated by the pandemic and rising security concerns due to the Russian conflict in Ukraine, the world of financial fraud prevention is more dynamic than ever. More regulations and guidance are refining the effects of the Anti-Money Laundering Act of 2020 (AMLA), and the industry awaits clarification of the eight FinCEN priorities. What does this mean for the current regulatory focus for non-bank financial institutions (NBFIs)? A panel of experts from top regulatory supervisory agencies recently spoke at the Hawaii Bankers Association (HBA) BSA/AML Symposium to give insight into regulatory topics NBFIs should prepare for in 2022.


NBFI AML programs

Many NBFIs do not realize that they must have an AML program the same as traditional financial institutions, and as penalties increase for non-depository institutions, NBFIs may find themselves under increased regulatory scrutiny. An NBFI AML program can be lighter than a full-service traditional bank or credit union program. Still, it should address the five BSA pillars and the enhanced due diligence suggestions in the FFIEC BSA Examination Manual. Noted deficiencies for NBFI AML programs include not being robust, not securing an independent audit, failing to do customer due diligence (CDD) on mortgages, and appointing a BSA Officer with no training or expertise. The panel encouraged NBFIs to create and adhere to a solid AML program to avoid penalties.


In 2022, regulators will be examining your sanctions program more closely than ever, given the global climate. As sanctions become more complex and require constant diligence, Office of Foreign Assets Control (OFAC) compliance should be a high focus for your business. If your NBFI does not have automated OFAC scanning, now may be the time to invest in reputable software and develop a complete understanding of your scanning logic. It is wise to pay close attention to added Russian entities and individuals and consider adding an enhanced section on Russian sanctions to your OFAC policy to show regulators that your NBFI is exercising caution. If your business let a sanctioned Russian transaction fall through the cracks, the reputational repercussions alone may be significant. If you need assistance enhancing your sanctions program, this downloadable Key Components of a Strong Sanctions Compliance Program may help.

AMLA preparation

The passage of the AMLA marked the most significant regulatory changes since the USA PATRIOT Act, and the AML industry is waiting for FinCEN to clarify regulatory expectations associated with the eight FinCEN priorities. A joint interagency statement issued June 2021 made it clear that the regulators had no immediate expectations for entities to act until those additional rules and guidance are released. However, NBFIs can begin thinking and planning around AMLA requirements and informing executive management of expected changes now to simplify implementation processes later and satisfy regulators. According to the panel, NBFIs should be prepared to answer "how are you planning" questions during their 2022 exams.

Beneficial ownership information

The Corporate Transparency Act (CTA) included in AMLA enhanced the requirements around beneficial ownership information, establishing the beneficial owner database for legal entity customers. So far, three stages of implementation have taken place, and changes to the 2018 customer due diligence (CDD) legislation are still forthcoming. NBFIs must continue to comply with the current CDD rules while awaiting changes but should carefully follow CDD policies and be ready to implement them. There will likely be a grace period for implementing any changes, as was given with the 2018 rule, but NBFIs must be fully informed when that time comes. Failure to adhere to CDD rules is one of the most common regulatory findings for NBFIs and is listed in the common deficiencies later in this article.



Due to partisan disagreements, legislative clarity on the cannabis industry at the federal level will take time, according to speakers on the HBA panel. That means due diligence will continue to be necessary for NBFIs, whether they are knowingly providing services to cannabis-related businesses (CRBs) or not. Recently, the Secure and Fair Enforcement Banking Act of 2021 (SAFE Act) passed the house for the third time. It will undoubtedly help AML professionals and regulators authorizing safe harbor rules for businesses that provide services to the cannabis industry. As global tensions shift priorities in Congress, the cannabis banking topic is not likely to be examined anytime soon. Regardless, NBFIs should continue to shore up policies and procedures around CRBs.


In general, NBFIs have a higher risk tolerance for cryptocurrency than traditional financial institutions. The COVID-19 pandemic increased the need to move funds virtually, and cryptocurrency usage filled this need. Many NBFIs frequently settle cryptocurrency accounts, which pose a higher risk for illicit activity. Regulators advise NBFIs to have risk-based cryptocurrency policies and procedures in place as part of their risk assessment and adjust for any residual risk. Keep in mind that there is a big difference between NBFIs that purchase cryptocurrency and those that process cryptocurrency for customers or act as a clearinghouse for cryptocurrency exchanges. Each scenario has different risks and different due diligence expectations. NBFIs must understand the nature and purpose of each account associated with cryptocurrency, know its expected activity, and know their customer's customers.

Innovation and technology

Another regulatory focus in 2022 is financial institutions' technology needs, including NBFIs. The financial market is rapidly relying more on online payment methods, and AMLA requires financial institutions to modernize their technology to handle new emerging threats associated with remote management of funds. New expectations and requirements will undoubtedly be risk-focused. NBFIs that use artificial intelligence (AI) for online payment will need to show regulators that they are using best practices. These include model validations that ensure AI is working perfectly. After all, AI is developed by humans, and mistakes can happen. Manage with caution and have a good quality assurance process in place to satisfy regulators.

Partnerships with fintechs

The increased demand and competition for immediate digital payment methods have created opportunities for fintech firms to partner with other NBFIs that lack expertise and resources for development. From a regulatory perspective, these partnerships can be cloudy at best, which is a new focus during exams. Fintech partners and any third-party vendor management must have an appropriate AML program, including proper CDD, adequate controls, audit function, and suspicious activity referral procedures. NBFIs should obtain a copy of their partner's AML program and test to be sure they comply with program requirements.

Change management

When the pandemic caused a shift to remote working, change management became critical. Retaining talent has proven difficult for some organizations as remote work in the industry has become more acceptable. AML professionals have opportunities nationwide, including those outside of the financial services industry. Experienced BSA professionals have long been in high demand, and this shift has caused a significant strain on NBFIs’ ability to staff their BSA teams with experienced, qualified officers and investigators. Enhanced controls are needed to ensure data security and processes align with expectations, and regulators may ask what steps an NBFI has taken to adapt during the pandemic. Added quality assurance measures may be needed to address the challenges of managing a remote work team. Regulators will also pay attention to how NBFIs have handled the "great resignation." Regulators will not want to know why a BSA team is understaffed or underqualified; they will want the deficiency corrected. 

Staffing issues must be addressed, and according to the HBA panel, you may be asked how your institution is attracting and retaining talent within your BSA team.  

Is your AML Department understaffed?
Assess your institution's  resources with this calculator tool. 

Revisiting common deficiencies

Wrapping up the top 10 hot topics are common deficiencies cited by regulators during recent exams. Be assured that regulatory bodies share information and stay updated on other consent orders. As money laundering and fraud appear to be on the rise in many areas, NBFIs should review these common deficiencies of AML programs and fill in any identified gaps before their next audit or exam.

  • Backlogs in BSA related processes, such as processing alerts, cases, and EDD high-risk reviews
  • Change in transaction monitoring systems leading to the backlog described above
  • Staffing turnover leading to inadequate or inexperienced staffing
  • Lack of adequate controls, either an independent audit function or internal quality assurance processes
  • Risk Assessment is not updated with current products/services or markets
  • Alerts closed with inadequate or no documentation
  • No SAR decision with cut and paste templates— while templates are acceptable, they should always include and support reasons why the activity is not suspicious
  • Inadequate analysis for No SAR decisions. Using "known customer" to justify these decisions is insufficient. Each potentially suspicious transaction must be analyzed.

The NBFI focus

Anticipating regulators' focus in 2022

Although there has been a drop in regulatory BSA findings for 2020 and into 2021, the panel believes this is primarily due to pandemic restrictions, increased off-site examinations, and a focus shift away from BSA to asset quality and liquidity. Regulators have seen an increase in BSA focus during the first quarter of 2022, and with the Russian invasion of Ukraine, OFAC will be in the spotlight more than ever. Keeping these top 10 topics in mind will assist NBFIs in passing their next exam with flying colors.

Get the latest on AMLA guidance
Learn more about staffing your institution's BSA/AML team

Keep me informed Watch Webinar
About the Author

Terri Luttrell, CAMS-Audit, CFCS

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.