By Jeff Horvath, Co-Founder and CEO, DigiPli
The Anti-Money Laundering Act of 2020 (AMLA 2020) became law in early January, with major implications across institutional finance, including FinTechs. It introduced the biggest changes to the AML regime since the PATRIOT ACT of 2001 and was passed with strong bipartisan support. The Act remediates certain weaknesses in existing AML requirements, addresses new issues arising from advances in the financial markets and technology, and enhances regulatory coordination. FinTechs with US operations should closely analyze AMLA 2020, as it will require both changes to their AML programs and controls, and impact how they manage their operations, employees and risks.
Explicit Coverage of Digital Assets
AMLA 2020 resolves any doubt as to whether the Financial Crimes Enforcement Network (FinCEN) has the authority to regulate digital assets. It achieved this by amending the Bank Secrecy Act (BSA) from covering “monetary instruments” to including activities related to “value that substitutes for currency.” In addition to cementing FinCEN’s authority over cryptocurrency firms, the Act potentially broadens the applicability of AML laws to other FinTechs involved in digital payments, such as payment processors and wallet providers, who could be subject to liability if their infrastructure is used to circumvent AML requirements.
AML Staff Must Be in the US
AMLA 2020 introduces a new requirement: the AML program of a financial institution operating in the US must be “the responsibility of, and be performed by persons” located in the US. However, the exact wording of the requirement raises questions as to which staff must be in the US, the treatment of non-US outsourcings and the use of non-US KYC/AML vendors. FinTechs operating in the US need to assign personnel physically located in the US to oversee their US AML program, and should proceed cautiously when leveraging non-US AML staff, vendors or outsourcing providers to support US operations.
Beneficial Ownership Registry
The US lacks a beneficial ownership (BO) registry for legal entities, which has been criticized as facilitating the criminal use of shell companies to launder illicit funds. Instead, FinCEN’s Customer Due Diligence (CDD) Rule places the burden on financial institutions to identify their customers’ BOs. AMLA 2020 addresses this by establishing a national BO registry administered by FinCEN. Starting in January 2022, all legal entities will be required to report the identity of BOs who own more than 25% of, or control the entity. Entity types exempt from this reporting include US publicly traded companies and US-regulated financial institutions. In addition, within one year of establishing the BO registry, FinCEN must update the CDD Rule to eliminate the duplicative BO identification requirement.
AMLA 2020 strengthens protections and rewards for whistleblowers (employees and former employees) who report AML violations, bringing it in line with the SEC’s long-running whistleblower program. Whistleblowers can receive rewards of up to 30% of the fines levied and employers are prohibited from retaliating against employees who report AML violations. Given the greater chance of regulatory exposure, FinTechs should ensure sufficient resources are devoted to promptly detecting and remediating AML issues.
BSA Penalty Increases
Firms and executives are now held to even higher AML standards. The Act created two new criminal violations, which can result in penalties of up to 10 years’ imprisonment and fines of up to $1 million. The Act also increased civil fines and imposed other penalties, making it more likely for founders and executives to be personally liable if their firm violates AML rules.
Streamlined SAR and CTR Processes
AMLA 2020 requires regulators to review the submission processes, filing thresholds and other requirements relating to Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs). By January 2022, regulators must recommend to Congress ways to streamline and simplify these processes. Although SARs and CTRs can be powerful tools for detecting criminal activity, the current process is a massive burden for financial institutions, with many reports going unused by law enforcement. All financial institutions will benefit from a more streamlined approach.
What does AMLA 2020 Mean for FinTechs?
AML continues to be an ever-increasing priority for regulators. Over $10 billion in fines for AML, KYC, sanctions and related violations were issued in 2020, which was the highest annual amount to date. Established financial institutions, which have been investing in their AML programs for decades, still struggle with compliance. Newer financial institutions, including FinTechs, are forced to play catch-up as they are subject to the same laws as the largest global banks. Over the coming months FinTechs should confirm that their AML programs meet existing requirements, closely follow the implementation of AMLA 2020, and if their US AML program is managed or supported by non-US resources – consider shifting those into the US. If their efforts fall short, FinTechs should be prepared to face significant consequences.