Comment letter: Anti-Money Laundering Program Effectiveness
November 16, 2020
Financial Crimes Enforcement Network
P.O. Box 39
Vienna, VA 22183
Re: NASCUS Comments RIN 1506–AB44 Anti-Money Laundering Program Effectiveness (Docket Number FINCEN–2020–0011)
Dear FinCEN Regulatory Support Section:
The National Association of State Credit Union Supervisors (NASCUS)[1] submits the following letter in response to the Advance Notice of Proposed Rulemaking (ANPR), Anti-Money Laundering Program Effectiveness, (RIN 1506-AB44).[2] As the professional association of State Credit Union Regulators and voice of the state credit union system, NASCUS works to coordinate, support, and enhance the Bank Secrecy Act/Anti-Money Laundering/Countering the Financing of Terrorism (BSA/AML/CFT) compliance, supervision and examination efforts of the state credit union system. NASCUS, state regulators, and credit union stakeholders recognize the importance of these efforts to safeguard our financial system and our nation. We welcome FinCEN’s thoughtful discussion of ways in which the BSA/AML/CFT regime might be improved and the opportunity for stakeholders to provide input.
As FinCEN notes in the ANPR, the goal of supervisory and compliance efforts related to the BSA/AML/CFT framework should be to maximize effectiveness and utility to law enforcement and national security authorities. Our comments below are offered from that perspective: reducing pro-forma compliance obligations to allow AML programs to focus on interdicting financial crimes and reporting actionable information.
Defining an Effective and Reasonably Designed AML Program
Evaluating whether a credit union’s AML program sufficiently detects and deters illicit transactions is often inherently subjective. NASCUS supports efforts to better harmonize expectations among regulators and credit unions as to the sufficiency of AML efforts and a credit union’s overall AML program.
FinCEN seeks feedback on the benefit of adding an explicit definition of an ‘‘effective and reasonably designed’’ AML program as one that meets the following three prongs:[3]
- Identifies, assesses, and reasonably mitigates the risks resulting from illicit financial activity—including terrorist financing, money laundering, and other related financial crimes—consistent with both the institution’s risk profile and the risks communicated by relevant government authorities as national AML priorities
- Assures and monitors compliance with the recordkeeping and reporting requirements of the BSA
- Provides information with a high degree of usefulness to government authorities consistent with both the institution’s risk assessment and the risks communicated by relevant government authorities as national AML priorities.
We appreciate that the proposal would clearly articulate the general expectations for a compliance program, but greater clarity with respect to metrics to evaluate compliance would be very helpful. As a matter of general statement or scope, prongs number one and two are consistent with current supervisory and compliance practices. We would not recommend inclusion of prong number three.
Explicit Requirement for a Risk Assessment
NASCUS agrees that a risk assessment is a critical element of well-designed BSA/AML/CFT program.[4] In our experience, all credit unions complete risk assessments and those risk assessments are regularly reviewed by examiners. Adding an explicit requirement for a risk assessment should not present a burden to credit unions. To ensure a new explicit risk assessment requirement coheres to existing practices, NASCUS recommends they requirement be limited to conducting a risk assessment upon which the AML program is based and documenting the risk assessment. FinCEN should allow institutions to determine the needed frequency of updating the risk assessment as well as the methodology and format of the risk assessment.
FinCEN Issuance of Strategic Priorities
The ANPR solicits feedback on whether the Director of FinCEN should issue national AML priorities every two years, and whether those priorities should be incorporated into a financial institution’s risk assessment.[5]NASCUS encourages FinCEN to publish the AML priorities, but we caution against requiring those priorities to be incorporated into the risk assessment.
Publishing AML priorities would be beneficial to credit unions by allowing some institutions to reallocate AML efforts to focus on those priorities or otherwise emphasize those priorities in their AML efforts. However, adding requirements that would “embed” those priorities formally in the credit union’s risk assessment every two years could be challenging. Every time priorities are published, credit unions would have to re-do their risk assessment, design and implement changes to the BSA/AML/CFT program (including software changes) in response to changes in the risk assessment, and then train compliance staff and other relevant credit union staff to effectively implement the revised program. This process could take time, and for more modestly sized credit unions be resource prohibitive if frequently repeated.
SAR Reporting and CTR Filing
Adjusting the SAR and CTR filing requirements could provide substantial relief to credit unions by allowing BSA/AML/CFT officers and credit union financial crime investigators to dedicate more time and resources to monitoring transactions and identifying illicit activity.
Despite several legislative efforts, the monetary threshold for a CTR filing has remained static at $10,000. The monitoring of transactions to detect structuring and the compilation and filing of cash transaction reports is a time-consuming process that has, to our knowledge, limited value for AML purposes.[6] At a minimum, there is redundant protection against money laundering. Even if the CTR threshold were to be raised, SAR reporting would still be required for any suspicious cash transactions totaling at least $5,000.[7] The CTR threshold could be raised above $10,000 without sacrificing the notification to federal authorities of potentially illicit cash movement.
NASCUS has been told by stakeholders that the CTR exemption process is too burdensome. For these entities, managing the ongoing exemption from CTR filing for qualifying members is as burdensome as the ongoing filing requirement and therefore they choose to continue to file the CTRs. We encourage FinCEN to explore ways to ease the process for credit unions to exempt qualifying credit union members from CTR filing obligations.
More substantial relief could be provided by reconsidering the value of the ongoing SAR filing obligations. The sheer volume of repeat SAR filing can unduly strain a credit union’s AML program. The statutes under which credit unions are chartered impose significant restrictions and burdens on the termination of membership. As a result, many credit unions do not have the ability to mitigate on-going filing obligations by terminating the banking relationship with the party engaging in the suspicious transactions. As member financial institutions, these credit unions are prohibited by statute from terminating the banking relationship with a member unless they specify a cause (such as causing a loss to the institution). In many cases credit unions are required by law to explain to the member why that member’s accounts are being closed and providing the member an opportunity to appeal the expulsion. Of course, the need to maintain the confidentiality of SARs prevents these credit unions from providing the explanation that is required by their credit union law. As a result, many credit unions have no choice – they must continue filing SARs because they cannot satisfy the state statutory requirements for termination of membership.
In addition to noting the burden and cost of repeated filing, NASCUS questions the value of 90-day repetitive filing. For example, in the marijuana context, the SAR Limited filing every 90 days is of questionable utility. On regular SAR filings, many of which never lead to referral for criminal investigation, the burden likewise outweighs the benefit.
NASCUS recommends that on-going SAR filing requirements be extended from 90-days to a 180-day or even annual filing requirement. Covered entities would still be required to monitor the accounts and include a transaction history in the extended refiling. In addition, should the nature of the transactions change, or new information become available, a SAR could be filed ahead of the 180-day (or annual) re-filing deadline.
Information Sharing Between Covered Entities for the Purpose of Fulfilling AML Program Obligation Should Be Simplified
Section 314(b) of the USA PATRIOT Act provides a safe harbor allowing financial institutions to share information with each other regarding individuals and entities suspected of possible money laundering.[8]Financial institutions seeking to avail themselves of § 314(b) protections must comply with FinCEN’s implementing regulations, including notifying FinCEN and verifying that the other financial institution has also submitted notice to FinCEN.[9] To encourage information sharing among covered entities and facilitate the identification of illicit activity as well as facilitate the ability to “clear” unusual transactions as lawful, FinCEN should consider ways in which the § 314(b) implementing regulations may be eased. Two possible reforms that could significantly improve the effectiveness of § 314(b) information sharing would be a presumption that covered entities are within the safe harbor unless they have opted out and relaxing of FinCEN’s interpretation that the prohibition of SARs disclosure extends to institutions sharing information within the § 314(b) context.
Credit Unions Should Have Greater Flexibility to Implement Training
Currently, credit unions are required to provide training to appropriate personnel.[10] While the FFIEC BSA Examination reinforces that institutions have discretion to train only “personnel whose duties require knowledge of the BSA” as part of the BSA training program, we believe the rule and subsequent guidance could further clarify and simplify the BSA/AML/CFT training requirements without diminishing the effectiveness of the credit union’s anti-money laundering program.
Specifically, requirements and expectations for training should be focused on the BSA/AML/CFT officer, the credit union’s executive team and the directors. Training of other relevant staff should be unequivocally left to the discretion of the institution. From a supervisory perspective, the sufficiency of training of front line and other relevant staff can be deduced from the overall effectiveness of the program, rather than a “check-the-box” review of training for miscellaneous staff that may or may not be effective.
NASCUS welcomes the opportunity to share our views on improvements to the regulatory, supervisory and compliance requirements of the BSA/AML/CFT framework. As noted above, we fully support FinCEN in its mission to safeguard the financial system and the nation. As FinCEN acknowledges in the ANPR, the current regulatory foundation of the AML could be improved to allow covered entities to focus on the mission of detecting financial crimes and illicit activity more effectively. We would be happy to discuss our comments and recommendations in detail with NCUA.
Sincerely,
– signature redacted for electronic publication –
Brian Knight
Executive Vice President and General Counsel
[1] NASCUS is the professional association of the nation’s 45 state credit union regulatory agencies that charter and supervise over 2,000 state credit unions. NASCUS membership includes state regulatory agencies, state chartered and federally chartered credit unions, and other important stakeholders in the state system. State chartered credit unions hold nearly half the $1.76 trillion assets in the credit union system and are proud to represent nearly half of the 123 million credit union members.
[2] Advance Notice of Proposed Rulemaking, Anti-Money Laundering Program Effectiveness, 85 Fed. Reg. 181, 58023 (September 17, 2020).
[3] 85 Fed. Reg. 181, 58026 (September 17, 2020).
[4] 85 Fed. Reg. 181, 58026 (September 17, 2020).
[5] Ibid.
[6] Of course, CTRs may have value for authorities for tax or monetary control/security purposes. However, we address CTRs in the context of the BSA/AML/CFT.
[7] The $5,000 threshold is for a transaction with a known suspect. As credit unions only conduct transactions on behalf of members, there would always be a “known suspect” to trigger the SAR reporting requirement.
[8] Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001 (“USA PATRIOT Act”) Pub. L. No. 107-56, 115 Stat. 272 (2001).
[9] See 31 CFR § 103.110(b)(2),(b)(3), and (b)(4).
[10] 12 CFR 748.2(c)(4) and 31 USC 5318(h)(1)(c) and 31 C.F.R.1020.210 (b)(4).