It’s been a big year for compliance. Not only has the last year already seen the implementation of new data privacy legislation and the DarkSide attack laundering $10 million – now, we have the Financial Crimes Enforcement Network (FinCEN) announcing their priorities for the coming few years.
These priorities are broad, focusing on opposing the financing of terrorism (CFT) and anti-money laundering (AML). While the announcement doesn’t put any extra requirements on financial institutions yet, it’s undoubtedly important. Not only does it give financial institutions a glimpse of what future compliance frameworks might look like, but it also gives us our first insight into the Biden administration’s view of the threat landscape.
In this article, we’ll look at these new priorities, the regulation trends they reflect in the Fintech landscape, and how you can prepare your company to ensure sustainable compliance.
A recent announcement has been released in line with the requirements in the Anti-Money Laundering Act of 2020. This piece of legislation requires that FinCEN announce a set of priorities each year in the hope that this will allow companies to prepare for future compliance regulations.
Given that this is the first time these priorities have been released, it’s no surprise that they are broad. The national AML and CFT Priorities FinCEN identified are:
- Cybercrime, including cybersecurity and virtual currencies
- Foreign and domestic terrorist financing
- Transnational criminal organization activity
- Drug trafficking organization activity
- Human trafficking and human smuggling
- Proliferation financing
While this list might seem impossibly broad to form a basis for preparing your company for future regulations, there are some new elements here worth noting. It’s clear, for instance, that FinCEN has arrived at this list via a broad consultation process with other federal agencies. As such, this list of priorities represents a catch-all list of what are perceived as the biggest threats to US security today – and these go far beyond control of assets.
In fact, FinCEN has been explicit that they interpret their mission in this holistic manner. They have indicated that these priorities are designed to cover almost every perceived legal, regulatory, supervisory, or enforcement vulnerability in the U.S. financial system that may be associated with a particular product, service, activity, or jurisdiction. In practice, that means that frameworks like FATF and AML – which focus on a particular aspect of the financial industry – will be replaced with more far-reaching compliance frameworks.
The priorities also reveal much about the way that the incoming administration views financial data compliance. Specifically, this announcement by FinCEN even reproduces certain aspects of President Biden’s National Security Study Memorandum, which was issued in June of this year. This memo made anti-corruption efforts a central interest for national security, and offered new details on the way domestic criminal actors and corrupt foreign actors are laundering American assets and exploiting shortcomings in the country’s financial system.
The new administration, as indicated by this memo, is particularly interested in reducing the ability of Latin American cartels to launder money through the US. FinCEN has pointed out that much of this money is first laundered in China, with criminals then using relatively unregulated currency swap assets to exchange this for US dollars. It’s therefore expected that imminent new compliance frameworks will look to control foreign currency exchanges more tightly.
Similarly, FinCEN’s priorities are in line with the administrations’ renewed focus on international cybercrime. Even though President Joe Biden suspended FinCEN’s proposed regulations for self-hosted crypto wallets last year, it now seems the government has woken up to the vulnerabilities inherent in the crypto system – and especially the way that these can be exploited by cyber weapons.
This is very apparent in the full report released alongside FinCEN’s priorities. This report mentions Russia by name as well as several other countries that are believed to be participating in cybercrimes either in or against the USA.
In some ways, the recent announcement heralds a major change in the way financial institutions are regulated in the US. On the other hand, these changes are going to take years to come into effect, and the immediate consequences for financial institutions are likely to be minor in the short term.
This will be reassuring for financial institutions already struggling to ensure compliance against a panoply of data compliance frameworks. The IT teams for many companies have been forced to learn and apply the latest techniques in software engineering, web development, and coding in order to ensure compliance.
In fact, FinCEN itself has been keen to reassure companies that it will make no immediate changes to the way in which financial data is stored, processed, or collected. FinCEN, along with the other agencies that contributed to the report, issued an interagency statement explaining that the AML/CFT Priorities do not create any immediate changes to BSA requirements or supervisory expectations.
Instead, these agencies seem keen to follow a more gradual approach and consult with financial institutions on how they can best implement these new priorities in practice. This way, these same companies are given plenty of notice when they need to change the way they oversee financial data.
At present, we only have a vague idea of how this approach will work in practice, but FinCEN has given some details. The proposal is that Agencies will revise their BSA regulations within six months, and these will clarify how financial institutions should integrate the AML/CFT Priorities into their BSA programs.
That doesn’t mean that financial institutions should wait around though. The details we have on FinCEN’s new priorities are more than enough to start the preparatory work for future compliance frameworks. Specifically, institutions should consider the red flags FinCEN has issued, which includes taking steps to identify and report ransomware and other suspicious activity in regards to how hackers take advantage over convertible virtual currencies.
FinCEN’s announcement is one of the first indications of what compliance for Fintech companies and financial institutions will look like over the next decade. Therefore, though the priorities require no immediate action on behalf of these institutions, they should form the starting point for exploratory work on how AML and CFT systems can be strengthened. By doing so, companies can preemptively audit their systems to make sure they are prepared for compliance transformations before they occur.
Also Read: Financial Software Development