The Anti-Money Laundering Act of 2020: New Challenges for Financial Institutions, Their Employees and Customers, and (Nearly) Everyone ElseJanuary 15, 2021
On January 1, 2021, Congress enacted the Anti-Money Laundering Act of 2020 (the “Act”).1 As part of the National Defense Authorization Act for Fiscal Year 2021, the Act creates a broad range of new anti-money laundering (“AML”) obligations for banks and other financial institutions, certain private investment structures, and even federal regulators.
Spanning more than 85 pages, the Act contains a number of significant new provisions and changes. Many of the new provisions, including those creating a federal beneficial ownership registry, call for implementing regulations that will be promulgated months or years from now. Other provisions, including new criminal offenses and new subpoena authority over foreign banks with U.S. correspondent accounts, take effect immediately.
This article addresses the following aspects of the Act:
- Federal Beneficial Ownership Registry-The Corporate Transparency Act
- Broader Subpoena Power over Foreign Banks
- Enforcement Priorities, New Crimes, and New Penalties
- Expanded Scope of the Bank Secrecy Act
- Changes to BSA/AML Program Requirements
- Ability to Share SARs with Foreign Branches
- Focus on Technology
- Safe Harbors
- New AML Whistleblower Regime
Federal Beneficial Ownership Registry—The Corporate Transparency Act (“CTA”)
The CTA creates a federal beneficial ownership registry, which will require certain types of domestic and international corporate entities to file with the Financial Crimes Enforcement Network (“FinCEN”) information about the beneficial ownership of those entities.2 This type of ownership registry has been debated in Congress for the past decade and, in that time, regulators imposed incremental measures to require disclosure of beneficial ownership information in industries or localities that posed money laundering threats. Congress ultimately determined that the incremental measures did not go far enough to address the risk that anonymous shell companies allowed criminals and terrorists to launder their money with ease. As a result, within the next year, FinCEN is required to issue regulations requiring a reporting company to file with FinCEN information about each beneficial owner of (i) a reporting company, and (ii) the applicant to a secretary of state for the company’s formation or registration.
Although the drumbeat leading to the CTA would have suggested that a vast array of previously unregulated entities would now be required to report beneficial ownership information, in fact there are many exemptions within the law, so careful attention is necessary, both to definitions in the CTA, and in implementing regulations as they are issued.
The CTA defines a “reporting company” subject to the new reporting requirements as a corporation, limited liability company, or similar entity that is either (i) created by a filing with a secretary of state, or (ii) formed under foreign law and registered to do business in the U.S. by a filing with a secretary of state.
Each reporting company must disclose information about its “beneficial owners,” which the CTA defines as a person who, directly or indirectly, (i) exercises substantial control over the entity; or (ii) owns or controls not less than 25 percent of the ownership interests of the entity. The CTA does not define “substantial control.”
Each reporting company must also disclose information about each “applicant,” which the CTA defines as any individual who files an application to (i) form a corporation, limited liability company, or similar entity under state law, or (ii) register with a secretary of state a corporation, limited liability company, or similar entity that has been formed under foreign law.
As noted above, somewhat surprisingly, many entities are exempted from the definition of “reporting company,” including banks, insurance companies, broker-dealers, and certain investment funds, charities, and pooled investment vehicles that are advised or operated by banks or registered investment advisers. Most corporations and LLCs that are owned or controlled by an exempted entity are also exempt from reporting. In addition, an entity is exempt if it (i) employs more than 20 employees; (ii) filed federal income tax returns in the previous year demonstrating more than $5,000,000 in gross receipts or sales, aggregating the income of both subsidiary and parent entities; and (iii) “has an operating presence at a physical office within the United States.”
If an exempt pooled investment vehicle is formed under foreign law, it must nonetheless file with FinCEN a written certification that provides identification information of an individual that exercises “substantial control”—again, a term the CTA does not define—over the pooled investment vehicle.
A violation of the CTA provides for civil penalties of up to $500 for each day that a violation has not been remedied and criminal penalties of up to $10,000 and two years’ imprisonment for individuals who intentionally submit incorrect or fraudulent beneficial ownership information or who knowingly fail to provide comprehensive or updated beneficial ownership information.
Although beneficial ownership information, much like other information in FinCEN’s possession, is confidential and may not be disclosed except to law enforcement, a reporting company may consent to FinCEN’s disclosure of a company’s beneficial owner information to a financial institution to facilitate the financial institution’s compliance with customer due diligence requirements under applicable law.
Implications for Clients:
- The precise scope of entities that will be excluded from the reporting obligation will not be clear until FinCEN issues implementing regulations. Nonetheless, entity structures, contracts, and deal documents may need to be revised now.
- ffering circulars may need to point out new risks that the CTA creates, including the possibility that implementing regulations may require the disclosure of certain investor information to FinCEN.
- Loan documents may need to be revised to require deal entities to periodically confirm that they are in compliance with FinCEN’s beneficial owner disclosure requirements and require as a condition to any permitted beneficial ownership transfers that the deal entities have complied with the CTA.
- Funds and other clients may wish to analyze their structures to determine whether implementing regulations are likely to exclude all part or all of the structure from the new reporting obligations.
Broader Subpoena Power over Foreign Banks
In a sweeping expansion of U.S. jurisdiction, the Act authorizes the Secretary of the Treasury or the Attorney General to issue a subpoena to any foreign bank that maintains a correspondent account in the United States and to request “any records relating to the correspondent account or any account at the foreign bank,” including records maintained outside of the United States.3
Officers, directors, and employees of a foreign bank that receives such a subpoena are prohibited from notifying any account holder involved, or any person named in the subpoena, about the existence of the subpoena. A violation of this prohibition is punishable by a civil penalty of double the amount of suspected criminal proceeds sent through the correspondent account of the foreign bank in the related investigation.
A foreign bank that fails to comply with a subpoena may be punished for contempt and liable for a civil penalty of up to $50,000 for each day that the foreign bank fails to comply with the terms of the subpoena. Funds held in the correspondent account may be seized to satisfy civil penalties.
In addition, if a foreign bank fails to comply with a subpoena, Treasury or the U.S. Department of Justice (“DoJ”) may order the U.S. financial institution providing the correspondent account to terminate the account relationship. A U.S. financial institution that fails to terminate the correspondence account relationship within 10 days is liable for a civil penalty of up to $25,000 for each day the financial institution fails to terminate the relationship.
The Act requires U.S. financial institutions that maintain a correspondent account for a foreign bank to maintain records in the United States identifying the owners of record and the beneficial owners of the foreign bank and the name and address of a person who resides in the United States and is authorized to accept service of legal process in connection with the new subpoenas.
Implications for Clients:
- The Act vastly expands the U.S. government’s ability to gather information from foreign banks.
- The new subpoena powers permit the government to subpoena information not only concerning a foreign bank’s U.S. correspondent account, but also about any account at the foreign bank.
- In an attempt to move beyond the reach of the new subpoena powers, some foreign accountholders of foreign banks with U.S. correspondent accounts may move their business to foreign banks that do not hold U.S. correspondent accounts.
Enforcement Priorities, New Crimes, and New Penalties
Congress created two new criminal offenses in the Act. Both offenses are punishable by a fine of up to $1,000,000, 10 years’ imprisonment, or both. The first new offense is to knowingly conceal, falsify, or misrepresent, from or to a financial institution, a material fact concerning the ownership or control of assets involved in a monetary transaction if (i) the person or entity who owns or controls the assets is a senior foreign political figure; and (ii) the aggregate value of the assets involved is at least $1,000,000.4
The second new offense is to knowingly conceal, falsify, or misrepresent, from or to a financial institution, a material fact concerning the source of funds in a monetary transaction that (i) involves an entity found to be a primary money laundering concern; and (ii) violates a prohibition on opening or maintaining a correspondent or payable through account.5
Congress also authorized the SEC to bring disgorgement claims for violations of the Securities Exchange Act. The statute of limitations for disgorgement claims is five years for most violations, and 10 years for fraud other violations for which scienter must be established.6
The Act creates a number of new penalties for already existing Bank Secrecy Act (“BSA”) violations. For repeat violators, Treasury may impose, in addition to any other applicable penalties, a penalty of up to three times the profit gained from the violation, or twice the maximum penalty with respect to the violation. The new penalty applies only to persons who commit both a first and subsequent violation after January 1, 2021.7
If an individual partner, director, officer, or employee of a financial institution is convicted of a BSA violation, the individual must repay to the financial institution any bonus received during the calendar year during which or after which the violation occurred.8 In addition, any individual found to have committed an egregious violation of the Bank Secrecy Act “shall be barred” from serving on the board of directors of a U.S. financial institution for 10 years following the conviction or judgment.9
Implications for Clients:
- Individual bonus clawbacks are required only where an individual is convicted of a BSA violation. Where an enforcement action is against a financial institution alone, the Act does not require individual employees to repay their bonuses.
- The defense bar can be expected to challenge the retroactive application of the 10-year statute of limitations for disgorgement claims in connection with Exchange Act violations.
Expanded Scope of the Bank Secrecy Act
The Anti-Money Laundering Act of 2020 broadens the definition of “financial institution” under the BSA. The term “financial institution” now includes businesses that exchange or engage in the transmission of cryptocurrency. In addition, FinCEN is required to issue regulations within the next year that determine the scope of persons “engaged in the trade of antiquities” that will be considered “financial institutions” under the BSA.
Implications for Clients:
- The inclusion of cryptocurrency businesses as financial institutions largely codifies existing FinCEN guidance.
- Antiquities dealers can expect some level of requirements to conduct customer due diligence and file currency transaction reports and suspicious activity reports (“SARs”).
Changes to BSA/AML Program Requirements
The Act includes a number of provisions that will alter the landscape for financial institutions implementing BSA/AML programs. Key among these changes are requirements that FinCEN provide financial institutions with information about financial crime concerns and patterns. Within six months, the U.S. Department of Treasury (“Treasury”) must establish national AML priorities, to be updated at least once every four years.10 Federal regulators will subsequently review whether and to what extent financial institutions have incorporated the national AML priorities into their risk-based programs to comply with BSA requirements.11
The Act also requires FinCEN, “to the extent practicable,” to periodically disclose to “each financial institution” a summary of information on SARs that “proved useful” to law enforcement.12 The Act does not require financial institutions to respond to FinCEN’s disclosures, but financial institutions that receive negative feedback or no positive feedback may wish to consider whether they are meeting regulatory expectations.
FinCEN also must publish information relating to emerging money laundering and terrorist financing threat patterns and trends.13 FinCEN must include typologies, “including data that can be adapted in algorithms if appropriate,”14 suggesting that financial institutions will be evaluated on whether and to what extent they have incorporated FinCEN’s published threat patterns and trends into the financial institutions’ BSA/AML programs and SAR reporting processes.
The Act addresses de-risking, which is the practice of cutting off financial services to underserved individuals, entities, and geographic areas when BSA/AML risks are difficult or expensive to manage. The Act states that BSA/AML policies “must not unduly hinder or delay legitimate access to the international financial system,” and that federal enforcement efforts should not primarily focus on BSA/AML policies that result in “incidental, inadvertent benefits” to designated groups in the course of delivering “life-saving aid to civilian populations.”15 The Office of the Comptroller of the Currency and FinCEN are required to study and report on de-risking, and to propose changes, as appropriate, to reduce any unnecessarily burdensome regulatory requirements.
Implications for Clients:
- A financial institution implementing a BSA/AML program will need to be able to demonstrate to its regulators that the financial institution has incorporated into its BSA/AML processes the information FinCEN provides about national AML priorities and other risk areas.
- The new Act emphasizes the need for SARs to be “useful” to law enforcement, a standard that financial institutions may have difficulty defining.
- A statement that U.S. enforcement efforts are not focused on de-risking may cause financial institutions to maintain some lines of higher-risk business. However, the Act does not require financial institutions to maintain higher-risk business; if the cost of compliance outweighs the profit from the business, financial institutions may continue de-risking certain business lines.
Ability to Share SARs with Foreign Branches
Under current regulations, U.S. financial institutions are limited in their ability to share SAR details with foreign affiliates. The Act requires FinCEN to establish a pilot program for U.S. financial institutions to share SAR information with their foreign branches, subsidiaries and affiliates, other than those in China, Russia, or jurisdictions that are state sponsors of terror, subject to sanctions, or unable to reasonably protect the security and confidentiality of the information.16
Financial institutions also face new limitations on where a financial institution’s BSA duties can be carried out. The Act states that the “duty to establish, maintain and enforce” a BSA/AML program must be performed by “persons in the United States” who are accessible to and supervised by the appropriate federal regulator.17
Implications for Clients:
- Financial institutions that are authorized to share SAR information across borders will also be expected to incorporate that information into their ongoing monitoring and SAR reporting processes; a financial institution may be deemed to know what its foreign branch knows.
- This is actually a helpful provision in the Act, insofar as global international banks have at times been stymied in coordinating cross-border compliance efforts by exceedingly strict rules about the confidentiality of SARs. This loosening of restrictions on sharing information might enable compliance professionals to reduce the risk of banking bad actors across bank branches in the United States and abroad.
Focus on Technology
Portions of the Act focus on the role of technology in financial institutions’ BSA/AML compliance programs. FinCEN must issue regulations establishing standards that financial institutions must use when testing technology used for compliance with the BSA.18 FinCEN is also required to establish “streamlined, including automated, processes to, as appropriate, permit the filing of noncomplex categories” of SARs.19
Implications for Clients:
- Financial institutions may be able to automate the filing of certain categories of SARs at some future date, provided that the technology for doing so meets forthcoming FinCEN standards.
- FinCEN is unlikely to permit financial institutions to automate all SAR filing.
Under the Act, FinCEN must assess whether to establish a process for the issuance of no-action letters, including in response to requests for a statement as to whether FinCEN or another federal functional regulator intends to take enforcement action against a person under the AML laws with respect to specific conduct. If appropriate, regulations must be proposed within 180 days of enactment.20
In addition, the Act provides a safe harbor for financial institutions that keep an account or transaction open upon receiving a valid “keep open request” from a law enforcement agency. Financial institutions must still fulfill relevant reporting requirements, such as filing suspicious activity reports.21
Implications for Clients:
- Although a safe harbor for complying with a keep open request is a welcome provision in the law, financial institutions must still comply with BSA reporting requirements. Financial institutions may need to consider whether filing a SAR on an account and keeping it open at the request of law enforcement is consistent with current policies and processes, and perhaps address the impact of keep open orders in new policies.
New AML Whistleblower Regime
The Act amends and expands whistleblower awards and protections previously set forth at 31 U.S.C. §§ 5323 and 5328. Under the prior version of § 5323, whistleblowers were eligible for a reward if they provided information that led to a recovery exceeding $50,000. Awards were capped at $150,000.
The new provisions authorize Treasury to grant a whistleblower award only where an enforcement action under the BSA results in penalties, disgorgement, and interest exceeding $1,000,000.22 A whistleblower award may be in an amount of up to 30% of ordered penalties, disgorgement, and interest.
To be eligible for an award, a whistleblower must provide original information relating to a violation of the Bank Secrecy Act to either (1) the whistleblower’s employer, (2) Treasury, or (3) DoJ. A whistleblower who makes an anonymous claim for an award must be represented by counsel, and must disclose his or her identity before receiving payment of the award.
Employers are prohibited from retaliating against any whistleblower employee because of any lawful act done by the whistleblower. Whistleblowers who face adverse employer retaliation may file an action with the Department of Labor. If the whistleblower prevails in the action, the employer may be ordered to reinstate the employee, pay compensatory damages, and pay the whistleblower employee two times the back pay and interest otherwise owed to the whistleblower.
Implications for Clients:
- The significantly larger awards the Act authorizes places this new whistleblower regime on par with the SEC’s whistleblower regime, which in recent years has resulted in numerous enforcement actions and high-dollar whistleblower awards.
- Financial institutions may wish to study the new whistleblower provisions carefully to ensure that (1)appropriate processes are in place to receive and respond to whistleblower information, and (2) employee contracts and other agreements do not attempt to waive any of the rights or remedies available to whistleblowers.
1 Public Law No.: 116-283, §§ 6001-6511.
2 Public Law No.: 116-283, §§ 6402-6404.
3 Public Law No.: 116-283, § 6308.
4 Public Law No.: 116-283, § 6313.
6 Public Law No.: 116-283, § 6501.
7 Public Law No.: 116-283, § 6309.
9 Public Law No.: 116-283, § 6310.
10 Public Law No.: 116-283, § 6101.
12 Public Law No.: 116-283, § 6103.
13 Public Law No.: 116-283, § 6106.
15 Public Law No.: 116-283, § 6215.
16 Public Law No.: 116-283, § 6212.
17 Public Law No.: 116-283, § 6101.
18 Public Law No.: 116-283, § 6209.
19 Public Law No.: 116-283, § 6102.
20 Public Law No.: 116-283, § 6305.
21 Public Law No.: 116-283, § 6306.
22 Public Law No.: 116-283, § 6314.