On New Year’s Day, Congress overrode President Trump’s veto of the National Defense Authorization Act (NDAA) for the 2021 fiscal year, turning the bill into law without requiring the president’s signature.[1] The NDAA includes the Anti-Money Laundering Act of 2020 (AMLA), the first major reform of the 50-year-old United States anti-money laundering (AML) framework since the 2001 USA PATRIOT Act was enacted after 9/11.
The AMLA is designed to modernize AML and counter-financing of terrorism (CFT) laws, improve coordination among government and industry stakeholders, and emphasize the importance of risk-based AML/CFT programs. The updates are numerous, and include enhanced whistleblower protections, a broadened purpose for the Bank Secrecy Act (BSA), new penalties for certain BSA violations, and the addition of two new committees to the BSA Advisory Group.[2]
But perhaps the most impactful change for financial institutions is the revamp of the Customer Due Diligence Rule (CDD Rule),[3] the development of uniform beneficial ownership requirements, and the establishment of a database at the Financial Crimes Enforcement Network (FinCEN) for storing beneficial ownership information (BOI) of legal entity customers. In this Client Alert, we focus on the beneficial ownership update, as well as two other topics of key interest to financial institutions: the expansion of FinCEN’s powers and BSA/AML program requirements, and new subpoena powers with potential extraterritorial effect that are granted to the Secretary of the Treasury (“Secretary”) and the U.S. Attorney General for documents located at foreign banks that have a correspondent banking account in the United States.
The AMLA instructs the Secretary to promulgate regulations implementing the AMLA’s beneficial ownership reporting requirements (the “BOI Regulations,” discussed below) within one year of the effective date of the AMLA.[4] In addition, within one year of promulgating the BOI Regulations, the Secretary must bring the CDD Rule into conformance with the BOI Regulations and reduce duplicative and unnecessary burdens for financial institutions and legal entity customers.
Specifically, the Secretary is instructed to rescind the entire CDD Rule, except for the first paragraph, which requires covered financial institutions to develop written and “reasonably designed” procedures to identify and verify the beneficial owners of their legal entity customers. While the AMLA does not provide clear guidance on what is “reasonably designed,” future regulations may outline the precise requirements. Until such regulations are issued, financial institutions may want to consider taking a conservative approach and continuing to follow the processes they have established and implemented under the CDD Rule.
The AMLA establishes uniform beneficial ownership reporting requirements for certain companies (Reporting Companies, as defined below) and creates a secure, nonpublic database at FinCEN for BOI. The requirements are intended to improve transparency regarding the illicit flow of funds through corporate structures, discourage the use of shell corporations to move illicit funds, and assist national security, intelligence, and law enforcement agencies in combating crime.[5] Not only will this new system bring the United States into compliance with international AML BOI practices,[6] it will also enable financial institutions to confirm the BOI received in the course of their customer due diligence processes.
Congress particularly emphasized the risks of shell companies as a motivation for implementing the new beneficial ownership requirements. Annually, over 2 million companies are formed in the United States, but most states do not request BOI upon formation. This anonymity allows bad actors to conceal their ownership interests in American companies that may facilitate serious illicit activities, including money laundering, terror financing, human and drug trafficking, and tax fraud, which harms the national security interests of the United States and its allies.
A beneficial owner under the AMLA is an individual who, directly or indirectly:
1. Exercises substantial control over an entity (the “Control Prong”); or
2. Owns or controls 25 percent or more of the ownership interests of an entity (the “Ownership Prong”).
The AMLA’s two-pronged approach is substantially the same as the current definition under the CDD Rule, which requires certain financial institutions to collect BOI from their legal entity customers upon opening an account.[7]
Under the AMLA, a Reporting Company will be required to provide BOI to FinCEN upon formation. A Reporting Company is “a corporation, limited liability company, or other similar entity that is… created by the filing of a document with a secretary of state or a similar office under the law of a State or Indian Tribe; or… formed under the law of a foreign country and registered to do business in the United States by the filing of a document with a secretary of state or a similar office under the laws of a State or Indian Tribe.”
However, because AMLA’s intent is to focus on beneficial ownership of shell companies, many legal entities will fall outside the definition of Reporting Company, and therefore not be subject to the reporting requirement. For example, companies with more than 20 full-time employees that have over $5 million in annual gross revenues and have a physical office in the United States, are excluded from the definition of Reporting Company. Other excluded entities include banks, credit unions, registered money services businesses, broker-dealers, publicly traded companies, and other entities filing certain reports with the SEC or other governmental agencies.
Reporting Companies have two years to report their BOI to the FinCEN database. Companies formed after the regulation’s effective date will be required to report at the time of formation. A Reporting Company must timely report changes to BOI, and no later than one year following the change.
The following information must be provided by a Reporting Company for each of its beneficial owners: (i) full legal name; (ii) date of birth; (iii) current residential or business street address; and (iv) a unique identifying number, such as a Social Security number or a FinCEN identifier, which FinCEN may issue upon request. These requirements align with the information that financial institutions must currently collect under the CDD Rule. BOI will be retained by FinCEN for at least five years following the Reporting Company’s termination.
Reporting Companies may face penalties for willfully providing false BOI, or for willfully failing to provide complete or updated BOI. A safe harbor applies in certain cases of voluntary and prompt corrections of erroneous BOI.
FinCEN will maintain BOI as strictly confidential, and may disclose such information only in four narrow circumstances:
1. Upon receipt of an appropriately made request from: (i) a federal agency engaged in national security, intelligence, or law enforcement activity, and for use in furtherance of such activity; or (ii) from a state, local, or Tribal law enforcement agency, if a court of competent jurisdiction has authorized the agency to seek this information in an investigation.
2. Subject to conditions, upon request from a federal agency on behalf of a law enforcement agency, prosecutor, or judge of another country under an international agreement or where no such agreement exists, upon official request made by authorities in trusted foreign countries.
3. Upon request by a financial institution subject to the CDD Rule to facilitate compliance with CDD Rule requirements, if with the consent of the Reporting Company; or
4. Upon request by a federal functional regulator or other appropriate regulatory agency.
In addition to the above permitted disclosures, certain officials at the Treasury Department may view BOI for tax administration purposes, or if their official duties require access. The Secretary may deny requests and may also suspend or bar agency access.
As part of an effort to modernize the AML regime in the United States, the AMLA requires FinCEN to increase coordination among governmental and private stakeholders, for example, by soliciting and sharing feedback on BSA requirements, and adapting to emerging threats and technologies, such as by maintaining emerging technology experts among its staff. Critically for financial institutions, FinCEN also is instructed to amend AML program requirements, specifically to require that AML programs be designed to guard not only against money laundering, but also against the financing of terrorism, i.e., an AML/CFT program.[8]
AML/CFT programs should be both: (i) reasonably designed to assure and monitor compliance; and (ii) risk-based, e.g., ensuring that more attention and resources are directed towards higher-risk customers and activities, consistent with a financial institution’s risk profile. AML/CFT programs should incorporate certain public priorities for AML/CFT policy, to be established by the Secretary in consultation with others, and updated at least every four years. As discussed in our September 2020 Client Alert, FinCEN has already proposed rules requiring that an AML program be “reasonably designed to assure and monitor compliance” and tasking the FinCEN Director with issuing a list of AML priorities, to be incorporated into AML programs.
Recent regulatory issuances related to AML have also heavily emphasized the importance of effectiveness in AML compliance.[9] Under the AMLA, FinCEN is charged with improving the effectiveness of the AML regime itself, for example, by considering how useful BSA obligations truly are to law enforcement, and how BSA obligations may be streamlined.
The AMLA amends 31 U.S.C. 5318(k) to grant the Secretary and Attorney General the power to issue a subpoena to any foreign bank that maintains a correspondent bank account in the United States, requesting any records relating to the correspondent account or any account at the foreign bank, including records maintained outside of the United States that are the subject of a civil forfeiture action, or an investigation: (i) pursuant to 31 U.S.C. 5318A (Special Measures for Jurisdictions, Financial Institutions, International Transactions, or Types of Accounts of Primary Money Laundering Concern); (ii) into a violation of United States criminal law; or (iii) into a violation of 31 U.S.C. Subchapter II (Records and Reports on Monetary Instruments Transactions).
When served with a subpoena, the foreign bank shall produce all requested records but also may petition to modify or quash the subpoena.[10] A subpoena will not necessarily be quashed or modified on the basis of a conflict with foreign secrecy or confidentiality law.
A U.S. financial institution that maintains a U.S. correspondent account for a foreign bank is required to maintain records in the United States identifying the owners of record and beneficial owners of the foreign bank, and the name and address of a U.S. resident that can accept service of process for a subpoena. Upon written request from a law enforcement officer, a U.S. financial institution that maintains the U.S. correspondent account for the foreign bank must provide this information within seven days.
The existence or contents of any subpoena must not be disclosed, and the U.S. financial institution that maintains a U.S. correspondent account for a foreign bank will not be liable to any person in any court or arbitration proceeding for complying with a nondisclosure order. Unauthorized disclosure may trigger civil penalties equal to double the amount of criminal proceeds sent through the correspondent account in the related investigation or up to $250,000 if no such proceeds are identified.
An issuing agency may impose a civil penalty of up to $50,000 for each day the foreign bank fails to comply. Following 60 days of noncompliance, the Secretary or Attorney General may seek additional penalties and compel compliance in the appropriate U.S. district court.
The foreign bank may face legal action to compel compliance with the subpoena, and to produce either certified records or to provide testimony regarding the production of certified records. Failure to do so may lead to an order of contempt of court.
If the foreign bank does not comply with the subpoena, the U.S. financial institution that maintains the correspondent banking relationship with the foreign bank may be ordered by the Secretary or Attorney General to terminate such correspondent relationship, and the U.S. financial institution shall not be liable to any person for such termination. Failure to terminate the relationship, however, will incur a civil penalty of up to $25,000 for each day the relationship continues. In addition, any funds held in the correspondent account of a foreign bank that is maintained with the U.S. financial institution may be seized to satisfy penalties for the unauthorized disclosure of a subpoena or failure to comply with a subpoena, or associated with a contempt of court order.
While the AMLA aims to improve the system by increasing coordination among stakeholders and modernizing and streamlining AML/CFT laws, the beneficial ownership reporting requirements and registry are generally considered the most impactful, and most overdue, update. Congresswoman Maxine Waters, Chairwoman of the House Committee on Financial Services, noted that “the issue of shell companies has been ignored by this Congress [for years].” This sentiment was echoed by the author of the CTA, which has been incorporated into the AMLA, Congresswoman Carolyn B. Maloney: “The Corporate Transparency Act will finally crack down on anonymous shell companies, which have become the vehicle of choice for terrorist financing, money laundering, and organized crime. When a terrorist cell wants to move their money, or a criminal syndicate wants to launder money, they usually do it right here in the U.S., with a shell company.”
The AMLA’s changes are not only aimed at strengthening national security and protecting the financial system, they also offer relief to government and industry players. FinCEN is instructed to simplify and streamline compliance obligations. Government officials and law enforcement authorities should receive more targeted, useful data. Financial institutions can better allot AML/CFT resources with more focused guidance from FinCEN. While some uncertainty remains for financial institutions, particularly with regard to how CDD Rule changes will affect their BOI obligations, forthcoming regulations should resolve those open questions. The overarching impact of the AMLA should be to prevent the abuse of the United States financial system by bad actors while balancing the interests of those subject to compliance obligations.
[1] The Senate voted to override the veto on January 1, 2021. The House vote occurred on December 28, 2020. The NDAA authorizes appropriations for the Defense Department’s annual budget, and is considered “must-pass” legislation. For that reason, the annual bill typically includes a host of provisions seeking to piggyback on the NDAA’s assured passage. The 2021 version, while addressing sanctions, cybersecurity, and other matters, devotes over 200 pages to the Anti-Money Laundering Act of 2020.
[2] Established by the Annunzio-Wylie Anti-Money Laundering Act of 1992, the BSA Advisory Group consists of representatives from federal regulatory and law enforcement agencies, financial institutions, and certain trade groups that discuss, analyze, and review BSA-related issues.
[3] 31 CFR § 1010.230.
[4] In order to simplify compliance with the AMLA’s beneficial ownership requirements for Reporting Companies (defined below) and financial institutions, the BOI Regulations will be added to the general provisions of FinCEN’s BSA/AML regulations (Part 1010 of Title 31 of the CFR).
[5] Two recent bills, the Corporate Transparency Act (CTA) and the Improving Laundering Laws and Increasing Comprehensive Information Tracking of Criminal Activity in Shell Holdings Act (the “ILLICIT CASH Act”) proposed to combat the risks posed by shell companies, in particular by calling for a beneficial ownership registry. While the CTA and ILLICIT CASH Act were included or excluded from different versions of the NDAA, the final version contains the text of the CTA.
[6] The Financial Action Task Force recommendations, as amended October 2020, are available at: http://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/FATF%20Recommendations%202012.pdf.
[7] The new definition omits a provision specific to the beneficial owners of trusts.
[8] In setting the minimum standards for AML/CFT program requirements and supervising compliance with those standards, the Secretary is charged with taking certain factors into account, including recognizing that financial institutions are spending private compliance funds for a public and private benefit, and that critical policy goals include extending financial services to the underbanked and facilitating international financial transactions, all while preventing criminals from abusing these financial services networks.
[9] For a list of some examples, please refer to our September 2020 Client Alert.
[10] The bank may also petition to modify or quash the prohibition against disclosure of the subpoena, as discussed below.