Potential for Change in Anti-Money Laundering Laws & Regulations: New FATF Recommendations, FinCEN Calls for Comments on Customer Due Diligence Procedures

On February 29, 2012, the Financial Crimes Enforcement Network (“FinCEN”) within the U.S. Department of the Treasury published an Advance Notice of Proposed Rule Making (“ANPRM”) requesting comments on plans to formalize Customer Due Diligence (“CDD”) procedures.  While the ANPRM specifically addresses traditional financial institutions, the notice also contemplates expanding the scope to non-traditional financial institutions also covered by the Bank Secrecy Act Regulations.  On February 16, 2012, the Financial Actions Task Force (“FATF”) published its revised Recommendations to address anti-money laundering (“AML”), counter-terrorist financing (“CTF”) and those involved with the proliferation of weapons of mass destruction.  The new 40 Recommendations replace the 40 Recommendations and 9 Special Measures in place since 2001.  The FATF also published a mere nine pages in response to the public sector/private sector involvement in the consultation process.  This cursory response highlights certain tensions between the FATF and those who must implement the corresponding AML/CTF rules.  Nonetheless, covered industry sectors have expressed concerns about the implementation of several of the new FATF Recommendations.  Taken together with the February 29 ANPRM, entities covered by the Bank Secrecy Act Regulations should be prepared to engage, directly or through trade associations, with their regulators to ensure that U.S. anti-money laundering laws and regulations remain appropriately risk-based without becoming unnecessarily burdensome.  Entities covered by the FATF 40 Recommendations – but not yet by the U.S. Bank Secrecy Act Regulations -- also should take note as new CDD rules may be on the horizon and The ANPRM is an invitation to help craft those rules. 

FinCEN’s Advanced Notice of Public Rule Making

FinCEN’s ANPRM requests comments from traditional financial institutions but addresses all industries that have AML program requirements under FinCEN’s regulations.  For example, the ANPRM specifically addresses insurance companies offering covered products, non-bank mortgage plan lenders or originators, money services businesses and dealers in precious metals.¹

The CDD program FinCEN is contemplating would mandate that financial institutions: (1) conduct initial due diligence on customers (including verifying the customer’s identity) at the time of account opening; (2) understand the intended nature of the account and expected activity; (3) with some exceptions, identify (and verify the identity) of the beneficial owners of all customers; and (4) conduct on-going monitoring of the customer relationship.  (The FATF’s new Recommendations 10-11, discussed below, closely mirror these proposed CDD steps.)  Perhaps the most important role comments to the ANPRM can offer is in crafting a working definition for “beneficial owners” specific to each industry type.  The same focus on the “beneficial ownership” concept appears throughout FATF’s revised 40 Recommendations.

Impact of FATF Reforms on Financial Institutions and DNFBPs

The revised FATF Recommendations, while re-organized to consolidate and clarify the original 40 + 9 Recommendations, also create many questions for covered industry sectors.  If domestic laws are modified to reflect the new Recommendations, financial institutions and Designated Non-Financial Businesses and Professions (“DNFBPs”) would face potentially expensive compliance procedures and systems (i.e., rules-based rather than risk-based).  In particular, the revised FATF Recommendations:

• impose potentially burdensome and expensive CDD measures;
• fail to clearly define “beneficial owner;”
• promote a broad scope of politically exposed persons (“PEPs”) without offering guidance;
• include  tax crimes as a predicate offense for money laundering;
• assert jurisdiction over lawyers, notaries and accountants involved in real estate transactions; and
• potentially implicate conflicts with data privacy laws and the resulting cross-border liability. 

Customer Due-Diligence Measures

Recommendations 10 through 13 call for expanded rules-based CDD.  The procedures mandate that covered entities:  (1) identify and verify the customer; (2) identify and verify the beneficial owner; (3) understand the purpose and intended nature of the business relationship; (4) conduct on-going due diligence; and (5) maintain records for at least five years. The interpretive notes provide further insight into what is expected.  For entity-customers, Step (2) includes identifying ownership or controlling interests.  For Life Insurance Policies – CDD will entail collecting the identity of the beneficiaries of such policies – and, based on enumerated risk factors, additional steps as appropriate. While some traditional financial institutions may already be implementing some of these CDD procedures, other non-traditional financial institutions will have to adapt the procedures to particular industries. For example, a “customer” for an insurance company looks different from a customer at a casino – or an account holder at a bank; on-going due diligence for a bank with automated post-transaction monitoring may be less complicated than on-going due diligence for other industries.   

Recommendations 22 through 23 apply CDD to DNFBPs under certain situations.  For example, there is a call to include CDD requirements for: (1) persons involved in the buying and selling of real estate; (2) lawyers involved in buying and selling real estate, or managing a client’s money; (3) persons involved in corporate formation; and (4) trust and company service providers.  As with the prior Recommendations, the CDD requirements as they apply to lawyers in the United States conflict with attorney-client relationships. 

Politically Exposed Persons (“PEPs”) – Recommendation 12

Recommendation 12 addresses heightened due diligence requirements for Politically Exposed Persons -- both foreign and domestic PEPs.  Specifically, the FATF calls for rules to be implemented mandating heightened monitoring and assessment for PEPs, their family members and close associates.  PEPs, defined as “individuals who are or have been entrusted with prominent public functions,” include heads of state or of government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations and important party officials. For each PEP, their family and their close associates, financial institutions must:

• Establish a system to determine whether a customer or beneficial owner is a PEP;
• Obtain the approval of senior management to continue the relationship;
• Take “reasonable” measures to establish the source of funds; and
• Conduct enhanced ongoing monitoring of the business relationship.

Beyond PEPs, their family and their close associates, Recommendation 12 extends these obligations to a person who has been entrusted with a prominent function by an international organization.

The interpretive note provides no other guidance on implementation – leaving for Member States to further define heightened due diligence for state-owned enterprises, extended members of royal families and the like. 

Tax Crimes as a Predicate Offense for Money Laundering

The FATF also adds tax crimes, related to both direct and indirect taxes, to the list of predicate offenses that give rise to AML/CTF charges. The addition of tax crimes to the list of predicate offenses means that financial institutions will be responsible for detecting and reporting suspected tax evaders among their clients. Each member country will be responsible for determining which tax crimes are deemed “serious,” and as a result, qualify as a predicate offense. 

Conflicting Data Privacy Laws and the Resulting Complexity and Potential Cross-Border Liability

Though the revised FATF Recommendations acknowledge the potential conflicts between data protection and privacy laws and the recommendations/requirements that member countries cooperate and share information, Recommendations 37, 38 and 40 specifically encourage and detail extensive sharing of information that potentially violates many member-countries’ data privacy laws. 

Recommendation 2 seeks to address concerns about data privacy and protection by encouraging countries to coordinate cooperation through policy-makers, law enforcement authorities and other relevant authorities at the policy-making level. Recommendation 2 effectively asks member countries with strict data privacy and/or protection laws to modify those rules to make exceptions for AML/CFT cooperation. 

Conclusion

Ultimately, the U.S. Department of the Treasury will determine how best to comply with the 40 Recommendations – consistent with U.S. laws and regulations.  There are efforts by some in Congress to bring the United States into compliance with the Recommendations focusing on CDD and beneficial ownership, but it will take the active guidance of the private sector to craft revised AML rules that effectively protect the U.S. financial system from abuse without unduly burdening the financial sector.

---

¹ Amendment SA 1741 to S 1813, the highway bill, would bring within the Bank Secrecy Act corporate formation agents.