FinCEN Proposes Rule to Require Banks Lacking a Federal Functional Regulator to Establish AML Programs
Client Alert | 4 min read | 10.25.16
On August 25, the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) published a Notice of Proposed Rulemaking that would require banks that lack a federal functional regulator to establish and implement anti-money laundering (AML) programs and extend customer identification program (CIP) requirements to certain financial institutions not already subject to these obligations under the Bank Secrecy Act (BSA).
Most banks have been subject to an AML program requirement under the BSA since 2002, but others have not. FinCEN deferred this requirement for banks without a “federal functional regulator,” defined to include the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Office of Thrift Supervision, Securities and Exchange Commission, and Commodity Futures Trading Commission. The affected banks would include (1) state-chartered, non-depository trust companies; (2) non-federally insured credit unions; (3) private banks; (4) state banks and savings and loan associations that are not FDIC insured; and (5) certain international banking entities that are not FDIC insured but are authorized by Puerto Rico and the US Virgin Islands to provide banking and other services to non-resident aliens. FinCEN estimates that approximately 740 banks lack a “federal functioning regulator.”
The proposed rule would require these entities to adopt and implement an AML program that includes what are often referred to as the “four pillars” of AML programs: (1) a system of internal controls designed to assure ongoing compliance with the BSA; (2) designation of an AML compliance officer; (3) periodic employee training on AML obligations; and (4) an independent audit function to test programs. The rule also would require such institutions to incorporate a fifth AML pillar recognized by FinCEN in a recent final rule for banks, broker-dealers, mutual funds, and futures commission merchants and introducing brokers in commodities – (5) appropriate risk-based procedures for ongoing customer due diligence. This would include (a) understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; (b) a requirement that banks without a federal functional regulator obtain beneficial ownership information from their legal entity customers – the natural persons that directly or indirectly own 25 percent or more of the equity interest in the customer, and one person who exercises control over it. The rule further would require that the AML programs be in writing and approved by the institution’s board of directors or an equivalent governing body. The proposed rule also contemplates that such institutions, as part of establishing an AML program, would conduct an overall assessment of the money laundering and terrorism financing risks that arise from their products, customers, distribution channels, and geographic locations.
FinCEN has justified the proposed rule by noting that such institutions may face the same vulnerabilities as federally regulated institutions, and that the rule would prevent regulatory arbitrage by persons seeking to avoid rigorous AML scrutiny.
FinCEN notes that, despite having been exempt from an AML program requirement, the affected institutions already must comply with a wide variety of BSA obligations. For example, they must file currency transaction reports (CTRs), suspicious activity reports (SARs), and maintain certain records, including funds transfer records. FinCEN anticipates that most institutions affected by the proposed rule already have some policy framework in place to comply with these obligations, and will be able to leverage such policies to meet the new requirements. Additionally, as with other institutions subject to an AML program requirement, affected institutions would be able to outsource some aspects of their programs to third-party service providers, while remaining responsible for the effectiveness of their programs.
The proposed extension of the CIP requirement to banks without a federal functional regulator will require these institutions, like other banks, to implement procedures for account opening that include: (1) verifying the identity of any person seeking to open an account; (2) maintaining records of the information used to verify the person’s identity; and (3) determining whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency. Notably, however, covered institutions apparently would not be able to take advantage of the safe harbor that allows most banks to rely on another financial institution to conduct CIP obligations for shared customers, because the safe harbor allows reliance only on financial institutions regulated by a federal functional regulator.
Written comments on the proposed rule were due by October 24, 2016. FinCEN requested comments on all aspects of the proposed rule, including: (1) whether certain banks without a federal functional regulator should be excluded from the rule; (2) whether there are additional bank categories that may be affected by the rule; (3) whether banks without a federal functional regulator should be subject to the beneficial ownership and other requirements of FinCEN’s new customer due diligence rule; and (4) when covered institutions should be required to implement any new requirements. We expect that FinCEN will finalize the proposed rule after reviewing and considering any comments.
Accordingly, banks not currently regulated by a federal functional regulator should begin planning to implement a comprehensive AML program along the lines of those administered by banks subject to federal functional regulators, beginning with a full risk assessment across the institution’s customers, products, distribution channels, and geographic locations, and including express CIP and CDD requirements. Banks that already have AML programs in place should consider whether their programs meet the requirements of the proposed rule. The biggest hurdle for smaller banks will be the operational challenges and costs that come with hiring compliance professionals, training employees, and testing a robust AML program.
Insights
Client Alert | 4 min read | 08.07.25
On July 25, 2025, the Eleventh Circuit Court of Appeals issued its decision in United States ex. rel. Sedona Partners LLC v. Able Moving & Storage Inc. et al., holding that a district court cannot ignore new factual allegations included in an amended complaint filed by a False Claims Act qui tam relator based on the fact that those additional facts were learned in discovery, even while a motion to dismiss for failure to comply with the heightened pleading standard under Federal Rule of Civil Procedure 9(b) is pending. Under Rule 9(b), allegations of fraud typically must include factual support showing the who, what, where, why, and how of the fraud to survive a defendant’s motion to dismiss. And while that standard has not changed, Sedona gives room for a relator to file first and seek out discovery in order to amend an otherwise deficient complaint and survive a motion to dismiss, at least in the Eleventh Circuit. Importantly, however, the Eleventh Circuit clarified that a district court retains the discretion to dismiss a relator’s complaint before or after discovery has begun, meaning that district courts are not required to permit discovery at the pleading stage. Nevertheless, the Sedona decision is an about-face from precedent in the Eleventh Circuit, and many other circuits, where, historically, facts learned during discovery could not be used to circumvent Rule 9(b) by bolstering a relator’s factual allegations while a motion to dismiss was pending. While the long-term effects of the decision remain to be seen, in the short term the decision may encourage relators to engage in early discovery in hopes of learning facts that they can use to survive otherwise meritorious motions to dismiss.
Client Alert | 4 min read | 08.06.25
FinCEN Delays Implementation Date and Reopens AML/CFT Rule for Investment Advisers
Client Alert | 4 min read | 08.06.25
Series of Major Data Breaches Targeting the Insurance Industry
Client Alert | 11 min read | 08.06.25