By: Perry Mastrocola, Partner; Robert J. Porter, Associate; Kevin J. Vogel, Associate
Congress recently mustered a rare, overwhelmingly bipartisan majority—in both houses—to pass the National Defense Authorization Act for Fiscal Year 2021 (“NDAA”), overriding a White House veto for the first and only time in President Trump’s presidency. What could have brought such unity? The most significant anti-money-laundering legislation since the 2001 Patriot Act, among a number of other provisions relating to the nation’s security. The Anti-Money Laundering Act of 2020 (“AMLA”), passed as part of the NDAA, should be on every bank’s radar, and is also important for other businesses and their lawyers given its extensive scope.
These new laws and regulations seek to make it increasingly difficult for criminals to shield their identities from law enforcement and launder the profits of illicit activity through the U.S. financial system. But as with any sweeping law change, there will be a corresponding compliance burden for banks and other entities. This article highlights the most consequential aspects of the AMLA’s anti-money-laundering provisions and describes how the accompanying regulatory requirements will affect financial institutions, small businesses, and their respective customers.
Background to the AMLA
Money laundering is the process of making proceeds of crime (“dirty” money) appear like it was earned legitimately and legally (“clean” money). Usually, illicit proceeds are introduced into the traditional financial system through a seemingly legitimate business (a “cover” or “front”). The dirty money is then moved around to create confusion, sometimes by transferring it through numerous accounts. Once finally settled and integrated, the dirty money appears clean because its true origin is obscured and difficult to trace. Money laundering facilitates crime, including drug trafficking and terrorism, and has profoundly adverse effects on the global economy.
With increasing globalization and interconnectivity, criminals have found new ways to bypass traditional law-enforcement methods for countering money laundering. The low-tech “laundromat” fronts of the past have been replaced with more complex schemes, like offshore shell corporations transacting business solely through the Internet. Criminals are also turning from untraceable fiat currency (like cash) to decentralized and mostly anonymous digital currencies, such as Bitcoin. It is against this backdrop that Congress passed the AMLA.
Beneficial Ownership: Filling a Gap with New Reporting
Ready access to information about the “beneficial owners” of corporate entities has long been a goal of law enforcement. The Financial Action Task Force (“FATF”) described the absence of beneficial-ownership requirements as a “significant gap” and “serious deficiency” in the U.S. anti-money-laundering system.[1]
The AMLA, among other things, fills that gap by imposing federal beneficial-ownership-reporting requirements on certain entities.[2] (31 U.S.C. § 5336.) A “beneficial owner” is an individual who directly or indirectly exercises “substantial control over [an] entity” or “owns or controls not less than 25 percent of the ownership interests” of an entity. Non-exempt entities will be required to report beneficial-ownership information directly to the Financial Crimes Enforcement Network (FinCEN) of the Department of the Treasury. FinCEN will keep a non-public registry of the information, including names, dates of birth, addresses, and a unique number from state-issued identification documents.
The Treasury Department has one year (or until January 1, 2022) to promulgate implementing regulations. Once those regulations go into effect, reporting companies must provide beneficial-ownership information within two years. Small-business owners should take steps to determine if they are considered a “reporting company.” This is important as willfully failing to report as required, or submitting false or fraudulent information, will subject an individual to civil monetary penalties and possible criminal exposure.
The registry itself is non-public, but FinCEN can make the information available to law enforcement in certain circumstances. With the reporting company’s consent, FinCEN may also disclose the information to financial institutions, like banks, to satisfy customer due diligence requirements (CDD). These changes are significant for financial institutions because they will need to develop and implement processes to evaluate the scope of new information coming from FinCEN. Although financial institutions have always been responsible for identification verification consistent with CDD rules, the AMLA requires an additional procedural layer to which banks will need to adhere.
Cryptocurrency Integration
Traditionally, criminals without access to large financial institutions because of anti-money laundering procedures had no easy way to transfer, store, or even spend illicit proceeds. Cryptocurrencies are therefore attractive to criminals. By design, cryptocurrencies flout many of the regulations governments place around traditional financial systems. Bitcoin and similar cryptocurrencies run on a decentralized blockchain, allowing users to conduct transactions anonymously through a peer-to-peer financial-payment system. Laundering is thus relatively simple: buy a digital coin with dirty money, exchange that coin through a few digital wallets, and perhaps between a few different cryptocurrencies, then cash out that digital coin for clean, fiat currency. All of this can happen anonymously and without the involvement of traditional financial institutions.
Cryptocurrencies also have no centralized authority acting as a custodian of a customer’s funds, and there is no national database containing customer information and transaction history. Instead, a network of computers around the world keeps a shared ledger of every past payment. Investigators therefore cannot easily obtain relevant records through subpoenas or search warrants.
The AMLA seeks to address these concerns by modernizing laws and regulations to respond to the soaring trend in cryptocurrency usage. Critically, the AMLA expands the scope of what is a “financial institution” and “money transmitting business” under the Bank Secrecy Act (“BSA”) to include businesses that engage in the exchange or transmission of “value that substitutes for currency” (e.g., cryptocurrency). The AMLA also authorizes the Treasury Department to expand the definition of a “monetary instrument” under the BSA to encompass “substitutes” for U.S. coins and currency.[3]
With these new definitions, the government is attempting to increase financial transparency within the cryptocurrency market. Every business or company that engages in the exchange or transmission of cryptocurrencies will now qualify as a “financial institution” which must register with FinCEN and make required reports, including popular crypto exchanges like Coinbase. Traditional financial institutions, like banks and investment companies, already had these reporting requirements in place. But as digital currencies start to overrun traditional fiat currencies like the dollar, particularly among criminal actors, financial institutions will need to evolve and update their existing reporting systems to incorporate cryptocurrencies and blockchain technology. This transformation is already in motion, with investment firms like JP Morgan, Fidelity, and Morgan Stanley recommending cryptocurrency positions to clients[4] and the Bank of New York Mellon—America’s oldest bank—recently stating it will hold, transfer, and issue cryptocurrencies on behalf of its clients.[5] Even the Federal Reserve’s Jerome Powell recently said that the digital dollar is a “high-priority project” for the central bank.
Further regulation has been suggested through a recent FinCEN proposed rule that would require banks and cryptocurrency exchanges to keep detailed records of any cryptocurrency transactions exceeding $3,000, including verification of each party’s identity. This proposed rule would also require banks and money-service businesses to report any cryptocurrency transactions involving “unhosted wallets” that exceed $10,000. The reports would include the name and address of the customer, type of cryptocurrency, amount, payment instructions, name and address of each counterparty, and any other information that uniquely identifies the transaction, accounts, and parties.
This proposed rule offers just a glimpse into the possible—in fact, likely—future regulations that would affect banks and other financial institutions dealing in cryptocurrencies.
Other Significant Provisions
The AMLA also provides for an expanded whistleblower award program. Similar to the SEC whistleblower program, the AMLA allows for AML whistleblowers to collect up to 30% for any successful enforcement action resulting in sanctions over $1 million. This incentivizes bank employees and plaintiffs’ attorneys to provide more tips to law enforcement about suspected AML violations. One noteworthy provision for international businesses is the Act’s expansion of the Department of Justice’s subpoena power to reach anyforeign entity’s bank-account records, including records maintained at banks outside the U.S., as long as that foreign entity maintains a corresponding bank account in the U.S.
The Act also attempts to streamline and simplify the filing of Suspicious Activity Reports (“SAR”) and Currency Transaction Reports (“CTR”) for financial institutions. Because of the overwhelming number of SAR/CTR reports submitted every day, investigators do not read all of the reports. The current monetary thresholds for SAR/CTR filings were set around 20–40 years ago and have not been adjusted for inflation. The AMLA mandates the Treasury to determine if the SAR/CTR thresholds should be adjusted and if changes can be made to the filing process to reduce unnecessary and burdensome filing requirements. Decreasing the number of complex and unnecessary report filings should provide much needed relief to banks’ and other financial institutions’ compliance departments.
Conclusion
The AMLA offers a sweeping modification of the BSA and offers new and more powerful tools to law enforcement to combat money laundering. Financial institutions, businesses, and individuals conducting business in the U.S. must be aware of these provisions, as there will certainly be new regulatory burdens, especially over the next several years, which will be a period of transition for traditional finance.
[1] The FATF is the global money laundering and terrorist financing watchdog. The inter-governmental body sets international standards that aim to prevent these illegal activities and the harm they cause to society. The FATF reviews money laundering and terrorist financing techniques and continuously strengthens its standards to address new risks, such as the regulation of virtual assets, which have spread as cryptocurrencies gain popularity.
[2] The reporting requirements are primarily geared towards the entities most commonly used in money laundering, like small corporations and limited-liability companies. Larger, publicly traded companies, certain financial and investment companies, and others are exempt. Partnerships, sole proprietorships, unincorporated associations, and other similar entities are also exempt.
[3] The use of cryptocurrencies as a medium of exchange has seen increased adoption in the United States. Tesla, the electric vehicle company run by Elon Musk, has recently started accepting Bitcoin as a payment option for its vehicles.
[4] https://finance.yahoo.com/news/fidelity-head-global-macro-says-173942192.html; https://news.bitcoin.com/jpmorgan-investors-1-portfolios-bitcoin-poor-hedge/
[5] https://www.wsj.com/articles/bitcoin-to-come-to-america-s-oldest-bank-bny-mellon-11613044810#:~:text=Bank%20of%20New%20York%20MellonCorp,of%20its%20asset%2Dmanagement%20clients