On June 28, 2024, in an effort to bolster financial institutions’ anti-money laundering and countering the financing of terrorism (“AML/CFT”) programs, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) issued a proposed rule that would enumerate the minimum components required to be included within financial institutions’ AML/CFT programs. The types of financial institutions that would be affected by the proposed rule include banks, casinos, money services businesses, brokers-dealers, mutual funds, insurance companies, futures commission merchants and introducing brokers in commodities, operators of credit card systems and loan or finance companies. At a high level, the proposed rule would require AML/CFT programs to contain a mandatory risk assessment process and compel financial institutions to incorporate FinCEN’s government-wide AML/CFT priorities into risk-based programs. A financial institution’s risk assessment process would need to involve the identification, evaluation and documentation of its risks related to money laundering, the financing of terrorism and other illicit finance activity, based on its particular business activities (e.g., products, services, distribution channels, customers, intermediaries and geographic locations).

While FinCEN is encouraging commenters to provide input on all aspects of the proposed rule, it is specifically seeking responses to, among others, the following questions:

  1. Are there other approaches for a financial institution to identify, manage and mitigate illicit finance activity risks aside from a risk assessment process?
  2. Should a risk assessment process be required to take into account additional or different criteria or risks than those listed in the proposed rule?
  3. Should financial institutions be required to update their risk assessment using the process proposed in the rule, at a regular, specified interval (such as annually or every two years) or based on triggers such as the introduction of new products, services, distribution channels, customer categories, intermediaries or geographies?
  4. The proposed rule would require financial institutions to consider the reports they file pursuant to 31 CFR Chapter X as a component of the risk assessment process.  To what extent do financial institutions currently leverage Bank Secrecy Act reporting to identify and assess risk?  Are there additional factors that should be considered with regard to this proposed requirement?

Written comments on the proposed rule, which can be found here, must be submitted to FinCEN on or before September 1, 2024.  If you have any questions concerning the above, please contact your attorney at Vedder Price or one of the authors.