On June 28, 2024, the Financial Crimes Enforcement Network (FinCEN) proposed amendments to regulations under the Bank Secrecy Act (BSA) intended to strengthen and modernize financial institutions’ existing anti-money laundering/countering the financing of terrorism (AML/CFT) programs.  The proposed amendments are intended to implement requirements under the Anti-Money Laundering Act of 2020 (AML Act), which comprehensively updated the BSA.  While financial institutions (as defined by FinCEN), including open-end mutual funds and ETFs, are already required to maintain AML/CFT programs, FinCEN’s proposal would explicitly require that such programs be “effective, risk-based and reasonably designed” and include certain minimum components.  Highlights of FinCEN’s proposed amendments include the following:

• Risk Assessment Process.  Financial institutions would be required to develop a risk assessment process to serve as the basis of their AML/CFT programs. This risk assessment process must identify, evaluate and document the financial institution’s money laundering, terrorist financing and other illicit finance activity risks (ML/TF risks), including consideration of (1) government-wide AML/CFT priorities issued by FinCEN,  as appropriate; (2) the ML/TF risks of the financial institution based on its business activities, including products, services, distribution channels, customers, intermediaries and geographic locations; and (3) the reports filed by the financial institution with FinCEN pursuant to applicable BSA regulations, including suspicious activity reports and currency transaction reports.  Financial institutions would be required to review and update their risk assessments on a periodic basis, including, at a minimum, when there are material changes to the financial institution’s ML/TF risks.
• Internal Policies, Procedures and Controls. The proposed amendments would update existing requirements for financial institutions to develop internal policies, procedures and controls as part of their AML/CFT programs to explicitly require that such internal policies, procedures and controls are commensurate with [the financial institution’s ML/TF] risks and ensure ongoing compliance with the BSA and regulations thereunder.
• Testing and Training. The proposed amendments also make changes to existing AML/CFT program training and independent testing requirements to specify that the ongoing employee training program required under the AML/CFT program must also be risk-based and to require that independent testing be conducted by qualified personnel of the financial institution or by a qualified outside party.  
• Approval and Oversight. Under the proposed amendments, a financial institution’s AML/CFT program must be approved and overseen by its board of directors or equivalent governing body.  While board approval of AML/CFT programs is already required for certain financial institutions (e.g., open-end mutual funds and ETFs), other financial institutions are not currently subject to such requirements (e.g., broker-dealers, insurance companies and futures commission merchants).

Comments on the proposal are due on or before September 3, 2024. 

FinCEN’s proposing release is available here, a related fact sheet is available here and the related press release is available here.