8 FinCEN priorities
Following is a summary of the eight FinCEN priorities set in the June 30, 2021, statement along with targeted questions organizations can explore now as they prepare their AML programs to meet expectations. Note that strong controls might overlap across multiple priorities to mitigate the risks.
Corruption
Corruption is used as a tool to undermine authority and breed mistrust of government and governing officials, and it is a threat to U.S. national security and the democratic process in general. Corruption can lead to increased risk of money laundering, weaken the global economy, and increase human rights violations. Examples of large-scale corruption in countries such as Nicaragua, South Sudan, and Venezuela led to human rights abuses and caused hardship and a lack of financial stability.
Questions to ask
- How does corruption specifically affect our organization?
- Have we conducted a risk assessment relevant to the effects of potential corruption?
- Do we have an anti-bribery or anti-corruption policy?
- Are our employees trained on red flags and signs of corruption?
- Do we have a politically exposed person (PEP) policy, procedure, approval process, and exit strategy that aligns with our risk tolerance?
- Do we have the appropriate governance processes in place for policies and procedures, including those related to anti-corruption or PEPs?
- Do we regularly issue updates, receive board or committee approval (as required), and train employees on any changes or updates?
Cybercrime, including relevant cybersecurity and virtual currency
Cybercrime against the U.S. financial system, covered institutions, and other organizations is a major concern of the U.S. Department of the Treasury. According to FinCEN’s June 30, 2021, statement, “Treasury is particularly concerned about cyber-enabled financial crime, ransomware attacks, and the misuse of virtual assets that exploits and undermines their innovative potential, including through laundering of illicit proceeds.” As a response to growing threats, FinCEN has produced multiple advisories over the past several years regarding cyber-enabled crime, ransomware, convertible virtual currency, COVID-19-related scams, and other areas.
Questions to ask
- Do we have strong network security and infrastructure controls?
- Are our employees, contractors, and vendors trained in phishing techniques and other social engineering schemes?
- Have we properly assessed the risk and threats related to cyberattacks?
- Is sensitive customer data properly secured?
- Do we maintain proper documentation of access control, onboarding and offboarding for system access, and periodic testing to confirm controls are working as intended?
Terrorist financing
Terrorism is evolving, and it is a relevant threat to the security of the United States. Terrorist groups, both international and domestic, require funding for recruitment, support, operations, and logistical costs. Preventing funding to a terrorist organization helps undermine operations, and it is vital to combating terrorism. Suspicious activity report (SAR) filing is an important tool that helps U.S. intelligence agencies gain important insight into potential terrorists, terrorist groups, and supporters of terrorism.
Questions to ask
- Are our Office of Foreign Assets Control (OFAC) and sanctions screening models validated and tuned according to our risk-based approach and related OFAC and sanctions risk?
- If we rely on a third-party vendor to update our OFAC and sanctions screening lists, are we completing ongoing testing to confirm that the lists were updated appropriately?
- Have OFAC and sanctions red flags been incorporated into employee training programs?
- Are we properly filing thorough and timely SARs where applicable and notifying law enforcement when immediate notice is required?
Fraud
According to FinCEN, fraud, including bank fraud, provides the largest amount of illicit proceeds within the United States. FinCEN has issued multiple advisories and memos regarding recent fraud schemes, including personal and business-related email compromise, ransomware, COVID-19-related fraud, and elder financial exploitation.
Questions to ask
- Are applicable employees aware of the different types of fraud and most common scams and schemes?
- Are our monitoring systems properly validated and tuned to identify common red flags for fraud?
- Have these red flags been incorporated into employee training programs?
- Are we properly filing thorough and timely SARs where applicable and notifying law enforcement when immediate notice is required?
Transnational criminal organization activity
Several transnational criminal organizations (TCOs) include groups or networks that operate in multiple countries. TCOs, which include drug trafficking organizations (DTOs), are significant threats because they are involved in several illicit activities, including cybercrime, drug trafficking, fraud, wildlife trafficking, human trafficking, human smuggling, intellectual property theft, weapons trafficking, and corruption. FinCEN notes that Treasury considers Mexican and Russian TCOs as top priorities, and TCOs based in Africa and Asia are becoming more significant threats.
Questions to ask
- Are applicable employees aware of these types of organizations? Do they understand the risks and red flag indicators?
- Have these risks and red flags been incorporated into employee training programs?
- Is our customer identification program (CIP) in line with regulatory expectations, including collection of beneficial ownership information?
- Is our know your customer program asking the right questions and collecting the right information to truly understand our customers’ expected activity?
- Are we regularly refreshing our customers’ profiles to confirm accurate information is on file?
Drug trafficking organization activity
Even though DTOs are TCOs, FinCEN considers them a separate priority because of the impact these organizations have. The proceeds from illegal drug trafficking are often laundered through the U.S., and the drugs affect U.S. citizens directly. FinCEN and Treasury specifically highlight the threat from Mexican and Columbian drug cartels as well as how DTOs use professional money laundering networks in Asia that act as money brokers in trade-based money laundering (TBML) operations.
Questions to ask
- Is our organization aware of red flag indicators for drug trafficking activity, funnel accounts, and TBML?
- Are our monitoring systems properly validated and tuned to identify red flags for drug trafficking activity, funnel accounts, and TBML?
- Have these red flags been incorporated into employee training programs?
- Do our due diligence programs consider private banking accounts held for non-U.S. persons and correspondent accounts maintained for foreign financial institutions? If yes, are our employees, both frontline and investigation employees, aware of the risk with these accounts?
- Is our CIP in line with regulatory expectations, including the collection of beneficial ownership information?
- Is our organization incorporating SAR terms for drug activity?
Human trafficking and human smuggling
Networks involved in human trafficking and human smuggling interact with the financial system. These networks have found creative ways to move illicit proceeds through cash smuggling, funnel accounts, and TBML schemes, so identifying red flags is critical.
Questions to ask
- Does our organization understand the differences between human smuggling and human trafficking?
- Are our monitoring systems properly validated and tuned to identify common red flags for human trafficking and human smuggling?
- Have these red flags been incorporated into employee training programs?
- Is our organization incorporating SAR terms for human trafficking and human smuggling activity?
- Are questions regarding human trafficking and human smuggling incorporated as part of our due diligence process for applicable high-risk customer types that might also have an AML program, such as money service businesses and third-party payment processors?
Proliferation financing
Bad actors continually pursue new ways to exploit global supply chains. FinCEN explains that these individuals and entities, such as trade brokers and front companies, abuse the U.S. financial system by moving funds that will be used for acquiring weapons of mass destruction, delivery systems, or related components and for supporting state-sponsored weapons programs. This activity often includes evasion of sanctions set by the United Nations and the United States.
Questions to ask
- Are we in compliance with all required sanctions programs, including economic and trade sanctions issued by the federal government?
- Are our sanctions screening models regularly validated?
- Is our sanctions compliance program routinely audited by a qualified third party?
- Do we bank or offer services to maritime, energy, or metals customers? If yes, have we evaluated the due diligence in place to mitigate risks associated with these customers?
- Do we have the appropriate controls in place for maritime industry clients, particularly those that own, operate, or provide services to ships operating in areas determined to pose a high risk for sanctions evasion?
- Do our clients have appropriate sanctions programs in place?
- Do we have a robust due diligence program to detect if our customers are operating near or in areas determined to be high risk?
Getting proactive
As a reminder, organizations are not required to incorporate the eight priorities into their AML compliance programs until the effective date of the final revised regulations. However, there is great value in organizations being forward-looking and assessing their programs now to understand what priorities might have the greatest impact.
Taking steps such as assessing sanctions screening, transaction monitoring, customer risk-rating, and fraud systems; confirming appropriate validations are in in place for all models in use; issuing proper training to employees on AML topics; conducting risk assessments; and updating policies and procedures can help organizations get in front of upcoming final regulations and strengthen their current AML programs.