No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Compliance

With Updated AML/CFT Priorities, Businesses Across Verticals Face Unprecedented Exposure to FinCEN and OFAC Scrutiny

New Priorities List for AML/CFT Enforcement Latest Evolution of Government's Efforts to Thwart Financial Crimes

by Joseph A. Valenti and Christie R. McGuinness
October 28, 2021
in Compliance, Financial Services
US Department of Treasury building in DC

Updated enforcement priorities and guidance on facilitating ransomware payments remind companies of all types to establish holistic AML policies and programs — and revisit them as events warrant, write Saul Ewing Arnstein & Lehr partner Joe Valenti and associate Christie McGuinness.

The Financial Crimes Enforcement Network (FinCEN) this summer announced America’s first government-wide priorities list for anti-money laundering and countering the financing of terrorism (AML/CFT) enforcement. Significantly, the announcement represents the culmination of extensive collaboration among numerous branches of the U.S. government and reminds everyone that money laundering and terrorism financing remain top enforcement priorities.

Banks remain under traditional heavy regulation, while non-bank financial institutions (broadly defined to include securities brokers, insurers, jewelers, travel agencies, real estate firms, car dealers and casinos) will face increased enforcement because of accelerating use of these companies by criminals to perpetrate bribery, corruption, sanctions violations, cybercrime, fraud, smuggling and transnational violence.

Even companies that are not defined as financial institutions in any way have legal duties to avoid violating criminal fraud and money-laundering statutes through deliberate ignorance of criminals using them to facilitate crime. All businesses must also meet the burdens imposed by other applicable AML regulations, such as the IRS/FinCEN Form 8300 filing requirements that mandate the reporting of large cash receipts by businesses ranging from healthcare providers to industrial manufacturers. Therefore, the announcement reminds companies of the importance of maintaining a robust, effective AML/sanctions program and the required pillars of such a program.

In addition, on Sept. 21, the Treasury Department released additional guidance on potential sanctions risk for facilitating ransomware payments, which discusses the “potential sanctions risks associated with making and facilitating ransomware payments.” Taken together, these measures remind companies that the Office of Foreign Assets Control (OFAC) “encourages financial institutions and other companies to implement a risk-based compliance program to mitigate exposure to sanctions-related violation.” Specifically, the updated ransomware guidance admonishes companies that “the sanctions compliance programs of these companies should account for the risk that a ransomware payment may involve (a specially designated national) or blocked person, or a comprehensively embargoed jurisdiction.” OFAC also expects advance preparation, noting that companies could maintain offline data backups, develop incident response plans, conduct cybersecurity training, regularly update antivirus and anti-malware software and use authentication protocol, among other efforts.

Adding to updated guidance and enforcement priorities from the U.S. government, the recent publication of the Pandora Papers detailed incidences of heads of state using shell companies to hide assets, potentially evade sanctions or purchase trillions of dollars in assets without paying taxes. These revelations have brought a renewed interest in regulation regarding tax shelters, which means a renewed interest in offshore jurisdictions, shell companies and opaque financial dealings. Indeed, the Pandora Papers have already led to calls for accelerated rulemaking under the AML Act of 2020 to address longstanding AML and sanctions-evasion trends and loopholes.

From the Bank Secrecy Act to the Anti-Money Laundering Act

In 1970, Congress enacted the Bank Secrecy Act (BSA) to ensure that banks would keep certain records and report certain transactions to the government to assist in tracking and stopping financial crime. In 1986, Congress enacted the Money Laundering Control Act (MLCA) to criminalize money laundering, which was broadly defined to include acts knowingly or recklessly taken to evade BSA reporting requirements or to disguise the location, source or ownership of criminal proceeds. In 2001, the USA PATRIOT Act strengthened FinCEN and required numerous non-bank financial institutions to implement anti-money-laundering programs.

More recently, in 2020, Congress enacted the Anti-Money Laundering Act, which further empowered FinCEN, increased BSA penalties, modernized transaction-reporting requirements and required beneficial-ownership reporting in line with international standards. The BSA and its progeny require all businesses to report cash receipts exceeding $10,000 and requires banks and a broad cross-section of non-bank financial institutions to implement an AML compliance policy that will detect and report suspicious activity that may signify money laundering, terrorist financing, sanctions violations, tax evasion or other criminal activities.

Because the BSA has been around for some time, regulations and advisory guidance have evolved to provide a baseline of what constitutes an effective AML policy and program, with this same baseline generally guiding an effective sanctions program. Five pillars are required:

  • An internal policy (along with procedures and controls to support that policy to form a holistic program);
  • A designated compliance officer to manage the program;
  • Employee training on the program;
  • Periodic independent testing of the program; and
  • Counterparty due diligence.

FinCEN’s Eight Priorities

FinCEN named eight priority areas for AML enforcement — corruption; cybercrime, including relevant cybersecurity and virtual currency considerations; foreign and domestic terrorist financing; fraud; transnational criminal organization activity; drug trafficking organization activity; human trafficking and human smuggling; and proliferation financing.

The average company executive’s first reaction may be “Well, these priorities don’t apply to us. We don’t finance terrorism, human trafficking or drug trafficking” and move on to the next page of the newspaper. That view would be mistaken.

FinCEN’s announcement applies to all companies because money-laundering prohibitions and the Bank Secrecy Act apply to most, if not all, companies in the United States in some way. As the Pandora Papers leak demonstrates (along with numerous high-profile leaks before then, such as the Panama Papers and the FinCEN Files), many individuals and companies can be implicated in the complex schemes used by criminal enterprises or corrupt individuals. A company may have a problematic owner, investor, financier, advisor, employee, customer, vendor or even antagonist that raises AML and sanctions concerns when subject to proper scrutiny.

Accordingly, each company should undertake a thorough risk assessment and critically evaluate which of these risk areas apply to a particular company and the degree to which such risk exists. For example, cannabis companies — or vendors to cannabis companies — that deal largely in cash should critically evaluate their procedures for documenting and reporting their cash transactions. As another example, companies that are new to accepting cryptocurrency should undertake an immediate risk assessment and ensure that there are policies and procedures in place to ensure compliance with the complex AML regulatory scheme. Companies doing business with government entities or public officials should carefully consider corruption and sanctions risks that may arise.

All companies can be expected to have at least some IT infrastructure that could be exposed to a ransomware attack and thus should be familiar with the updated guidance, if not taking even stronger preparatory action and cybersecurity measures to guard against such antagonists seeking extortionate payments that often raise AML and sanctions issues.

In addition, for companies that already have risks in these priority enforcement areas, FinCEN’s announcement is an excellent reminder to closely examine and possibly update existing policies, procedures and controls because they are not meant to be static documents. They need to be updated in accordance with new risks from time to time to ensure that they reflect the latest guidance from FinCEN and Treasury. By law, many companies must have their AML program independently audited by a qualified entity, with experienced counsel being able to conduct such audits under the shield of privilege to provide effective guidance for improvement without creating admissible evidence against companies in adverse litigation.

Value also exists in companies proactively monitoring, updating and refining their compliance programs because the Department of Justice’s principles of corporate prosecutions provide for incentives to companies with proactive compliance programs. It is a major factor that a prosecutor may consider when deciding whether to bring charges against a company that has become involved with illicit funds, transactions or entities. Delay or reactionary policy can be harmful because by the time the government comes knocking on the door, it often will be too late to receive the full benefit of prosecutorial discretion if a compliance program is at that moment non-existent, outdated or ineffectively implemented by lacking robust training and procedures. Indeed, the updated guidance emphasizes early planning for and coordination with law enforcement to be perceived as a victim rather than an enabler or perpetrator in many cases.

Applicability of these Priorities to Non-Bank Financial Institutions

FinCEN has also reminded non-bank financial institutions (NBFIs) that “[t]he AML Act requires that, within 180 days of the establishment of the AML/CFT Priorities, FinCEN … shall, as appropriate, promulgate regulations regarding the AML/CFT Priorities.” Accordingly, FinCEN has until Dec. 27, 2021 to promulgate new regulations. The Pandora Papers leak has led lawmakers to call for FinCEN to work hard to beat this deadline.

According to FinCEN, “(covered) NBFIs are not required to incorporate the AML/CFT Priorities into their risk-based AML programs until the effective date of the final regulations. Nevertheless, in preparation for any new requirements when those final rules are published, covered NBFIs may wish to start considering how they will incorporate the AML/CFT Priorities into their risk-based AML programs, such as assessing the potential risks associated with the products and services they offer, the customers they serve, and the geographic areas in which they operate.” This guidance reinforces the long-standing requirement that compliance programs must be tailored to specific risk profiles and that they must be adjusted as those risks change. FinCEN’s recognition of major new areas of risk such as cybercrime, transnational sanctions and smuggling should be mirrored by companies updating policies that may have previously been focused on earlier iterations of business or long-standing areas of risk such as corruption or fraud.

‘What’s Past Is Prologue’

As Shakespeare famously wrote, “what’s past is prologue.” These developments serve as reminders that companies should have a robust anti-money-laundering policy in place and that the policy should be continually updated to reflect the latest regulatory guidance. Updated guidance demonstrates how outside actors can force a company to consider risks beyond its core operations and geographic footprint, while the Pandora Papers show how pervasive misconduct and financial gamesmanship is globally.

Practically, companies should undertake a risk assessment by analyzing present and future operations. Where is the company envisioning themselves in the next year and what new risks come with that development? For example, if companies are venturing into the cyber/cryptocurrency space for the first time, they should create a risk profile of their typical counterparty and of their typical transaction with unique, tailored red flags to ensure that a system is in place to determine when things exceed normal parameters. Despite cryptocurrency’s relative newness, the traditional risk-mitigation efforts suggested by FinCEN and Treasury can be applied with proper effort and analysis.

Companies should also ensure that a tailored (i.e., not boilerplate but rather risk-ranked) system is in place for sorting, evaluating and ultimately reporting flagged transactions. This system is significant because if, for whatever reason, the government questions why a transaction was permitted to proceed, a more thorough system is easier to defend and often has documentation that shows a tailored compliance effort was made — even if the outcome was wrong in a specific instance. Companies should strive to have a system in place that leaves no questions for the government on how a company arrived at their decision.

Companies should also be aware that FinCEN routinely issues advisories to companies related to these issues. For example, FinCEN has issued advisories on how to analyze a company’s risk related to money-laundering, what red flags exist in certain industries and priorities, how to complete an effective suspicious activity report and how to effectively tell the IRS that a company has received over $10,000 in cash. Treasury and OFAC issue similar guidance, particularly in the areas of ransomware and sanctions issues that overlap to a significant degree with AML considerations.

These advisories are a constant source of information, and companies would be well-served to monitor these advisories. It is expected that companies will review any new advisories and update their existing policies accordingly. Therefore, it is important for companies to engage counsel that is familiar with FinCEN’s advisories and is apt at providing guidance on them. Experienced counsel also often has template policies, procedures and controls that can be tailored more easily and in a cost-effective manner, often to combine and streamline areas of significant overlap, such as anti-corruption, anti-money-laundering and sanctions compliance programs.


Tags: AMLAnti-BriberyAnti-CorruptionFinancial Crimes Enforcement Network (FinCEN)Risk Assessment
Previous Post

IBA Covid-19 Legal Policy Task Force Pandemic Management Report

Next Post

Credit Suisse Ignored $250+ Million Shortfalls and Contracted with “The Master of Kickbacks” to Facilitate the Tuna Bonds Scheme

Joseph A. Valenti and Christie R. McGuinness

Joseph A. Valenti and Christie R. McGuinness

Joseph A ValentiJoe Valenti is a litigation partner in Saul Ewing Arnstein & Lehr’s Pittsburgh office. He represents entities and individuals in investigations and white collar criminal and civil litigation in addition to providing extensive compliance advice. Financial-services companies, government contractors, manufacturers, start-ups and others rely on Joe when they are conducting risk assessments, building compliance programs, auditing those programs, engaging in internal investigations, or subject to government inquiry or enforcement. These cases typically involve sanctions laws, fraud statutes, anti-money-laundering regulations, cybersecurity standards, anti-corruption initiatives, and consumer-protection requirements. He can be reached at joe.valenti@saul.com.
Christie R mcguinnessChristie McGuinness is an associate in Saul Ewing Arnstein & Lehr’s New York office who focuses her practice on white collar and government enforcement and commercial litigation and disputes involving force majeure. She represents clients in a wide range of industries in cases alleging breach of contract and breach of fiduciary duty as well as disputes arising from EB-5 investments and leases. She also has experience with embezzlement and sexual abuse claims, including representing youth organizations and independent K-12 schools. She can be reached at christie.mcguinness@saul.com.

Related Posts

ai policy

Planning Your AI Policy? Start Here.

by Bradford J. Kelley, Mike Skidgel and Alice Wang
May 7, 2025

Effective AI governance begins with clear policies that establish boundaries for workplace use. Bradford J. Kelley, Mike Skidgel and Alice...

serious fraud office website

The Carrot and the Stick: UK’s SFO Clarifies Self-Reporting Benefits for Corporate Offenders

by Jonathan Armstrong and Vivien Yanni Gan
May 5, 2025

New director promises faster investigations and clearer outcomes for organizations that proactively disclose bribery offenses

doj exterior sign

‘At Times of Stress, People Make Stupid Decisions’: Why FCPA Interlude Demands Greater Vigilance

by Esther D’Amico
April 22, 2025

Training and communication remain critical as future of anti-corruption enforcement is murky

monies illustrating money laundering

Power Shift: What Happens When America Steps Back From Global AML Enforcement?

by Joe Biddle
April 15, 2025

EU's new anti-money laundering authority emerges as potential counterweight amid uncertain US priorities

Next Post
Credit Suisse building in Zurich.

Credit Suisse Ignored $250+ Million Shortfalls and Contracted with "The Master of Kickbacks" to Facilitate the Tuna Bonds Scheme

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights