No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Financial Services

FinCEN Has Proposed New AML/CFT Rules; Here Are 2 Areas Where Risk Assessment Can Make a Difference

AML/CFT programs should expect increased enforcement actions

by Brandi Reynolds
August 13, 2024
in Financial Services
fincen website

In June, FinCEN issued proposed rules to enhance anti-money laundering and anti-terrorism financing programs in financial institutions. FinServ specialist Brandi Reynolds examines the risk assessment techniques that can help institutions make sure their programs align with the government’s priorities.

No matter which way you read FinCEN’s proposed rule to strengthen and modernize anti-money launder/countering terrorism financing (AML/CFT) programs, one takeaway cannot be ignored: Risk assessment is a critical element of an AML/CFT program. Without it, it would be difficult to have an effective, risk-based, reasonably designed program, which is a requirement in the proposed rule. 

The proposed rule also includes a new twist not seen by AML professionals in the past. The proposed rule requires AML professionals to review government-wide AML/CFT priorities and incorporate them, as appropriate, into risk-based programs. The best way to do this is to purposely include the priorities into the risk assessment, even if some don’t pertain to the institution. By doing this, AML professionals can evidence the contemplation of the priority and mark it as “N/A” with an explanation. (Never mark something as “N/A” without an explanation.) Note that although innovation isn’t necessarily a government priority for AML/CFT, institutions that are innovating within the AML/CFT program should document the risks from such activities.

There are many elements of an AML/CFT program where the risk assessment serves as a foundation, including when crafting the frequency, nature and scope of independent testing and when allocating resources — such as staff and technology — in the AML/CFT department. For smaller institutions, the risk assessment might be outsourced, but it has to be managed by the institution.

FinCEN's proposed rule would apply to several types of financial institutions:

  • Banks
  • Casinos
  • Money services businesses (MSBs)
  • Broker-dealers
  • Mutual funds
  • Insurance companies
  • Futures commission merchants and introducing brokers in commodities
  • Dealers in precious metals, precious stones or jewels
  • Operators of credit card systems
  • Loan or finance companies
  • Housing government sponsored enterprises

 

Independent testing

The AML/CFT risk assessment will help management understand where AML/CFT risk falls in relation to other risks at the institution and will show where risk resides within the program itself. This will help the institution determine the frequency of independent testing. Although most institutions perform the risk assessment every 12 months, that could extend to every 18 months for a simple, low-risk program. On the other hand, high-risk programs could shorten the frequency to six or nine months. 

Testers can also use the AML/CFT risk assessment to craft the nature/scope of the testing to focus more on the highest risk areas. This could involve performing detailed testing in addition to tests of controls. It could involve larger sample sizes based on risk, and it could involve judgmental testing in which samples are chosen from populations posing the highest risk.

Independent testers should take care to map the nature/scope back to the risk assessment. This is a step that examiners require of institutions and banking-as-a-service institutions require of their fintech partners.

stack of euros
Financial Services

It’s Time for the C-Suite to Prioritize AML Compliance

by Bion Behdin
June 18, 2024

As a UK regulator cracks down, why are budgets falling in some organizations?

Read moreDetails

Allocation of resources

Allocating staffing resources based upon the risks identified in the AML/CFT risk assessment goes beyond the number of staff. It also touches on the skillset of the staff. Given the proposed rule’s requirement to consider national priorities, it would be wise to first determine which of the priorities present risk to the institution, and then document how AML/CFT staff have experience managing those priorities. If the institution faces significant fraud risk and staff don’t have a background in fraud investigations or writing fraud suspicious activity reports (SARs), there will be a mismatch. Similarly, if the institution faces enhanced risk from all of the national priorities but can’t address the risks given the size of the staff, then staffing might need to be reassessed.

While the availability of technology systems to manage AML/CFT risks have increased over the past few years, that growth has also brought a blurring in terms of what each system does. Ask any AML/CFT professional about how their recent AML/CFT systems RFP went and you’ll likely hear stories about how a solution was touted as a AML/CFT solution, when all it really addressed was negative news or customer due diligence. The positive side of this is that there is truly an AML/CFT systems solution out there for each type of financial crimes risk. Use the results of the risk assessment to match current systems to risks, and note the gaps — and be sure to document the path forward for solving for those.

The AML/CFT officer needs to be able to show how systems are helping to meet the goal of identifying, investigating and ultimately filing on activity that is suspicious.

The path forward

For institutions that have been conducting an AML/CFT risk assessment and mapping the risks to resources allocated to the program, there is not much new in the proposed rule other than the consideration of national priorities. Many institutions started considering national priorities when they were first issued, so there isn’t an expectation that the proposed rule will be much of a new burden. However, since the above will now be required, AML/CFT officers should expect increased enforcement action on institutions who weren’t being proactive over the past few years. 

Speaking of enforcement …

Although it feels like examiners have always had this option, it appears they will be able to move to a cease-and-desist order when encountering programs with defects that create ineffectiveness. It sounds like a shorter leash in terms of the process of issuing matters requiring attention reports (MRAs) and providing management with an opportunity to perform corrective action, although it seems like that leash was pretty short to begin with. 

Overall, the requirement to perform a risk assessment and map the results to the frequency, nature and scope of independent testing and to the deployment of resources among staff and technology can only be a good thing for institutions. It should enhance the foundation upon which AML/CFT programs are built.


Tags: AMLCounter TerrorismFinancial Crimes Enforcement Network (FinCEN)Risk Assessment
Previous Post

3 Whistleblowing Elements You Might Not Have Considered

Next Post

Understanding Canada’s Forced Labor Law

Brandi Reynolds

Brandi Reynolds

With a career dedicated to navigating the complexities of compliance and risk management, Brandi Reynolds has cultivated expertise that spans multiple industries and regulatory landscapes. In 2017, Brandi founded CorCom, a consultancy specializing in financial services, serving both banking and non-banking institutions. In 2021, Bates Group acquired CorCom. Her experience encompasses a broad spectrum, from policy development and internal controls to regulatory audits and risk mitigation strategies. A member of ACAMS since 2004, Brandi holds multiple certifications and is part of the ACAMS content creation task force, which develops content for its examinations.

Related Posts

ai policy

Planning Your AI Policy? Start Here.

by Bradford J. Kelley, Mike Skidgel and Alice Wang
May 7, 2025

Effective AI governance begins with clear policies that establish boundaries for workplace use. Bradford J. Kelley, Mike Skidgel and Alice...

monies illustrating money laundering

Power Shift: What Happens When America Steps Back From Global AML Enforcement?

by Joe Biddle
April 15, 2025

EU's new anti-money laundering authority emerges as potential counterweight amid uncertain US priorities

business relationship concept hands

Relationship (Owner) Goals: Why Half Your TPRM Red Flags Stay Hidden

by Chris Audet
April 9, 2025

The front-line staff who manage vendor relationships are uniquely positioned to spot problems before they escalate, yet many organizations fail...

cute robot looking at financial volumes

AI’s Dual Role in FinServ Risk Management

by Nalini Priya Uppari
March 28, 2025

As technology evolves, so do the tools that help banks and investment firms maintain stability amid uncertainty

Next Post
canadian flag

Understanding Canada’s Forced Labor Law

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights