I recently had the privilege of presenting to the Knowledge Group (https://knowledgewebcasts.com/) on the subject of Anti-Money Laundering law and compliance. The presentation was a great success and I’m hopeful that all attendees learned a great deal. Here is a summary of my presentation, which is found at the link at the bottom. My part starts at about 0:30 in the video.

The Core Anti-Money Laundering Programs Under the Bank Secrecy Act

The Bank Secrecy Act requires covered financial institutions to implement an effective anti-money laundering program that is reasonably designed to prevent their institutions from being used by criminals.  This program takes a “risk-based” approach to evaluating new and current clients, and requires the institution to train employees and have a responsible officer (often a “Chief Compliance Officer”) in place to review the program’s effectiveness.  This Chief Compliance Officer is often required to make real-time decisions about suspicious activity, and serves a key role in separating normal customer behavior from that which requires more careful consideration.

The Bank Secrecy Act requires an effective Know Your Customer Program, which includes a Customer Identification Program.  What this means in plain English is that the institution must take basic steps and require documentation to ensure that they know with whom they are doing business.  The institution, say, a bank, must collect information about the client’s name, place of business, and ask for an official identification document like a drivers’ license or a passport.  For legal entity customers, like corporations, the institution must collect information about that entity’s “beneficial owners”, that is, individuals owning 25% or more of the interests in this entity, and who exercise substantial control over the entity.

Record keeping and reporting are key aspects of the Bank Secrecy Act.  Covered institutions must file Suspicious Activity Reports (“SARs”) where they know, have reason to know or suspect a transaction is or is part of a pattern of criminal activity.  Currency Transaction Reports (“CTRs”) are required for cash deposits in excess of $10,000.00.  Generally, all records required by the BSA must be retained for five years.  An exception under the Customer Identification Program (CIP) requires that information regarding customer accounts must be kept either for five years from the date of account closure or from the date the information is received, whichever is later.

Compliance From the Applicant’s Perspective

A key part of what we discussed is what the world looks like from the applicant’s perspective, that is, people who are applying for bank or exchange accounts.  What does the world look like from their perspective?  Well, lots of paperwork and lots of sensitive questions.  A lot of businesspeople too, especially entrepreneurs, have a hard time or a reluctance to explain what they do and how they do it in the name of “compliance”.

It’s important for everyone in the KYC process to keep a positive mental attitude and be informed.  As such, here are some best practices for covered institutions who need the help and cooperation of their clients:

  • It’s not personal – Remind your clients that these are processes that apply to every client, every account.
  • Anti-money laundering and counter-terrorist financing are worthy goals – Financial crime cripples legitimate businesses and destroys communities.  It’s OK to convey that to your client when they ask “why”?
  • Their information will be kept confidential – An applicant’s business and personal information is sensitive, and they may have legitimate concerns about what happens to their data.  Be aware of your organization’s privacy and security policies and be prepared to explain them to the client.
  • Keeping good records is a best practice – This process is not for nothing.  Your client will be better off when they have updated operating agreements, process flows or whatever else you may be asking for.  Chances are, they’ll be asked for the same things again.

Cryptocurrency and Anti-Money Laundering – A good fit or a misfit?

Cryptocurrencies, virtual currencies, and so forth – the same blockchain technology goes by different names – represent financial innovation and creativity.  The question then, however, is how do they fit into the world of AML / KYC / CTF and so on?  The answer is, to some extent they do, to some extent they should, to some extent they don’t, and to some extent they shouldn’t.

The reality, whether we crypto enthusiasts like it or not, is that regulatory scrutiny of cryptocurrencies is growing and is not likely to go away anytime soon.  The truth lies somewhere in the middle of “crypto is perfect, leave it alone” (which lets some bad guys and gals off the hook) and “crypto is evil and is just used by criminals and drug dealers” (which is empirically untrue and genuinely threatens to stifle innovation).

Probably the most important aspect of crypto, for good or bad, is its decentralization.  Satoshi’s vision in creating Bitcoin was to create an “Internet of value” that allows people to transfer a universal currency, anywhere in the world, without a “trusted” intermediary to give or withhold permission.  And he succeeded.  Bitcoin may not be that useful for buying a cup of coffee, but it has value almost anywhere on the face of the Earth.  That’s astonishing when you think about it.  Someone, somewhere, will give you fiat (government) currency, or other goods, for Bitcoin almost everywhere, whether that’s the UK or Argentina or anywhere else.  In contrast, try spending your Venezuelan bolivars in Germany – not so much.

Governmental (and non-governmental) bodies around the world, however, see decentralization as a threat.  It is undeniably true that there is theft, fraud, manipulation and yes, money laundering, that takes place with crypto.  The ease with which large sums can be transferred pseudo-anonymously is attractive to bad guys who need to move their money from criminal to legitimate businesses fast.  In this respect, groups like the Financial Action Task Force (FATF), a powerful international standard-setting body that influences the national legislation of its member countries, have a point.

These bodies want to use existing laws, perhaps tweaked a bit, to force a degree of centralization on crypto, that is, enough to identify the actors involved.  You see this plenty in the United States, for example, where FinCEN and other regulatory bodies are looking to use centralized actors (like exchanges) to collect information about who is sending what to whom.  This is represented by the “travel rule”, as one example, whereby international transfers above $3,000.00 must have some information behind them, such as the transferor’s and transferee’s identity.

The infrastructure bill currently pending in the US wants to extend the definition of “brokers” to a very large class of actors (some of whom have no resemblance to traditional stock brokers), and to kick enforcement over to the IRS, undoubtedly the most powerful US governmental bureaucracy.  In short, government actors are looking to regulate crypto, purportedly in an effort to reduce its attractiveness to bad actors.

Recent changes in Anti-Money Laundering Law:  The Anti-Money Laundering Act of 2020

The Anti-Money Laundering Act of 2020 represents the largest expansion of US money laundering law since the Patriot Act.  In a nutshell, this legislation added considerably to the civil and criminal penalties available to law enforcement and prosecutors in combatting money laundering and counter-terrorist financing.  Some of the key provisions include:

  • A beneficial ownership rule – Going forward, a much larger group of “reporting companies” are going to have to disclose their “beneficial owners” (as described above).  Up until this point, it has been common for larger institutions to collect this information during KYC, but not for smaller companies.  Look for state incorporation services (websites that specialize in setting up companies online) to ask for a host of new information in the not-to-distant future
  • A FinCEN database – The legislation provides for FinCEN to manage beneficial ownership information.  Their database will be available to law enforcement, and to financial institutions doing their own due diligence.  Unfortunately, as is often the case with databases and disparate legislation, there is bound to be a ton of duplication and erroneous data.  We shall see how Treasury decides to implement this rule.
  • Increased fines and penalties for violators – Executives who tolerate a culture of non-compliance can now face significant personal liability, including the disgorgement of bonuses and the end of sitting on the boards of other financial institutions.
  • The “internationalization” of US anti-money laundering law – Parts of the legislation (particularly the beneficial owner rule) reflect the real power of international institutions like FATF in shaping the domestic policies of member states.  The US with this part of the law was purportedly responding to criticism that corporate privacy in the US was a real problem in financial crimes enforcement.
  • Cryptocurrency businesses now definitely subject to AML laws – If there were ever doubts that Virtual Asset Service Providers (VASPs) were subject to AML regulations, such doubts have been put to rest with the new legislation.  A wide range of businesses, from cryptocurrency exchanges to online service providers, will be required to follow the dictates of the Bank Secrecy Act, the large parts of which are described above.

Anti-money laundering law, especially in the crypto arena, requires careful attention to detail and a trained professional eye.  Contact us if you need guidance in this important area.

Watch the presentation here.  I’m on at around 0:30.  Thank you!

Ari Good, JD LL.M. CAMS