COMMENT CALL: The NCUA and other federal financial institution regulators have proposed to amend their rules that require credit unions and others to have effective, risk-based, anti-money laundering and countering the financing of terrorism (AML/CFT) programs.
The amendments are intended to align each agency’s AML/CFT rules with changes also proposed by the Financial Crimes Enforcement Network (FinCEN), which is part of the U.S. Treasury. FinCEN’s announcement of its proposal includes links to a fact sheet and a summary of the key changes it is considering.
The Bank Secrecy Act (BSA) imposes various AML/CFT regulatory requirements on financial institutions, including banks and credit unions. The League summarizes those requirements in ii Release No. 0071. In 2020, Congress directed FinCEN and the regulators to modernize and strengthen their AML/CFT regulations, leading to these new proposals.
The banking regulators’ proposal calls for significant changes to the overall regulatory framework that governs how credit unions and other financial institutions design and implement their AML/CFT programs. Regulators say that they want to move away from a process-heavy focus to one that prioritizes stronger, more effective, and more efficient compliance programs.
Perhaps most significantly, the regulators’ enforcement powers would be restricted to bringing certain supervisory and enforcement actions “only for the most serious deficiencies in the bank’s implementation of its program.” Under the new rules, only “significant or systemic failures” by a financial institution to implement a properly established AML/CFT program would warrant an enforcement action or a significant supervisory action. This is a departure from prior practice, which saw enforcement actions sometimes based on technical or isolated deficiencies.
Among other changes, the proposed amendments would also:
- Reinforce a risk-based approach, requiring credit unions to focus on higher-risk members and activities rather than lower-risk areas and shifting from a focus on technical compliance to requiring effective, risk-based AML/CFT programs;
- Establish core program requirements, including incorporating customer due diligence into the NCUA regulations and requiring that a credit union’s AML/CFT officer be in the U.S. and accessible to regulators;
- Streamline options for a credit union to approve its AML/CFT program, to include not just the board of directors but also appropriate senior management;
- Require that once a credit union has properly established its AML/CFT program, it must maintain that program in all material respects, keeping its risk-based set of internal policies, procedures, and controls – and the risk assessment processes they are based on – current as the credit union’s risk profile changes;
- Enhance FinCEN’s role in the regulators’ supervision and enforcement process by setting up a new consultation framework for certain actions by the regulators;
- Clarify that credit unions may share any information with FinCEN related to certain AML/CFT supervisory and enforcement actions; and
- Clarify that required independent testing would be based on objective criteria designed to assess whether a credit union has effectively established, implemented, and resourced an AML/CFT program consistent with its risk assessment processes. The testing would be required to assess compliance, focus on program effectiveness, be conducted by individuals or parties who are truly independent of the AML/CFT program, and avoid conflicts of interest. Credit unions would retain flexibility in how they meet this requirement.
Make your voice heard
The League may submit comments on this proposal, depending on the feedback credit unions provide. If you would like to share your thoughts on this proposal, please email Paul Guttormsson by June 2, so that our comment letter (which is due June 9) can reflect your positions. Our letter will not identify your credit union by name.
Compliance Roundtable – September 16 (In-Person)
Join members of The League’s compliance team as they lead a discussion on the latest changes in regulations and need to know information to keep your credit union in compliance. You can find more information or register on our website.