suggested that “regulatory requirements should apply based on the operations and complexity of each institution, but they should not be based on the size of the organization.” The three small banks asking for a uniform application provided the following reasoning. One stated that: “allowing an ‘opt-in’ ... may result in unnecessary confusion ... would need to be determined by the regulatory agencies” and noted that it would be either risky or unnecessary, depending on the quality of the program. Two others commented that a uniform application was needed to control risk, and to restrict exposure through less regulated entities that carry out similar activities. One of them expressed its concern about the possible arbitrary process in determining the criteria for exemption.
In question nine, FinCEN asked whether there are objective criteria or ways for FIs to develop a rubric for risk assessments—— none supported this. There was no response from the large banks, while four small banks opposed. Several replies described the reasons for their opposition. One articulated its concern about the following:
“ ...AML programs being second guessed and evaluated on substantive law enforcement ‘effectiveness’ (into which regulated financial institutions have no insight). Rather, any risk assessment requirement should be evaluated based on its compliance with AML program expectations. FinCEN should take care to articulate an objective measure of what makes an ‘effective’ AML program, with a focus on program compliance as the measure of effectiveness.”
A second reply argued that the examination process should remain unchanged due to the following:
“ ...current method of examination provides high level objectives of reviewing the risk assessment process and ensuring that products, services, customers and geographic locations were reviewed, yet still
allows the examiner to be subjective in their determination of the adequacy and reasonableness of the assessment. The addition of the AML Strategic Priorities is already implied in the meaning of ‘other illicit financial activity risks.’”
The 10th question followed up on the ninth, this time asking about possible objective standards for testing risk assessments by examiners. Again, the large banks did not respond. Four other banks replied, with one opposing and three making comments without indicating their overall position. The opposing bank stated that there should be no prescriptive approach, “Rather, examiners should articulate why they are recommending changes to a bank’s AML program, citing gaps they have identified and why they believe these gaps have resulted in a program that is not effective and reasonably designed.” The three commenting banks made specific requests on objective testing standards. The first asked that criteria for independent testing of a risk assess- ment’s adequacy and reasonableness as to its alignment with the bank’s risk profile remain at a high level. The second asked that the crafting of any new risk assessment requirements include as many objective criteria for quality and compliance as possible, and that these criteria be communicated to examiners and auditors so that they could be applied in a uniform fashion. They argued that examiners should either focus on technical compliance as evidence of effectiveness or on effectiveness as measured by law enforcement results; if the latter is chosen, then banks should have full transparency and access to law enforcement use of the information provided. The third requested that FinCEN determine whether objective standards are possible.
FinCEN’s 11th and final question asked whether FIs expected the rule to add to their regulatory burden. Most banks answered hypothetically. Of the large banks, four stated that it would depend on the implementation and on coordination
with examiner procedures. In addition, one stated that it expected the burden would increase. Among small banks, nine responded that the regulatory burden could increase, depending on how it was implemented, with two expecting that their obligations would rise. Whether they would be allowed to deprioritize coverage of activity that was not cited in the national priorities determined the expectations of almost all FIs. One bank expressed its concern that FinCEN might create an AML regime that “only works by addition and does not acknowledge the changing nature of certain risks and provides financial institutions no flexibility to nimbly allocate resources.”
Summary and future hearings
Answers to FinCEN’s 11 questions from seven large banks and 17 smaller banks range from approval to no response to disapproval, with a universal request that the implications of the rule should be able to be understood clearly by themselves, and by their examiners, so that they can accurately predict how examiners will assess their programs. Based on this review, implementing a new standard will require a great deal more consulting with FIs and with examiners. A close reading of replies suggests several topics that might be taken up for discussion in future public hearings. One is whether this change will create reorientation or an additive burden. Another question is how to engender the substantive and widely desired change to focus on effectiveness. Questions about how FIs might be assessed by examiners under the new standard will also need to be addressed. Finally, methodologies to create assessment standards, which received only a few comments would also benefit from discussions in future hearings.
Geoffrey Adamson, principal, Imogen Consulting LLC, NJ, USA, gadamson@imogenconsulting.com
[ AML POLICY ]
   [ JUNE–AUGUST 2021 ] 65