Compliance Blog

On Friday, Congress passed 2021’s National Defense Authorization Act (NDAA). While President Trump has threatened to veto the law, it is believed there may be enough support in congress to override a presidential veto. This enormous law touches on many issues relating to the U.S. military and national security. However, Division F contains provisions affecting credit unions, as it requires major changes from FinCEN and the Treasury Department regarding the Bank Secrecy Act (BSA). Let’s dive into what’s in the bill:

Changes to Beneficial Ownership Requirements. The NDAA includes the “Corporate Transparency Act,” which enacts significant changes to the requirements for tracking beneficial ownership of a business or legal entity. These changes will make FinCEN’s rules regarding beneficial ownership less burdensome for credit unions, and instructs FinCEN to, within 1 year of enactment, revise the Customer Due Diligence (CDD) rule to conform to this law, presumably by removing the requirement for financial institutions to collect beneficial ownership information.

The Corporate Transparency Act retains the same definition of beneficial owner as the CDD rule, but instead aims to set a “federal standard” for obtaining ownership information during the incorporation process. Specifically, it requires all new corporations, LLCs, or similar entities formed after enactment to provide a report of their beneficial owners to FinCEN. Corporations, LCCs or similar entities that were already in existence at the time of the NDAA’s enactment will be required to submit a report of their beneficial owners to FinCEN within two years. The report should include the full name, date of birth, residential or business address and a unique identifying number for each beneficial owner. The Corporate Transparency Act also creates a process through which FinCEN can provide a unique identifying number. Entities will be required to update FinCEN when there are changes to the required information (the law says changes must be reported within 1 year, but then gives FinCEN the power to set a shorter deadline). The law also states FinCEN should try to partner with state, local and tribal governments to obtain information under existing processes. The information will be retained by FinCEN and can be disclosed to credit unions and other financial institutions when a request is made to facilitate compliance with CDD requirements.

Themes & Purposes. The NDAA's BSA provisions have some overarching themes, such as: reducing the regulatory burden on credit unions and other financial institutions, retaining or increasing the usefulness of BSA reports for law enforcement, modernizing Anti-Money Laundering (AML) requirements, and encouraging technological innovation in AML compliance. Congress specifically notes AML controls should be risk-based, stating more attention and resources should be devoted to high-risk members. Finally, the law acknowledges that credit unions have spent private compliance funds to combat illicit finance, which provides a public benefit.

Establishment of National Priorities. Division F of the NDAA requires the Department of Treasury to establish priorities for AML and countering the financing of terrorism (CFT) in a rulemaking within 180 days of enactment.  According to the law, credit unions should review the priorities and incorporate them into their risk-based programs for AML/CFT. Regulatory agencies will consider a credit union’s review and incorporation of the AML priorities during supervision and examinations. Treasury will be required to update the priorities at least every 4 years.

Possible Changes to SARs & CTRs. Division F requires FinCEN to consider revisions to BSA reporting requirements. Treasury is specifically instructed to review:

• Whether the dollar thresholds for Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) should be adjusted, including possible cost savings for credit unions, as well as any effects on law enforcement;
• Whether the CTR threshold should be tied to inflation;
• Whether the process for filing continuing SARs should be streamlined;
• Whether there should be different reporting thresholds for different categories of activities;
• Whether there should be a change to the number or nature of fields deemed “critical” on SARs and CTRs;
• Whether there should be an increase or expansion of CTR exemptions;
• Ways to improve CTR aggregation for entities with common ownership;
• Whether the process for e-filing reports could be improved by allowing for automatic population of certain fields or automatic submission of data; and
• How to establish a “streamlined” process for filing “noncomplex” categories of reports, which should reduce the filing burden on credit unions while also maintaining the usefulness of reports for law enforcement.

The law instructs the Government Accountability Office (GAO) to analyze the current CTR reporting regime and the possible effects of raising the reporting threshold; and requires DOJ to report on the usefulness of SARs and CTRs and how often they lead to “further procedures” by law enforcement agencies. FinCEN will be required to periodically disclose to credit unions a summary of SARs filed that proved useful to law enforcement.

Review of BSA Regulations. Treasury is instructed to review existing BSA regulations and guidance to identify any that may be outdated, redundant, or which do not conform to the U.S. commitment to international standards, and to make appropriate changes.

Possible BSA No-Action Letter Program. The NDAA instructs FinCEN to assess whether it should create an AML No-Action Letter (NAL) program and report to congress within 180 days. The law says FinCEN should examine the timeline it would need to make a NAL decision, and whether a NAL program would mitigate or accentuate illicit finance risks.

Increased Penalties. Division F of the NDAA allows Treasury to impose additional civil money penalties on a person who has already violated the BSA previously. Specifically, a repeat violator can be required to pay either (1) three times the profit gained, or loss avoided, as a result of the violation; or (2) twice the maximum penalty. Additionally, individuals who have been found to have committed “egregious violations” of the BSA will be barred from serving on the board of a U.S. financial institution for 10 years. Any officer, director, official, or employee of a financial institution who is convicted of a BSA violation may be required to repay any bonus they received during the calendar year in which the violation occurred. 

Focus on Innovation & Technology. The law creates a “subcommittee on innovation” within the BSA Advisory Group, to advise on ways to effectively “encourage and support technological innovation” regarding AML/CFT and can reduce obstacles to innovation. FinCEN and each federal functional regulator are required to create a position for a “BSA Innovation Officer” who will provide outreach to credit unions, law enforcement, and other stakeholders with respect to innovative methods and new technologies that can improve BSA compliance. Treasury will promulgate rules and standards for credit unions to test their AML technology. Finally, Treasury will periodically convene a “global AML and financial crimes symposium” on how new technology can be used to more effectively combat financial crimes.

On a related topic, the law also creates a subcommittee on information and data security within the BSA Advisory Group and creates “BSA Information Security Officers” at each federal functional regulator to assist agencies with developing or reviewing regulations that effect information security.

Virtual Currency. The NDAA amends several definitions in AML statutes to specifically include “value that substitutes for currency,” thereby bringing virtual currency and businesses that deal in or transmit virtual currency within the purview of BSA/AML requirements.

The AML provisions of the NDAA will ease the burden of complying with beneficial ownership requirements for credit unions. Other provisions of the NDAA could result in additional AML reforms in the future. NAFCU’s Compliance Blog will continue to cover these changes as FinCEN engages in potential rulemaking during 2021 and beyond.