Prepared Remarks of
Acting Director, FinCEN
Financial Crimes Enforcement Conference
December 6, 2022
Good morning. It’s great to be here today. Last year was my first time addressing this event, and I did so remotely. So, it’s great to be here in person.
Last year, I shared a little bit about how FinCEN was addressing new threats, new innovations, and new partnerships. And our efforts to implement the AML Act.
I’d first like to note that the FinCEN team has played a key role in helping law enforcement and national security agencies protect our national security. We have issued numerous advisories and alerts on Russian sanctions evasion and efforts by Russian oligarchs and elites to hide illicit assets. We have worked to highlight for law enforcement reporting that we’ve received from financial institutions. We also have continued our work with our law enforcement partners to help in the recovery of funds after ransomware attacks.
We have also made significant progress in implementing the AML Act. Today, I’d like to update you on our progress, and discuss some of our efforts over the new year.
I am very proud of the team of professionals at FinCEN who have been working at a relentless pace to make progress on our significant agenda.
Beneficial Ownership Information Reporting
I’d like to first address the beneficial ownership requirements of the CTA.
As many of you know, we issued a final rule at the end of September implementing the beneficial ownership information reporting requirements. That rule specifies who has to report, what they have to report, and by when. It’s an important step forward.
The reporting rule is just the first of three rulemakings required by the CTA.
We are hard at work on the second rulemaking, which we call the access rule. This proposed rule will lay out the protocols for access to the beneficial ownership database by law enforcement—at the Federal, state, local, and tribal levels—and by financial institutions. As some of you may know, we sent the proposed rule to OMB for review about a month ago and are working to issue it by the end of the year.
As with the reporting rule, your comments to the proposed access rule will be invaluable to ensure that we strike the right balance; so that we provide broad access to law enforcement and national security agencies to achieve the goals of the CTA; and, at the same time, that we ensure that the highest security and confidentiality requirements apply and that BOI is used only for the purposes that it is authorized to be used for.
Lastly, the CTA requires that we revise the Customer Due Diligence (CDD) rule to bring it into conformance with the CTA. Those revisions need to be completed no later than one year after the effective date of the reporting rule. And we are working towards that goal.
The rulemakings are just one small part of the overall effort on beneficial ownership. The effective date of the reporting rule is January 1, 2024—and we’re working intensively to ensure that the overall framework is operational by that date.
We are designing and building the IT infrastructure to include a secure database that meets the highest security standards, and to ensure that only authorized users can access the information and only for authorized purposes.
In parallel, we are reaching out to a wide variety of stakeholders to help ensure that reporting companies are aware of and understand the new BOI reporting requirement. Since the rollout of the final reporting rule, our team has engaged with the National Association of Secretaries of State (NASS), the Small Business Administration (SBA), the Delaware Secretary of State, the International Association of Commercial Administrators (IACA), and professionals in the corporate formation industry. These engagements have been useful to both educate key stakeholder groups about the reporting requirements and to identify topics that may require clarification or further guidance.
We hear loud and clear the desire for clear and simple guidance materials to help educate small businesses on the new requirements. And with that in mind, we are working on a number of products to help raise awareness of the new requirements and explain what information reporting companies will need to provide. In the simplest form possible.
We are working now to develop our first set of Frequently Asked Questions to address some of these issues. FinCEN is also working on the Small Business Compliance Guide to inform small businesses about their responsibilities under the rule. All of the guidance material will be made available on the new beneficial ownership page on FinCEN’s website.
FinCEN’s outreach will continue in earnest in 2023 as we engage with more stakeholders and work toward issuing these guidance and educational materials. We would encourage feedback on our guidance and FAQs, and on the types of information that we need to get out.
Implementation of the CTA is an intensive process that requires policy teams, economists, regulatory drafters, IT specialists, and public affairs specialists. We are working hard to complete as much of the CTA implementation work as possible within existing resources and staffing. As we enter 2023, however, we will also need to consider trade-offs in implementing this effort in the absence of additional funding—with the goal of making this program as successful as possible.
Along with our efforts on beneficial ownership, FinCEN is also taking action in other ways to support the Administration’s campaign to combat corruption and to advance the U.S. Strategy on Countering Corruption.
FinCEN issued three Alerts this year highlighting the risks of sanctions and export controls evasion by Russian actors, including through real estate, luxury goods, and other high-value assets. These alerts complement ongoing U.S. government efforts to isolate sanctioned Russians from the international financial system.
It is also part of a broader effort by FinCEN to increase transparency in U.S. real estate transactions and to prevent corrupt elites and others from using the U.S. real estate market to launder and hide their ill-gotten wealth. We recently renewed and expanded our existing real estate GTO program, and we are actively considering comments to the Advance Notice of Proposed Rulemaking that we issued last December. We hope to issue new rulemakings in the new year to continue to make progress in this area.
Roadmap for an effective AML/CFT program
Another top priority for FinCEN is the implementation of the roadmap laid out in the AML Act to make the AML/CFT framework more effective and more risk-based.
The issuance of the AML program rule is just one part of this effort. We’re working to issue a proposed rule that includes regulatory amendments to ensure that AML/CFT programs incorporate the national AML/CFT Priorities, that they are effective, reasonably designed, and appropriately consider a risk assessment program. We issued our initial AML/CFT Priorities last June, and we encourage your institutions to assess your risk exposure to those Priorities while we work on implementing regulations. We know that you are anxious to see our proposal, and we are working hard to issue an NPRM. We encourage your engagement during this process, and welcome your comments and feedback.
We also recognize that the AML Act’s goal of a strengthened, modernized, and streamlined AML/CFT framework will ultimately play out over a series of steps as we implement all of the provisions of the AML Act. For instance, the AML Act requires FinCEN to work with the FFIEC and law enforcement agencies to establish training for Federal examiners in order to better align the examination process. The AML/CFT Priorities and their incorporation into risk-based programs as part of the AML Program Rule will be crucial in giving direction to examiners on approaches that improve outcomes for law enforcement and more effectively safeguard the national security of the United States.
The AML Act also focuses on how law enforcement and FinCEN can provide more feedback to financial institutions about how we are using BSA information. DOJ, for example, is required to provide—and has started to provide—annual reports specifying the usefulness of the information reported by financial institutions to FinCEN. The GAO also provided a related study on the value of feedback loops, as required by the AML Act. FinCEN is required to use this information to help assess the extent to which BSA reporting is being used effectively by law enforcement, and to provide more frequent feedback to the public and financial institutions on how that information is being used and how to better direct resources.
We are exploring additional ways to use the authorities in the AML Act to provide more regular engagement with financial institutions and law enforcement. For example, we envision greater use of FinCEN Exchange—relying on its authorities to ensure confidential discussions between financial institutions and law enforcement that more clearly conveys law enforcement needs—while at the same time streamlining discussions to provide more timely and useful feedback.
At the heart of these efforts is more regular communication with both law enforcement and with financial institutions.
The AML Act also requires us to conduct a comprehensive review of our regulations and guidance, which we are in the midst of doing under section 6216. We thank those of you, including the ABA, who participated in the Request for Information last December, which produced constructive, specific feedback.
Taken as a whole, a multi-step effort will be needed to create a more effective and risk-based framework that provides timely information to law enforcement and safeguards the national security of the United States. As this process unfolds, we welcome your feedback and constructive participation as we seek to create a more modern and streamlined AML/CFT regime.
MSBs & CVC
Another key priority area for FinCEN is virtual currency—and the digital asset ecosystem more broadly. As you all know, FinCEN has been at the forefront of virtual currency regulation. And we have provided additional regulations and guidance to ensure that AML/CFT risks are sufficiently addressed.
FinCEN recognizes the continuing evolution of the digital-asset ecosystem since our 2013 and 2019 guidance documents. In particular, we recognize that decentralized finance will continue to impact the financial services industry, and we need to mitigate the illicit finance and national security risks posed by the misuse of digital assets. And, we will continue to evaluate the emergence and evolution of digital assets to determine whether any gaps exist in the current AML/CFT framework or its application. This is part of the Treasury Department’s digital assets action plan—which was issued pursuant to the Executive Order on Ensuring Responsible Development of Digital Assets.
In line with this commitment, we are taking a close look at our AML/CFT framework applicable to virtual currency—and digital assets more broadly—to determine whether additional regulations or guidance are necessary. This includes looking carefully at decentralized finance and its potential to reduce or eliminate the role of financial intermediaries that play a critical role in our AML/CFT efforts. We are engaging with relevant U.S. government stakeholders in this effort, and we welcome engagement with industry—including the banking community—to better understand your assessment of the vulnerabilities and risks.
Related to this, we are also closely monitoring developments in the payments space, particularly with the continued increase in the popularity of FinTech and RegTech companies, some of which engage in traditional depository lending activity. Treasury recently issued a report that highlights some of the risks to consumer protection and market integrity posed by FinTech companies. On the AML/CFT side, many of these FinTechs qualify as MSBs under a regulatory framework that was last updated over 10 years ago, prior to the widespread development of FinTech. As a result, we are also closely examining our current MSB framework in light of continued trends and developments in the payments space, and assessing whether additional regulations or guidance are necessary to address the illicit finance risks.
As with our work on digital assets, we welcome your engagement to better understand the vulnerabilities and risks that your institutions are facing.
Combatting fraud is another priority that we take very seriously. Fraud has a tremendous impact on the American taxpayer, and was included as one of the eight priorities in FinCEN’s AML/CFT Priorities issued in June 2021.
Victims of fraud are often the most vulnerable in our society. FinCEN is working hard to fight against those who try to profit from the global pandemic and those who prey on the elderly. FinCEN has issued guidance, advisories, and information about trends and red flags to provide feedback to financial institutions on COVID-19 medical fraud, imposter scams, cyber-enabled crime, and the defrauding of the unemployment insurance system. FinCEN has also assisted law enforcement and financial institutions in the recovery of funds stolen via fraud and other COVID-19 related crimes. And in June of this year, FinCEN issued a second advisory to alert financial institutions to the rising trend of elder financial exploitation. The advisory highlights behavioral and financial red flags to aid financial institutions with identifying, preventing, and reporting suspected elder financial exploitation.
In 2021, financial institutions filed 72,000 SARs related to elder financial exploitation. This represents an increase of 10,000 SARs over the previous year’s filings. The Consumer Financial Protection Bureau’s estimate of the dollar value of suspicious transactions linked to elder financial exploitation has similarly increased—from $2.6 billion in 2019 to $3.4 billion in 2020. This is the largest year-to-year increase since 2013. It’s staggering.
Your reporting on fraud has been critically important to law enforcement working to combat these crimes.
Just last week, as part of FinCEN’s Law Enforcement Awards program, we recognized a significant law enforcement fraud investigation that would not have been possible without the reporting from banks. Let me briefly share some details about the case.
A Department of Homeland Security investigation determined that an MSB had remitted more than $160 million to bank accounts in another country. The MSB remitted money on behalf of tens of thousands of customers from nearly every state in the country—even though it was only licensed to remit money in certain U.S. states. Law enforcement identified dozens of its customers that had received proceeds of various frauds and swindles. The fraudsters then used the MSB as a conduit to remit money to another country. Numerous customers of the MSB have been arrested by state and Federal law enforcement for various offenses to include wire fraud and money laundering. A Federal grand jury indicted the MSB, along with its owners, and several other co-conspirators. Seizures associated with this investigation total more than $3 million. Over 1,900 BSA filings, the majority of which were from banks, assisted law enforcement with this successful investigation. The U.S. Attorney’s Office for the Northern District of Texas prosecuted this case.
FinCEN is also working to understand the broader typologies around fraud, and we are looking deeply at identity-related SARs. We are in the early stages of using machine learning and artificial intelligence to take a systemic top-down look at the SARs being filed and are seeing that identity-related SARs are falling into one of three categories: Impersonation, insufficient or circumvented verification, and identity compromise.
- Impersonation occurs when someone is acting as or using another person’s information or misrepresenting themselves. Many SARs report potential impersonation concerns. Impersonation tactics enable most cyber-attacks and compromises. In this category, SARs report identity theft, synthetic identities, COVID-19 fraud, phishing, and various other scams.
- Verification failures often reflect processes that are insufficient, circumvented, not completed, or not in place to begin with. For example, in this category identity-related SARs report inconsistent personally identifiable information, forged documents, and fraud where an entity passes verification despite providing false information. Many SAR filers did not recognize the fraudulent identities or related information at the time of the transactions, only discovering the fraud later based on additional review.
- Identity compromise includes unauthorized access to accounts or personal information and the ability to move funds without proper authorization. This includes stolen credentials, ransomware, brute-force login attacks, account takeovers, and business email compromise.
In looking at all SARs in 2021, our preliminary analysis finds that over 3 million are related to potential identity issues.
By understanding how identity is being exploited within each of these three categories, we intend to identify where problems are most often occurring. This can help us identify where to prioritize efforts. Breakdowns in these identity processes (or lack thereof), either through identity compromise, insufficient or circumvented verification, or impersonation can impact the efficacy of KYC. This is important because identity proofing, validation, verification, and authentication are key components of KYC and are conducted when a customer on-boards, accesses their accounts, or makes a transaction with counterparties.
As we look ahead, we are using this big data approach to also resolve different types of reported activity into common underlying typologies. This will enable us to automate analysis, generate models and algorithms, and see new patterns we hadn’t seen before, with the goal of feeding this information back to the financial sector.
In closing today, thank you again for allowing me to be here to share about FinCEN’s work. We value all of you as partners in our collective efforts to combat financial crime.