2020 saw a substantial amount of enforcement activity in the BSA/AML/OFAC area. Even prior to last month’s enactment of the Anti-Money Laundering Act of 2020 (the “2020 AMLA”), conventional wisdom favored an increase in enforcement activity by regulators and prosecutors for violations of laws in these areas under the incoming Biden Administration. [See Division F]
The 2020 AMLA just gave this area of enforcement a significant shot in the arm. In an era where federal legislation has become rare, this dramatic change to the Bank Secrecy Act’s (“BSA”) anti-money laundering provisions establishes new beneficial ownership reporting requirements; modernizes the scope of the law to cover entities that provide certain digital asset services; and requires the U.S. Treasury to establish BSA/AML/OFAC priorities to guide firms and regulators alike, among other things.
Whistleblower Awards
While the law builds out policy through regulations to be issued, a number of the 2020 AMLA provisions are likely to have an immediate impact on enforcement. One such provision is the enhancement of the BSA’s whistleblowing provisions – Congress sought to model this expansion to some extent on the U.S. Securities and Exchange Commission’s quite successful whistleblowing program. Under the 2020 AMLA:
- Where a Justice or Treasury Department enforcement action results in a penalty exceeding $1 million, the Treasury Secretary “shall” pay an award of up to 30 percent of the collected amount to a whistleblower who “voluntarily provided original information” that leads to the successful enforcement action.
- Previously, an award under the existing BSA whistleblower program was discretionary and generally capped out at $150,000 – thus disincentivizing the plaintiff’s bar from pursuing these contingency cases. Given that some enforcement actions in recent years have resulted in penalties in the tens or hundreds of millions – or even billions, the new potential recoveries are a game changer.
- The possibility for a large whistleblower recovery is enhanced because the AMLA 2020 potentially doubles the maximum statutory penalties for repeat offenders; a good number of the largest financial institutions have already been prosecuted civilly or criminally for BSA violations.
- The law further strengthens the whistleblowing program by including robust anti-retaliation protections for whistleblowers, including allowing for the filing of a complaint with the U.S. Department of Labor and, where there is no determination by DOL within a prescribed time period, the opportunity to file an action in federal court – a potentially favorable forum for these plaintiffs.
- The number of financial institutions subject to the requirements of the BSA is also expanded to include entities engaged in the exchange or transmission of “value that substitutes for currency.” Thus, the potential for the whistleblowing awards grows alongside the explosive growth in cryptocurrency businesses.
- Mid-size financial institutions actually may be more vulnerable to the effects of the whistleblower provisions. It has often been the case that these firms do not have as robust compliance programs as larger institutions, and also have ended up in the cross-hairs of federal regulators less frequently.
What Financial Institutions Should Do
- All covered financial institutions should commit to taking a serious look at their BSA/AML/OFAC/CFT programs to ensure they meet the pillars of the BSA and OFAC’s Compliance Framework, along with the new provisions of AMLA 2020. For example, institutions should consider conducting an updated risk assessment and targeted gap analysis aimed at meeting the requirements of the law’s new provisions.
- A timely review of technology, governance, policies and procedures, internal audit and other controls will ensure that an institution is prepared to meet the regulatory expectations of federal and state agencies in light of the law’s changes. Any such review should extend to the firm’s whistleblowing program as well. This is an often-overlooked pocket of compliance, especially for smaller and mid-size institutions. Even for smaller firms, a successful whistleblowing program can catch compliance or fraud issues early; identifying them too late can lead to substantial regulatory fines, payouts in litigation, or even more serious consequences. Where an institution does not possess sufficient in-house expertise in designing and implementing these programs, outside firms that understand regulator’s expectations can offer substantial assistance with creating a right-sized program.
AMLA 2020 adds a number of effective measures to a regulator’s enforcement toolkit, and with the expectation of enhanced enforcement under the Biden Administration, it is not alarmist to say the time is now to begin a clear-eyed look at the efficacy of an institution’s current compliance program.