Fintech Law TL;DR

Share this post

FinTech TL;DR: AML and BSA

fintechtldr.substack.com

FinTech TL;DR: AML and BSA

Or "How I Learned to Stop Worrying and Love Compliance"

Fintech Law TL;DR
Mar 14, 2021
Share this post

FinTech TL;DR: AML and BSA

fintechtldr.substack.com
Share

What Are AML and BSA Laws?

Anti-money laundering (AML) and Bank Secrecy Act (BSA) requirements apply to...just about every FinTech. 

They’re meant to help the government fight crime and terrorism, based on criminals’ and terrorists’ use of the financial system. 

You’ll often hear these requirements referred to as simply “AML” requirements, but they also go by: BSA, Know Your Customer (KYC), Know Your Business (KYB), Customer Identification Program (CIP), and other names.

We’ll use “AML” for simplicity, and you can think of AML in two batches: (1) BSA rules and (2) PATRIOT Act rules.

Bank Secrecy Act

The BSA imposes a few recordkeeping and reporting obligations on FinTech and financial institutions:

There’s an active proposal to drop the first row’s trigger to $250 for international transfers.

PATRIOT Act

The PATRIOT Act bolstered the BSA in a few areas. Specifically, financial institutions must:

  • Verify a customer’s identity when a new account is opened (think: when Robinhood asks users to upload a driver’s license or passport).

  • Verify the identities of 25%+ owners of entities.1

  • Verify that customers aren’t on OFAC’s list of suspected terrorists and sanctioned actors.

  • Keep records of the info used to verify identities and to check terrorist lists.

  • Have written AML policies and procedures, and update them annually.

  • Designate a compliance officer.

  • Do extra due diligence for correspondent accounts2 and private bank accounts held by non-U.S. actors from certain regions.

Don’t do it, kids! AML violations can trigger fines as small as low as a few thousand dollars...or much, much higher, including jail time.

Who Needs AML?

OK, OK, right, your corner wine store handles money and doesn’t need to run AML on you. But chances are, if you’re in FinTech, you need to comply with AML laws. Here’s a starter-list of who is covered:

  • Banks

  • Money transmitters3

  • Securities and commodities broker-dealers

  • Credit card operators

  • Lenders

  • Investment advisers

  • Anyone providing or selling prepaid cards

  • Precious metals dealers

Of course, there’s some nuances depending on the type of FinTech. Y’know, to help keep your lawyer employed:

  • MSBs must actively register as an MSB with FinCEN.

  • Robo advisors aren’t subject to the PATRIOT Act parts of AML.

  • Crowdfunding portals aren’t included (though there are proposals to add them).

Crypto AML

Ugh, I don’t even know if I want to wade into the crypto AML morass. The TL;DR version is: how AML applies to crypto is evolving and ever-controversial.

Some (simplified) highlights:

  • Miners aren’t subject to AML if they use their mined crypto for personal use (i.e., goods and services). If they plan to flip their crypto and help make markets, they’re subject to AML laws.

  • ICOs are subject to AML if they issue security tokens.

  • Exchanges that hold crypto for you and let you transmit it to others are subject to AML.

  • Some digital wallet providers are subject to AML.

  • The Travel Rule and Recordkeeping Rule (i.e., you must keep records and pass on transaction info for transactions >$3k) apply to crypto.

  • FinCEN proposed a rule requiring recordkeeping and reporting of certain transactions >$10k that involve certain types of wallets.

Anti-Money Laundering Act of 2020

In early 2021, Congress passed the Anti-Money Laundering Act (AMLA) that gave AML a facelift. And, man, was it time.

Key parts of AMLA:

  • Beneficial ownership registry! AMLA requires that shell companies file info on their owners with FinCEN. 

    • The filing requirement will apply to any entity that is formed or registers to do business in a US state, unless it falls under an exemption. 

    • The exemptions will cover a lot of entities, BUT they’re mostly entities where the government can already easily identify ownership (e.g., banks, broker-dealers, entities that file federal taxes and have a physical US presence). 

    • It’ll be a non-public database.

  • Better carrots! AMLA expanded the amount and ability of AML whistleblowers to get $$$$.4

  • Better sticks! AMLA increased penalties for AML violations.

  • The DOJ and Treasury have new powers to subpoena any account owned by a foreign bank. Previously, they could really only subpoena foreign banks if they had correspondent accounts in the US.

Don’t want to miss more FinTech law summaries as they roll out in the coming weeks?

If you enjoyed the summaries, why not share?

Share

About

Hi! I’m Reggie. Come find me on Twitter. I’m a FinTech lawyer at BlueVine, and any views expressed are my own (well, sort of? I mean, they’re laws and regulations, so they’re not really “mine”). These posts are NOT legal or financial advice.

1

And you continue on up the entity ownership chain until there are no more natural persons or entities owning 25%+.

2

A correspondent account is an account Bank A has at Bank B because Bank B can access things that Bank A can’t (e.g., the Fed’s payment rails, the Fed’s lending facilities). Non-U.S. banks set up correspondent accounts at U.S. banks to take deposits, make payments, exchange currency, etc. on their behalf.

3

TL;DR: “money transmitters” are businesses that move money themselves. Think: PayPal, Venmo, TransferWise, WesternUnion. It also includes companies like AirBnB that collect and hold payments from guests to send to hosts.

4

Whistleblower awards existed before AMLA, but they were capped and highly discretionary, so weren’t practically effective.

Share this post

FinTech TL;DR: AML and BSA

fintechtldr.substack.com
Share

Discussion about this post

No posts

Ready for more?

© 2024 FinTech TL;DR
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture
Share