Regulatory Roundup: April 2024

Welcome to the April edition of FinScan’s Regulatory Roundup. This month highlights a significant number of AML updates from the FATF, Guernsey, FinCEN, FCA, and the UK’s HM Treasury; new sanctions guidance from the UK, Guernsey, and Cyprus; and the U.S. Treasury’s latest report on managing AI in the financial sector.

Anti-money laundering

Risk-based Guidance on FATF Recommendation 25 

Following the February 2023 revisions to FATF Recommendation 25 on beneficial ownership and transparency of legal arrangements, the FATF has updated its risk-based guidance.​ R.25 requires countries to ​assess the ML/TF risks linked to legal arrangements and ​take mitigating measures. ​The Guidance aims to assist countries and the private sector to better understand how transparency requirements apply to legal arrangements.​ 

FATF VASP table helps address Recommendation 15 implementation challenges 

The FATF is publishing a table which sets out the status of implementation of Recommendation 15 by FATF members and other jurisdictions with the most materially important virtual asset and virtual asset service provider (VASP) activity. The goal is to help facilitate the implementation of these requirements (Recommendation 15) to help close significant global loopholes that criminals and terrorists tend to exploit. 

Notice Regarding National Small Business United v. Yellen 

On March 1, 2024, a federal district court entered a declaration concluding that the Corporate Transparency Act exceeds the Constitution’s limits on Congress’s power and enjoining the Department of the Treasury and FinCEN from enforcing the Corporate Transparency Act against the plaintiffs. ​The Justice Department filed a Notice of Appeal on March 11, 2024. ​While this litigation is ongoing, FinCEN will continue to implement the Corporate Transparency Act as required by Congress, while complying with the court’s order. ​ 

FinCEN Seeks Comments on Customer Identification Program Requirement 

FinCEN is issuing a request for information (RFI) related to existing requirements for banks under the Customer Identification Program (CIP) Rule to collect a taxpayer identification number (TIN) from a customer prior to opening an account. ​FinCEN recognizes that since the adoption of the CIP Rule, there has been significant innovation in customer identifying information collection and verification tools. This RFI will inform FinCEN’s understanding in this area and evaluate the risks, benefits, and safeguards if banks were permitted to collect partial SSN information from a customer and subsequently use reputable third-party sources to obtain the full SSN prior to account opening. ​FinCEN strongly encourages all interested parties to submit written comments. Comments to the RFI will be accepted for 60 days following publication in the Federal Register. 

UK’s HM Treasury publishes consultation on improving the effectiveness of money laundering regulations 

HM Treasury has published a consultation on improving the effectiveness of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the ‘MLRs’), which place requirements onto a range of businesses to identify and prevent money laundering and terrorist financing. This consultation principally covers issues with the MLRs already identified by HM Treasury. This review found that, while the core requirements of the regulations were mostly fit for purpose, there were potentially a number of technical changes that could be made to increase effectiveness and ensure proportionality for both regulated firms and customers. 

FCA warns firms over anti-money laundering failings 

FCA has written to CEOs of Annex 1 firms setting out our findings from our recent assessments of how firms are complying with money laundering regulations. Common failings include:​ discrepancies between firms’ registered and actual activities; financial crime controls which had not kept pace with business growth; failure to risk assess their own or their customers’ activities properly; and inadequate resourcing and oversight of financial crime issues and requirements.  

Guernsey updates AML/CFT/CPF handbook  

The Commission has updated its AML/CFT/CPF Handbook including Appendix I reflecting the Financial Action Task Force’s updated list of jurisdictions under increased monitoring, which removed Gibraltar and the United Arab Emirates, and​ Chapter 7 to reflect changes made to the Beneficial Ownership (Definition) Regulations, 2017 which amended the list of recognized stock exchanges within paragraph 7.59​. Some of the other sources used in the compilation of Appendix I have updated their assessments which have also led to changes for Belarus, Burundi, Bolivia, Lao PDR, Egypt and Togo​.  

Guernsey enforces actions and penalties against firms and individuals 

Recent enforcement actions and penalties found that licensees failed to carry out and regularly review relationship risk assessments, identify the customer and understand the ownership and control structure of a customer​, comply with the Rules in the Handbook relating to Introducer Relationships, carry out Enhanced Customer Due Diligence (ECDD) and Enhanced Measures​, carry out ECDD and Enhanced Measures​, and ensure it had appropriate and effective AML/CFT procedures and failed to review its compliance with the Regulations/Schedule 3​. In addition, the licensees’ Board of Directors and systems of control were ineffective​ and the Directors failed to act in the best interests of the company​. 

MFSA guides MLROs on best practices 

The Malta Financial Services Authority (MFSA) has released its Guidance for Money Laundering Reporting Officers (MLROs) in the financial services sector, outlining the Authority’s expectations for individuals proposed to fulfil MLRO positions and presently approved MLROs. It highlights the common issues the MFSA encounters while scrutinizing proposed individuals for MLRO positions and approved MLROs, including but not limited to independence, autonomy and accountability, conflicts of interest, knowledge and expertise, time dedicated to the role, and training and awareness. 

The Registration Authority of ADGM publishes consultation paper on legislative framework for a register of certain trust information 

The Registration Authority (RA) of Abu Dhabi Global Market (ADGM) has issued a Consultation Paper to explain and to seek public feedback and comments on the proposed amendments to the Beneficial Ownership and Control Regulations 2022 concerning a non-public register of certain information of express trusts. The consultation period will close on 21 April 2024. 

Sanctions guidance

UK published detailed guide for British businesses exporting to Iran 

The UK has published a trade and export guide for businesses doing business with Iran. The guide provides information on Iran exports, preparing to do business in Iran​, the Iranian economy and doing business in Iran, export opportunities for UK businesses in Iran​, challenges and risks of doing business in Iran​, Iran’s legal system, tax and customs considerations, and entry requirements. 

Guernsey announces change to sanctions legislation 

The Commission has made amendments to the Terrorist Asset-Freezing (Bailiwick of Guernsey) Law 2011 (the Terrorist Asset Freezing Law) and the Sanctions (Bailiwick of Guernsey) Law, 2018 (the Sanctions Law). The amendments to the Terrorist Asset Freezing Law concern the asset freeze etc. measures applicable to persons designated under the Terrorist Asset Freezing Law. The amendments to the Sanctions Law concern the asset freeze etc. measures that are applicable to persons designated under UK regimes. 

CySEC publishes guidance regarding recent OFAC advisory 

In response to OFAC’s December 2023 Sanctions Advisory titled “Guidance for Foreign Financial Institutions on OFAC Sanctions Authorities Targeting Support to Russia’s Military-Industrial Base”, CySEC is urging Regulated Entities to review and consider the provisions of the Sanctions Advisory when implementing due diligence measures, especially for ongoing monitoring of accounts and transactions and risk-based controls to mitigate sanctions risks. 

Artificial intelligence

U.S. Department of the Treasury releases report on managing AI-specific cybersecurity risks in the financial sector 

In the report, the Treasury identifies significant opportunities and challenges that artificial intelligence (AI) presents to the security and resiliency of the financial services sector. The report outlines a series of next steps to address immediate AI-related operational risk, cybersecurity, and fraud challenges. In the coming months, Treasury will work with the private sector, other federal agencies, federal and state financial sector regulators, and international partners on key initiatives to address the challenges surrounding AI in the financial sector. 

Need some help?

We’ll continue to monitor regulatory developments and provide updates in future editions of Regulatory Roundup. In the meantime, reach out to us if you need help navigating the evolving landscape of regulations and enforcement actions.  

FinScan offers Advisory Services to assist with model risk management, data governance, policies and procedures, and assessing your organization’s data quality, sanctions compliance program, customer and compliance risk, and AI framework, to name a few. Contact us to learn more.