The National Defense Authorization Act for Fiscal Year 2021 became law early in 2021, after a congressional override of then-President Trump’s veto. Division F of the NDAA consists of the Anti-Money Laundering Act of 2020 (“AMLA”). The AMLA expands numerous Bank Secrecy Act (“BSA”) requirements, and FinCEN has continued to issue guidance, reports, and proposed regulations since our prior blog post summarizing developments during the first sixth months following AMLA’s passage. The following is a summary of additional AMLA developments that occurred during the second half of 2021.
Arts and Antiquities
FinCEN announced in September an advance notice of proposed rulemaking (ANPRM) to solicit public comment on questions relating to the implementation of AMLA amendments regarding the trade in antiquities. The AMLA amended the BSA by adding to the BSA’s definition of “financial institution” a person engaged in the trade of antiquities.
The ANPRM notes that money launderers and terrorist financiers may exploit certain characteristics of the antiquities trade to evade detection by law enforcement. Such characteristics include client confidentiality, challenges with accurately documenting provenance, the use of intermediaries, and the subjectivity of prices of antiquities. The ANPRM set forth numerous questions, including:
- Seeking descriptions of the roles, responsibilities, and activities of persons engaged in the trade of antiquities
- How transactions related to the trade in antiquities are typically financed and facilitated
- The type of information a buyer typically learns about a seller, cosigner, or intermediary in the sale of antiquities
- What parts of the market are most vulnerable to money laundering and terrorist financing risks, and the geographic locations where such vulnerabilities tend to take place
- How “antiquities” and “trade of antiquities” should be defined for the purposes of FinCEN’s regulations
- What should be the requirements for filing suspicious activity reports related to antiquities
FinCEN required written comments to be submitted on or before October 25, 2021, and it publicly shared 37 comments from a variety of parties, including auction houses, coin collectors, non-governmental organizations, and trade associations.
Sharing of Threat Pattern and Trend Information
Section 6206 of the AMLA amended the BSA to require FinCEN to publish, no less frequently than semiannually, threat pattern and trend information to provide “meaningful information about the preparation, use, and value” of suspicious activity reports (“SARs”) filed by financial institutions as well as other reports filed by financial institutions under the BSA. Such publications should include typologies relating to emerging money laundering and terrorist financing threat patterns and trends.
In October, FinCEN published a financial trend analysis on ransomware trends in BSA data between January 2021 and June 2021. The publication reflects an increase in the number and severity of ransomware attacks against U.S. critical infrastructure since late 2020, and a growth in ransomware-related SARs. The analysis predicted that, if current trends continue, SARs filed in 2021 are projected to have a higher ransomware-related transaction value than SARs filed in the previous 10 years combined. During the review period, U.S.-based digital forensic incident response firms filed the majority of ransomware-related SARs. The analysis identified six ransomware-related money laundering typologies, including an increased use of mixing services, which are websites or software designed to conceal or obfuscate the source or owner of convertible virtual currency. The analysis concludes by providing detection and mitigation recommendations, such as incorporating indicators of compromise from threat data sources into intrusion detection systems and security alert systems.
FinCEN then published in December a financial threat analysis on illicit finance threat involving wildlife trafficking. The analysis concluded that while the number of wildlife trafficking-related SARs has increased, SARs were likely capturing only a small percentage of all wildlife trafficking-associated illicit financial activity. According to FinCEN, “[d]ifferentiating between the legal and illegal trade of wildlife (both domestic and international) typically cannot be achieved through financial analysis alone and may be at least one of the reasons for this gap.” SARs referenced some of the most globally trafficked wildlife species and associated wildlife parts, including ivory, rhinoceroses, elephants, and reptiles. FinCEN identified several wildlife trafficking-related activity indicators, including transactions referencing wildlife-associated care or equipment and transactions involving wildlife-associated entities (such as private zoos).
Review of Regulations and Guidance
Section 6216 of the AMLA requires the Secretary of the Treasury, along with other entities, to undertake a formal review of the BSA’s implementing regulations and BSA-related guidance. One of the goals of Section 6216 is to identify regulations and guidance that may be outdated, redundant, or otherwise do not promote a risk-based anti-money laundering and countering the financing of terrorism regime for financial institutions. In December, FinCEN issued a request for information seeking comments on ways to “streamline, modernize, and update” the AML/CFT regime of the United States. Comments should be submitted to FinCEN by February 14, 2022. FinCEN will report to Congress the findings of the review, including administrative and legislative recommendations.
Corporate Transparency Act
Included in the AMLA is the Corporate Transparency Act (“CTA”). In December, FinCEN issued a notice of proposed rulemaking on the proposed rule to implement the CTA’s beneficial ownership
information reporting provisions. The proposed regulations describe who must file a report, what information must be provided, and when a report is due.
The CTA requires a reporting company to identify any individual who (a) exercises substantial control over the entity, or (b) owns or controls not less than 25% of the ownership interests of the entity. FinCEN’s proposed rule seeks to clarify the terms “substantial control” and “ownership interests.” The proposed regulation sets forth three specific indicators of substantial control: (1) service as a senior officer, (2) authority over the appointment or removal of any senior officer or dominant majority of the board of directors (or similar body), or (3) direction, determination, or decision of, or substantial influence over, important matters of a reporting company. Under the proposed rule, “ownership interests” would include both equity in the company and other types of interests, such as capital or profit interests. In addition to beneficial ownership information, the CTA also requires reporting companies to provide information about “applicants.” For domestic reporting companies, FinCEN’s proposed rule defines a company applicant as the individual who files the document that forms the entity. For foreign reporting companies, a company applicant is the individual who files the document that first registers the entity to do business in the United States. The proposed definition of “company applicant” also includes “any individual who directs or controls the filing of such document by another person.”
The comment period for the notice of proposed rulemaking is open until February 7, 2022. FinCEN will engage in additional rulemakings relating to the CTA, including establishing rules for who may access beneficial ownership information, and revising FinCEN’s customer due diligence rule.
 FinCEN issued a ransomware advisory on November 8, 2021, in which it noted that some digital forensic and incident response companies “facilitate ransomware payments to cybercriminals, often by directly receiving customers’ fiat funds, exchanging them for CVC, and then transferring the CVC to criminal-controlled accounts.” The advisory continued: “Depending on the particular facts and circumstances, this activity could constitute money transmission. Entities engaged in MSB activities (such as money transmission) are required to register as an MSB with FinCEN, and are subject to BSA obligations, including filing SARs.”
 The analysis defines “indicators of compromise” as “signatures or artifacts observed on a network that likely indicate computer or network intrusion.”