FinCrime has reached new levels of sophistication

Welcome to the first edition of this new quarterly newsletter! It will set out recent global financial crime (FinCrime) regulatory developments and implications they could have for financial service firms.

FinCrime has reached new levels of sophistication. This is driven by geopolitical events, evolving technological developments, and interconnected and interdependent financial networks. In response, regulators across jurisdictions are addressing current and evolving FinCrime risks. Given high fines for non-compliance it is more important than ever for global firms to stay abreast of upcoming regulatory developments.

Regulators globally are addressing crypto-related money laundering

• In October 2023, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) released a proposal that would designate convertible virtual currency (CVC) mixing as a primary money laundering concern. CVC mixing is an action that intends to conceal the source, destination, or amount involved in one or more transactions. The proposal requires firms in scope to adopt recordkeeping and reporting requirements on transactions involving CVC mixing and on customers associated with CVC transactions. In scope firms include banks, brokers in securities, money services businesses, futures commission merchants, commodities brokers and mutual funds. Even if this proposal doesn’t get finalized, it may result in an increase in suspicious activity reporting related to mixers.

• On 20 October 2023, Hong Kong’s financial regulator announced that firms engaged in virtual asset-related financial services in Hong Kong should comply with the requirements under Chapter 12 of the guideline on Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT). It sets out virtual asset-specific requirements for conducting customer due diligence, and monitoring transactions and activities. It also provides requirements for virtual asset transfers, third-party deposits and payments in the form of virtual assets. In addition, the circular outlines expectations for investor protection. Firms should implement selling restrictions to limit the sale of most virtual asset-related products to sophisticated investors and use a virtual asset knowledge test to assess the suitability of investors.

• In July 2023, Singapore’s regulator released non-mandatory guidelines for banks dealing with clients linked to digital assets (e.g., exchanges and individuals that obtain their wealth from cryptocurrencies). When onboarding clients, banks should document the nature of customers' crypto exposure and their intended use of a bank account and should establish the source of the clients’ funds. The guidelines also propose the use of blockchain screening tools to review the on-chain activity of digital-token payment service providers (DTPSPs) and screen their wallets against sanctions lists.

US regulators are increasing the focus on money laundering risks

• On 16 October 2023, the US Securities and Exchange Commission (SEC) issued its annual examination priorities for 2024, which feature very specific AML compliance expectations. SEC requires certain firms, i.e., broker-dealers and certain registered investment companies, to establish AML programs that are tailored to address the risks associated with the firm’s location, size, and activities, including the customers they serve, the types of products and services offered and how those products and services are offered.

• In December 2023, the FinCEN intends to issue a Notice of Proposed Rulemaking (NPRM) implementing section 6101(b) of the AML Act that requires financial institutions to incorporate a risk assessment and national AML/CFT priorities into their risk-based compliance programs.

• Also, in December 2023, a NPRM revising the existing Customer Due Diligence (CDD) Rule is expected. This will be the third rule to implement the Beneficial Ownership Information (BOI) rule under the Corporate Transparency Act (CTA). As there are currently some differences between the CDD Rule and the Corporate Transparency Act (CTA), for example regarding the definition of beneficial owners, or differences involving exempted entities the revisions are very important as they are expected to provide some sort of clarification.

• The term beneficial ownership is also being discussed on a global level. The Financial Action Task Force (FATF) enhanced its Recommendation 25 on legal arrangements to bring its requirements broadly in line with those for Recommendation 24 on legal persons to ensure a balanced and coherent set of FATF standards on beneficial ownership. Comments to FATF’s Risk-Based Guidance to Recommendation 25 on Beneficial Ownership and Transparency of Legal Arrangements can be provided by 8 December 2023.

Emerging digitally enabled fraud has become a concern for regulators in Asia-Pacific

• On 25 October 2023, a consultation paper, proposing a shared responsibility framework for phishing scams, has been published by Singapore’s regulator. It focuses on both, transactions that are performed without the customer's knowledge or consent, and scams where customers are deceived into revealing their account credentials to scammers impersonating legitimate entities, leading to unauthorized transactions being performed. The proposed framework sets out duties for firms to mitigate the risk of consumers becoming victims of phishing scams (e.g., send transaction notifications to customers).

• Hong Kong’s regulator, the Hong Kong Monetary Authority (HKMA), received 954 fraud-related banking complaints in the first nine months of 2023, as compared to 555 cases for the full year of 2022. As a response, in October 2023, HKMA established enhanced approaches to combat digital fraud, and strengthen information sharing, transaction monitoring and customer alerts at firms. For example, firms are required to join information sharing platforms, and implement real-time fraud monitoring and detection capabilities.

Europe on the road to new AML supervisors

• The new European Union (EU) AML authority “AMLA,” part of the EU’s wider AML package, is in the process of finding a country host. 10 EU member states have applied to host AMLA with the application deadline of 10 November 2023. The supervisor will not be up and running until at least 2026.

• Germany is implementing fundamental reforms to its FinCrime structures. It is bundling core agencies under the Federal Financial Crime Agency (FFCA), changing its approach to detect money laundering and improving transparency on beneficial owners. The new agency will be set up in 2024 and take up its work in 2025.

The views reflected in this article are the author’s and do not necessarily reflect the views of the global EY organization or its member firms.