A shifting regulatory landscape, MRBs and the CDD Final rule – looking back at ACAMS New York

The following are my most compelling notes and observations from this year’s recent ACAMS NY AML Conference. After recently taking my CAMS certification exam, I felt I had a much greater understanding of the subject matter and session topics and so felt comfortable summing up my thoughts for you below.


Managing Sanctions Risks in a Shifting Regulatory Landscape:

  • It’s becoming more challenging to stay one step ahead.  Develop robust screening.  Some banks use custom “Don’t Do Business With” lists which may even include specific locations, for example cities in China.
  • Training is so important – consider training on specific locations; perform ad hoc training as necessary; some companies have dedicated teams that just do Sanctions training; make training materials easily accessible
  • Learn and examine lessons learned from recent penalties imposed by OFAC on foreign banks with US branches for non-compliance of US Sanctions.


Mitigating the Risks of Banking Marijuana Related Businesses:

  • There are a lot of businesses in this area and there are significant legislative and operational challenges
  • Accepting proceeds of marijuana sales is illegal
    • Farm Bill of 2018 did not legalize hemp; only hemp that satisfies certain conditions is  legal.
    • The popularity of CBD has caused some marijuana-related businesses to say they deal with CBD.
    • CBD is “legal-ish” as it is supposed to contain a very small amount of THC
    • Even in states where it has been legalized, it remains illegal under federal law to grow, sell, purchase or use it. As such, providing banking services to MRBs is still money laundering, as the funds are proceeds of crime.
    • If a bank chooses to do business with an MRB, which some may, due to the DOJ’s general behavior of not overriding states, then they must have extensive due diligence, including site visits, to fully assess the risk of the Customer
    • Of note, not all people in the marijuana business are new to it…criminal background checks and associations with other types of criminals are critical
    • Banks cannot “look the other way” and pretend they do not know that a customer is an MRB when they could be reasonably expected to know.  That is willful blindness.
    • Willful blindness – applies to individuals and organizations.  Banks and officers that should have reasonably expected to have identified a business as being a marijuana-related business and don’t treat the customer accordingly could be in trouble.
  • Who really owns the business? Again, a site visit might be necessary to make sure they’re doing what they say they’re doing.
    • Some common words used in names of marijuana-related businesses – Happy, Farm, Garden, Wellness, Holistic, Nursery.
  • What types of businesses are indirectly related? Security firms, management companies whose clients are MRBs, employees of MRBs, lawyers, vendors, payment processors.
  • What do you do if your client deals with marijuana related businesses?  Depends on your risk assessment and how much risk you’re willing to take on.
  • As for guidance? Follow FINCEN and again, training, training, training is paramount, “…the biggest thing you can do to identify these businesses is training your front line people.”


CDD Final Rule:

  • Biggest impact is on the CIP
  • Each institution defines what a new account is – make sure this is included in documentation
  • Rule says you don’t need to know your customer’s customer (KYCC).  On the other hand, the Treasury’s recent Framework for OFAC Compliance Commitments suggests needing to know customer’s customer.  https://www.treasury.gov/resource-center/sanctions/Documents/framework_ofac_cc.pdf
  • Policies, Procedures and Training Protocols
    • Identification and verification of the beneficial owners
    • Understand the nature of the relationship
    • Conduct ongoing monitoring to identify and report suspicious transactions
    • Document any triggers that would prompt an account review
  • During the session there were some polling questions:
    • Does your firm apply 25% across the board?  Over 50% said yes.  Some use 10% threshold for higher risk customers
    • Does your firm apply the CDD  Rule requirements globally?  64% said yes
    • Has your firm been examined by a regulator on your CDD Rule Compliance since implementation?  More than half said yes ; out of these a little under half said they passed and a little over half said they were given suggestions for enhancement; the rest have not gotten feedback yet
  • Looking ahead – the City of Doral, FL is requiring info on beneficial owners for companies in Doral.  How will this info be shared?  Will this go to the state level?  Registry is a FATF requirement.
  • Key Takeaways – document your program, originally intended for AML, but should be applied to financial crime and other areas


AML Compliance and Artificial Intelligence:

  • My view of AI is that a human still needs to be involved, and this was shared by a couple of the panelists.  Some thought people with different skills would be required.  A machine can evaluate and identify but not make a decision.  One panelist said that programs needed to be adjusted and changed to keep up with the criminals, that AI doesn’t adjust and change without the human input. All valid.
  • Where can AI best be used?  Name screening, negative info, transaction monitoring, identify groups of patterns, spending patters, CDD refreshes, suspicious activity monitoring
  • Best practices for implementing AI
    • Have a stable program before bringing in automation and run them in parallel for at least 3 months to show success
    • If you’re using a vendor, have they had success with other banks?
    • Communicate with the regulators
    • Avoid any “black boxes”  Need to know what’s going on in the background and explain it to regulators.  This is very important!!


Some other thoughts…

  • Lunch was good and fun! I sat with people from Iowa and Florida who had never been to New York and were staying for the weekend.
  • Marriott has cool elevators!  You press the floor you want on a central keypad and it directs you to a specific elevator that then goes to that floor.  Maybe I lead a sheltered life but I’ve never seen this before!
  • Remember to bring a fully charged phone and/or extra battery and/or plug for charger.  I had to get a plug from the bellman and leave my phone with them to charge while I went to the CDD session.
Barbara Delaney
Senior Product Manager