Treasury Department publishes its first de-risking strategy
Treasury’s de-risking strategy breaks no new ground and downplays the government’s role in driving financial institutions to de-risk higher-risk customers based on AML/CFT concerns.
The U.S. Department of the Treasury released the 2023 De-risking Strategy (the De-risking Strategy or the Strategy), which assesses the causes and consequences of financial institutions’ de-risking certain customer types and offers recommendations for addressing the drivers of de-risking. As mandated by Section 6215 of the Anti-Money Laundering Act of 2020 (AMLA), Treasury consulted with federal and state banking regulators to develop the Strategy, in addition to public- and private-sector stakeholders, including non-profit organizations (NPOs) and financial institutions.
The Strategy characterizes “de-risking” as the practice of financial institutions’ indiscriminately terminating or restricting business relationships with broad categories of customers, as opposed to analyzing and managing customers individually on a risk basis. Treasury asserts that this practice is not consistent with the risk-based Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) compliance framework established under the Bank Secrecy Act (BSA) and its implementing regulations.
The De-risking Strategy focuses in particular on three customer categories that have been acutely affected by de-risking: (1) small- and medium-size money service businesses (MSBs), (2) NPOs operating in high-risk foreign jurisdictions, and (3) foreign financial institutions with low correspondent banking transaction volumes. Treasury identifies a range of factors that contribute to de-risking, including financial institutions’ assessments of their available resources and the cost of implementing AML/CFT compliance procedures commensurate with the risks posed by a customer, which the Strategy broadly describes as a “profitability” assessment.
Treasury asserts that the U.S. government has limited authority to effectively address some drivers of de-risking, namely those related to financial institutions’ business decisions. While the review identifies “profitability” as the primary factor in financial institutions’ de-risking decisions, it does not fully acknowledge the role that soaring compliance costs and risks associated with perceived higher-risk accounts play in those decisions. While the Strategy offers general recommendations and proposals, Treasury admits that they will likely not be transformative (at least individually). Of Treasury’s recommendations, one of the most significant for financial institutions would be the Financial Crimes Enforcement Network (FinCEN)’s commencing a rulemaking to implement the National AML/CFT Priorities, which FinCEN published in June 30, 2021 (and which we discuss here). In Treasury’s view, implementing the National AML/CFT Priorities would “provide financial institutions with greater clarity in how to prioritize the allocation of their compliance resources, which could allow them to maintain broader access to banking services while at the same time effectively meeting their AML/CFT compliance obligations.” However, in order to be effective in addressing cost issues, such an approach would require regulatory acceptance of a decrease in resources allocated to lower-priority areas as they are shifted to higher-priority areas.
While the De-Risking Strategy does not break new ground, it reinforces that Treasury and the Federal banking agencies (FBAs)[1] will continue to monitor, and in certain circumstances scrutinize, financial institutions’ de-risking of customers. Financial institutions are encouraged to continue to manage their customer bases on a more finely calibrated risk basis, ensuring that any decisions to cease offering services to a particular customer base are made with careful consideration of customer risks and the costs associated with mitigating those risks.
Key takeaways from the De-risking Strategy
Overview of “de-risking”
Section 6215 of AMLA defines “de-risking” as “actions taken by a financial institution to terminate, fail to initiate, or restrict a business relationship with a customer, or category of customers, rather than manage the risk associated with that relationship consistent with risk-based supervisory or regulatory requirements, due to drivers such as profitability, reputational risk, lower risk appetites of banks, regulatory burdens or unclear expectations, and sanctions regimes.”[2] Recognizing that, in practice, there is not a consistent or generally accepted definition of “de-risking,” for the purposes of the De-Risking Strategy, “de-risking” refers specifically to “financial institutions making wholesale, indiscriminate decisions about broad categories of customers, rather than assessing and mitigating risk in a targeted way.” Treasury recognizes that financial institutions operate with different business models and varying levels of capacity to mitigate risks, and thus the De-risking Strategy does not define “de-risking” to include “considered, risk-based decisions” about what risks a customer poses and what mitigation a bank can pursue.”
Drivers and impact of de-risking
The De-Risking Strategy notes that a range of customer bases are affected by de-risking; however, the De-risking Strategy focuses in particular on three customer categories (1) small- and medium-size MSBs, (2) NPOs operating in high-risk foreign jurisdictions, and (3) foreign financial institutions with low correspondent banking transaction volumes.
Treasury acknowledges that a number of factors contribute to de-risking decisions, which include “profitability,” reputational risk, lower risk appetites, regulatory and compliance burdens, and unclear expectations from regulators. According to Treasury, “profitability” is the primary consideration for financial institutions in choosing with whom to enter a customer relationship. Profitability decisions include a range of inputs, such as the associated compliance costs incurred by a financial institution to maintain a particular customer, the available resources necessary to appropriately discharge the relevant obligations under the BSA, and the anticipated revenue associated with the customer.
Notably, while the De-risking Strategy concludes that profitability is the main driver for de-risking, Treasury notes that, in practice, “profitability”-driven decisions often consider a number of interlocking factors. Indeed, Treasury states that the illicit finance risks associated with MSBs, NPOs and foreign financial institutions—including, in particular, the risks highlighted in Treasury’s National Money Laundering Risk Assessments and National Terrorist Financing Risk Assessments—typically “are a key factor in whether accounts can be maintained on a profitable basis.”
The De-Risking Strategy minimizes the role that soaring compliance costs and enforcement risks associated with perceived high-risk accounts play with respect to de-risking decisions. For many institutions, regulatory requirements, coupled with heightened supervisory attention, make such accounts economically unviable.
Relationships with MSBs, NPOs and foreign financial institutions that operate in high-risk jurisdictions for money laundering, terrorist financing, and/or proliferation financing activity can present unique compliance challenges for financial institutions arising from the varying AML/CFT compliance frameworks across foreign jurisdictions. Not surprisingly, financial institutions may choose to avoid certain customers if a particular jurisdiction or class of customer requires compliance resources that exceed the financial institution’s current capacity or could expose the financial institution to heighted regulatory or law enforcement scrutiny and risk.
Recommendations
Treasury posits that the U.S. government has limited authority to address some (if not most) of the drivers of de-risking, in particular those related to financial institutions’ business decisions. Nevertheless, the De-risking Strategy provides recommendations that, in Treasury’s view, may offer potential positive impacts that outweigh the drivers of de-risking. Notable recommendations for policymakers include:
- Promoting consistent supervisory expectations, including through training federal examiners, that consider the effects of de-risking;
- Issuing the implementing regulations for the National AML/CFT Priorities, which may allow financial institutions to better allocate compliance resources and reduce the need to de-risk certain customers types;
- Updating the 2009 MSB examination manual;[3]
- Assessing the opportunities, risks, and challenges of innovative and emerging technologies for AML/CFT compliance solutions, such as the development and implementation of government and private sector-provided digital identity solutions, which could enable appropriate, risk-based customer identification and authentication;
- Encourage ongoing public and private sector engagement with MSBs, NPOs, banks and regulators (federal and state) to provide greater clarity on risk-focused BSA/AML supervision and regulatory requirements; and
- Bolstering international engagement to strengthen the AML/CFT regimes of foreign jurisdictions.
Looking ahead
Treasury’s findings and proposals in the De-risking Strategy do not break new ground, but instead reinforce longstanding observations and recommendations. Notably, throughout the De-risking Strategy, Treasury highlights an apparent disconnect between financial institutions and regulators over the extent to which policy statements and guidance with respect to certain high-risk customers align with the expectations and practices among supervisory examiners. In practice, financial institutions devote substantial resources to meet technical compliance requirements under the BSA, which is frequently in tension with the risk-based approach established and promoted by the BSA and AMLA but aligns with what they perceive to be the expectations of their examiners.
Of Treasury’s recommendations, the most significant in the short term will likely be FinCEN’s issuance of the implementing regulations for the National AML/CFT Priorities. Once those rules are implemented, financial institutions will be expected to ensure that their risk-based AML/CFT compliance programs address the AML/CFT Priorities, which in turn may allow financial institutions to more efficiently allocate resources and offer services to a broader customer base—if and only if the rules (and their implementation) accept a decrease in resources devoted to lower-priority areas. If regulators expect increased attention and resources devoted to each identified priority, without a concomitant relaxation in other areas, then the implementation of the National AML/CFT Priorities will simply exacerbate the cost and regulatory risk drivers of de-risking. Because there is no timeline for FinCEN’s issuance of regulations implementing the National AML/CFT Priorities, it remains unclear when financial institutions will benefit from any regulatory clarity in that regard. Financial institutions are expected to continue to manage their customer bases on a risk basis, ensuring that any decisions to cease offering services to a particular customer base are made with careful consideration of customer risks and the costs associated with mitigating those risks.
[1] The FBAs are the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the National Credit Union Administration, and the Federal Deposit Insurance Corporation.
[2] AMLA, Sec. 6215(c)(1).
[3] FinCEN, Bank Secrecy Act/Anti-Money Laundering Examination Manual for Money Services Businesses (2008), https://www.fincen.gov/sites/default/files/shared/MSB_Exam_Manual.pdf.