News & Insights

Client Alert

December 22, 2020

New BSA/AML Regime Promises Sweeping Changes

As we wrote over the summer, Congress has passed a bill that will require certain corporations and limited liability companies (“LLCs”) to report information on their beneficial owners to the U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”).  On December 11, 2020, following negotiations between the Senate and the House of Representatives, the U.S. Senate passed the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (“NDAA”), which included the Corporate Transparency Act (“CTA”) and the Anti-Money Laundering Act of 2020 (“AMLA” or “the Act”).  The House of Representatives passed this version of the NDAA on December 8, 2020.

If signed by the President, or if Congress overrides any veto, the CTA and AMLA will bring about the most significant changes to U.S. anti-money laundering requirements since the USA Patriot Act of 2001. 

As discussed in greater detail below, the CTA and AMLA broaden the mission or purpose of the Bank Secrecy Act (“BSA”) by:

  • requiring certain small corporations and LLCs to provide FinCEN with information about their beneficial owners;
  • establishing a new BSA/anti-money laundering (“AML”) whistleblower program;
  • significantly increasing penalties for companies or individuals violating BSA/AML rules;
  • requiring FinCEN to evaluate how it might streamline suspicious activity reporting (“SAR”) and currency transaction reporting (“CTR”) requirements and reporting thresholds;
  • reinforcing FinCEN’s authority to regulate virtual currency exchanges and other businesses;
  • expanding the U.S. Department of Justice (“DOJ”) and the U.S. Treasury Department authority to subpoena overseas banking records;
  • expanding the reach of the BSA/AML regime to trade in antiquities; and
  • making additional changes to the BSA/AML regime.
FinCEN’s Current Regime on Beneficial Ownership

Under FinCEN’s existing Customer Due Diligence (“CDD”) Rule, “covered financial institutions” (i.e., banks, mutual funds, broker-dealers, commodities futures merchants, and introducing brokers in commodities) must verify the identities of their customers at the time an account is opened and on an ongoing basis.  These covered financial institutions are required to know both the identities of their direct customers and also the identities of the individuals that own or control customer entities.  Under the CDD Rule, FinCEN provides a two-prong definition for beneficial ownership.  Under the “ownership” prong, covered financial institutions must collect information about any individual who owns 25 percent or more of the equity interests of the covered financial institution’s client.  Under the “control” prong, covered financial institutions must collect information about any individual with significant responsibility to control, manage, or direct the covered financial institution’s client.

The CTA will require certain entities to report beneficial ownership information directly to FinCEN for compilation in a registry.  For entities subject to the CTA (a narrow category, as discussed below), the overlap with the CDD Rule is substantial.  FinCEN, under the CDD Rule, requires covered financial institutions to obtain nearly the same information from legal entity customers that entities subject to the CTA, so-called Reporting Companies, are required to file with FinCEN.  Both the CDD Rule and the CTA are meant to help document and verify beneficial ownership.  However, these laws are meant to be complementary, not redundant.  Covered financial institutions, with the customer’s consent, will be allowed to use FinCEN’s registry to enhance their ability to comply with their “know your customer” (“KYC”) obligations under the CDD Rule.

FinCEN’s Beneficial Ownership Registry for Small U.S. Companies and LLCs under the CTA

Representative Carolyn B. Maloney, sponsor of a predecessor bill to the CTA, stated that it would “end the abuse of anonymous shell companies in the United States by requiring companies to disclose their true beneficial owners to the U.S. Treasury Department at the time the company is formed.”[i]  Senator Mark Warner, who introduced a similar bill in the Senate, stated that “[i]t is past time to put an end to the secrecy that allows drug cartels, human traffickers, arms dealers, terrorists and kleptocrats to exploit the United States’ banking system in order to carry out anti-American activities.”[ii]  The current iteration is focused on addressing the money laundering risks posed by the lack of any beneficial ownership disclosure requirements in connection with corporations and LLCs registering under U.S. state laws.

Similar to the bill passed by the House of Representatives over the summer, the CTA will amend the BSA to require U.S.-incorporated and U.S.-registered corporations, LLCs, and similar entities (“Reporting Company”) to file beneficial ownership information with FinCEN.  Rather than defining shell company directly, the CTA defines “Reporting Company” broadly, but includes a long list of exceptions for companies with major U.S. operations or substantial regulatory oversight.  The CTA requires a Reporting Company to file information about its beneficial owner or owners and the applicants that helped incorporate or register the company.  A beneficial owner is defined as any individual who (1) exercises “substantial control” over the entity or (2) owns or controls not less than 25 percent of the ownership interests in the entity, thus in effect merging the existing ownership and control prongs to some extent.  The Act notably does not define “substantial control.”  Currently, FinCEN requires covered financial institutions to identify the beneficial owners of their legal entity customers and defines the control prong as “a single individual with significant responsibility to control, manage, or direct a legal entity customer.”  The CTA provides that the current FinCEN CDD rule will be brought into conformity with the new CTA requirement within a year, in part, to “reduce any burdens on financial institutions and legal entity customers that are, in light of the [CTA], unnecessary or duplicative.”[iii]  The CTA requires a Reporting Company to report the names, dates of birth, addresses, and passport, driver’s license, or other government-issued identification numbers of its beneficial owners and applicants.[iv]  False beneficial owner and applicant information willfully provided to FinCEN is punishable with a fine up to $10,000 and up to two years in prison, as well as a civil penalty of $500 for every day the false information goes uncorrected. 

Significantly, FinCEN will store the beneficial ownership and applicant information it collects in a non-public registry with strict disclosure rules.  FinCEN may share access with state, local, or tribal law enforcement authorities if authorized by court order, and freely with federal agencies responsible for national security, intelligence, and law enforcement.  Some federal financial regulators are also authorized to request information from FinCEN, but the CTA provides some guidelines and restrictions in this circumstance.  FinCEN may also share information with foreign authorities in response to properly formed requests, typically pursuant to a mutual legal assistance treaty between the U.S. and the foreign country.  Financial institutions performing CDD can request access to FinCEN’s registry, but only after obtaining the consent of the Reporting Company.  Presumably, companies applying for bank accounts and other financial services will give consent as a matter of course because banks already request this information in order to meet their CDD obligations.

It is unclear whether regulatory supervisors will view obtaining such consent as a de facto component of BSA compliance.  Unlawful disclosure of information from FinCEN’s beneficial owner registry is punishable with a fine up to $250,000 and up to five years in prison, as well as a civil penalty of $500 for every day the violation continues.

This disclosure requirement, however, is significantly narrowed by a long list of exceptions to the definition of Reporting Company.  For example, most major U.S. companies can avoid filing if they have more than 20 employees, prior-year tax returns reflecting more than $5 million in gross receipts, and a physical, operating presence within the U.S.  Also, similar to the existing CDD Rule, the CTA excludes companies already subject to regulatory scrutiny, including issuers under Section 12 of the Securities Exchange Act of 1934; banks, bank holding companies, and credit unions; money transmitting businesses; SEC-registered broker-dealers, exchanges, investment companies, and investment advisers; various CFTC-registered entities; public accounting firms; and public utilities.  The CTA tasks the U.S. Treasury Department to promulgate regulations regarding the procedures and standards for making beneficial ownership information available through reports to FinCEN.  The U.S. Treasury Department must issue such regulations within one year of enactment of the law. 

Although foreign entities, particularly shell companies, can pose a serious money laundering threat, they are largely excluded from the CTA.  The CTA only covers foreign entities that are registered to conduct business in a U.S. state—otherwise, foreign entities are not required to report.  Currently, states typically require foreign entities to register if they are “doing business” in the state.  This requirement varies slightly from state to state, but in New York, for example, maintaining a bank account and hosting director or shareholders meetings do not qualify as “doing business” and do not trigger New York’s registration requirement.[v]  Therefore, entities incorporated or organized outside the U.S. will still be able to maintain accounts at U.S. banks in New York without necessarily needing to file beneficial ownership information with FinCEN.  However, covered financial institutions will still be required to comply with the same KYC requirements for foreign entities as for all legal entity customers under the CDD Rule.

Trusts are another legal structure that commentators have identified as a source of money laundering risk.[vi]  However, trusts are also generally excluded under the CTA.  First, many trusts are formed under foreign law and excluded for the same reason as foreign entities discussed above.  Second, even for trusts formed under U.S. law, many do not require registration with a state, and therefore do not qualify for the CTA’s definition of “Reporting Company.”  Third, certain trusts identified in the Internal Revenue Code, charitable trusts and split interest trusts, are explicitly excluded from the definition of “Reporting Company.”[vii]

Unlike various predecessor bills, the CTA does not require entities to file annual reports.  Instead, reports are required to be submitted at the time of formation or registration and when changes in beneficial ownership occur.  The required timeline for reporting after a change in ownership, while yet to be determined, will not exceed one year following the change.  In addition, entities already in existence at the time the U.S. Treasury Department’s regulations come into effect will need to file a report regarding beneficial ownership with FinCEN no later than two years after the effective date of the regulations.

Ultimately, FinCEN’s new beneficial owner registry is a significant development for bank compliance departments, but the category of bank clients currently included in the registry appears somewhat narrow, limiting the CTA’s likely impact.  Banks carry some material risk of civil and criminal liability for failing to exercise adequate CDD when identifying the beneficial owners of their clients.  Once the CTA is enacted, banks may be able to rely on FinCEN’s registry for beneficial owner identification, but only for the narrow class of entities included under the CTA.

If bank compliance departments are a secondary beneficiary of the CTA, then federal law enforcement is a primary beneficiary.  It is expected that FinCEN’s registry will give federal law enforcement access to invaluable data linking shell entities, their owners, and the administrative gatekeepers that help set up these complex corporate structures.

Whistleblower Program  

To promote the reporting of BSA/AML violations, the AMLA extensively expands the current whistleblower section under Title 31.[viii]  The current AML whistleblower law allows informants to receive awards of only $150,000 or 25 percent of the penalty, whichever is lower, and the law does not protect whistleblowers from retaliation.  Modelled after the SEC’s Whistleblower Program, the AMLA substantially expands the current whistleblower program by increasing the awards up to 30 percent of the monetary penalties assessed against a company when a tip leads to penalties that exceed $1 million resulting from a judicial, administrative, or related action.  The amount of the award depends on a number of factors, including the significance of the information and the degree of assistance provided.  This new section also includes detailed provisions on protecting whistleblowers in the event of retaliation from their employers.

New Prohibitions and Increased Penalties for BSA/AML Violations

The AMLA contains new prohibitions against the concealment of the ownership or source of funds from any financial institution in certain narrow circumstances.  As outlined above, the AMLA marks an initial shift away from pure reliance on financial institutions to identify beneficial owners.  However, these additional prohibitions show that the existing paradigm of relying on bank CDD efforts is still in force and relevant.

Specifically, the AMLA prohibits the knowing concealment from any U.S. financial institution of any “material fact concerning the ownership or control of assets involved in a monetary transaction” of $1,000,000 or more if those assets are owned or controlled by a “senior foreign political figure.”  The AMLA also prohibits the knowing concealment from any U.S. financial institution of any “material fact concerning the source of funds in a monetary transaction” that involves a primary money laundering concern under 31 U.S.C. § 5318A.

The AMLA also contains increased penalties for certain current BSA/AML violations.  To address the problem of repeat offenders, the AMLA provides that the U.S. Treasury Department may impose an additional civil penalty against any person or entity found to have violated the BSA multiple times after the enactment date of the AMLA.  This additional penalty may be no more than three times the person or entity’s own gain or twice the maximum penalty for the violation, whichever is higher.  For criminal BSA violations, the AMLA also requires courts to impose a fine equal to any profits gained as a result of the violation.  For individuals convicted of violating the BSA, if the individual was an officer, director, or employee of a U.S. financial institution when the violation occurred, the AMLA requires that the individual repay to the bank any bonus earned for the year the violation occurred and for the year after the violation occurred.  For minor BSA violations, this requirement could be significant.  Finally, the AMLA bars “egregious” violators of the BSA from serving on the board of directors for any U.S. financial institution for ten years.  This bar covers convictions of criminal violations with a potential prison term greater than one year and willful civil violations where the violation facilitated money laundering or the financing of terrorism.

Changes to the Reporting of Suspicious Activity Reports and Currency Transaction Reports

The AMLA requires that the U.S. Treasury Department, DOJ, and other agencies review the usefulness of, and evaluate areas to streamline, certain AML reporting requirements, namely SARs and CTRs.  Within one year of enactment of the NDAA, the U.S. Treasury Department is required to conduct a study and propose recommendations to Congress, with the objective of reducing any unnecessary or burdensome requirements and modifying reporting thresholds consistent with its findings.  In addition, FinCEN is required to share with the public information, at least semiannually, on emerging national security threats and trends based on information gathered from reports filed pursuant to the BSA.  FinCEN will also launch a pilot program within one year of enactment that would allow financial institutions to share SAR-related information with their foreign branches and affiliates.  This change would address an anomaly in the current law in which foreign banks operating in the U.S. can share SAR information with their home country head office, but U.S. banks cannot share SAR information with their foreign branches and affiliates.            

Congressional Support for FinCEN Regulation of Virtual Currency Exchanges and Other Businesses

In November, we wrote about a new rule jointly proposed by FinCEN and the Board of Governors of the Federal Reserve System that, in part, was meant to ensure that virtual currency transactions were covered by the reporting requirements of the Travel Rule and the Recordkeeping Rule.[ix]  With the AMLA, Congress has endorsed and further secured FinCEN’s authority to regulate virtual currency businesses by incorporating into the BSA’s statutory definitions FinCEN’s own regulatory definitions for virtual currencies.  For example, the AMLA modifies the BSA’s definition for “financial institution” to include “a business engaged in the exchange of currency, funds, or value that substitutes for currency or funds,” where previously that portion of the definition only covered “currency exchange[s].”  The AMLA also includes the term, “value that substitutes for currency.”  Legislators who introduced predecessor bills to the AMLA have said this language is meant to cover virtual currencies.[x]  This term, “value that substitutes for currency,” originates from FinCEN’s definition of “money transmitter” under the BSA.[xi]  Starting in 2013, FinCEN issued guidance that the BSA definition of “money transmitter” did not distinguish between fiat and virtual currencies, and that virtual currency exchanges and other businesses that fell under the definition were required to register with FinCEN and comply with the BSA.[xii]  FinCEN reaffirmed this guidance in 2019.[xiii]  By adopting FinCEN’s own regulatory language to address virtual currencies and elevating it to the statutory code, Congress has reaffirmed that virtual currency exchanges and other related businesses fall under the BSA and are subject to FinCEN’s oversight and regulation.  These definitional shifts may also eventually affect the treatment of money and various digital assets in the Uniform Commercial Code.

Authority to Subpoena Overseas Records from Foreign Banks with U.S. Correspondent Accounts

The AMLA expands DOJ’s authority to seek overseas records from foreign banks.  Even though some courts have interpreted the provision revised by the AMLA in a capacious manner, the expanded authority the Act provides is materially broader.

Section 5318(k)(3), United States Code, previously provided that the U.S. Treasury Department or DOJ could issue a summons or subpoena to any foreign bank that maintained a correspondent account in the U.S. seeking “records related to such correspondent account, including records maintained outside of the United States relating to the deposit of funds into the foreign bank.”  Last year, the D.C. Circuit accepted an argument by DOJ that Congress intended an expansive interpretation of which transactions were “related to” a foreign bank’s correspondent account.[xiv]

The AMLA now provides for requests seeking “records relating to the correspondent account or any account at the foreign bank, including records maintained outside of the United States….”[xv]  This authorizes the U.S. Treasury Department or DOJ to seek overseas bank records even if they are unrelated to the foreign bank’s correspondent account—a conclusion the D.C. Circuit would not have accepted under the prior statute.

Despite this broad new authority, DOJ’s use of this provision may remain infrequent.  Internal guidance for DOJ attorneys requires them to obtain written approval from the Criminal Division’s Office of International Affairs “before issuing any unilateral compulsory measure to persons or entities in the United States for records located abroad.”[xvi]

Trade in Antiquities Covered by the BSA; Trade in Works of Art Spared for Another Day

Trade in ancient antiquities and fine art has long been the subject of investigative reporting on high-value money laundering and criminal syndicates.  The international markets for antiquities and fine art have a history of anonymous purchases, subjective valuations, and frequent multimillion-dollar price tags—all ripe ingredients to attract professional money launderers.  With the AMLA, Congress has expanded the BSA to cover trade in antiquities.[xvii]  With this extension, advisors and consultants that solicit or sell antiquities will be required to conduct CDD and maintain records of transactions for inspection by the authorities.  The Act directs the U.S. Treasury Department to issue rules with more details on the application of the BSA to the antiquities market. 

Although it was likely considered, Congress did not extend the BSA to cover trade in fine art.  Instead, the AMLA directs the U.S. Treasury Department to coordinate with other agencies to investigate and issue a report in one year on the problem of money laundering in the fine art trade.  Relatedly, it bears noting that the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) recently issued an advisory highlighting the sanctions risks arising from “dealings in high value artwork associated with persons blocked pursuant to OFAC’s authorities, including persons on OFAC’s List of Specially Designated Nationals and Blocked Persons.”[xviii]

Additional Changes to the BSA/AML Regime

The AMLA would also create a more formalized “FinCEN Exchange” within FinCEN to promote voluntary public-private information sharing among law enforcement, national security agencies, and financial institutions.  Though already in existence, this exchange would continue to strive to enhance information sharing with financial institutions.  As part of this program, FinCEN, in close coordination with law enforcement, will convene regular briefings with financial institutions to exchange information on priority illicit finance threats, including targeted information and relevant typologies.  The objective is to enable financial institutions to better identify risks and focus on high priority issues, which will help FinCEN and law enforcement receive critical information in support of their efforts to disrupt money laundering and other financial crimes.  Within one year of enactment (and annually thereafter for the next five years), FinCEN is required to submit a report to Congress evaluating the effectiveness of the exchange as well as provide recommendations on strengthening it.   

The AMLA also requires that FinCEN consider the implementation of a “no-action letter” process.  Within 180 days of enactment, FinCEN must recommend to Congress whether to establish a no-action letter process in response to inquiries on the application of the BSA/AML laws and regulations to specific conduct, including a request for a statement as to whether FinCEN or any relevant federal functional regulator would take an enforcement action against the applicant for the specified conduct.  This would constitute a major development in the enforcement of BSA/AML laws and regulations.  Since 1987, FinCEN has maintained an “Administrative Ruling” regime, whereby a financial institution may submit a request for an administrative ruling seeking FinCEN’s interpretation of a particular BSA regulation to the facts outlined in the request.  FinCEN’s response, i.e., the Administrative Ruling, has precedential value and may be relied upon by others similarly situated.  However, only a small percentage of these rulings are ever published, thereby limiting their value.  In addition to the requirement that FinCEN conduct an analysis of the timeline for issuing no-action letters, we also expect that, similar to no-action letters issued by the SEC, they would be published.

Finally, a number of studies are authorized by the AMLA (by either the U.S. Treasury Department or the U.S. Government Accountability Office), including those relating to beneficial ownership requirements, feedback loops, trade-based money laundering, money laundering by China, and the efforts of authoritarian regimes to exploit the financial system of the U.S. (the U.S. Treasury Department and DOJ are to conduct the study within one year and report within two years).  In particular, the study on beneficial ownership requirements will evaluate whether the lack of available beneficial ownership information for entities such as trusts, partnerships, and other legal entities increases concerns regarding terrorism, money laundering, tax evasion, and securities fraud.  It will also review how lack of beneficial ownership information obscures the identities of foreign beneficial owners, and the frequency with which law enforcement agencies and financial institutions access the beneficial ownership registry.  The feedback loop study is intended to examine best practices regarding the use of personally identifiable information and whether the sharing of such information through public-private partnerships is useful in combatting money laundering.

The AMLA also requires that FinCEN conduct a study on the status and implementation of emerging technologies, including artificial intelligence and blockchain technologies.  This study will need to address whether these and other innovative technologies can be further leveraged to make FinCEN’s data analysis more efficient and effective, including the extent to which such data can be used by federal and state law enforcement (and federal agencies) to help support their ongoing investigations.  Within six months of the enactment of the AMLA, FinCEN will be required to submit a report to Congress detailing its findings and determinations based on the study, including any policy recommendations that could further facilitate coordination between the private sector, FinCEN, and the federal regulatory agencies for the purpose of enhancing anti-money laundering compliance.


In sum, while the CTA and AMLA are significant in their scope, their impact may not be fully realized for years.  Similar to the USA Patriot Act, which was passed in October 2001, with many of the regulations issued in 2002 and 2003, regulations under the CTA and AMLA will need to be issued over the next one to three years.  The CTA and AMLA call for multiple studies and reports to Congress over the next two years.  Regulatory guidance will evolve as a result, hopefully creating a more modernized BSA/AML regime.


[i] 116 Cong. Rec. H6928 (daily ed. Dec. 8, 2020) (statement of Rep. Maloney), available at

[ii] Press Release, Senator Mark Warner, Warner, Rounds, Jones Applaud Inclusion of Bipartisan Anti-Money Laundering Legislation in NDAA (Dec. 3, 2020), available at

[iii] NDAA § 6403(d)(1).

[iv] The CTA also requires a covered company to file information about the applicant that submitted the company’s incorporation or registration forms.  Money laundering investigations frequently reveal networks of entities with diverse nominee owners all tied together by a common administrator or applicant that filed necessary paperwork to arrange the scheme.

[v] N.Y. Bus. Corp. § 1301 (2014).

[vi] FinCEN generally does not currently require covered financial institutions to obtain beneficial ownership information from trusts, either as part of its CIP or CDD obligations (the “trust” is the customer), but some banks nevertheless collect this information as part of their risk protocols/due diligence.

[vii] See 26 U.S.C. § 4947.

[viii] See 31 U.S.C. § 5323.

[ix] In October 2019, we wrote about FinCEN’s guidance to apply the Travel Rule to virtual currency exchanges and other virtual currency businesses.

[x] See Press Release, supra n.2; see also, Press Release, Senators Introduce Legislation to Improve Corporate Transparency and Combat Money Laundering, Terrorist Financing (Sept. 26, 2019), available at

[xi] 31 C.F.R. § 1010.100(ff)(5).

[xii] U.S. Dep’t of the Treasury, Financial Crimes Enforcement Network, Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies (Mar. 18, 2013), available at

[xiii] U.S. Dep’t of the Treasury, Financial Crimes Enforcement Network, Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies (May 9, 2019), available at

[xiv] See In re: Sealed Case, 932 F.3d 915, 929-30 (D.C. Cir. 2019).

[xv] [Emphasis added].

[xvi] U.S. Dep’t of Justice, Justice Manual § 9-13.525 (2018).

[xvii] This follows the EU’s adoption of the Fifth Anti-Money Laundering Directive in 2018 and the Regulation on The Introduction and The Import of Cultural Goods in 2019.  The later specifically expanded coverage of EU AML requirements to trade in antiquities. See Cates Saleeby, Recent EU Developments in Art Law and Cultural Heritage, Center for Art Law (Aug. 20, 2019), available at

[xviii] U.S. Dep’t of the Treasury, Office of Foreign Assets Control, Advisory and Guidance on Potential Sanctions Risks Arising from Dealings in High-Value Artwork, 1 (Oct. 30, 2020), available at