This annex provides detailed analysis of the level of compliance with the FATF 40 Recommendations in their numerical order. It does not include descriptive text on the country situation or risks, and is limited to the analysis of technical criteria for each Recommendation. It should be read in conjunction with the Mutual Evaluation Report. Where both the FATF requirements and national laws or regulations remain the same, this report refers to analysis conducted as part of the previous Mutual Evaluation in 2006 available at the following link.
Recommendation 1 - Assessing Risks and applying a Risk-Based Approach This is a new Recommendation which was not assessed in the 3rd MER.
Criterion 1.1 - The U.S. maintains a substantial number of complementary processes to identify and assess ML/TF risks which generate a wide variety of outputs. Risk assessments to support the President’s national security strategies are prepared by relevant government agencies with participation from intelligence, law enforcement, and policy agencies involved in AML/CFT, including FinCEN which contributes ML/TF risks and trends identified from the reporting regime. To an extent, these risk assessments rely on non-public information and though not provided to the assessors, were extensively discussed during on-site. The Federal LEAs with principal investigative authority over financial crimes conduct their own identification and analysis of the ML/TF risks associated with the predicate crimes within their areas of responsibility. Most recently, in 2015, the U.S. published two consolidated national risk assessments (NMLRA and NTFRA) (see Chapter 1, Country’s risk assessment).
Criterion 1.2 - The risk assessments underlying the national security strategies are coordinated by the NSC staff and approved by the NSC. The 2015 National Security Strategy identifies priority threats and policies including preventing the “global financial system from being abused by transnational criminal and terrorist organizations that engage in or launder the proceeds of illegal activity.” The ONDCP has a predominantly AML focus related to the National Drug Control Strategy and related strategies. Separately, relevant government agencies prepare agency-specific reports and assessments that complement and support these strategies.
Criterion 1.3 - The U.S. updates its risk assessments: annually or bi-annually for the national security strategies targeting narcotics trafficking57 and the program to combat healthcare fraud; and as necessary for the other relevant national security strategies. Multi-agency NSC working groups assess national security strategy implementation and discuss emerging new threats and related ML/TF risks and their policy implications. The inputs for this process come from the U.S. intelligence, law enforcement and supervisory communities, drawing from ongoing investigations. There is no regular schedule planned for the updating of the NMLRA and the NTFRA, although in the broader context risk assessment is a continuous process.
57National Drug Control Strategy, National Southwest Border Counter Narcotics Strategy and National Northern Border Counter Narcotics Strategy.
TECHNICAL COMPLIANCE
Anti-money laundering and counter-terrorist financing measures in the United States – 2016 © FATF and APG 2016
177
Criterion 1.4 - The NMLRA and NTFRA make the large volume of risk information generated by U.S.
government agencies more easily accessible to the public and private sectors (see Chapter 1, Country’s risk assessment). The U.S. confirms these are accurate “point in time” summaries of all underlying risk assessment work described above.The risk assessments underlying the President’s national security strategies are classified and available to Federal government agencies engaged in protecting national security. The Director of National Intelligence and the Director of NCTC provide annual unclassified threat assessments to the U.S. Congress.
Criterion 1.5 - Based on their understanding of the threats and vulnerabilities, and in keeping with their mandates, the authorities apply a risk-based approach (RBA) to allocating resources. Budget submissions and reports from key Federal agencies58 indicate that funds are being allocated to support identified AML/CFT priorities, including the targeting of third party ML networks. The supervisory approach is broadly satisfactory for the financial sector with FinCEN, the FBAs, the SEC, other federal financial regulators, the IRS-SBSE and State authorities all playing their respective role in supervision. The collection of large cash transaction data from U.S. businesses and professions via the Form 8300 process is managed by FinCEN and IRS (which requires all nonfinancial trades and businesses, including DNFBPs (except casinos), to report cash received in one or more related transactions in amounts over USD 10 000). Certain financial institutions and casinos have a similar cash reporting requirement, referred to as a Currency Transaction Report. However, comprehensive AML/CFT preventive measures have not been directly applied to deter the abuse of investment advisers (only some are indirectly covered), lawyers, accountants, trustees, real estate agents and company formation agents (CFAs) (see the NMLRA, NTFRA, and published risk information from FinCEN).
Criterion 1.6 - Aspects of the FATF Recommendations are not applied to certain transactions and/or accounts and most DNFBPs.The most notable of these are: (1) lack of measures addressing BO in BSA CDD obligations; and (2) investment advisers, lawyers, accountants, real estate agents, trustees and CFAs are not subject to comprehensive AML/CFT measures (they are only subject to the Form 8300 requirements and TFS obligations). The U.S. attributes the low (residual) risk in the minimally covered sectors to complementary regulatory safeguards and/or market-based practices that reduce the ML/TF risk in normal transactions and customer relationships. In some limited instances these can tend to limit vulnerability (e.g. some investment advisers are indirectly covered, if they are part of a financial group or are subsidiaries of banks/bank holding companies or are acting for a financial institution in the framework of an outsourcing arrangement). The U.S. also asserts that ML/TF activity through the minimally covered sectors is generally due to deficient compliance with existing safeguards or criminal complicity on the part of the service provider, rather than the customer taking advantage of inadequate regulations. However, these factors do not prove low ML/TF risk as the lack of preventive measures means that negligent/unwitting facilitation of ML/TF through these sectors is less likely to be detected. The assessors attribute compliance costs and burden on the private sector as the more heavily weighted factors influencing these exemptions and thresholds (notably the SAR reporting thresholds and the exemption of real estate agents from BSA obligations), rather than a proven low risk of ML/TF, as required by the FATF Recommendations. For example the
58 2015 DEA budget, 2015 FBI budget, 2015 DHS Budget for ICE and USSS, 2015 IRS Budget, DHS Congressional Budget Justification FY 2015, and the TEOAF Forfeiture Fund Accountability Report for fiscal year 2013.
TECHNICAL COMPLIANCE
U.S. confirmed in its technical compliance (TC) response that SAR reporting thresholds were intended to “reduce the burden of reporting and to confirm the treatment of ML and related transactions to that of other situations in which reporting is required by the Supervisory Agencies”.59 Criterion 1.7 - The U.S. has enacted legislation directed at FIs and some DNFBPs to address some threats categorized in the NMLRA as higher risks. Public corruption is partially addressed by the requirements aimed at foreign PEPs (although this only applies in the Covered FI sector). The misuse of banking products and services is partially addressed through systemic measures directed at private banking and correspondent banking. The widespread use of cash is addressed more broadly by the IRS Form 8300 reporting requirements. However, some other key vulnerabilities in the NMLRA60 are either not addressed or are only addressed by indirect measures. For example, the NMLRA identifies cash transaction structuring as a vulnerability, notwithstanding that attempts to structure are seen as useful flags for LEAs.
Criterion 1.8 - The U.S. does not explicitly allow for simplified measures. For CDD and account monitoring, the regulations set baseline customer identification requirements with which Covered FIs and DNFBPs must comply regardless of the risks presented by their customers, products, services, etc. The baseline requirement must always be met, and cannot be simplified.
Criterion 1.9 - Covered FIs/DNFBPs are supervised for compliance with the requirements of criteria 1.10 to 1.12, as described in R.26 and R.28. However, all investment advisers, lawyers, accountants, real estate agents, trustees and CFAs are not subject to obligations under R.1.
Criterion 1.10 - Covered FIs/DNFBPs are required to develop a BSA/AML risk assessment. However, some FIs, all investment advisers, lawyers, accountants, real estate agents, trustees and CFAs are not covered. The FFIEC Manual which applies to the banking sector expects that the risk assessment must take into consideration all relevant factors (e.g. products, services, customers, geographic locations and correspondent relationships):61
a) According to the FFIEC Manual, it is “a sound practice that the risk assessment be reduced to writing” (p.18). Other sectors (except the life insurance sector) are required to have written risk assessments.
b) FinCEN and other competent authorities provide information on relevant risk factors that FIs should take into account when determining the level of risk (see criteria 1.4 above).
59 61 Fed. Reg. 4326, 4328 (Feb. 5, 1996).
60 Structuring resulting from thresholds, disguise (hidden actors using fronts), compliance deficiencies, complicit violators in FIs, and complicit merchants and financial services providers.
61 Banks and credit unions: 31 CFR §1020.210 (FinCEN), 12 CFR §21.21 (OCC), 12 CFR §208.63 (Federal Reserve), 12 CFR §326.8 (FDIC), 21 CFR §748.2 (NCUA). Brokers or dealers in securities: 31 CFR
§1023.210 (FinCEN), Rule 3310 (FINRA). Casinos and card clubs: 31 CFR §1021.210. Dealers in precious metals and stones: 31 CFR §1027.210. FCMs and IBs: 31 CFR §1026.210 (FinCEN), Rule 2-9 (National Futures Association). Insurance companies: 31 CFR §1025.210. MSBs: 31 CFR §1022.210.
Mutual funds: 31 CFR §1024.210. Operators of credit card systems: 31 CFR §1028.210. RMLOs: 31 CFR
§1029.210.
TECHNICAL COMPLIANCE
Anti-money laundering and counter-terrorist financing measures in the United States – 2016 © FATF and APG 2016
179
c) Covered FIs and DNFBPs are required to keep their risk assessments up to date, but other sectors are not subject to such a requirement.
d) All covered FIs/DNFBPs sectors are required to make their risk assessments available to supervisors and various other competent authorities.
Criterion 1.11 - Covered FIs/DNFBPs are required to have policies, controls and procedures that are approvedby senior management and which enable them to manage and mitigate the ML/TF risks identified by their risk assessment. Some specific higher risks are identified by the U.S. in legislation or enforceable means: c.1.7. Covered FIs/DNFBPs are required to conduct an independent audit to test their program and have an ongoing employee training program. Reporting entities are required to implement internal controls, policies and procedures which are adequate to mitigate their ML/TF risks62. Not all investment advisers are covered. For DNFBPs (other than casinos and dealers in precious metals and stones), no comprehensive AML/CFT obligations apply.
Criterion 1.12 - The U.S. does not explicitly allow for simplified measures: c.1.8.
Weighting and Conclusion:
The U.S. has a strong risk assessment process involving well-coordinated LEAs and multiple competent authorities. However, the authorities’ collective good understanding of the threats faced by the U.S. is not being sufficiently translated into effective mitigation measures against vulnerabilities of the high-end real estate agents, lawyers, accountants, trustees and CFAs (often cited as vulnerable to abuse by criminal elements and shown to be so by the NMLRA) as these are not covered for AML/CFT obligations, other than limited Form 8300 and targeted financial sanctions obligations.