When it comes to the U.S. regulatory process, one must admire the unique nature of the government and private sector partnership that exists within the federal rulemaking process. My first job out of college was managing and caring for the small but important business library in our small private sector firm in Falls Church, Virginia. It was in this room, among the bound copies of various supervision manuals and quarterly earnings reports, that I was first introduced to the Federal Register. This was before the digital advances that eventually made corporate libraries obsolete. While I will not claim I was filled with excitement each time I was tasked with reviewing one, I do remember being in awe of the opportunity it afforded the general public to help shape the industry.
For those that may not be familiar with the Federal Register, it is the official journal of the U.S. federal government. It is published each weekday and is the main means by which the government announces:
- Proposed new rules and regulations
- Final rules
- Changes to existing rules
- Executive orders and other presidential documents
- Notices of meetings and judicial proceedings
When a federal agency wants to make changes to a rule or create a new rule, they must follow the Administrative Procedure Act. Congress created a formal rulemaking process to help ensure agencies listen to comments and concerns from people and industry groups that might be affected by a new or revised regulation. The rulemaking process can start several different ways including a request for information, formally known as a notice of inquiry (NOI). NOIs are done when an agency is looking for input into an issue but has not drafted rules yet. Comments submitted in response to an NOI help the agency shape the rules they will eventually propose as part of the next phase in the process, known as a notice of proposed rulemaking (NPRM) or advanced notice of proposed rulemaking (ANPRM). It should be noted that not all rules have an NOI phase, but some start directly as an ANPRM.
ANPRMs are required any time an independent agency of the U.S. government, such as the Financial Crimes Enforcement Network (FinCEN), wants to add, remove, or change a rule or regulation. Typically, comments are accepted 60 days from the publication of the ANPRM, with an additional 30 days given for reply comments. To help illustrate this process, it might be helpful to trace the evolution of FinCEN’s Customer Due Diligence (CDD) Final Rule.
The CDD Final Rule
On May 11, 2018, compliance with FinCEN’s “Customer Due Diligence Requirements for Financial Institutions” became mandatory. However, this rule’s journey started back on March 5, 2012, with an ANPRM for covered financial institutions (FIs). FinCEN received 141 comments from a wide variety of interested individuals including FIs, trade associations, as well as members of state and federal government agencies. Most of the comments focused, rightfully so, on the costs associated with the proposed rule. The concerns raised in the comments must have been enough to give FinCEN pause, because an additional NPRM was published on August 4, 2014. Cost concerns continued to be front and center, and as a result, FinCEN issued a regulatory impact assessment on December 24, 2015 (see Figure 1 below). Regulatory impact assessments, which are different from further notices of proposed rulemaking, provide a detailed analytical picture of how a proposed regulation could affect its intended affected parties. In this case, FinCEN wanted to document that the benefits of the proposed CDD Final Rule would be greater than the costs associated with the implementation of the new rule.
Following the comment process, FinCEN acknowledged the cost concerns as well as the need to revise onboarding processes, policies, procedures and systems dramatically. As a result, the CDD Final Rule went into effect on July 11, 2016, but covered FIs had until May 11, 2018, to comply with the new rule. Originally, FinCEN proposed a one-year implementation plan but reversed course and allowed a two-year implementation after the concerns were raised that this shortened time frame was impractical.
However, it was not just the plea for more time that FinCEN took into consideration when they issued their Final Rule. FinCEN acknowledged a variety of valid concerns including whether the ownership requirement would be considered a “snapshot” and if the ownership thresholds should be reduced to 10% from the 25% that was proposed. It is safe to say that comments played a vital role in shaping the final rule, as well as the implementation process of that rule.
Being Part of the Process
So, how does one go about being part of this process? It starts with remaining informed. Most government agencies such as FinCEN and the Federal Financial Institutions Examination Council (FFIEC) offer opportunities to subscribe to press releases that detail activity related to their proposed rulemaking. For example, when FinCEN extended the comment period for their proposed rule aimed at closing regulatory gaps for cryptocurrency, this was detailed in a press release.1
It goes without saying that it is important to read and understand the rules prior to submitting any comments. For those like me, who enjoy reading other’s opinions, there are a variety of different individuals, trade associations, law firms or even local ACAMS Chapters that might help provide the latest and greatest information on proposed rules. A simple Google search would also yield a good number of articles to help with the background research.
It goes without saying that it is important to read and understand the rules prior to submitting any comments
All notices can be obtained by going to www.federalregister.gov. Once on the website, one can search for rules, comments and documents by entering keywords, browsing rules and agency actions by topic or agency, and viewing rules grouped by comment period.
Keep in mind, a search will return specific documents. For example, if searching for “CDD,” the list of results could include proposed rules or revisions to the proposed rules, the regulatory cost assessment and all the public comments on the (see Figure 2 below).
Consider the interests of a national bank supervised by the Office of the Comptroller of the Currency (OCC) that is very interested in commenting on their proposed rule, “Exemptions to Suspicious Activity Report Requirements.” Each proposed rule follows a consistent display format that includes a summary, helpful background information, a detailed description of the proposal, along with due dates and supplemental information. Each proposed rule also includes clear and detailed instructions on how to submit a comment (see Figure 3 below).
In the case of Figure 3, the summary indicates that the OCC is inviting comments on a proposed rule “that would modify the requirements for national banks and federal savings institutions to file Suspicious Activity Reports.” The summary goes on to explain that this rule would make it possible for OCC-regulated institutions to apply for an exemption to “grant relief to national banks or federal savings associations that develop innovative solutions intended to meet Bank Secrecy Act requirements more efficiently and effectively.” Does it sound wonderful? Of course, but what does innovative mean? Also, in what cases could a bank apply for a relief and what would the application process look like?
Answers to these questions may or may not be addressed fully in the background section and may require further review of additional documents or past statements from various governmental agencies. In this example, the term “innovative” was discussed in detail in a 2018 statement from the OCC, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, FinCEN and the National Credit Union Administration.2 This statement encouraged banks to “implement innovative approaches to meet their Bank Secrecy Act/anti-money laundering (BSA/AML) compliance obligations.” The background section also serves as a reminder of an FI’s obligation to file the following,
“…SARs relating to money laundering, transactions that are designed to evade the reporting requirements of the BSA, and transactions that have no business or apparent lawful purpose or are not the sort in which the particular customer would normally be expected to engage, and the bank knows of no reasonable explanation for the transactions after examining the available facts, including the background and possible purpose of the transactions.”3
In the last paragraph of the proposed rule in Figure 3, there is finally an example of when a bank can consider applying for relief:
“Requests for exemptive relief pertaining to innovation or other matters may involve, among other things, expanded investigations and SAR timing issues, SAR disclosures and sharing, continued SAR filings for ongoing activity, outsourcing of SAR processes, the role of agents of national banks and federal savings associations, the use of shared utilities and shared data, and the use and sharing of de-identified data. OCC expects that new technologies will continue to prompt additional innovative approaches related to SAR filing and monitoring.”
Now that there is a better idea of what the proposed rule involves, determine who should write the comments and provide the final review prior to submission. If writing on behalf of the bank, it would be wise to assemble a group of individuals who will be affected by the proposed rule. In this case, the Bank Secrecy Act (BSA) review committee, risk committee and/or members of the fraud and cybersecurity departments might be an excellent body to draft comments. In the case of the CDD Final Rule, it might have been a good idea to include system experts or individuals tasked with vendor management. Either way, it is important to put together a group of people who will be able to understand the issue and provide substantive comments that the agency can use in drafting their final notice. Lastly, it is important to remember that if comments will be submitted in the FI’s name, there might be an additional review step to consider.
Most FIs tightly control their reputational risk by requiring all public-facing communications (of which a public comment to a proposed rulemaking would be included) to be reviewed by an internal resource such as legal/compliance, marketing or even executive management. It is important to learn about the FI’s required process flow and ensure there is enough time in the process to submit by the stated deadline.
However, FIs are not the only ones that can submit comments. Trade groups, private individuals and even ACAMS Chapters can submit comments. To paraphrase the African proverb, “It takes a village to raise a child,” it takes an industry to shape a good rule. When those tasked with the day-to-day responsibilities of running a BSA program get an opportunity to work with those tasked with creating the rules, it becomes easier to reach a shared common goal: providing actionable information to members of law enforcement. Do your part, submit those comments and make your voice heard.
Heather Allen, first vice president, BSA officer, Peoples Bank NC, Newton, NC, USA, email@example.com
- “FinCEN Extends Comment Period for Rule Aimed at Closing Anti-Money Laundering Regulatory Gaps for Certain Convertible Virtual Currency and Digital Asset Transactions,” Financial Crimes Enforcement Network, January 14, 2021, https://www.fincen.gov/news/news-releases/fincen-extends-comment-period-rule-aimed-closing-anti-money-laundering
- “Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing,” Office of the Comptroller of the Currency, December 3, 2018, https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20181203a1.pdf
- “Exemptions to Suspicious Activity Reports,” Federal Register, January 22, 2021, https://www.federalregister.gov/documents/2021/01/22/2021-00034/exemptions-to-suspicious-activity-report-requirements