The Financial Crimes Enforcement Network (FinCEN), after consulting with the U.S. Department of the Treasury’s (Treasury’s) Offices of Terrorist Financing and Financial Crimes, Foreign Assets Control (OFAC), and Intelligence and Analysis, as well as the Attorney General, Federal functional regulators, relevant state financial regulators, and relevant law enforcement and national security agencies, is issuing these first government- wide priorities for anti-money laundering and countering the financing of terrorism (AML/ CFT) policy (the “Priorities”). These Priorities are being issued pursuant to Section 5318(h) (4)(A) of the Bank Secrecy Act (BSA), as amended by Section 6101(b)(2)(C) of the Anti- Money Laundering Act of 2020 (the “AML Act”). As required by Section 5318(h)(4)(C) of the BSA, the Priorities are consistent with Treasury’s 2018 and 2020 National Strategy for Combating Terrorist and Other Illicit Financing (the “National Strategy”).
As explained in more detail below, the Priorities are, in no particular order: (1) corruption; (2) cybercrime, including relevant cybersecurity and virtual currency considerations; (3) foreign and domestic terrorist financing; (4) fraud; (5) transnational criminal organization activity; (6) drug trafficking organization activity; (7) human trafficking and human smuggling; and (8) proliferation financing. The establishment of these Priorities is intended to assist all covered institutions in their efforts to meet their obligations under laws and regulations designed to combat money laundering and counter terrorist financing.
FinCEN will issue regulations at a later date that will specify how financial institutions should incorporate these Priorities into their risk-based AML programs. FinCEN recognizes that not every Priority will be relevant to every covered institution, but each covered institution should, upon the effective date of future regulations to be promulgated in connection with these Priorities, review and incorporate, as appropriate, each Priority based on the institution’s broader risk-based AML program. FinCEN, in coordination with relevant federal and state regulators, has also issued two statements to provide additional guidance to all covered institutions on the applicability of these Priorities at this time, before regulations are promulgated.
To develop the Priorities, which focus on threats to the U.S. financial system and national security, FinCEN consulted with a number of stakeholders including those with which it was required to consult pursuant to the AML Act. FinCEN also considered a variety of sources of information, including the 2018 and 2020 National Strategies and related risk assessments, prior FinCEN advisories and guidance documents, economic and trade sanctions actions, notices issued by FinCEN and other Treasury components, and previous feedback from law enforcement and covered institutions through the BSA Advisory Group. References to these sources throughout the Priorities are solely intended to provide background information, and FinCEN is not incorporating by reference these additional sources into the Priorities.
Consistent with Treasury’s 2018 National Money Laundering Risk Assessment, which informs the National Strategy, “threats” for purposes of these Priorities are predicate crimes associated with money laundering.These threats exploit some perceived “vulnerability” in the U.S. financial system that may be in law, regulation, supervision, or enforcement, or may stem from a unique attribute of a product, service, or jurisdiction.
In consultation with the agencies and offices listed above, FinCEN will update the Priorities at least once every four years, as required by the AML Act, to account for new and emerging threats to the U.S. financial system and national security.
The Priorities reflect longstanding and continuing AML/CFT concerns previously identified by FinCEN and other Treasury components and U.S. government departments and agencies. The Priorities include predicate crimes that generate illicit proceeds that illicit actors may launder through the financial system. As such, money laundering is linked to all of the Priorities and is not specifically enumerated below as a separate Priority. Combating money laundering remains core to FinCEN and TFI’s missions.
As explained in the National Security Study Memorandum issued by President Biden on June 3, 2021, corruption fuels instability and conflict and undermines economic growth. It has been estimated that corruption reduces global gross domestic product by between 2 and 5 percent. Corruption, both domestic and foreign, threatens U.S. national security by eroding citizens’ faith in government, distorting economies, and weakening democratic institutions.
Corrupt actors and their financial facilitators may seek to take advantage of vulnerabilities in the U.S. financial system to launder their assets and obscure the proceeds of crime. Corruption rots democracy from the inside and is increasingly weaponized by authoritarian states to undermine their own democratic institutions as well as disrupt democratic processes in other nations through foreign influence campaigns. Misappropriation of public assets, bribery, and other forms of corruption affects individuals and entities across the world, threatens the national security of the United States and the global financial system, degrades the rule of law, perpetuates conflict, and deprives innocent civilians of fundamental human rights.
Corruption undermines democratic institutions and underpins many of the global challenges of our time, to include serious human rights abuse, and has a disproportionate impact on the poor and most vulnerable. For all of these reasons, countering corruption is a core national security interest of the United States. Addressing the money laundering risks associated with such corruption will bolster efforts to counter corruption.
FinCEN has issued advisories on human rights abuses enabled by corrupt senior foreign political figures and their financial facilitators with respect to Nicaragua, South Sudan, and Venezuela. These advisories, while focused on specific foreign jurisdictions, can help covered institutions comply with their BSA obligations by identifying typologies and red flags, but the jurisdictions noted in those advisories are not the only ones at risk of corruption.
B) Cybercrime, including Relevant Cybersecurity and Virtual Currency Considerations
Cybercrime is broadly defined as any illegal activity that involves a computer, another digital device, or a computer network. Cybercrime includes common cybersecurity threats like social engineering, software vulnerability exploits, and network attacks. Cybercrime is a significant illicit finance threat: the size, reach, speed, and accessibility of the U.S. financial system make covered institutions attractive targets to criminals, including terrorists and state actors. These actors target covered institutions’ websites, systems, and employees to steal customer and commercial credentials and proprietary information, defraud covered institutions and their customers, and disrupt business functions. Foreign interference
in democratic processes, such as elections and election infrastructure, is often conducted through cyber-enabled methods. Treasury is particularly concerned about cyber-enabled financial crime, ransomware attacks, and the misuse of virtual assets that exploits and undermines their innovative potential, including through laundering of illicit proceeds.
FinCEN has issued advisories with respect to ransomware and COVID-19-related cybercrime, including cyber-enabled financial crime, to alert covered institutions to predominant trends, typologies, and potential indicators.Regarding the COVID-19 pandemic, FinCEN advised covered institutions that criminals increasingly exploited the pandemic through phishing campaigns and the compromise of remote applications
to facilitate extortion, business email compromise (BEC), and other fraudulent schemes, especially against financial and health care systems. Ill-gotten gains from these illicit activities often are laundered through a variety of methods, including rapid transfers through accounts controlled by the cyber actors or money mules.Covered institutions are uniquely positioned to observe the suspicious activity that results from cybercrime, including cyber-enabled financial crime. FinCEN recently issued a fact sheet to encourage covered institutions to share such information with one another under a safe harbor provision of the BSA that offers protections from civil liability, in order to better identify and report potential money laundering or terrorist financing.
As evidenced by recent attacks on the nation’s fuel and food supplies, ransomware is a particularly acute concern, as criminals increasingly use sophisticated attacks to target various sectors, including government, finance, education, energy, and health care. Countering ransomware has been identified as a top priority for the United States, which is committed to working with like-minded partners around the world to disrupt and deter ransomware actors, including by developing cohesive and consistent policies towards ransom payments and enabling rapid tracing and interdiction of virtual currency proceeds.21 According to law enforcement and reporting from covered institutions and others in the private sector, ransomware attacks increased dramatically in 2020 and 2021 in both scale and sophistication, posing a threat to the U.S. health care system and other critical infrastructure, as well as U.S. national security and economic prosperity. In some instances, ransomware campaigns have been associated with adversary governments, sanctioned entities, or jurisdictions with weak AML/CFT regimes and high AML/CFT and sanctions risks, such as Russia, North Korea, and Iran. OFAC issued an advisory in late 2020 highlighting the sanctions risks associated with ransomware payments related to malicious cyber-enabled activities. OFAC has designated numerous malicious cyber actors under its sanctions programs in response to aggressive and harmful malicious cyber activities by state actors targeting U.S. government and private sector networks.
FinCEN notes that, while a substantial financial innovation, convertible virtual currencies (CVCs) also have grown as the currency of preference in a wide variety of online illicit activity. In addition to being the preferred form of payment for buying ransomware tools and services, online child exploitation material, illicit drugs and other illicit goods online, and for paying ransoms to the perpetrators of ransomware attacks, CVCs often are used to layer transactions to hide the origin of money derived from illicit activity. Criminals use a number of techniques to obscure the source of illicit funds when conducting transactions involving CVCs, including the use of mixers and tumblers. CVCs have been used by some of the highest-priority threat actors to advance their illegal activities and nuclear weapons ambitions. For example, North Korea-linked cyber actors likely have stolen hundreds of millions of dollars’ worth of CVCs since 2019 through cyber operations against CVC service providers, laundered stolen CVC value through other CVC service providers and CVC wallets, and used the proceeds to help fund weapons of mass destruction and ballistic missile programs. Victim institutions, and institutions used for laundering stolen funds, are based in several countries, highlighting the global nature of financial crimes involving CVCs. In 2019, FinCEN issued an advisory to help covered institutions identify and report suspicious activity concerning how criminals and other bad actors exploit CVCs.
In 2016, FinCEN issued an advisory with respect to cybercrime that set out typologies and red flags for covered financial institutions’ BSA/AML compliance and cybersecurity units, and encouraged greater cooperation between those units.
C) Terrorist Financing
Since the September 11, 2001 terrorist attacks, the threat posed by international and domestic terrorism has evolved significantly. Internationally, the Islamic State of Iraq and Syria (ISIS), Al Qaeda, Lebanese Hizballah, and Iran’s Islamic Revolutionary Guard Corps remain significant and persistent terrorist threats to U.S. interests and allies. Domestically, the Intelligence Community assesses that racially or ethnically motivated violent extremists (RMVEs)—primarily those advocating for the superiority of the white race—and anti- government or anti-authority violent extremists are the most lethal domestic violent extremist (DVE) threats.Additionally, the National Strategy for Countering Domestic Terrorism, issued on June 15, 2021, highlights the ongoing threat to Americans posed by domestic terrorism.
Terrorists require financing to recruit and support members, fund logistics, and conduct operations. Preventing such financing, therefore, is essential to counter the threat of terrorism successfully. Covered institutions are reminded of existing obligations to identify and file SARs on potential terrorist financing transactions, as appropriate, and follow applicable requirements for reporting violations requiring immediate attention. Terrorist financing includes lone actors using small amounts of money to self-fund attacks, as well as more complex schemes and networks that may be embedded within existing money laundering methods used to support logistical networks, operatives, and the procurement of material. In 2015 and 2018, Treasury raised awareness of the issue by publishing a National Terrorist Financing Risk Assessment and addressed the associated vulnerabilities in the 2020 National Strategy. As a countermeasure to these potential risks, covered institutions must comply with required sanctions programs and, as part of their risk-based AML programs, also should be aware of terrorists and terrorist organizations that are included on sanctions lists issued by the U.S. government.
The most common type of international terrorism activity in the United States involves individuals who knowingly provide funds to overseas terrorists, terrorist groups, or their supporters abroad. Most terrorist groups still primarily rely on banks, money services businesses, and cash couriers to transfer funds, though some more regularly seek small- dollar donations in digital assets.
Disrupting terrorist networks, such as those supporting Al Qaeda and Hizballah, and preventing an ISIS resurgence are vitally important for the security of the United States and its allies. Rather than fund complex attacks, ISIS and Al Qaeda now rely more on self- radicalized individuals and homegrown violent extremists who carry out relatively low-cost and unsophisticated but deadly attacks using knives, firearms, improvised explosive devices, or automobiles. In addition, U.S. authorities have identified U.S.-based individuals who raise and send money to support violence overseas or who travel to Iraq and Syria as foreign terrorist fighters.
DVEs are individuals based and operating primarily within the territorial jurisdiction of the United States who seek to further their ideological goals wholly or in part through unlawful acts of force or violence. The intelligence and law enforcement communities conducted a comprehensive assessment of the domestic terrorism threat and assessed that RMVEs and militia violent extremists present the most lethal DVE threats.RMVEs use or threaten to use force or violence in furtherance of ideological agendas derived from bias—often related to race or ethnicity—against given population groups. They purport to use both political and religious justifications to support racially or ethnically based ideological objectives and criminal activities, and have used or threatened acts of violence to promote their agendas. Militia violent extremists use or threaten to use force or violence in furtherance of an anti- government or anti-authority violent extremist ideology, including opposition to abuses of power by the government.
Some DVEs have focused on accessible targets like civilians, law enforcement and the military, symbols or members of the U.S. government, houses of worship, retail locations, and mass public gatherings. DVEs’ selection of these types of targets, in addition to the insular nature of DVEs’ radicalization and mobilization to violence and their limited discussions with others, challenges law enforcement to detect and disrupt the activities of DVEs before they occur.
As previously noted in Treasury’s National Money Laundering Risk Assessments, the crimes that generate the bulk of illicit proceeds in the United States are fraud, drug trafficking, human smuggling, human trafficking, organized crime, and corruption. Among those, fraud—such as bank, consumer, health care, securities and investment, and tax fraud—is believed to generate the largest share of illicit proceeds in the United States.Health care fraud alone is estimated to generate proceeds of approximately $100 billion annually. Increasingly, fraud schemes are internet-enabled, such as romance scams, synthetic identity fraud, and other forms of identity theft. Proceeds from fraudulent activities may be laundered through a variety of methods, including transfers through accounts of offshore legal entities, accounts controlled by cyber actors, and money mules.
FinCEN has issued several fraud-related advisories, in particular with respect to BEC, email account compromise, and COVID-19. In 2019, FinCEN noted that BEC and email account compromise schemes were among a growing trend of cyber-enabled crime, with 32,000 reported cases involving almost $9 billion in attempted theft from BEC fraud schemes affecting U.S. financial institutions and their customers. More recently, fraud related to the COVID-19 pandemic has been of particular concern, and has been the subject of six FinCEN Advisories, including: economic impact payment, health insurance and health care, unemployment insurance, counterfeit COVID-19 vaccine, pump-and-dump and other market manipulation schemes, and cyber-enabled fraud schemes. The Department of Justice is aggressively pursuing a wide range of COVID-19-related fraud schemes.
Also of concern are foreign intelligence entities and their proxies, which employ illicit financial practices to fund influence campaigns and facilitate a range of espionage activity by establishing front companies, and conducting targeted investments to gain access to sensitive U.S. individuals, information, technology and intellectual property.
E) Transnational Criminal Organization Activity
Transnational criminal organizations (TCOs) operating in the United States, including drug trafficking organizations (DTOs), are priority threats due to the crime-terror nexus and TCOs’ engagement in a wide range of illicit activities, including cybercrime, drug trafficking, fraud, wildlife trafficking, human smuggling, human trafficking, intellectual property theft, weapons trafficking, and corruption. Treasury has noted that a number of TCOs operate in the United States, and Mexican and Russian TCOs operating in the United States remain priority threats. In addition, certain Africa- and Asia-based TCOs become more significant each year as TCOs worldwide continue to employ a variety of money laundering methods to avoid detection. Malign state actors who provide TCOs safe haven or other support in return for financial or political gain, or assurances of their own security, enable TCOs’ malign activity, including foreign election interference, attempts to stoke social unrest, and other profit-driven criminal acts—most often perpetrated online—that undermine public confidence and threaten the social fabric of foreign nations. Increasingly, these organizations turn to professional money laundering networks that receive a fee or commission for their laundering services, and often use their specialized expertise to launder proceeds generated by others, regardless of the predicate criminal activity.
F) Drug Trafficking Organization Activity
Illicit drugs continue to generate significant proceeds for DTOs. The proceeds, which may be laundered in or through the United States, and the drugs themselves, contribute to a significant public health emergency.Mexican DTOs’ distribution of fentanyl to the United States has increased, while direct shipments from China have decreased, though China remains a significant source of precursor chemicals. Drug cartels in Mexico and Colombia also operate as sophisticated independent DTOs trafficking cocaine and other drugs to the United States. DTOs rely more on professional money laundering networks in Asia (primarily China) that facilitate exchanges of Chinese and U.S. currency or serve as money brokers in trade-based money laundering (TBML) schemes. There has been a substantial increase in complex schemes to launder proceeds from the sale of narcotics by facilitating the exchange of cash proceeds from Mexican DTOs to Chinese citizens residing in the United States, including the use of front companies or couriers to deposit cash derived from the sale of narcotics into the banking system. These schemes allow DTOs to repatriate proceeds to Mexico and sidestep Chinese capital flight restrictions.
In 2019, FinCEN issued an advisory related to the trafficking of fentanyl and other synthetic opioids, which contained an extensive discussion of typologies, case studies, and red flags.
G) Human Trafficking and Human Smuggling
Financial activity from human trafficking and human smuggling activities can intersect with the formal financial system at any point during the trafficking or smuggling process. FinCEN, in collaboration with law enforcement agencies, nonprofit organizations, and members of the financial industry, issued two advisories identifying financial and behavioral red flags of human trafficking, as well as financial red flags associated with human smuggling.
As described in these advisories and other U.S. government reports, human trafficking and human smuggling networks use a variety of mechanisms to move illicit proceeds, ranging from cash smuggling by individual victims to sophisticated cash smuggling operations through professional money laundering networks and criminal organizations. The illicit proceeds from human trafficking can include income associated with logistics, such as housing and transportation of victims, as well as earnings from the exploitation of victims. Human traffickers and smugglers have established shell companies to hide the true nature of a business. Human traffickers and human smugglers receive payments in a variety of ways, such as funnel accounts and TBML schemes.
H) Proliferation Financing
The principal threat of proliferation financing arises from proliferation support networks. These networks of individuals and entities, such as trade brokers and front companies, seek to exploit the U.S. financial system to move funds that will be used either: (1) to acquire weapons of mass destruction or delivery systems or their components; or (2) in the furtherance or development of state-sponsored weapons programs, including the evasion of United Nations or U.S. sanctions. Global correspondent banking is a principal vulnerability and driver of proliferation financing risk within the United States due to its central role in processing U.S. dollar transactions, which comprise a substantial proportion of cross-border trade.
Actors engaged in the proliferation of weapons of mass destruction have developed sophisticated and diverse strategies to finance their programs. Covered institutions remain vulnerable to malign actors seeking to generate revenues and transfer funds in support of illicit conduct through gatekeepers, front or shell companies, exchange houses, or the illicit exploitation of international trade. As described in multiple advisories issued by Treasury, Iran, North Korea, and Syria, in particular, have exploited vulnerabilities in global supply chains and maritime transportation to facilitate their weapons of mass destruction proliferation activities. Covered institutions are encouraged to consult these advisories and FinCEN’s advisories with respect to jurisdictions with AML/CFT and counter-proliferation deficiencies for additional information regarding the risk of proliferation finance.
As a counter-measure to these potential risks, covered institutions must comply with sanctions programs and, as part of a risk-based AML program, should also be aware of economic and trade sanctions issued by the federal government, such as OFAC, the Department of Commerce’s Bureau of Industry and Security, and the Department of State’s Bureau of International Security and Nonproliferation.
June 30, 2021, published by FinCEN