AML Reform and Whistleblowers

I try to be as cynical as possible about Congress, but this week may be one of those rare times when lawmakers actually do something intelligent. They’re poised to overhaul the nation’s anti-money laundering laws in a dramatic way, with a potentially huge gift to compliance officers to boot.

That overhaul is the Anti-Money Laundering Act of 2020, which is now part of a national defense spending bill that both chambers of Congress are expected to pass this week. AMLA, as it’s known, would require all companies in the United States — including shell companies, the vehicle for so many illicit payments over the years — to disclose their ultimate owners to the Treasury Department. 

AMLA would also establish a whistleblower reward program for suspected violations of the Bank Secrecy Act. The program would operate along the lines of the whistleblower program at the Securities and Exchange Commission: tipsters who provide original information that leads to an enforcement penalty of more than $1 million would be eligible for a reward as high as 30 percent of the collected total.

Here’s the kicker: as the statute reads right now, compliance officers themselves could qualify as whistleblowers for information you obtain through your normal compliance duties. You would not first need to report your concerns through internal management channels.

At least, that’s one plausible interpretation of Section 6314, which establishes the whistleblower program. That section defines a whistleblower as follows:

The term “whistleblower” means any individual who provides, or two or more individuals acting jointly who provide, information relating to a violation of this subchapter or subchapter III to the employer of the individual or individuals, including as part of the job duties of the individual or individuals, or to the [Treasury] Secretary or the Attorney General.

Do you see an exclusion in that paragraph for compliance officers or corporate auditors? I don’t. The text only says a whistleblower is any employee who learns of suspicious activities as part of his or her job. 

Into the Weeds of Whistleblowers

Sure, perhaps that the Treasury Department or the Financial Crimes Enforcement Network might adopt rules for the whistleblower program that generally leave compliance officers and corporate auditors ineligible. That’s what the SEC did with its whistleblower awards program established by the Dodd-Frank Act in 2010. 

But here’s how Dodd-Frank defined a whistleblower (emphasis added by me):

The term “whistleblower” means any individual who provides, or two or more individuals acting jointly who provide, information relating to a violation of the securities laws to the Commission, in a manner established, by rule or regulation, by the Commission.

That is, lawmakers expressly gave the SEC authority to tailor its whistleblower reward program — including the reasonable idea that compliance and internal audit professionals shouldn’t be eligible, because rooting out misconduct is part of their job. 

Well, lawmakers haven’t done that with AMLA. Such language isn’t in the text.

Could it be that they just forgot to include those lines in a technical error? I’m not sure I buy that either. 

Notice that AMLA defines a whistleblower as someone who provides information about misconduct to regulators or to his employer. That allows the whistleblower to claim anti-retaliation protections even if he or she only reports to the internal compliance function. 

whistleblowerDodd-Frank’s statutory language didn’t do that. It’s how we ended up with that kooky Digital Realty Trust decision from the Supreme Court, ruling that to claim anti-retaliation protections, a whistleblower must report his or her concerns to the SEC; internal reporting alone won’t cut it.

That tells me that lawmakers were aware of their whistleblower brainfart in Dodd-Frank, and took steps to avoid it in AMLA. So were they sharp enough to correct that error, but made an even larger one by forgetting to exclude compliance officers and internal auditors from reward eligibility? Or do they really want compliance and audit professionals to be eligible? 

I look forward to the litigation that will help us answer this question.

Shell Companies Get Turned Over

Compliance professionals should also consider AMLA’s provisions about shell companies reporting their ultimate owners to the Treasury Department. That ownership data wouldn’t be made public, but it would be the raw material that investigators at FinCEN and the Justice Department use to bring cases of money-laundering, tax evasion, and fraud — and suddenly, they’d have a lot more information at their disposal.

My question is how that new level of insight into corrupt activity will change the calculus of corruption investigations. That is, if FinCEN and the Justice Department can prosecute money launderers, tax cheats, and fraudsters more forcefully, might those defendants then implicate their business partners (read: financial firms and other large corporations) more quickly? And if so, what would that mean for the compliance programs of those business partners?

For example, those other firms might lose their chance to score cooperation credit with the Justice Department, because one prong of cooperation credit is voluntary self-disclosure “prior to an imminent threat of disclosure or government investigation,” as the U.S. Sentencing Guidelines state. Well, if the investigation target has already implicated you in an investigation, there goes that prong. 

In other words, AMLA will give businesses more incentive to perform better due diligence on customers and business partners hiding behind shell companies, because the U.S. government will have more tools at its disposal to catch wrongdoers and then squeeze until they give up a name — such as your company’s. 

Sure, the threat of an investigation target dropping your name is nothing new. AMLA just makes that threat more possible. A strong compliance program will help you stay ahead of it.

Will AMLA Actually Pass?

It seems so, because AMLA has been folded into the National Defense Authorization Act, which has widespread bipartisan support. Congress has passed this defense spending bill every year for decades. 

Then again, President Trump has threatened to veto the NDAA twice. First, he objected to language in the bill requiring the Pentagon to rename U.S. military bases named after U.S. Confederate war heroes insurrectionists. Then Trump threatened to veto the bill unless it included a repeal of Section 230 of the Communications Decency Act, which offers liability protections to Internet companies for statements people make online. 

Neither of those changes are going to happen. So the question is whether Republicans could muster enough votes to override a Trump veto of the defense bill, should he deliver one. If they can’t, then the defense bill fails — and so does AMLA, in all its compliance glory. 

Leave a Comment

You must be logged in to post a comment.