As whistleblower program gathers steam, manufacturers should rethink compliance.
By: Deborah Connor, Marc-Alain Galeazzi, and Dillon Guthrie
Today companies are facing evolving anti-money laundering (AML) and sanctions compliance obligations, and increasing environmental, social, and governance (ESG) commitments, all of which raise the stakes for compliance. Following recent congressional expansion of an AML whistleblower rewards program to cover reported violations of U.S. sanctions laws, companies should revisit and revitalize their compliance programs in these areas.
Understanding the U.S. AML Framework
In January 2021, Congress passed the Anti-Money Laundering Act (AMLA), representing the most “comprehensive reform and modernization” of the Bank Secrecy Act (BSA), the principal AML law, since the USA PATRIOT Act was enacted more than two decades ago. Notably, the AMLA the refortified Department of the Treasury’s existing BSA whistleblower program by enhancing incentives for individuals to report AML violations and shielding them from retaliation. In December 2022, Congress strengthened the program by passing the Anti-Money Laundering Whistleblower Improvement Act (Act).
Traditionally, banks and other financial institutions shoulder the heaviest AML burdens. They must maintain an effective AML program that ensures the bank knows its customers and understands their financial activities, while monitoring and reporting suspicious transactions. Yet the revamped whistleblower program, combined with the pandemic’s supply chain shocks, means that manufacturers and other businesses forging links with new suppliers in unfamiliar jurisdictions may face pressure to handle whistleblower reports arising from these very arrangements.
What Is the Anti-Money Laundering Whistleblower Program?
The Act bolstered the AMLA-created whistleblower program by setting a minimum award for complaints that result in an enforcement action with penalties. Now, persons reporting violations covered by the Act are guaranteed a monetary award of 10 to 30 percent of the value of any penalty. In establishing the minimum award — and a $300 million pool to fund awards — the Act incorporates elements of the Dodd-Frank Act’s securities-related whistleblower program, a widely regarded success.
Although manufacturers and other nonbanking organizations largely fell outside the AMLA’s earlier whistleblower program, that is no longer true. Any company subject to U.S. laws must address covered violations alleged by whistleblowers. Importantly, alleged sanctions violations now fall under the program. Consequently, businesses with global supply chains could face whistleblower reports of sanctions violations.
Who Is Eligible for an AML Whistleblower Reward?
Any person reporting a covered violation is eligible for an award — provided the complaint results in governmental penalties exceeding $1 million. Critically, the Act expressly defines “whistleblower” as any person acting within the scope of their duties, thereby including compliance and audit staff, who often have greater access to, and familiarity with, transactional information. Non-U.S. citizens also are eligible for awards.
The Act enhances whistleblower protections, including prohibitions against retaliation for reporting potential violations to the authorities or supervisors. Persons alleging employer retaliation may file a complaint with the Department of Labor.
What Steps Should Companies Take?
In addition to potential enforcement actions, whistleblower reports can result in a variety of additional concerns, including greater overall regulatory scrutiny, expensive internal investigations, and potentially far-reaching ESG and associated reputational risks. Businesses facing exposure under the recent AML laws should, therefore, reevaluate their AML and sanctions practices.
Manufacturers and other companies should maintain an AML program incorporating what are known as the four basic pillars of sound AML risk management: (1) a designated compliance officer; (2) internal policies, procedures, and controls; (3) personnel training; and (4) independent testing and review. These pillars support one overarching goal: a risk-based program that encourages a culture of compliance from the top down and is commensurate with a company’s exposure and complexity.
When tailoring a compliance program to specific risks, companies should remain vigilant throughout the supply chain, establishing mechanisms and dedicating staff to diligence third parties, monitor U.S. and foreign sanctions lists, and scrutinize payments involving sanctioned countries.
The whistleblower statutes further signify that businesses must remain vigilant to AML and sanctions within their overall compliance obligations. As part of any internal reporting program, companies should have a transparent process and well-defined reporting chain that includes legal, human resources, compliance, and other stakeholders to relay and consider complaints. Without a thoughtful approach, businesses may encounter difficulties in ensuring that complaints are appropriately elevated and documented, and that the handling of complaints and related training are sufficiently resourced.
Meeting the Moment
On balance, companies should pursue risk-based solutions that are tailored to the business risk profile. Manufacturing and other companies should take this opportunity to ensure that the company’s compliance program strives to mitigate risk through internal controls that include whistleblower reports in the compliance chain.
Deborah Connor is a partner in Morrison Foerster’s Investigations + White Collar Defense Group and former chief of the Money Laundering and Asset Recovery Section of the U.S. Department of Justice. Her practice focuses on internal investigations, enforcement defense and compliance counseling.
Marc-Alain Galeazzi is partner in the firm’s Financial Services Group, where he advises global banks, financial holding companies, and other financial institutions on a variety of bank regulatory matters, including on BSA, and a variety of other bank regulatory matters.
Dillon Guthrie is an associate in the firm’s Financial Services Group and advises financial institutions, technology companies, and other businesses in highly regulated and sensitive industries.
The post Rethinking Anti-Money Laundering Risk & Compliance appeared first on Industry Today.