AML Rulemaking
In 2024, FinCEN released new and proposed rules to expand coverage of the Bank Secrecy Act (BSA). In August 2024, FinCEN issued its final rule on residential real estate reporting (Real Estate Rule), which requires select real estate professionals to submit reports and keep records about certain high-risk, non-financed transfers of residential real estate property to legal entities and trusts. The Real Estate Rule is set to become effective on December 1, 2025, and will require “reporting persons” to report to FinCEN information about the reporting person, the transferee, the transferor, the real property involved in the sale, and the payments made. Failure to report transaction information under the Real Estate Rule can result in civil and criminal penalties.
On the same day as the Real Estate Investment Rule, FinCEN also issued a final rule imposing on certain investment advisers AML compliance program obligations consistent with those imposed on other financial institutions (the Final IA Rule). The Final IA Rule will apply to Securities and Exchange Commission (SEC)- registered investment advisers (RIAs) and exempted reporting advisers (ERAs). Starting January 1, 2026, all investment advisors covered by the Rule will have to develop AML policies, procedures, and controls, identify an AML compliance officer, conduct regular trainings, and implement independent assessments. Covered investment advisors will also have to file SARs and currency transaction reports (CTRs).
In June 2024, FinCEN published a Notice of Proposed Rulemaking (NPRM) to promote “effectiveness, efficiency, innovation, and flexibility” in connection with financial institutions’ AML/CFT programs pursuant to the Anti-Money Laundering Act of 2020 (AMLA). If finalized the rule would require financial institutions to “establish, implement, and maintain effective, risk-based, and reasonably designed AML/CFT programs,” including establishing a mandatory risk assessment process. Under the Proposed Rule, financial institutions that do not conduct risk assessments or that informally assess risk would need to establish a formal process to conduct risk assessments on a periodic basis that consider FinCEN’s AML/ CFT priorities, past reports filed by the financial institution pursuant to the BSA and its implementing regulations, and the financial institution’s unique risk profile. The rule would also require that AML programs be carried out by persons in the United States and would require the board of directors or board-equivalent approve and oversee the AML programs. Currently, only certain financial institutions (e.g., banks without a federal functional regulator, mutual funds) have boardlevel approval requirements.
AML Enforcement Trends
In October 2024, TD Bank resolved money laundering and BSA violations with penalties totaling more than $3 billion. TD Bank and its parent company TD Bank US Holding Company pleaded guilty to BSA violations and conspiracy to commit money laundering and announced a settlement with FinCEN, the Board of Governors of the Federal Reserve Board (FRB), and the Office of the Comptroller of the Currency (OCC). According to the DOJ, for nearly a decade, TD Bank failed to update its AML compliance program to address known risks, allowing suspicious transactions to go unreported. One critical failure was the bank’s intentional exclusion of several transaction types — such as domestic automated clearinghouse (ACH) transactions and check activity — from its monitoring systems. This led to 92 percent of the bank’s total transaction volume going unmonitored between January 1, 2018, and April 12, 2024, enabling employees to facilitate a criminal network’s laundering of tens of millions of dollars. As part of the plea agreement, TD Bank will forfeit $450 million and pay a criminal fine of $1.4 billion, totaling over $1.8 billion in penalties to the DOJ. In addition, TD Bank has committed to implement significant compliance reforms, including retaining an independent compliance monitor to oversee remediation and enhancement of its AML program and engaging an independent consultant to conduct a historical review of suspicious activity reports.
In addition to enforcing BSA violations against financial institutions, the U.S. has focused in substantial part in the past year on cryptocurrency-related crimes, including:
- In July 2024, crypto derivatives platform HDR Global Trading Limited, also known as BitMEX, pleaded guilty to violating the BSA and agreed to pay a $100 million penalty.
- In September 2024, DOJ announced charges against Russian nationals, including one Sergey Sergeevich Ivanov, known online as Taleon, for alleged cybercrimes and cryptocurrency-based money laundering. In parallel, the DOJ charged Cryptex, a Russiabased cryptocurrency exchange, with operating an unlicensed money transmitting business, by processing over $1 billion in transactions that facilitated illicit activities, including funds sent to U.S.-sanctioned entities.
- FinCEN also issued an order identifying PM2BTC — a virtual currency exchange associated with Ivanov — as being of “primary money laundering concern” and the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Ivanov and Cryptex.
Other high-profile resolutions of the year include former Mozambique Finance Minister, Manual Chang, who was found guilty of fraud and money laundering related to $2 billion in fraudulent financing ostensibly related to funding a fleet of tuna fishing vessels and other maritimerelated projects in Mozambique, and former Comptroller of Ecuador, Carlos Ramón Polit Faggioni, who was found guilty by a South Florida federal jury for his involvement in a multimillion-dollar money laundering and bribery scheme related to Brazilian construction company Odebrecht S.A.
